RITI-Policy Helps Romania Fight Cyber Crime
In 2003, it has been estimated that 12% of cyber-attacks on American companies came from Romania. This cyber crime, defined as illegal activities performed using computer systems (such as online fraud, unauthorized access to computer data, and denial of service attacks) is a top priority for the Government of Romania. Not only does cyber-crime cause problems for Romanian and other online companies to do business, it has understandably had a dramatically negative impact on the development of the Romanian IT sector, especially e-commerce.
To combat this pressing problem, the Government of Romania passed a series of cyber crime laws in April of 2003. While the enactment of these laws is essential to fighting cyber crime, their enforcement has been very challenging, in part due to the fact that these crimes are relatively new types of criminal behavior.
Most Romanian law enforcement authorities have limited or no knowledge of computer systems, electronic data, or the reality of the cyber world. These officials have been seriously hindered by a lack of definitions on cyber crime and their inexperience with electronic data investigation procedures. They require guidance and clarification on what is cyber crime and how to investigate it, before they are able to enforce the cyber crime laws.
Building the Capacity of Romanian Law Enforcement to Enforce Cyber Crime Laws
dot-GOV's Romanian Information Technology Initiative (RITI-Policy) and Ion Georgescu, a computer crime legal consultant, have been working with the Ministry of Communications and Information Technology (MCTI) to address this need. Together they are drafting the Guide on the Implementation of Cyber Crime Law, targeting the Romanian authorities implementing this new cyber crime law.
In addition, once the Guide is completed, RITI-Policy and MCTI will work with Romanian Police and General Prosecutor Office to train investigators and prosecutors throughout the country on cyber crime. The cyber crime law guide will be used as a basis for this training program, as well as the experiences by other resident authorities, such as the U.S. Secret Service at the U.S. Embassy.
The development of this guide and training program was accomplished as a result of the close working relationship between MCTI and RITI-Policy. Through this ongoing relationship, MCTI is able to turn to the RITI-Policy team for solid technical assistance when new issues, such as cyber crime, come up.
Guide on the Implementation of Cyber Crime Law
Written in Romanian, the Guide explains the legal and technical aspects of cyber crime cases and how the law should be applied. The Guide is targeted to Romanian law enforcement officials with limited computer expertise, giving them practical, concrete guidance on how to investigate and enforce cyber crime laws.
The guide has two major sections:
I. A reference guide on computer systems and information traffic
Chapter 1 - Definitions of computer systems and their components (hard disks, CD-ROMs, flash memory etc.). Personal Digital Assistant and mobile phones are included.
Chapter 2 - Definitions of computer networks and their components - servers, hubs, routers etc., including Internet, Intranet, VPN etc.
Chapter 3 - Definitions of services and software (world wide web, email, ftp, IRC, instant messaging, network software, encryption software, etc.)
Chapter 4 - Overview of the major vulnerabilities of computer systems.
II. Legal provisions on computer crime
Chapter 5 - Regulations on computer crime. Presents the concept of computer crime, the different types of computer attacks, and European regulation on computer crime.
Each offence regulated under the current Romanian law is analyzed using examples and case studies (Title III of Law 161/2003 on Certain Steps to Ensure Transparency in Performing High Official, Public, and Business Positions to Prevent and Sanction Corruption).
Chapter 6 - Investigating computer crime and digital evidence. Introduces the procedures for on-site investigations, search and seizure, as well as tools and methods of laboratory investigation for digital evidence and computer crimes.
The procedures investigators need to follow are presented along with issues of data validation and checking of investigative accuracy. The chapter addresses definitions and types of digital evidence and the risks related to collecting and safeguarding evidence.
The final version of the Guide on the Implementation of the Cyber Crime Law was submitted for comments to the MCTI as well as to the US Embassy in February 2004. The Guide will undergo a final review in April, after which it will be published and distributed to county police departments throughout Romania. The training program for Romanian investigators and prosecutors is anticipated for Autumn 2004.
The RITI-Policy Project began on May 21st, 2002 and will run three years (Associate Cooperative Agreement No. 186-A-00-02-00101-00 under the dot-GOV Leader Award No. GDG-A-00-01-00009-00).