 In this lecture, we're going to talk about the current state of international cooperation. In the last lecture, I talked a lot about the challenges with international cooperation in cybercrime, or the fact that cybercriminals at least seem to have an advantage whenever it comes to cybercrime. But that's not necessarily true. Governments can and do work together very well to solve international cybercrime every day. The issue is maybe it's not as much as we would like, but that's always the nature of crime. So international cooperation does happen. It is quite effective in most cases. However, there are some things we can work on. So today I'm going to talk about some of the ways that international cooperation happens or how countries can actually work together to solve some of their cybercrime problem. So there are many ways many organizations work together to combat cybercrime. So first off is kind of the informal way, and this is actually, we can argue, one of the most effective ways to combat cybercrime is informally. This is through workshops, conferences, industry standards, making sure that the organizations that are being attacked, including the people, but it mostly includes businesses, including businesses and other organizations that are being attacked, are actually doing everything they can to make themselves secure against cybercrime. And whenever an event or a crime does happen against them, they actually do effectively report it and maintain the evidence that police need to be able to get convictions or do proper investigations. So informally we can do things like workshops, conferences, industry standards to make sure that we're improving the level of cyber security so that way cybercrimes are less likely to be successful. The next way of course is formal investigation, and this requires formal legislation. Many countries, I would say most now, not all but most have implemented cybercrime legislation specifically that criminalizes some actions, some types of cybercrimes at least. Remember if there is no legislation then there is no crime. If you don't have a law on the books then people can essentially do whatever they want and it's not a crime as long as it's not against the current legislation. So it's really important that countries actually do implement cybercrime legislation and that it does cover the types of crime that they're seeing in their country and other countries in the world. But beyond their own national legislation, they also need a way, a formal way or formal legislation to work together internationally because two countries, they could make an agreement but there has to be some sort of agreement for them to work together and not all countries want to make those types of agreements. So this brings us back to the issue of jurisdiction. So jurisdiction is essentially the extent of the power to make legal decisions and judgments. This is also called sovereignty. The country's sovereignty is basically their area where they have power or control of law. Anything outside of that jurisdiction is most likely another country's jurisdiction. So for example, Korea could not necessarily go into Japan and try to exercise their own jurisdiction in that country. Korean police officers cannot just go to Japan and arrest Japanese citizens. They have to actually have cooperation with the governments that control that jurisdiction. So jurisdiction is applied to a nation or territory generally. So there's been a lot of discussion about how jurisdiction actually applies online because there are no nations or territories or boundaries online. How can we actually apply jurisdiction? There's a lot of discussion on that right now but I'll talk a little bit about the basics of it. So jurisdiction may be asserted over, for example, an internet user, an internet service provider, various data flow channels, which is the way that the data actually goes. So if the data is going through, for example, your territory jurisdiction, then you potentially have jurisdiction over that data as it's transferred between you. It can also be on the content provider or the server that hosts the content provider's information. I know those sound very general and you're thinking, okay, does that apply to countries that are not my country? It may. So a lot of countries are making legislation now that says, well, data that's related to us that's hosted in other countries, we also have jurisdiction over that information. But that doesn't mean that the other country agrees with your definition of that and these agreements make it extremely difficult for two countries to work together in fighting cybercrime. When can we actually assert our jurisdiction over particular users online? So jurisdiction, I hope you see that it's not always clear. For example, especially online, a domestic IP address could potentially be assigned to a non-domestic device. Now, let me rephrase that. A device that is in a country that you are not in might be assigned with an IP address from your country. So IP address from your country, a device is in another country, and that IP address points to that device. Who has jurisdiction over that? So if the IP address is from Korea but the device is in the US, does that mean that Korea can access that device even though it's physically located in the US? Right now, there's not a very clear answer to that. Normally we would have to communicate, for example, Korea and the US would have to work together to decide who has proper jurisdiction and the US would claim jurisdiction, Korea would also claim jurisdiction and they would have to negotiate what they could actually access. But the question is, how do we know where that device is physically located? If the IP address is in Korea, can we actually identify that it is physically located in another location? Maybe not. Right now, the assumption seems to be that if the IP address is assigned locally, then that's where the physical device is located. That's not necessarily true. Jurisdiction, at least in cybercrimes, is sometimes an unnecessary hindrance. Whenever you're talking about sovereignty, people who really are for complete sovereignty of their country say that you have to have jurisdiction and you do not mess with our jurisdiction. However, that kind of attitude means that it's very, very, very difficult to work together in investigating online crime. So going back to what we talked about last time, I can connect to other devices in real time. So if I'm an investigator, I could also connect to another device in real time, but it might be located in another country with a different jurisdiction, so I can't. So even though I can see the evidence in front of me, I might not be able to collect it because it's located somewhere else. In those cases, we could say that that's a hindrance, but the countries also say that sovereignty is extremely important. This is why making agreements before big events happen are so important. If we can actually agree on when can I kind of invade your sovereignty, under what circumstances can I do that, then it becomes much more clear. Right now, those agreements are not very clear, except in a few treaties we'll talk about in a second. So if data can be accessed directly but is physically located in another jurisdiction, formal cooperation should take place, but sometimes it does, sometimes it doesn't. It also depends on the agreements between the countries. Like I said, this is usually ignored in practice depending on the requirements of the local judge. If the local judge is relatively lenient, they might not mind if you just copy the data directly off of a computer in another country, but that process might actually be internationally illegal. So informal cooperation. Many organizations, like I said, are involved in informal cooperation to fight cybercrime or to prevent cybercrime. So we're looking at prevention, detection and investigation. Indeed, law enforcement themselves don't investigate or don't detect a lot of the crime that happens. It's mostly the victims who are reporting that crime where we get most of our information from and start the investigation. So businesses and service providers are protecting assets, for example, their servers, their money, whatever they're offering basically, and sharing information and preventing attacks tends to help everyone in the industry. The more other organizations know about attacks that you are being faced with, the more likely or the better able they are to prepare themselves to fight those attacks. Security companies and researchers often provide services to customers and information to the community. Again, getting information out there on what types of cybercrime are we seeing right now and how is it affecting your users or the general public or your organization. Hackers and computer clubs also help with providing security, not only by finding bugs, but basically detect and alerting authorities or companies of attacks. So quite a few cybercrimes have been detected by hackers in the underground that just knew something was going to happen or knew about an event that did happen and they were able to help police in kind of pointing them in the right direction and sometimes even providing evidence or undercover services. So hackers and computer clubs very often are a useful source for at least getting information informally for investigations. Internet users also, basic software updates and awareness go a long way for prevention. So users that essentially try to keep their software up to date and at least use basic security practices and try to learn more about how to secure themselves also really help kind of secure the ecosystem of the internet. So they're less likely to have their computer taken over and their computer used for some of these fraudulent activities. And then governments as well. So cooperation through informal channels. Some governments try to work together informally rather than going through the kind of bureaucratic formal process. And those informal channels work actually really well, especially between law enforcement. So law enforcement trying to at least get intelligence information informally and then making a formal request after that. And they usually do that because of some sort of mutually beneficial reason. Formal cooperation basically can only be done by governments, especially law enforcement prosecutors. And it requires legislation. So it requires some sort of formal agreement between the countries or between a group of countries that they will work together. This process is extremely political. And the goal is the production of evidence for local courts, the criminal justice system in that jurisdiction. The idea is that these countries basically come together, decide on when will we cooperate with each other and in what way is cooperation acceptable. And once I request cooperation, how can you actually send me evidence from your country to my country in a way that my judge will accept. And this also becomes very difficult because many countries have different standards of evidence production or chain of custody or all of these things we've already talked about a little bit. It also requires official communication channels to make the request and receive a response. So whenever we're doing formal investigation, a formal request to another country, we can only use formal information request channels depending on what's the usually treaty or the agreement says. We have to go through that channel to make the request. Now that sounds pretty easy until you think about all of the different countries that there are and the fact that we might have hundreds of different types of treaties that could apply to certain types of information. Each of them might have their own specific special communication channel. So keeping track of all of these processes, these treaties, the agreements, what they cover, what they don't cover, is a huge task and not every country keeps track of that information as well as others. So it becomes very difficult to know how different countries can communicate. At the same time, politics also plays a critical role. So even if countries have agreements with each other, it doesn't mean that they necessarily have to fulfill them. They could either reject them for no reason or just ignore them completely if they feel like it basically. It depends very much on the agreement and the terms of the agreement. So informal international cooperation for cyber crime detection prevention investigation happens on a daily basis. Countries and organizations informally work together quite well. It's a lot like I talked about with hackers. They communicate informally and they kind of make changes and adjustments really quick. Cyber crime research companies or investigators or just large businesses, essentially the non-cyber crime group are also working together informally and providing lots of information and updates and security support and things like that that help prevent or investigate these types of crimes. So the informal level, it becomes very, very easy to communicate because we don't need a formal agreement or a formal communication channel. So organizations and individuals are not as restricted as governments are. Whenever you're talking about jurisdiction, you're talking about formal processes, whenever you're talking about informal communication, even things like Facebook could potentially be used to communicate with whoever you're working with. Formal international cooperation happens very often. The European Union, for example, is extremely good at taking in relatively quickly formal investigation agreements and processing those. Other countries, however, might not have the resources to be able to handle these formal requests either technically or politically very well. So the United States currently hosts many of the services. I've heard a lot of complaints, basically, from law enforcement outside of the US saying whenever they try to make a formal request to the US, because that's where a lot of the internet services are hosted, they don't hear anything back. And this is partially an issue of the way that formal communication has to happen and the amount of requests that the US receives and, like I talked about before, the cost of the crime that happened. So the US, I mean, they get flooded essentially with a lot of different requests. They do have a lot of resources to handle it, but if the requests are not complete or they're not in the right language or anything basically is wrong, maybe the countries don't have an agreement, then the US can't process those requests legally. So international cooperation, the only reason I talk about the US is because they currently, I think, are getting the most requests because they have the most infrastructure right now. And a lot of people have really disliked the fact that they're not really getting help in most of their cases or in a lot of their cases. And there's lots of reasons for that, and it's not just because the US is ignoring you necessarily, it's because of a lot of other factors as well. So whenever you're making a request to those countries, make sure you think about what do they need to fulfill that request. So formal requests, no matter where you're asking, they usually take a very long time to process. They often need some sort of discussion between the countries while you're making the request, and most people just send a request and forget about it. You need to have communication between the countries whenever you're doing the formal request. And they often ask for information that cannot be provided. So a lot of requests contain information that that country cannot provide. So either the information is no longer available, the scope is too wide, and the country can't legally provide that information to you, or there's not enough justification for requesting that information. So think about the country that you're requesting, what can they actually provide to you? Countries that communicate better tend to see higher international cooperation success rates. So that's the biggest thing. Communicate with the country that you're making a request from, and your success rate will raise very, very quickly. So I'm going to have some reading assignments on the Convention on Cybercrime or the Budapest Convention. We're going to talk a little bit in the forums about what the Budapest Convention is and what it does for countries and how it helps them cooperate. So I'm going to skip. Basically, whenever we're talking about the formal investigation process, the problem is that it's very, very long and complicated and takes a lot of different people communicating very, very well. And most of the time, a lot of that communication link doesn't exist or breaks down. So the biggest thing I can say whenever we're doing international cooperation, it can and it does work. Just make sure that you're communicating as much and as well as possible. Thank you very much.