Andrew Burt and Dan Geer’s Lawfare article The Budapest Convention Offers an Opportunity for Modernizing Crimes in Cyberspace explores how the current negotiations of an additional protocol to the Budapest Convention on Cybercrime provide an opportunity for lawmakers to modernize how crimes are defined in cyberspace. Burt and Geer propose a new starting point for the definition of a cybercrime:
1. The intentional creation of
2. a harm related to data or a software program that is
3. outside the actor’s lawful control or possession
Where “harm” itself is defined as
(a) a breach in the confidentiality, integrity, or availability of the data or software system, or
(b) the facilitation of outcomes, either through the use or manipulation of input data or computer code, designed to undermine, slow or retard the performance of any software system.
The article looks specifically at how this definition could resolve the negative effects by cybercrime statutes (like the Computer Fraud and Abuse Act) on network and cybersecurity research, and future negative effects that may result from the widespread adoption of techniques like machine learning.
To read the full article, please click here.
These statements are attributable only to the authors, and their publication here does not necessarily reflect the view of the Cross-Border Data Forum or any participating individuals or organizations.