CybercriminaliteEngl 1/03/12 14:39 Page 1 Practical Guide of the Risks of CYBERCRIME against Children Dr. Laila KJIRI Professor at the National Higher School of Computing and Analysis of Systems - ENSIAS-, at Mohammed V University, Souissi, Rabat Publications of the Islamic Educational, Scientific and Cultural Organization -ISESCO- 1433H/2012A.D. CybercriminaliteEngl 1/03/12 14:39 Page 2 Legal number: 2012MO0741 ISBN: 978-9981-26-546-2 Photocomposition, Typesetting and Printing: ISESCO, Rabat Kingdom of Morocco CybercriminaliteEngl 1/03/12 14:39 Page 3 CybercriminaliteEngl 1/03/12 14:39 Page 4 CybercriminaliteEngl 1/03/12 14:39 Page 5 CONTENT PREFACE FOREWORD DEFINITION OF CYBERCRIME AGAINST CHILDREN INTRODUCTION CHAPITER 1 IDENTIFIED RISKS AND PROPOSED SOLUTIONS CATEGORY 1 Inappropriate, shocking or traumatizing contents 9 11 13 15 17 a. On-line sexual solicitation and seduction b. Internet and sex tourism c. Violent network games d. Erotic or pornographic contents e. Child pornography f. Cyber terrorism 19 20 21 22 23 24 a. Intimidation b. Threats and insults c. Identity Theft d. Harassment e. Frauds and scams 25 26 27 28 29 a. Incitement to hatred, racism, xenophobia and Islamophobia b. Incitement to anorexia, mutilation, death and suicide c. Child trafficking online 30 31 32 a. Open and non-moderate dialog b. Linguistic deformation and emoticons c. Use of pseudonyms and avatars d. Non-respect of intellectual property by downloading e. Addiction to the Internet f. Smart telephones 33 34 35 36 37 38 CATEGORY 2 Traditional offenses amplified by cyberspace CATEGORY 3 “Digital” offenses CATEGORY 4 New acquired deviant behaviors 5 CybercriminaliteEngl 1/03/12 14:39 Page 6 CATEGORY 5 Technical threats: hackers and spams a. Hackers b. Virus c. Computer worms d. Trojan horses e. Spam f. Fraud by phishinge g. Cookie files CHAPTER 2 6 CHALLENGES FOR HEALTH AND PROTECTION: ROLE OF TECHNOLOGY AND EDUCATORS 1. Children and cybercrime 2. Impacts on youngsters' health a. Absence of othernes b. Internet, as an indicator of malaise c. Modified sense of time d. Anonymity which promotes running away from home e. Addictive behaviors 3. Some technical and technological tools for the protection of the child against cybercrime threats a. Filtering and parental control software b. Changing technological environment 4. Role of educators CHAPTER 3 INTERNATIONAL AND REGIONAL APPROACHES TO CHILD PROTECTION 1. Approaches to child protection a. International Telecommunication Union (ITU) b. Group of Eight (G8) c. United Nations d. Council of Europe e. European Union f. Organization for Economic Co-operation and Development (OECD) g. Asia-Pacific Economic Cooperation (APEC) h. Commonwealth of Independent States 39 40 41 42 43 44 45 47 49 49 49 50 50 50 50 51 51 52 53 55 57 57 58 59 61 63 64 65 66 CybercriminaliteEngl 1/03/12 14:39 Page 7 i. Arab League and Gulf Cooperation Council (GCC) j. Organization of American States (OAS) k. United Nations Educational, Scientific and Cultural Organization (UNESCO) l. Islamic Educational, Scientific and Cultural Organization (ISESCO) RECOMMENDATIONS BIBLIOGRAPHY 67 67 68 69 73 75 7 CybercriminaliteEngl 1/03/12 14:39 Page 8 CybercriminaliteEngl 1/03/12 14:39 Page 9 PREFACE In the era of information society, the Internet has expanded and is increasingly gaining influence worldwide. Indeed, new information technologies exert undeniable attraction on people, particularly children, who increasingly spend time in front of their computers. Recent progress in such technologies and their user-friendliness encourage everyone to exploit them on a daily basis. The Internet has become a tool adapted to various and varied uses such as publishing, education, trade, social networks, electronic messaging, media, as well as other activities of individuals and communities. Tunis Commitment in 2005, resulting from the second phase of the World Summit on the Information Society (WSIS), recognized the need for protecting children and ensuring the defense of their rights in the field of ICT, in conformity with the International Convention on the Rights of the Child. To do so, International Telecommunications Union (ITU), within the framework of the Tunis Agenda for the Information Society, was mandated by WSIS to coordinate the action of the international community in order to ensure the implementation of action line C5, namely: “Building confidence and security in the use of ICTs”. Hence in 2008-2009, ITU launched, among other activities, the initiative of Child Online Protection (COP), inviting all stakeholders to support the establishment of policies and strategies to ensure the protection of children in cyberspace. In addition, the Third World Congress against Sexual Exploitation of Children and Teenagers (Brazil, 2008) recommended developing guides for the benefit of children, educators, parents and the family to deal with the risks and threats of the Internet used for the wrong purposes. Having actively participated in the WSIS process (2003-2005), ISESCO developed the “Strategy for the Development of Information and Communication Technologies in the Islamic World”, adopted by the 5th Islamic Conference of the Ministers of Culture in 2007. For its implementation, ISESCO attached paramount interest to the issues of e- 9 CybercriminaliteEngl 1/03/12 14:39 Page 10 learning, cyber science, cultural and linguistic diversity etc, within its scope of competence, as well as the capacity building of Member States. Moreover, while recognizing the media-related, scientific and economic utility of ICTs, ISESCO reaffirms the need for preventing the missteps related to certain illegal criminal uses of ICT. On this basis, within the framework of its Action Plan 2010-2012, the Organization granted priority interest to the programs and activities aiming at highlighting the ethical and cultural dimensions of ICT in the Islamic world, particularly through sensitizing the officers in charge, content providers, professionals and users, including therein the technical difficulties which prevent setting up an effective and efficient control in the area of cybercrime. Within this framework, ISESCO supported the efforts made by Member States in order to control the ethical and cultural dimensions of ICT contents and to sensitize parents, educators and decision makers to the repressive measures and criminal sanctions resulting from their illegal uses. Given the increasingly growing number of children using the Internet in Member States, there is an increasing fear that this social category would be a victim of cybercrime as well as various forms of moral and behavioral deviation. Likewise, children can be victims of pernicious ideas and campaigns of indoctrination conducted by extremist bodies, which aim at destabilizing societies and hinder their development. In view of the responsibility which it assumes in the coordination of the common Islamic action in several fields, including that of ICT, and convinced of the need for preparing a reference document likely to help to sensitize children to the ethical, cultural and criminal issues inherent in the use of the Internet, ISESCO has developed this guide as a contribution to COP initiative. ISESCO praises the remarkable work accomplished by the author of this guide, Dr. Laila Kjiri, Professor at the National Higher School of Computing and Analysis of Systems - ENSIAS-, at Mohammed V University, Souissi, Rabat. We wish that this guide will be useful for children, parents and educators of the world. May Allah crown our efforts with success for the benefit of the Islamic Ummah and humanity at large. . Dr Abdulaziz Othman Altwaijri Director General of ISESCO CybercriminaliteEngl 1/03/12 14:39 Page 11 FOREWORD In the virtual world of the Internet, children are particularly vulnerable and can relate to adults who seek to establish friendly relations with them, by getting in touch on platforms, forums, social networks or online games, sometimes with a view to perpetrating sexual abuses, frauds, scams, etc. This guide purports to help the educators interested in understanding the aspects of using the net by children and contributing to the awarenessraising and protection of the latter. Hence, the guide aims to assist educators to better understand the effects of the significant increase of cyber-threats, at the national and international levels. The major goal of this guide is to sensitize educators and children to the risks and threats of the uncontrolled use of the Internet. This guide would not replace the services of the communication specialists of the country concerned. Moreover, habits and local culture have a major impact on the style of drafting and promoting awareness-raising messages in various countries. Consequently, this guide has been limited to the basic components which would apply to the entire world in general and to the Islamic world in particular. The denominations used in this guide do not imply the expression of any opinion concerning the legal status of any individual country. 11 CybercriminaliteEngl 1/03/12 14:39 Page 12 CybercriminaliteEngl 1/03/12 14:39 Page 13 DEFINITION OF CYBERCRIME AGAINST CHILDREN Criminality is defined by the entire set of the infringements of the law. Such infringements can be against people (homicide, criminal negligence, etc), against property (theft, arson, etc) or others (hit-and-run offense, possession of weapons, prostitution, etc). The prevention of these violations is conducted by the police services as well as the judicial and penitentiary systems. Cybercrime is often defined as the crime having the computer as the major object or instrument of perpetration [2]. There are two main categories of cyber-crimes:: • The first category is where the computer is the object of the crime. This cyber crime consists of specific crimes, targeting computers and networks. These are new criminal acts expressly dependant on computing technology and the Internet, such as hacking or the illicit use of computing systems, the disfiguration of web sites or the creation and malicious dissemination of computer viruses.. • The second is where the computer is the instrument of perpetration. It includes the crimes that law enforcing agencies have fought in the real world, but should increasingly fight in the virtual world of the Internet, such as child pornography, criminal harassment, fraud, violation of intellectual property as well as the sale of illegal substances and products. . The anonymity of cyberspace and ease of contact, allowed by the Internet, offer youngsters a disinhibiting feeling of freedom which can put them in danger. 12 - 18 year-olds constitute the most vulnerable age group. The phenomenon of group discussions or chats, now quite widespread, whose dialogs are generally not moderated by access suppliers, also involves 13 CybercriminaliteEngl 1/03/12 14:39 Page 14 serious risks with regard to children. The exchange of content or files, without any control, can be an easy way to establish contact for the continuation of dialog, on line and outside the group. These practices are gaining ground among children and teenagers. The exposure of children to pornographic or child-pornographic contents, images, photographs and videos, constitutes a new form of sexual violence. All risks should be recognized, understood and fought. The terms “cybercrime”, “computer crimes”, “computer-based crimes”, “technological crimes”, and “Internet criminality” are often interchangeable.. 14 CybercriminaliteEngl 1/03/12 14:39 Page 15 INTRODUCTION The Internet has become an invaluable tool for governments, companies and private individuals. Public authorities and associations, in different countries, have developed various programs and tools to sensitize the public to the dangers of the Internet. Families increasingly have access to the Internet. Used with caution, cyberspace is a fantastic tool of communication and information. However, surfing in cyberspace also involves risks. At primary school, children are familiarized with the Internet without being aware of the risks to which they are exposed. Digital events are constantly and increasingly reported in all media worldwide. It is also important to understand that nowadays practically all the crimes known as “traditional” can be committed using technology. The victims of these cybercrimes should understand that they have the same legal remedies as if the misdemeanor took place without technology, provided that their country is endowed with an appropriate legal arsenal. While surfing on the Internet by younger children poses a number of issues as to their support, even their protection, teenagers' surfing can also depend on youngsters' relationship with their families and educators, so as to deliver a solution to the desire for emancipation characterizing this period of life. Protecting the child increasingly requires a good knowledge of the potential of the highly interconnected tools to understand not only the possible uses and nature of authorized contacts, but also potential intrusions. In addition, it is now a question of integrating, in child protection on the Internet, a necessary media education, not only for children themselves, but parents and educators as well. This would be conducted by describing the relevant risks, particularly those facing children, teenagers and even adults, especially within the framework of their educational responsibility and parental authority. 15 CybercriminaliteEngl 1/03/12 14:39 Page 16 Why a guide? Parents, legal guardians and educators should be involved in children's online world. Children need adults' support and assistance, for them to develop a sense of judgment and critical thinking so as to deal with various situations, information and people that they may encounter on the Internet. These are the reasons behind the choice of the development of this “Practical Guide of the Risks of Cybercrime against Children”. Who is it for? This guide is intended for educators in general, and more particularly the educators of secondary and high school, both public and private, who wish to obtain concrete and accessible answers to the questions that they can have while observing the use of the Internet by teenagers. This guide offers a summary and classification of digital risks and makes it possible for educators to better understand the crucial role which they can play in the prevention of such risks. It is also intended for teenagers, who often master the Internet tool, but are not usually sensitized to the risks to which they are exposed in its uncontrolled use. Teenagers should be made aware of their civic responsibility and the ethical dimension which they should consider while surfing and publishing information on the Web. 16 How is it structured? This document is divided into three chapters. The first chapter, presented in the form of cards, is devoted to both identified risks and suggested solutions. It distinguishes five categories of risk involved in cyber-crime. For each risk a card is presented including a definition of recognized use, a brief description of the process leading to the risk, background information, some proposed solutions, moral, physical or other consequences on the teenager, some good practices to face the risk and, finally, a key point to keep in mind. The second chapter outlines some impacts of the uncontrolled use of the Internet on children's health as well as some technical and technological tools for their protection against the threats of cyber-crime. The third chapter summarizes, based on some bibliographical references, the approaches of some international and regional organizations as regards the fight against cybercrime. CybercriminaliteEngl 1/03/12 14:39 Page 17 CHAPTER 1 IDENTIFIED RISKS AND PROPOSED SOLUTIONS CybercriminaliteEngl 1/03/12 14:39 Page 18 CybercriminaliteEngl 1/03/12 14:39 Page 19 a. On-line sexual solicitation and seduction Definition: CATEGORY 1 Inappropriate, shocking or traumatizing contents Teenagers may receive a sex-related invitation on the web with the risk of meeting a pedophile. The 15-18 year olds constitute a particularly vulnerable age group because teenagers are sensitive to the way they are treated by others; they are easily involved in seduction relationships and they easily take outdoors dates, without their parents. Brief description: Sexual predators have highly refined their tactics in order to obtain what they want from their victims. To this end, they first develop a relationship of trust with youngsters. The teens seek to know more about sex, looking for romance and love; and this is often what these people promise them to provide. Then, predators use sex-related images or information to force teenagers to have sexual relationships by threatening to inform their parents. Background information: • To be asked to pose in front of a camera; • To be asked to provide photographs where one is naked or simulating sex acts; • Two groups of youngsters are particularly vulnerable to the requests of sexual predators: those who have already been sexually assaulted or those who are in conflict with their parents. Consequences when the teenager is victim: • Frustration and incapacity to overcome such feeling; • Emotional manipulation for solicitation to have sexual relationships. What should be done? • To tackle the questions of personal security and sexual exploitation with the child; • To inform the child that these videos and photographs can remain online for life, potentially involving personal consequences immediately and professional ones later; • To teach children to develop and preserve their intimacy. Key points to bear in mind: • A situation which starts online continues offline. • A situation which starts offline continues online. 19 CybercriminaliteEngl 1/03/12 14:39 Page 20 b. Internet and sex tourism 20 CATEGORY 1 Inappropriate, shocking or traumatizing contents Definition: Sex tourism involving children is the commercial sexual exploitation of children by one or more people travelling outside their province, region or country. Sex tourists can be nationals of the same country or a foreign country. Sex tourism constitutes an interaction between the tourist sector and sex industry. The latter directly promotes the sale of children, child prostitution and child pornography. This hidden and informal form of promotion of tourism is more difficult to eradicate. Brief description: They are “simple” tourists, seeking adventure, with strong feelings, who go abroad to satisfy their desires, their sexual fantasies, taking up practices that are new or not tolerated in their country of origin (voyeurism, exhibitionism). Distinction should be made between the occasional tourists benefiting from being alone, unknown or simply having an opportunity to establish this kind of relations, and the assiduous tourists who travel with the sole purpose of having sex with locals. Background information: • Predators sometimes seek not only sex but also power and domination; • Tour operators specialized in the promotion and sale of holidays indirectly praise the promises and potential of certain tourist destinations as regards sex; • Girls are particularly vulnerable; • The population is poor (sex is often a source of income); • Invitations to serve as a tourist guide, or to work in a restaurant. Consequences when the teenager is victim: • Hypersexuality maintained by media obsessed by sexual violence; • Suffering conducive to serious emotional, psychological and physical repercussions; • Treatment of the teenager as a sex object and as a commercial object. What should be done? • To establish information and prevention measures (sexually transmitted diseases, AIDS, sexual deviance, etc); • To raise awareness that sex tourism extends at the rate of the increase in mobility. Key points to bear in mind: • The amateurs of sex tourism are not only people having “deviant” sexual practices under normal conditions. • They cross the borders; they cross the limits… CybercriminaliteEngl 1/03/12 14:39 Page 21 c. Violent network games Definition : CATEGORY 1 Inappropriate, shocking or traumatizing contents Unlike video games, whose space is limited to a specific time, the world of network games is infinite in terms of time. The players live permanently with one another within the game and, somehow, even when they are disconnected, since their characters and installations continue to operate and can be attacked while they are not there. Brief description: Youngsters can be trapped in the cycle of cyber-dependence by means of network games. Hence, unlike console games, the player no longer controls time because the game is endless, no longer related to the “on-off ” button of the game console, but indefinitely prolonged thanks to the players who get connected worldwide, according to their own time zone. The players, after their exposure to violent games, often become more aggressive and excited. They perceive the world in a more alarming fashion. They are desensitized to violence and develop aggressive physical as well as verbal behaviors. Background information: Game which allows the following: • destruction of virtual humans by a click of the mouse; • simulation of suicide bombing; • progress towards an increasingly violent state, by shooting more quickly and increasing the number of “victims”; the player is often rewarded by scores and bonuses. Consequences when the teenager is victim: • Modification of the player's behavior; • Non distinction between game and reality and instigation of interdependence; • Promoting the social acceptance of dangerous behavior. What should be done? • • • • To ensure the implementation of age verification systems; To provide teenagers with physical leisure; To inculcate and insist on value judgments; To more closely supervise the individuals at risk, who already show addictive behavior and psychiatric pathologies.. Key point to bear in mind: • The user acts. He is not passive as it is the case when watching a film. 21 CybercriminaliteEngl 1/03/12 14:39 Page 22 d. Erotic or pornographic contents 22 CATEGORY 1 Inappropriate, shocking or traumatizing contents Definition : Most of sex-related content, encountered on the Internet, is misleading and upsetting. It sometimes presents scenes of violence and dehumanizes individuals in sexual scenes. Sometimes these images trigger strong but false ideas about the characteristics of healthy sexuality. They often undermine the concepts of intimacy or depth in personal relations and rather promote sexuality stripped of any emotional dimension. Brief description: These images, with erotic content, can be the cause of stress in certain children, whereas others never think twice about them. They sometimes expose children to novel ideas which could influence their values and their concept of healthy sexuality. Background information: • To come across erotic images; • To communicate and exchange pornographic contents. Consequences when the teenager is victim: • Increasingly seeking erotic material to satisfy their curiosity; • Access to pornographic contents which can have undesirable effects on their development; • Change of their expectations with respect to the intimacy of appearance and behavior; • Trivialization of dangerous sexual behaviors. What should be done? • To activate content filtering on the available search engines; • To sensitize children to the threats to their health (sexually transmitted diseases, exploitation); • To explain that the media project a false image of intimacy. Key point to bear in mind: • If children are sometimes unable to interpret information, they may preserve it in memory, and it comes back to their minds throughout their growth. CybercriminaliteEngl 1/03/12 14:39 Page 23 e. Child pornography Definition : CATEGORY 1 Inappropriate, shocking or traumatizing contents Child pornography is any representation, by whatever means, of a child engaged in explicit, real or simulated sexual activities, or any representation of the sexual organs of a child, for mainly sexual purposes. Brief description: The pornography, putting in scene children, is unanimously condemned and much consider that the infringements which are related to it are criminal acts. The child pornography encourages the sexual assault against a child and is often used to force children to have a sexual activity. Background information: • Dissemination of inappropriate issues or observations on sexuality; • Production of child pornography for publication purposes; • Use of special effects provided by some software programs to transform adult images so that they seem to represent children, or even create “virtual” children. Consequences when the teenager is victim: • Incitement to erotic behaviors; • Accelerating “sexualization” of children; • Influence on the values of children, their concept and behaviors with regard to sexuality. What should be done? • To sensitize teenagers to the risk of harmful effect on their normal sexual development. Key point to bear in mind: • Child pornography is never accidental. It results from a deliberate and intentional criminal act. 23 CybercriminaliteEngl 1/03/12 14:39 Page 24 f. Cyber-terrorism 24 CATEGORY 1 Inappropriate, shocking or traumatizing contents Definition : Cyber-terrorism is generally defined as the premeditated use of disturbing activities or threats against computers and/or networks, with the intention to cause social, ideological, religious and political harm or other objectives. Individuals or groups can use the anonymity offered by cyberspace to threaten citizens, specific groups (i.e. with a specific ethnic or religious background), communities and entire countries. Brief description: Cyber-terrorists are in general sub-groups of traditional terrorist groups. These sub-groups may be unstructured and made up of few individuals, working without particular organization, with few resources, little preparation, competence and strategy; or quite to the contrary may be perfectly organized, with significant resources and a precise definition of their targets and tactic. Cyber-terrorism is a condemnable gratuitous act which harms others and can victimize the perpetrator himself. Background information: • Use of a radical discourse; • Use of extremist ideologies; • Transmission of an email disseminating video clips and instructions on how to manufacture bombs; • Proliferation of images of hostage execution. Consequences when the teenager is victim: • Negative influence; • Indoctrination; • Training future terrorists or cyber-terrorists. What should be done? • To maintain a high level of vigilance; • To explain what terrorism is and condemn it; • To disseminate the culture of peace. Key point to bear in mind: • Cyber-terrorism was sometimes described as terrorism without death; however, this could escalate by taking action. CybercriminaliteEngl 1/03/12 14:39 Page 25 a. Intimidation Definition : CATEGORY 2 Traditional offenses amplified by cyberspace Intimidation is an intentional aggressive behavior, repeated in time and involving an imbalance of power or force which can cause psychologically continuous fear. It is intimidation when somebody does not stop doing or saying things to gain advantage over another person or using their capacity and authority to influence others in a prejudicial fashion. Synonyms: Blackmail, pressure. Brief description: Cyber-intimidation occurs when children or teenagers intimidate each other using the Internet, mobile phones or other cyber-technologies. Background information: • Sending malicious SMS, e-mails or instant messaging; • Publishing indecent images or messages about other people in blogs or websites; • The use of quiet calls, coarse messages spoken or threats about blackmail. Consequences when the teenager is victim: • To feel humiliated and depressed; • To be afraid, feeling insecure; • To have difficulty concentrating on school work. What should be done? • To convince the teenager to ask for assistance from his/her friends; • To convince the teenager to ask for the assistance from his/her parents or an adult whom they trust; • To encourage teenagers to have self-confidence and to remember their strengths. Key point to bear in mind: • Intimidation: Let's talk about it; it is a question of security. 25 CybercriminaliteEngl 1/03/12 14:39 Page 26 b. Threats and Insults CATEGORY 2 Traditional offenses amplified by cyberspace Definition : 26 Threats and insults can be initiated through psychological means, by an adult or peer, known or unknown to the targeted child. This can take various forms: threats or insults sent via e-mails or instant messaging. This interaction can lead, and has in fact led, to threats or real violence in physical premises. Synonyms: Dirty word, swearword Brief description: In cases of traditional intimidation, the echoed rumors do not go beyond the relatively restricted circle of the pupils of an institution, whereas on the Internet, the potential audience of such acts is almost unlimited. Moreover, it is much more difficult to write off defamatory information, which will remain on line for an indefinite duration. Personal pages and blogs are vehicles of rumors sometimes targeting classmates and teachers. Certain young internet users take action and create situations which they would not have considered in other community settings or write online things that they would never have stated in face-to-face situations. Background information: • Propagation of false rumors (sexual connections or orientations); • Posting on YouTube a video recording, conducted without the knowledge of the teenager; • Threats, insults, depredations, serious contempt of gender; • Publication of photographs of pupils with insulting or defamatory captions; • Claiming the death of a youngster. Consequences when the teenager is victim: • • • • Depression, anger or low self-esteem; Mental damage; School failure; Committing suicide because of the incapacity to bear propagated awful comments. What should be done? • Not to answer emails of threats, not to open the files attached to such emails; • To preserve the emails as evidence: soft or hard copies; • To leave the Internet environment when the situation gets problematic; • To seek help from the police force, or a lawyer to file a complaint. Key point to bear in mind: • Teenage girls are the first instigators and victims of threats, often following problems among classmates. CybercriminaliteEngl 1/03/12 14:39 Page 27 c. Identity theft Definition : CATEGORY 2 Traditional offenses amplified by cyberspace Identity theft corresponds to the temporary or permanent stealing of the identity of an existing person, through the ownership of the identifiers of the latter, which may constitute an offense. Identity theft means taking the identity of a person in order to use their rights. The usurper can, for example, pirate bank accounts, negotiate a loan, breach traffic regulations, have access to social security benefits, marry or sign a work contract. Synonyms: Identity usurpation Brief description: Identity theft is deliberately taking the identity of another person, without their consent, often with the intention of conducting a fraudulent action. The victims are often surprised, when they go to meet them in person, to realize that somebody lied to them presenting himself on the Internet under a false identity. With the advent of New Information and Communication Technologies, it is increasingly easy to have access to personal information on the Internet. Several search tools have been developed over time, which helps an ill-intentioned individual to find other information on the Internet users. Background information: • Timid or unpopular children at school are often tempted to invent a new identity in virtual communities Consequences when the teenager is victim: • Violation of their private life. What should be done? • To teach the child the importance of respecting personal information of his/her friends and upholding trustworthiness; • To convince the child to protect and safeguard his/her personal information, refusing to share them with just anyone. Key point to bear in mind: • The most vulnerable teens are those who give too many pieces of personal information on their social network account, for example. 27 CybercriminaliteEngl 1/03/12 14:39 Page 28 d. Harassment CATEGORY 2 Traditional offenses amplified by cyberspace Definition : 28 Harassment is any abusive conduct shown through behaviors, words, acts, gestures, or writings that may harm the personality, dignity or physical or psychological integrity of a person. Synonyms: Bullying Brief description: Digital harassment relates to the harassment which takes place on electronic platforms. The harassment and behaviors of similar nature are associated with the behaviors of predators on line and pedophiles, and can be associated with criminal harassment. This interaction can lead, as it does in practice, to threats or real violence in physical premises. By means of cyberharassment, young stalkers can continue their misdeeds outside the school, either anonymously or not. Background information: • Intimidation which drives the child to develop a feeling of insecurity; • Repeated use of electronic messages to make children feel that they themselves or a member of their families are threatened; • Persistence with irritating, threatening and intimidating behavior. Consequences when the teenager is victim: • Feeling of discomfort and irritation that may develop into depression; • Destabilizing anxiety. What should be done? • To build self-confidence in the child. Key point to bear in mind: • The fact that the teen does not see or know the one who bullies him/her does not make the experience less traumatizing for the teenager. CybercriminaliteEngl 1/03/12 14:39 Page 29 e. Frauds and scams Definition : CATEGORY 2 Traditional offenses amplified by cyberspace Fraud is misleading a natural or legal person, either by the use of a false name or false capacity, by the abuse a bona fide capacity, or by the use of fraudulent acts. Brief description: Fraud of all kinds, based on hoaxes, regularly circulate on the net. Some are really unacceptable such as those which ask for donating blood or body organs in emergency. Background information: • Fraud of classified ads; • Announcement of winning a large amount of money; • Fraud as to heritage; • Scam particularly with respect to young girls who wish to go abroad or to get married to foreigners. Consequences when the teenager is victim: • Loss of self-confidence; What should be done? • Never trust messages announcing you as winner; • Never send money to an unknown person via a money transfer operator. Key point to bear in mind: • I have no chance of winning; and even when I play, I have little chance of winning. 29 CybercriminaliteEngl 1/03/12 14:39 Page 30 CATEGORY 3 «Digital» offenses» a. Incitement to hatred, racism, xenophobia and Islamophobia Definition : The incitement to hatred is a threat to commit, by means of a computing system, a serious offense against a person because of their membership to a group based on race, color, ancestry, national or ethnic origin, or religion. The racist or xenophobic texts witness various degrees of complexity, ranging from explicit insult to the most subtle rhetoric. Brief description: Teenagers can be exposed to requests such as the incitement to hatred, racism, xenophobia, anti-Semitism or Islamophobia. The instrumentalization of youngsters and sectarian mental manipulation also constitute Internetborne risks. One of the aspects of xenophobia is the rise of Islamophobia and the worsening situation of Arab and Muslim minorities in the world. Background information: 30 • Propaganda of radical groups; • Dissemination of racist on xenophobic comments; • Derogatory comments on the Prophet Mohammad (PBUH) by means of verbal or written words, visible representation or insinuation, direct or indirect; • Profanation and intentional desacralization of the Holy Quran; • Attitude considered as discriminatory against Muslims. Consequences when the teenager is victim: • No distinction between the factors of race, culture and religion; • Propagation of racist and xenophobic ideas. What should be done? • To promote democratic, egalitarian and interactive multiculturalism; • To raise awareness to the promotion of legislation on ethics. Key point to bear in mind: • To promote inter-religious and inter-cultural dialog and respect for others. CybercriminaliteEngl 1/03/12 14:39 Page 31 b. Incitement to anorexia, mutilation, death and suicide Definition : CATEGORY 3 «Digital» offenses Anorexia is manifested via a desire to lose weight and a rather strong cognitive distortion of the appearance of the subject's body. The anorexic subject usually starts with a slimming diet which is transformed into pathological obsession. Mutilation, death and suicide constitute black thoughts which appear in the form of suffering or impulses, making the victim inapt for understanding. Brief description: Suicide is a decision seldom taken on the spur of the moment. During the days and hours preceding someone's suicide, precursory indices and signs can generally be detected. Mutilation is an external sign of true suffering. Background information: • Use of disconcerting verbal signs such as “I cannot continue like this”, “Nothing matters any more” or even “I have thought of putting an end to this”; • Showing a marked change of behavior, attitudes or appearance; • School failure, proximity of examination, examination result; • Existence of family precedents including suicide or violence. Consequences when the teenager is victim: • Deterioration of the structuring pillars of the personal and social life; • Deterioration or decrease in the victim's judgment capacity. What should be done? • To inform children about the seriousness of consequences; • Not to make judgments. Key point to bear in mind: • To feel rejected can lead to very serious situations. 31 CybercriminaliteEngl 1/03/12 14:39 Page 32 c. Child trafficking online CATEGORY 3 «Digital» offenses» Definition : Child trafficking is any act or transaction whereby a child is handed by a person or group of people to another person or group in return for remuneration or any other advantages. Synonyms: Sale of children Brief description: Child trafficking concerns children of the entire world, both industrialized and developing countries. Children victims of such trafficking are subjected to prostitution, forced into marriage or adopted illegally. They constitute unpaid or cheap labor, work as servants or beggars, are recruited by armed groups or are exploited in sports activities. Background information: • Request of transporting, transferring, accommodating or receiving children inside or outside a country; • Request of international adoption; 32 • Recruitment of old victims to take part in the exploitation of other children. Consequences when the teenager is victim: • Physical and/or sexual maltreatment; • Flashbacks, nightmares, panic fits, irritability and other symptoms of stress; What should be done? • To sensitize teenagers to the fact that certain people they know and trust can lure and trap them; • To make teenagers understand that they should be wary of strangers. Key point to bear in mind: • All exploited teenagers will suffer physical and/or psychological damage. CybercriminaliteEngl 1/03/12 14:39 Page 33 a. Open and non-moderate dialogs Definition : CATEGORY 4 New acquired deviant behaviors An exploration on the net, through online communities, forums and chat rooms would show that technology offers new online experiences, which seems to reorganize the practices and behaviors of individuals. Brief description: Teenagers have a passion which initially corresponds to a rationale of exhibition and exposure of intimacy in public space. Adolescent bloggers may enjoy their few moments of glory because they are visited and commented on by their peers. This appropriation can involve the deficiency of regulations, as this feeling is too often evoked to be in a virtual world. It can, indeed, be tempting for teenagers to have a large number of contacts and communicate with strangers. Background information: • Establishing contact is simple and hardly binding; • Creating pages available on the Internet free of charge; • Creating a browser, adding photographs, videos. Consequences when the teenager is victim: • Abolition or diminution of the approach common practice; • Non-regulated management of contacts and dialogs; • Addiction. What should be done? • To direct the teenager towards the use of forums supervised by a regulator. Key point to bear in mind: • Forums and chat rooms controlled by a regulator are less likely to involve missteps. 33 CybercriminaliteEngl 1/03/12 14:39 Page 34 b. Linguistic deformation and emoticons CATEGORY 4 New acquired deviant behaviors Definition : The exchanges on the Web are characterized by the fact that they result from SMS culture (Shorts Message Service), a messaging service which can transmit short text messages. The orthographic or even grammatical characteristics of the language are modified in order to reduce its length, so as not to exceed a certain number of characters or to accelerate typing. In addition, emoticons, resulting from the combination of typographical characters and/or small images, are used in the messages written using a keyboard. They make it possible to briefly represent, in writing, information comparable to a facial expression, tone of voice or oral gesture. Brief description: Most parent control software programs are established on the key words that parents enter in the base. The orthography of the words is essential. A misspelt word, an unknown abbreviation of parents or a non-indexed emoticon will pass through the net meshes without leaving of any trace. Background information: 34 • Use of a particular language during exchanges on Internet by instant messaging or email, forums and blogs, or network games; • Combination of several typographical elements and still or moving images - such as smiley « ».. Consequences when the teenager is victim: • Problem of orthography of language and difficulties in clearly expressing their ideas through words. What should be done? • To make teenagers understand that emoticons certainly convey information on their emotions, but they should always place them in the context of sentences; • To convince teenagers that they should make sure, in any exchange, they are well understood; • To convince the child to write correctly in order not to lose the mastery of language orthography. Key point to bear in mind: • Conveying a significant part of a message by a few characters or the expression of an emotion can lead to misinterpretation. CybercriminaliteEngl 1/03/12 14:39 Page 35 c. Use of pseudonyms and avatars Definition : CATEGORY 4 New acquired deviant behaviors A pseudonym (or pseudo) is a loan name whose user employs for an activity under a name other than his official identity. It is distinguished from a nickname in that it is chosen by the person who uses it instead of being assigned by others. An avatar is the computing representation of an Internet user, both in the second dimension 2D form, (forums and messaging software) or in the third dimension 3D form (video games, for example). The term “avatar” originates in the Hindu tradition, indicating the incarnation of divinity on earth. Brief description: Pseudonyms and avatars of the universe of chat rooms and discussion forums are used by the chatters and allow them to be conspicuous by creating a character, but also to eventually resort to organized anonymity. The avatar carries a physical, graphic and visual dimension which escapes pseudonyms. Background information: • Several games make it possible to simulate real-world using characters (avatars) acting in a virtual world; • It is often a black silhouette or another kind of impersonal anonymous representation showing that users did not wish “to describe themselves”. Consequences when the teenager is victim: • Projection of oneself or simple transformation of oneself fantasized, improved, exacerbated or deteriorated. What should be done? • To raise awareness to the promotion of legislation on ethics. Key point to bear in mind: • To know that legally speaking, the use of a pseudonym is usually allowed. However, the teenager should be wary of those who use pseudonyms or avatars. 35 CybercriminaliteEngl 1/03/12 14:39 Page 36 CATEGORY 4 New acquired deviant behaviors d. Non-respect of intellectual property by downloading Definition : Downloading is the operation of information transmission - programs, data, images, sounds, videos - from one computer to another via a transmission channel, in general the Internet. Downloading amounts to receiving a file that has been requested. Synonyms: Repatriation; remote data collection Brief description: Downloading hides the location of files and the transmission routes used at the remote data collection. Downloading can relate to very different files (software, music, documents, videos…). It can be free of charge, subjected to constraints or paid. It can be legal or illegal, according to the downloaded contents and the countries of origin and destination of information. The use of downloaded file is controlled by a digital management of copyright and makes it possible to define and fix a period of legal use, the number of copies of the file and the storage and reading media authorized. Background information: 36 • Illegal downloading and without authorization of music, videos or commercial software; • Marketing of downloaded files. Consequences when the teenager is victim: • Teenagers breach the copyright law, perhaps unaware of what they are doing; • They make themselves guilty of counterfeit or even concealment. What should be done? • To raise awareness to copyright laws and provide information about the serious consequences of such acts. Key point to bear in mind: • Only music files or videos legally distributed on the Internet can be downloaded. The other files constitute illicit reproductions. CybercriminaliteEngl 1/03/12 14:39 Page 37 e. Addiction to the Internet Definition : CATEGORY 4 New acquired deviant behaviors Addiction to a product is an inappropriate mode of using such product, involving a physical and psychic dependence. It is manifested by the appearance of the incapacity to manage one's own consumption (the user consumes longer or more than they wanted to) and a continuation of consumption in spite of, sometimes, the awareness of the problems it generates. Synonyms: Addict, Dependence, Intoxication to the Web Brief description: Cyber-addiction, or addiction to network games or the Internet, shows the extent to which forgetting reference to the elapsing time can be serious. Teenagers may lose the concept of duration, the desire of sleep or appetite. Young Internet users spend more time on the Net than they would think, particularly if they surf the net in the absence of their parents. Background information: • Constantly seeking to connect to the Web in order to establish communication therein; • Marked progressive increase in time spent on the net, in order to obtain satisfaction; • Appearance of withdrawal syndrome (psychomotor agitation, fantasies about the Internet). Consequences when the teenager is victim: • Forgetting reference to time; • Loss of the concept of duration, the desire of sleep or appetite; • Ocular dryness or ophthalmic migraine; • Psychic and physical imbalance. What should be done? • To explain to the teenager what addiction can do to the body and mind; • To encourage other physical leisure activities, other essential activities rather than those involving the Internet. Key point to bear in mind: • Moving from abuse to dependence is moving from the desire to the need. 37 CybercriminaliteEngl 1/03/12 14:39 Page 38 f. Smart telephones CATEGORY 4 New acquired deviant behaviors Definition : 38 Smart phones, such as iPhone or Blackberry, is a cell phone which also integrates the functions of a palm computer, offering functionalities of diary/calendar, Web surfing, consultation of mail, instant messaging, GPS, etc. Smartphone is hence a cell phone which also integrates the functions of a palmtop computer. Brief description: Smart cell phones are a gold mine of information standing by to be exploited by the cybercriminals. Based on a photo taken by a smart telephone and posted on a social network, it is possible, thanks to certain software, to obtain metadata such as the date, time and place. This strategy is called geo-localization. This does not constitute an infringement in itself, but can be used for illegal purposes, such as harassment. This phone allows the user to be not only reachable but also connected everywhere constantly. Background information: • Sending and receiving emails instantly, consulting a page of a social network constantly; • Playing poker on line on the bus; • Downloading an application, music; • Establishing direct connections with marketing or advertizing service providers while answering SMS; • Answering a maniac who can be devoted at any time to his favorite role play. Consequences when the teenager is victim: • Filmed without him/her knowing; • Harassed; • Cyber-dependant. What should be done? • To establish standards concerning the use of smart telephones and supervise cell phones as well. • To raise awareness to the need for limiting the use of these technological gadgets by inculcating the rules of decency to respect. Key point to bear in mind: • With smart telephones, the door towards the cyber-dependence becomes suddenly wide open. CybercriminaliteEngl 1/03/12 14:39 Page 39 a. Hackers Definition : CATEGORY 5 Technical threats: hackers and spam Hacking consists in obtaining unauthorized access to a computing system. Synonyms: Spy software, Spyware Brief description: Spyware, or spy software, is harmful software which transmits to third parties information contained in your computer. Spyware is often present in freeware, or shareware. By illicit access to computing systems, hackers make an improper use of the data which such systems contain. Background information: • Exploitation of security protocols badly ensured to reach a system; • Exploitation of a software or hardware fault to illegally obtain a password allowing access to a computing system; • Creation of “espionage” Internet sites designed to study the behavior of users in order to know their weaknesses. Consequences when the teenager is victim: • Loss of their data; • Impossibility of doing school work of research. What should be done? • To protect one's computer against illicit accesses by anti-viruses or firewall. Key point to bear in mind: • Security devices, though they can reduce the risks, are not infallible and should regularly be updated. 39 CybercriminaliteEngl 1/03/12 14:39 Page 40 b. Virus CATEGORY 5 Technical threats: hackers and spam Definition : 40 A computer virus consists of an undesirable program installed in users' computer without their knowledge. Its lines of instructions show it how to act, multiply and contaminate other programs and computers. It is a program that can spread to other computers, forming part of legitimate programs called “host”. It is characterized by the presence of mechanisms of propagation, release, and action. In general, it is developed with the intention to harm. Synonyms: Malicious software Brief description: Each time the program is activated, the virus follow suit and it can damage the system. Viruses can also reproduce when the program is executed. In addition to reproducing, a virus can carry out other actions which can be harmful to the user of the infected computer or other users connected by network to the infected computer. Certain viruses (malware) are not detected by anti-virus programs. Background information: • The viruses of boot hides in the starter sector of the disc which is read at the start of the computer; • Application viruses infect executable files (.exe, .com, .sys, .inf, .dll, .vbs, etc); • Macro viruses are accommodated in the macros of office automation software such as Word or Excel; • Email viruses disrupt emails; • Viruses contaminate the hard drive of the computer as well as the other data carriers such as USB key-drive or external hard drives. Consequences when the teenager is victim: • Having their site paralyzed; • Destruction of their hard drive, loss of their data. What should be done? • To make sure of the installation of an antivirus program, before installing downloaded software; • To be wary of the executable files if their origin is unknown (for example .exe); • To regularly safeguard one's data on a USB key drive or any other storage device. Key points to bear in mind: • Never click on a link inserted in an email or an executable file. • It is better to turn to a search engine to find the official site required. CybercriminaliteEngl 1/03/12 14:39 Page 41 c. Computer worms Definition : CATEGORY 5 Technical threats: hackers and spam A computing worm is an auto-reproducer program, placed in the random access memory of the computer, which, in the majority of the cases, does not modify the repertories of the hard drive. It is propagated while being forwarded to other computers of the network.. Brief description: Unlike viruses, the worms are autonomous entities. They do not stick to files or programs and are able to propagate and duplicate on their own without contaminating the host program. One of the ways they propagate consists in dispatching to all the correspondents registered in an address book. Such worms can cause major damage, absorbing the resources of various systems and submerging the Internet.. Background information: • The worm is a program which is spread by email, benefitting from the faults of messaging software; • As soon as a worm infects a computer, it tries to infect other computers by sending itself to addresses contained in the address book of the infected computer. Generally, the recipient is not wary of the message, because it comes from a known person. Consequences when the teenager is victim: • Deceleration of its infected machine; • PComputer crash of services or operating system of the machine; • Impossibility of using their computer properly. What should be done? • To use an antivirus, a software program that detects viruses, destroy, quarantine and sometimes repair the files infected without damaging them. Key point to bear in mind: • The very light weight of worms enables them to be propagated at such an impressive speed over a network that they can overload it. 41 CybercriminaliteEngl 1/03/12 14:39 Page 42 d. Trojan horses CATEGORY 5 Technical threats: hackers and spam Definition : 42 A Trojan horse is a harmful computer program, though it looks legitimate. It presents itself in a benign form, but it comprises a harmful routine executed without the authorization of the user. A Trojan horse is not a virus, because it cannot reproduce. Synonyms: Trojan, malicious program Brief description: Trojan horses can appear as a game or any program which can be joined to an email. Trojan horse is an executable program; that is, if it is doubleclicked, for example, the program is launched. When it is executed, a Trojan horse can erase directories or open a “backdoor” to the computer, hence making it possible for some actors to be introduced therein and take the control of the system. These intruders can then copy and erase files, use the computer as a starting point to pirate others. Background information: • Often, it is a little game or a utility program; • It is often available on the links of a pirated page or on a banner devoted to this activity; • Downloading free programs and the division of programs or other files are the major sources of spreading Trojan horses; • It is also very frequent in certain types of emails; • It is generally installed when one reaches a contentious site (pornographic, peer-to-peer, etc). Consequences when the teenager is victim: • To suffer aggravating and undesirable effects; • To suffer hacking of their personal data. What should be done? • It is possible to manually remove the malicious program. One can conduct a search for all the files with the extension .tmp. Key point to bear in mind: • It is necessary to always think twice before clicking on an unknown link. CybercriminaliteEngl 1/03/12 14:39 Page 43 e. Spam Definition : CATEGORY 5 Technical threats: hackers and spam Spam represents any sending of messages in mailing-lists, newsgroup or personal electronic mailboxes, in order to “perform advertizing”, without any prior request. Synonyms: un-solicited junk emails, junk email, junk-mail Brief description: The word “junk email” is of common use, while “junk-mail” is more rarely used (rather reserved to the context of the discussion forums and groups of the new Usenet). It became a vehicle to commit offenses such as the propagation of viruses, fraud or the identity theft. Background information: • To write to an unknown person to ask him to go and visit a Web site; • To conduct advertizing (commercial or not) on forums. Consequences when the teenager is victim: • Overloading of their e-mail boxes; • Pollution of their e-mail boxes and/or computers; • Fraud and scam. What should be done? • Not to give your address email without knowing how it will be used; • To read the conditions of use and notes on the respect of private life on the Web sites before giving them your address. Key point to bear in mind: • Spammers do not observe any ethics and breach our right to private life. 43 CybercriminaliteEngl 1/03/12 14:39 Page 44 f. Fraud by phishing CATEGORY 5 Technical threats: hackers and spam Definition : 44 The fraud by phishing indicates the attempt to fraudulently possess sensitive data (passwords, for example). It has recourse to manipulating users in order to lead them to reveal the required data or the codes which will then make it possible for pirates to reach such data. Synonyms: Phishing scam, Phishing Brief description: Phishing has recently become a major infringement in cyberspace. It hinges on a technique which consists in not exploiting the computing fault but the “human fault” by deceiving Internet users by means of an email seeming to come from a trustworthy company, typically a bank or a business site. The email sent by these pirates steals the identity of a company (banks, ebusiness site, etc) and tries to update information in a form of a fake Web page, a true copy of the original site, under the pretext, for example, of an update of the service, an intervention of customer support, etc Background information: • Invitation to be connected on line by means of a hypertext link; • Email seeming to come from a trustworthy company; • Mail asking you to update, validate or confirm the information of your account, otherwise, the consequences could be annoying; • Mail which announces upsetting or exciting news and requires an immediate answer under a false pretext. Consequences when the teenager is victim: • Swindled because they provided, by the trick, personal sensitive information. What should be done? • Not to click directly on a link contained in an email, but open a navigator and type oneself the email address to access the relevant service; • To be wary of the emails or text messages in which you are asked to at once provide personal or financial information. Key point to bear in mind: • Thanks to your personal information, swindlers can access your personal email account, and dissimulate criminal activities. CybercriminaliteEngl 1/03/12 14:39 Page 45 g. Cookie files Definition : CATEGORY 5 Technical threats: hackers and spam A cookie file is a tiny text file saved on the hard drive by a Web page server which is used as an identity card and cannot be executed as a code, nor can it be carrying viruses. It belongs to you exclusively and can be read only by the server which initially gave it to you. Synonyms: Web cookie, Cookies Brief description: It allows the user to be monitored when he has visited several sites. It is neither spy software nor a virus, although a cookie coming from certain sites is detected by several antivirus software programs. Background information: • A cookie can be used for authentication, a session (maintenance), or to store specific information on the user, such as the preferences of a site or the contents of an electronic purchase basket; • Purchase baskets of stores or sites which require connection using identifiers (user and password). Consequences when the teenager is victim: • Thanks to cookie files, Web sites can preserve the information relating to the user. What should be done? • To adjust the parameters of your navigator so that it accepts all cookie files, or it notifies you whenever a cookie file is offered to you; • To make sure that your navigator allows the possibility of accepting or rejecting cookies. Key point to bear in mind: • Beware; total rejection of cookies makes certain sites unusable. 45 CybercriminaliteEngl 1/03/12 14:39 Page 46 CybercriminaliteEngl 1/03/12 14:39 Page 47 CHAPTER 2 CHALLENGES FOR HEALTH AND PROTECTION: ROLE OF TECHNOLOGY AND EDUCATORS CybercriminaliteEngl 1/03/12 14:39 Page 48 CybercriminaliteEngl 1/03/12 14:39 Page 49 1. Teenagers and cybercrime Generally, cybercrime is defined as the entire set of infringements made via computing networks or communication networks. The development of manners and techniques generates new forms of delinquency. The latter can have consequences on a larger scale than in the past, insofar as it is no longer confined to specific geographical space, crisscrossing national borders. Blackmails, threats and the will to use the means offered by technology to appease one's desires has become possible, where the usual rules of social relations no longer seem to be sufficient to ensure respect for others. Certain young Internet users take action and create situations which they would not have considered in other living environments. Traditional intimidation would cease once the teenager is at home, while cyber intimidation extends his ordeal, infiltrating in his private life as well. The fundamental distinction is the permanence of victimization and the disproportionate impact on those who are subjected to it. 2. Impacts on youngsters' health Several impacts on the health of cybercrime victims are identified [7]: a. Absence of otherness The desire of teenagers to be “with their kin” is built on the recognition of the same pleasure of sharing identical values and tastes. This phenomenon supposes the capacity to establish social links with his fellows, while admitting a more or less marked otherness with social environment in its diversity and difference, particularly for a teenager in the eyes of the world and adults' point of view. The absence of otherness from the Net is expressed in two ways: first by a technology that allows simple and fairly easy contact; then by the priority given to the desire to exchange information on the identity of the Internet user. Wishing to join the community of a forum or a chat room is more crucial than giving one's real name, age or gender. Hiding or changing one's identity is often part of the game, before being truly a strategy of approaching the other or getting round a relational difficulty. The reciprocity of the dissimulation act itself is not always perceived by youngsters. 49 CybercriminaliteEngl 1/03/12 14:39 Page 50 b. Internet, indicator of malaise Adolescence is a period of life during which youngsters often seek to free themselves from their parents, and move away from the images that the latter convey. Hence, when reality is perceived as disappointing, youngsters can seek stimulation via the Internet and become cyber-dependant. Lonely children, who are bored or live in families where nobody takes care of them after school, are certainly the most vulnerable. In addition, a compulsive use of the Internet can be symptomatic of other problems, depression, anger or low self-esteem. Hence, timid or unpopular children at school are often tempted to invent a new identity in virtual communities. Teenagers assiduously attend chat rooms, forums, blogs, not hesitating to entrust interlocutors hidden behind pseudonyms with what they do not dare to reveal to their parents. c. Modified sense of time Carried away by the continuous slide of surfing, the Internet user can forget the traditional time reference marks. The loss of the concept of duration, the desire of sleep and appetite are the most visible symptoms of this new sense of time shown by teenagers. d.Anonymity conducive to running away 50 Simple in its implementation and protective in its procedure, online communication makes it possible to break free from the usual codes and rules of any exchange with others. Anonymity, pseudonyms, impersonal addresses, absence of reproach and sanction in the event of language abuse are the characteristics of this new mode of communication. Anonymity as well as the ease of contact, authorized by the Internet, present the risk, now proven, for a child to be approached by an adult for a physical meeting. Moving from one extreme to another, such anonymity, instead of helping them, insolates them even further. Dialog with the family can then be completely broken. e. Addictive behaviors Spending too much time surfing the Net is not in itself a problem. It is possible, initially, to consider that such excessive aspect is the simple expression of a passion, as it is the case for leisure, a hobby, or media, as long as this does not deteriorate the structuring pillars of the player's personal and social life. CybercriminaliteEngl 1/03/12 14:39 Page 51 However, the number of people showing addictive behaviors seems to increase. It is advisable to take account of the conditions involving psychic and physical imbalance of players towards cyber-dependence and of the conditions jeopardizing their social situation. The criteria of Internet dependence can be summarized as follows: • progressive increase of time spent online in order to obtain satisfaction; • access to the Internet conducted longer and more often than desired initially; • the desire or efforts to control connection time are in vain; • devotion of most activities to what involves the Internet, to the detriment of other leisure or even essential activities; • negligence of time for sleeping, eating, social life, work for the benefit of the time spent on the Internet; • appearance of withdrawal syndrome. 3. Some technical and technological tools for the protection of the child against cybercrime threatsé The use of the services of access supplier and a software program of parental control is a useful protection measure for the child to surf the Net [7]. a. Filtering and parental control software These software programs make it possible to prevent access to contents unsuited to children on the Web. They serve as a “filter” by authorizing access to the pages considered as inoffensive, but block the sites which may shock the child. Black lists To block access to inappropriate contents, parental control software uses two major methods: filtering by URL list (Uniform Resource Locator) and filtering by key word. The most popular method, filtering by list, operates with a database of un-recommended sites. Also called “black lists”, these bases contain addresses of sites classified according to various topics. Hence, when the child wishes to visit a Web page, the site URL is initially compared with the prohibited URLs entered in the black list of the software. If the relevant address belongs to the un-recommended sites, the child cannot reach it. 51 CybercriminaliteEngl 1/03/12 14:39 Page 52 The disadvantage of this type of system lies in the need for conducting very regular updates. Moreover, the language used is an important criterion in the choice of software because, if this one blocks a word in French, it may not block it if it is entered in English; hence protection can be easily by-passed. White lists It is also possible for parents to use the navigator, the filtering tool suggested by Internet Explorer. This is a system entitled “access control” filtering inappropriate contents: parents create lists of authorized sites and the sites to be blocked. The use of Internet navigator as a filtering tool can be only a partial solution, since it only takes into account the contents of Internet sites and not the other channels such as instant messaging and peer-to-peer software. b. Changing technological environment 52 In view of the multitude of software programs offered on the market, it is very difficult for parents to choose one. During the discussions conducted by the child on forums, chat rooms or instant messaging, there exist software programs which prohibit the child from conveying words or personal information prohibited by the parents, which deliver warning messages reminding the child, restrictions programmed by parents to ensure protection while surfing. Moreover, parents can consult, as it is the case for many other tools of parental control, the child's browsing history. Certain software programs are not reliable enough, either because they identify only a restricted number of sites, conversely retain too much thereof, or because they are tiresome for parents to install or too easy to deactivate by the child. In fact, there is no perfect software in spite of technological advances. As regards filtering, it is impossible for a mailing list to be at the same time relevant and exhaustive in a perennial fashion. Moreover, apparently inoffensive sites can be blocked by excessively strict filtering. Certain software of parental control is decontaminated very easily while using, for example, the function of removal “Add/Remove program” or by a simple keyboard shortcut, even a box to be unchecked. Result, an alert children would quickly understand how to bypass this control tool, without their parents knowing. Some simple ways also make it possible for youngsters to easily bypass certain filtering software programs. Hence, “anonymity servers” or “anonymizers” are used as a shield between the computer of the Internet user and the visited site. The latter cannot determine who you are, as no CybercriminaliteEngl 1/03/12 14:39 Page 53 address or personal data may appear. In fact, the desired page is posted in that of the anonymizer and can be consulted by the child beyond control. No technical solution could replace parental presence and communication between educators and children, regardless of their age. Further, it can be reassuring, for certain parents, to be equipped with control tools, though they remain imperfect, supplementing dialog with the child. It is hence necessary that the various actors continue to help parents to select the best tools, paid or free, that they can use. Generally, access rules to the Internet should be sufficiently flexible to be revalued if need be, and result from a mutual trust between teenagers and adults without generating any confusion of roles: neither excessive control, nor carelessness on part of adults, and sense of responsibility on the part of the teenager, including the control of costs and browsing time. 4. Role of educators Parents have a right and a duty of authority with regard to their children, and they are entrusted with a common educational mission. Education consists more largely of the transmission of knowledge and values and the implementation of the pedagogical means suitable to train and develop the future citizen and the future parent, namely the child. It aims at equipping the child with the knowledge and practice of the customs of society. Traditionally shared by parents and school, educational responsibility visà-vis children, now involves a growing number of social and cultural authorities. The media also play an important educational role. These authorities all interact more or less deeply and more or less sustainably in the education of children and youngsters. Technically speaking, youngsters have a better knowledge of the Internet than adults and often use it in a different way. Parents and educators often feel overtaken and always do not seek, consequently, to understand what their children do on the Web. Beyond the technological aspect, parents know little about the daily uses of youngsters, particularly as to the interactive aspect (use of chat rooms, discussion forums, instant messaging, etc). Parents and educators should be introduced to the Internet, through training sessions, to remedy the feeling of incompetence generated by the difficulty of using such media properly. They should be convinced that though they not make use of the Internet as well as children, they still can give pertinent advice to the latter. They are responsible for not only supervising and managing their children's activities on line, but also teaching them how to become confirmed, informed and responsible Internet users. 53 CybercriminaliteEngl 1/03/12 14:39 Page 54 There is a need to involve educational adults, specifying at an early stage the importance of establishing a good discipline as to the durations devoted to multi-media. These durations can certainly increase as the child grows, but parents should keep a true control, as long as they are not sure that the youngster can manage alone. The absence of parents while the child is discovering the Internet can also have consequences on understanding reality and its differentiation with the virtual world. As part of guiding the child by his parents right from the early stages of life, it is essential to teach the child the difference between reality and fantasy even if it is important to preserve his capacities of imagination. Parents and educators have a role to play via enacting rules and limits as to surfing the Net. . 54 CybercriminaliteEngl 1/03/12 14:39 Page 55 CHAPTER 3 INTERNATIONAL AND REGIONAL APPROACHES TO CHILD PROTECTION CybercriminaliteEngl 1/03/12 14:39 Page 56 CybercriminaliteEngl 1/03/12 14:39 Page 57 1. Approaches of child protection The Convention on cybercrime is the major international framework available, which covers all relevant aspects of cybercrime. In addition to the international organizations that work at the global level, several regional organizations promote the issue of cybercrime by setting up work groups in charge of working out plans for the fight against cyber-offenses. An overview of the major international and regional approaches is outlined below [8]. a. International Telecommunications Union (ITU) World Summit on the Information Society (WSIS) (Geneva 2003 - Tunis 2005) [1], [5], [6] recognizes the real and significant risks posed by an insufficient cyber-security and a proliferation of cybercrime. At the Summit, leaders and governments of the world appointed ITU as coordinator of the implementation of the major action line C5 of WSIS, “Building confidence and security in the use of ICTs”. At the second co-ordination meeting, concerned with the major action line C5 of WSIS, in 2007, ITU Secretary General underlined the importance of international cooperation in the fight against cybercrime and announced the launching of ITU Global Cyber-security Agenda. This Program comprises seven strategic goals and hinges on five strategic pillars, relating particularly to the development of strategies for the development of a standard legislation on cybercrime. The seven goals are the following [5]: • Elaboration of strategies for the development of a model cybercrime legislation that is globally applicable and interoperable with existing national and regional legislative measures. • Elaboration of global strategies for the creation of appropriate national and regional organizational structures and policies on cybercrime. • Development of a strategy for the establishment of globally accepted minimum security criteria and accreditation schemes for hardware and software applications and systems. • Development of strategies for the creation of a global framework for watch, warning and incident response to ensure cross-border coordination between new and existing initiatives. • Development of global strategies for the creation and endorsement of a generic and universal digital identity system and the necessary organizational structures to ensure the recognition of digital credentials [for people] across geographical boundaries. 57 CybercriminaliteEngl 58 1/03/12 14:39 Page 58 • Development of a global strategy to facilitate human and institutional capacity building to enhance knowledge and know-how across sectors and in all the above-mentioned areas. • Proposals on a framework for a global multi-stakeholder strategy for international cooperation, dialogue and coordination in all the above-mentioned areas. These seven objectives hinge on five pillars 1) Legal framework, 2) Technical and procedural measures, 3) Organizational structures, 4) Capacity building and 5) International cooperation. The pillar of “Legal framework” of the Global Cyber-security Agenda concentrates on how to face, in a compatible way at the international scale, the legal problems posed by the criminal activities committed on TIC networks. The pillar “Technical and procedural measures” is interested in the key measures aiming to promote the adoption of improved approaches, particularly the mechanisms, protocols and accreditation standards, to reinforce risk and security management in cyberspace. The pillar “Organizational structures” relates primarily to the prevention of cyberattacks, their detection, the interventions to be carried out against such attacks and the management of crises which they trigger, including the protection of the essential information infrastructures. The pillar “Capacity building” is devoted to the development of strategies aimed at developing capacity building mechanisms in order to sensitize stakeholders, transfer know-how and encourage the taking account of cyber-security in the national political programs. Finally, the pillar “International cooperation” concentrates on co-operation, dialog and coordination at the international scale in the fight against cyber-threats. Action line C10 of WSIS “Ethical dimensions of the Information Society” [5] stipulates that the Information Society should be subject to universally held values and promote the common good and to prevent abusive uses of ICTs. These recommendations are as follows: • Take steps to promote respect for peace and to uphold the fundamental values of freedom, equality, solidarity, tolerance, shared responsibility, and respect for nature. • All stakeholders should increase their awareness of the ethical dimension of their use of ICTs. b. Group of eight (G8) In 1997, G8 created the “Subcommittee on High-tech Crimes”, responsible for the issues of the fight against cybercrime. At their meeting of Washington D.C., the United States, Ministers of Justice and Ministers of Interior of G8 adopted ten principles and a ten-point action plan to fight high-tech crime. These principles stipulate in particular that there should CybercriminaliteEngl 1/03/12 14:39 Page 59 be no safe haven for those who exploit information technologies for criminal purposes. The investigations into high-tech offenses at the international level and the prosecution of the perpetrators should be coordinated by all the States concerned, regardless of place of the damage. The law enforcement staff should be trained and equipped to face cyberoffenses. In 1999, at a ministerial conference on the fight against transnational organized crime, held in Moscow, Federation of Russia, the heads of G8 specified their plans concerning the fight against cyber-offenses. They expressed their concern about crimes (particularly child pornography) and the traceability of transactions. At the practical level, the work of expert groups led to the establishment of a global contact network. The countries taking part in this network were committed to providing, for transnational investigations, accessible contact points permanently. In 2000, at their conference held in Paris, France, G8 concentrated on the problem of cybercrime and called for the prevention of digital safe havens. In 2001, at the workshop organized in Tokyo, G8 examined procedural instruments for the fight against cybercrime. The issue was whether it was necessary to impose obligations of data conservation or data filing was another possible solution. In 2004, G8 Justice and Interior Ministers published an official statement announcing the need for developing the means, at the global level, to combat the exploitation of the Internet for criminal purposes. G8 once again noted the Convention of the Council of Europe on cybercrime. At the Moscow meeting in 2006, G8 Justice and Interior Ministers examined several points on the fight against cybercrime and cyberspace, particularly the need for improving countermeasures. The issue of cyberterrorism was also tackled at the G8 Summit of Moscow. In 2007, at the meeting of G8 Justice and Interior Ministers in Munich, Germany, the question of the exploitation of Internet for terrorist purposes was examined. The participants agreed to declare a criminal offense the exploitation of the Internet by terrorist groups. In 2011, the E-forum in Paris focused on the issue of protecting copyrighted material on the Internet, involving governments which have a role to play in the protection of copyright and intellectual property. c. United Nations At the Eighth United Nations Congress on the Prevention of Crime and Treatment of Offenders (held in Havana, Cuba, 27 August to 7 September 59 CybercriminaliteEngl 1/03/12 14:39 Page 60 1990), the General Assembly of the United Nations adopted a resolution on the legislation on cybercrime. In 1994, on the basis of Resolution 45/121 (1990), the United Nations published a manual on the prevention and control of cybercrime. In 2000, the General Assembly adopted a resolution on the fight against the exploitation of information technologies for criminal purposes, similar in certain aspects to the ten-point action plan adopted by G8 in 1997. In this resolution, the General Assembly counts several measures aiming to prevent the abusive exploitation of information technologies. In 2002, the General Assembly adopted another resolution on the fight against the exploitation of information technologies for criminal purposes. This resolution outlines the various approaches existing at the international level to combat cybercrime and proposes several solutions. In 2004, the United Nations created an anti-phishing working group, concerned with cybercrime and other issues relating to the Internet, underlining thereby their will to take part in the international debates underway on cyber-threats. Moreover, in 2004, the United Nations Economic and Social Council adopted a resolution on international cooperation as regards prevention, investigation, prosecution and sanctions against fraud, abuse and identity falsification for criminal purposes as well as related infringements. 60 At the 11th United Nations Congress on crime prevention and criminal justice, held in Bangkok, Thailand, in 2005, a statement was adopted, which underlines the need for harmonization as regards the fight against cybercrime. In 2007, the Council adopted a resolution on international cooperation as regards prevention, investigation, prosecution and sanctions against economic fraud and identity-related crime. These two resolutions do not explicitly deal with infringements related to the Internet, but they also apply to such infringement. In 2011, cybercrime was part of the agenda of a UN meeting on the prevention of crime [9]. According to United Nations Office on Drugs and Crime (UNODC), cybercrime is today in full expansion, but the volume of traffic on the Internet and the sophistication of methods used by cybercriminals make it impossible to precisely evaluate the benefit generated by these organizations and the losses caused to private companies. More alarming, however, for the Director of the U.N agency are the sex-related crimes committed against children. “Serious offenses are committed - often in front of a parent; the Web literally opens a door in your house and your children can let criminals get in”, he explains. “In the virtual world of the Internet, youngsters are particularly vulnerable, CybercriminaliteEngl 1/03/12 14:39 Page 61 and can get in contact with adults who seek to establish friendly relations with them by participating in platforms, forums, social networks or online games, with a view to committing sexual abuses. The ill-treatment of children constitutes a serious international crime and requires intensive and concerted co-operation; that is the development of cyber-ethics and cybersecurity”. Currently, a project of ESCWA (United Nations Social and Economic Commission for Western Asia) is interested in a regional strategy as regards legislations in cyber space. One of the main objectives of the project is to produce models for cyber-legislation in ESCWA member countries, encouraging the regulation of cyberspace structures in the Arab area. d. Council of Europe The Council of Europe, created in 1949, gathers 46 countries, primarily on the issues of human rights and democracy. In 1976, the Council of Europe underlined the international character of cyber-offenses and examined this issue at a conference relating to the various aspects of economic criminality. In 1985, the Council of Europe appointed a committee of experts in charge of examining the legal aspects of cybercrime. In 1989, the European Committee on criminal problems adopted the “report on computer-related crime”, which analyzes the basic legal provisions in criminal law necessary to set up to combat new forms of electronic infringement, including electronic fraud and falsification. In 1995, the Committee of Ministers adopted a recommendation dealing with the consequences of transnational cybercrime. Appended to this recommendation is a summary of the guiding principles on the development of adapted legislative measures. In 1996, the European Committee on Crime Problems decided to create a committee of experts in charge of cybercrime. Between 1997 and 2000, the Committee held ten plenary sessions and fifteen meetings of its drafting group with unlimited participation. The assembly adopted the draft convention at the second part of its plenary session of April 2001. At the signing ceremony held in Budapest on November 23rd, 2001 [1], thirty countries signed the convention, particularly four non-member States of the Council of Europe, which took part in the negotiations: Canada, the United States, Japan and South Africa. In 2007, within the framework of its approach aiming to improve the protection of minors against sexual exploitation, the Council of Europe introduced a new convention. On the first day of opening for signature, twenty-three States signed the Convention for the protection of children. 61 CybercriminaliteEngl 1/03/12 14:39 Page 62 One of the key objectives of this convention is the harmonization of criminal provisions aimed at protecting children against sexual exploitation [3]. For this purpose, the Convention integrates a set of criminal provisions. In addition to the criminalization of sexual abuses against children (Article18), it contains a provision on the exchange of child pornographic contents (Article 20) as well as a provision on the solicitation of children for sexual purposes (Article 23). The Convention on cybercrime was followed of a first additional protocol. During the negotiations on the text of the convention, it appeared that the criminalization of racism and the dissemination of xenophobic contents were particularly polemical issues. Certain States, equipped with a strong legislation in favor of the protection of freedom of expression, expressed their concern and indicated that they could not sign convention if the latter included provisions running counter to this principle. These questions hence were the object of a separate protocol. By October 2008, twenty States had signed the additional protocol and thirteen had ratified it. 62 By April 2009, forty six States had signed the Convention on Cybercrime and twenty-five had ratified it. Certain countries, particularly Argentina, Pakistan, Philippines, Egypt, Botswana and Nigeria, already worked out certain parts of their legislation in conformity with the Convention. Hence, although these countries have not signed the Convention yet, they support the process of harmonization and standardization wanted by its drafters. This Convention is recognized today like an important international instrument of the fight against cybercrime. Several international organizations support it. Convention on Cybercrime of the Council of Europe is the only international instrument concerning the issue of cybercrime. It is used as guidelines for any country developing an exhaustive legislation on cybercrime, as well as a framework for international cooperation against cybercrime among States. The Convention is supplemented by the Additional Protocol on the incrimination of acts of racist and xenophobic nature made by means of computing systems. The United Kingdom transmitted the instrument of the ratification of the Convention on Cybercrime on May 25th, 2011. The Convention came into force in the United Kingdom on September 1st, 2011. 31 States are now parties to the Convention. Finland ratified the Additional Protocol relating to the incrimination of acts of racist and xenophobic character (20 May 2011, Strasbourg). The Council of Europe supports the European countries in the implementation of the European and international standards in the area of the fight against organized crime through technical cooperative projects. They are financed by the ordinary budget of the Council of Europe, as well as external contributions by other international organizations. CybercriminaliteEngl 1/03/12 14:39 Page 63 e. European Union The European Union, created in 1957, gathers 27 countries, primarily on economic and political issues. As regards penal legislation, the scope of competence of the European Union is limited. It can harmonize the criminal national legislations only in specific cases, particularly the protection of financial interests of the Union and cybercrime. In 1999, by adopting the Communication of the European Commission entitled “eEurope 2005 - an information society for all”, the European Union launched the “eEurope” initiative. In 2000, the European Council adopted a global “eEurope action plan” and expressed its intention to implement it before the end of the year 2002. In 2001, the European Commission published a communication entitled “Creating a Safer Information Society by Improving the Security of Information Infrastructures and Combating Computer-related Crime”. In this communication, the Commission analyzes and endeavors to solve the problem of cybercrime, by particularly underlining the need for an effective action to fight the threats which weigh on the integrity, availability and operational security of information systems and networks. Moreover, in 2001 the Commission published a communication on the “Security of networks and information”, which analyzes security issues in networks and proposes strategic guidelines for action in this field. As regards the fight against cybercrime, it is agreed that the harmonization of legislations is a key component of all the projects undertaken within the Union. In line with such strategy, in 2002 the Commission presented a proposal for “Decision-framework on the attacks targeting information systems”. The Decision- framework, noting the Convention of the Council of Europe on cybercrime, concentrates on the harmonization of the basic provisions in criminal law aiming to protect the infrastructure elements (illicit access to information systems, prejudice to system integrity, prejudice to data integrity, obligation of data conservation). In 2007, the Commission published a communication entitled “Towards a general policy on the fight against cybercrime”. This communication reviews the progress achieved and stressed the importance of the Convention of the Council of Europe on cybercrime as a major international instrument of the fight against cybercrime. In 2008, the European Union started discussions on a draft amendment of decision-framework on the fight against terrorism. In the introduction of the draft amendment, the European Union states that the existing legal framework applies criminal penalty against assistance or complicity and 63 CybercriminaliteEngl 1/03/12 14:39 Page 64 incitement, but not the dissemination of terrorist know-how on the Internet. Through this project, the European Union aimed at bridging the gap and bringing national legislations closer to the Convention of the Council of Europe for the prevention of terrorism. The Member States were held to criminalize the publication of instructions on the use of explosives when this information was intended to be used for terrorist purposes. The digital strategy for Europe, adopted in 2010, stressed the importance of confidence and security and insisted on the need, for all Member States, to pool their efforts to establish effective and coordinated mechanisms conducive to meeting new increasingly sophisticated threats to computer security. On September 30th, 2010, the Commission presented a proposal on a new mandate aiming to reinforce and modernize the European agency in charge of the security of networks and information. f. Organization for Economic Co-operation and Development (OECD) In 1983, OECD launched a study on the possibility of international harmonization of criminal law in order to face the problem of cybercrime. 64 In 1985, a report was published containing an analysis of the legislation in force at the time as well as proposals to combat cybercrime. It recommended to the States considering the criminalization of a minimal list of infringements, particularly computing fraud, computing falsification, modification of programs and computer data and interception of communications. In 1990, the Committee for Information, Computer and Communications Policy (ICCP) set up a group of expert in charge of develop a set of guidelines governing information security, which were adopted by OECD Council in 1992. To combat such threats, the States decided to describe these malicious acts and take action against such acts in various ways. With the international level, there was definition of the minimal core of the computing infringements having to enter the pillar of the national criminal legislations. In OECD Member States, in the last twenty years, there has been an evolution of the legislation on computing infringements and data protection. The guidelines on the fight against cybercrime were reviewed in 1997, subsequently updated by a second group of expert set up by ICCP in 2001. In 2002, a new version entitled “OECD guidelines governing the security of systems and information networks: towards a culture of security” was adopted as recommendation of OECD Council. These guidelines contain nine complementary principles (Awareness, Responsibility, Response, CybercriminaliteEngl 1/03/12 14:39 Page 65 Ethics, Democracy, Risk Assessment, Security Design and Implementation, Security management, Reassessment). In 2005, OECD published a report in which it analyzes the effects of phishing on developing countries. This report shows that spamming is a problem much more serious in developing countries than in Western countries, because the resources are limited and more expensive in the former. As a follow-up to the request for the Group of strategic planning of the Executive Office of the Secretary General of the United Nations concerning the development of a comparative statement of internal legislative solutions as regards the use of the Internet for terrorist purposes, in 2007, OECD published a report on the legislative treatment of “cyberterrorism” in States' national legislation. On January 17th, 2011 OECD published an analysis on the risks and impact of cyber-attacks. The published report presents a history of the phenomenon, a statement of risks and a set of recommendations to the States. It particularly advises States to improve their own security system in a field which concerns civil security as well as military defense. It also suggests establishing public-private partnerships and the development of international cooperation in this field. The major recommendation was considering that the fight against cybercrime was not limited to the implementation of technical resources, as well as research work and education as to such risks. g. Asia-Pacific Economic Cooperation (APEC) In 2002, APEC leaders published the Statement on Fighting Terrorism and Promoting Growth with a view to adopting global legislations on cybercrime and capacity building as to the investigation on cybercrime. They are committed to do the following: • strive to adopt a complete set of laws on cyber-security and cybercrime, in conformity with the provisions of international legislative instruments, particularly Resolution 55/63 (2000) of the General Assembly of the United Nations and the Convention of the Council of Europe on Cybercrime (2001); • identify national units of the fight against cybercrime and the international contact points likely to offer assistance in the area of high technology, and to establish these resources, insofar as they do not already exist, before October 2003; • set up bodies which assess the threat and vulnerability, and exchange their information (response teams in the event of computing emergency) before October 2003. APEC leaders supported closer co-operation of the agents involved in the fight against cybercrime. 65 CybercriminaliteEngl 1/03/12 14:39 Page 66 In 2005, APEC organized a conference on the legislation on cybercrime, whose main objectives were to promote the development of full legal frameworks to combat cybercrime, help law enforcement bodies to face the problems arising from state-of-the-art technologies and technological advances and promote co-operation between the services of investigation on cyber-offenses in the entire area. APEC Telecommunications and Information Working Group played an active role aimed at upgrading cyber-security. The working group expressed its position as to legislation on cybercrime, with reference to international approaches of the United Nations and the Council of Europe. The statement published by APEC-TEL Ministers meeting held in 2008 in Bangkok, Thailand, stresses the importance of sustaining collaboration against cybercrime. h. Commonwealth of Independent States 66 The Commonwealth of Nations (name given since 1947), was created in 1835 at the beginning in the United Kingdom, from the association of former colonies. At the end of November 2009, the Commonwealth counts fifty four Member States, three of which were never under the British crown (Mozambique, Namibia and Rwanda) and another only by mandate in the United Kingdom and UN on a small portion of its territory (Cameroon). The originality of the Commonwealth lies in its organization: Member States are united by their shared interests, but are autonomous. They are bound by no treaty and can remain neutral when any of them is involved in a conflict. Aware of the increase in cybercrime, Commonwealth Ministers of Justice decided to mandate a group of experts to develop a legal framework for the fight against this plague based on the Council of Europe Convention on cybercrime. This will of harmonizing legislations within the Commonwealth of independent States is explained inter alia by the fact that in the absence of such approach, it would have been necessary to conclude at least 1.272 bilateral treaties to govern international cooperation in this regard. The group of experts presented its report and recommendations in March 2002. The Draft Model Law on Computer and Computer Related Crime was presented the same year. The standard law is in conformity with the standards defined by the Convention on cybercrime, because it contains specific instructions and hinges on the recognition of the Convention as an international standard by the group of experts. CybercriminaliteEngl 1/03/12 14:39 Page 67 i. Arab League and Gulf Cooperation Council (GCC) At present, GCC gathers six states of the Gulf: United Arab Emirates, Bahrain, Saudi Arabia, Oman, Qatar and Kuwait. Several States of the Arab area have already taken national measures and adopted a plan for the fight against cybercrime, or currently strive to develop legislation on such matter. It is particularly the case of Jordan, United Arab Emirates, Tunisia, Egypt and Morocco. At a conference in 2007, the Gulf Cooperation Council recommended to its Member States the adoption of a joint approach taking account of international standards. The 27th Session of the Council of Arab Ministers of Interior took place on March 16th and 17th 2010 in Tunis, in the presence of the Ministers of Interior of Arab States, high level security delegations and representatives of the United Nations, Arab League, Gulf Cooperation Council, Arab Maghreb Union, Arab Labor Organization, Nayef University of Security Science and Arab Police Sports Union. The issues tackled included the fight against illicit use of narcotics and psychotropic substances, terrorism, corruption, money laundering, cybercrime and the fight against transnational organized crime, as well as a second draft of step-by-step plan for the implementation of the Arab strategy of civil protection and civil defense. j. Organization of American States (OAS) Since 1999, OAS has actively strived to solve the question of cybercrime in the area. The Organization held several meetings within the framework of the mandate of Ministers of Justice or Other Ministers or Attorneys General of the Americas (REMJA). In 2000, the Ministers of Justice or Ministers or public prosecutors of Americas addressed the issue of cybercrime and adopted several recommendations. Reiterated at the meeting of 2003, these recommendations require Member States to support the development of the inter-American strategy for the fight against the threats which weigh on cyber-security, assess the opportunity of implementing the principles contained in the Convention of the Council of Europe on cybercrime (2001) and consider the possibility of joining such convention. At their fourth meeting, the Ministers of Justice or Other Ministers or Public Prosecutors of Americas recommended to the States, within the framework of the activities of OAS working group, as a follow-up to REMJA recommendations, mandating again the governmental group of expert on cybercrime to ensure the follow-up of the implementation of the recommendations developed by this group and adopted by REMJA-III. 67 CybercriminaliteEngl 1/03/12 14:39 Page 68 The Ministers of Justice or Other Ministers or Public Prosecutors of Americas held meetings in April 2006 and April 2008. The recommendations were to continue strengthening co-operation with the Council of Europe so that OAS Member States can consider applying the principles of the Convention of the Council of Europe on cybercrime, to join this Convention and adopt the legal and other measures necessary to its implementation. In the same way, it was agreed to continue the efforts aiming at reinforcing the mechanisms of information exchange and cooperation with other organizations and international institutions in the area of cybercrime, particularly the United Nations, the European Union, AsiaPacific Economic Cooperation Forum, OECD, G8, Commonwealth and Interpol, so that OAS Member States can benefit from the advances achieved in these forums. k. United Nations Educational, Scientific and Cultural Organization (UNESCO) Information and Communication Technologies (ICT) constitute an increasingly important tool of learning and teaching. UNESCO recognizes that ICT can contribute to a multitude of questions related to education: universal access, equity, practice of quality learning and a teaching, professional development of educators and the implementation of more effective management, governorship and administration of education. 68 As a leading institution of distance learning, UNESCO [10] was committed to helping its Member States to exploit the potential of ICT to achieve the goal of quality education for all. The Web site on ICT in education was created in order to provide countries with resources and advice, for them to develop policies, strategies and activities relating to ICT in education. The new Web site on ICT in education gathers and identifies resources and toolboxes on policies, teacher training, access to life-long learning opportunities, distance learning, free educational resources and the use of ICT for educational administration and management, all developed by UNESCO and its partners. The Web site also provides an inventory of projects in progress on ICT in education as well as a number of contacts which can provide further information. The world network of UNESCO offices, institutes and partners provides resources to Member States for them to develop their policies, strategies and activities relating to ICT in education. Particularly, the Institute of Information Technologies in Education (IITE), established in Moscow, is specialized in information exchange, research and training relating to the integration of ICT in education, whereas UNESCO Office in Bangkok is strongly involved in the use of ICT in education in Asia and the Pacific. CybercriminaliteEngl 1/03/12 14:39 Page 69 l. Islamic Educational, Scientific and Cultural Organization (ISESCO) Within the framework of the implementation of its “Strategy for the Development of Communication and Information Technologies in the Islamic World”, adopted by the 5th Islamic conference of the Ministers of Culture, [12] ISESCO has implemented several programs to activate four spheres of activities of the aforesaid strategy, namely capacity building of the human resources operating in the field of ICT in Member States, reinforcement of the role of these technologies in national development, production of better digital contents reflecting the cultural diversity of Member States and the promotion of the ethical and cultural aspects of ICT. Within the framework of sensitizing Member States to the need for developing educational information through the traditional and electronic communication tools, ISESCO took part in the organization of the “First International Forum on Media and Information Literacy”, held at the School of Humanities at University Sidi Mohammed Ben Abdallah, Fès, on 15-17 June 2011, with the participation of the Research team on popular communication tools, affiliated to this University and with the co-operation of UNESCO, Arab Bureau of Education for Gulf States and the delegation of the Alliance of Civilizations. The works of this forum focused on the adequate legal, organizational and pedagogical means to integrate specific courses on the techniques of information and communication in pre-university curricula. Parallel to these activities, ISESCO and UNESCO held an advisory meeting of experts to study the methodology project for the benefit of teacher-trainees as to the use of ICT for educational purposes. Within the framework of its Three-year Action Plan (2010-2012) [12] and its Medium-term Plan (2010-2018), [13] in co-operation with '' Munaddamat Al-Da'wa Al Islamiya '', ISESCO held in Niamey, in January 2010, a regional conference on “the promotion of co-operation among African States to establish a society of information and communication”. This conference underlined the need for establishing, under the supervision of ISESCO, an institutional mechanism targeted at sharing expertise among African States as regards studies, national strategies and plans for financing ICT projects. In February 2010, ISESCO took part in an international symposium in Tunis on “Youth in cyberspace: legal protection and ethical limits”. The participants examined the legal and cultural problems relating to the use of the Internet in general and cybercrime in particular. The latter suffers a deficit at the level of the legislations governing it. Following this meeting, 69 CybercriminaliteEngl 1/03/12 14:39 Page 70 “Tunis Call for action 2010 for the protection of youngsters in cyberspace” was launched, hinging on several principles: • Intensification of campaigns through which the civil society and all stakeholders target sensitizing youngsters ; • Establishing mechanisms of technology watch likely to ensure the follow-up of all forms of ethical transgressions; • The fight against cybercrime, cyber-terrorism, radical movements via the Internet and all forms of moral and sexual abuse affecting youngsters of the world; • Prosecuting whoever commits any abuse against young people of the world through the Internet, whatever the form of such abuse. 70 In September 2011, in Marrakech, in co-operation with the ministries of Justice and Youth and sports of Morocco, ISESCO held a national conference on “The protection of young Moroccans against cybercrime”. The conference examined the major criminal and legal risks to which youngsters can be exposed during the daily and illegal use of the Internet. The recommendations of this meeting particularly insisted on the importance of the introduction of a world operational system in the area of cybercrime in order to attenuate such risks, within a framework of international cooperation. This conference also recommended the implementation of lawful measures sanctioning the various acts contained in international convention on electronic communication (Budapest Convention 2001). In October 2011, in Amman, upon the invitation of the School of Law at the University of Jordan and the Observatory for Cyberspace Security, ISESCO took part in the Second Regional Arab Congress on the security and protection of cybernetic space. This meeting particularly examined the issues below: • challenges of cyber-security and protection of cyberspace; • economic and social repercussions; • electronic governance and the need for the protection of information and systems; • the roles of global and sectoral public policies, private sector, international and regional organizations as well as civil society in raising awareness to the importance of security and protection of cyberspace; • the risks to which children and teenagers are exposed on the Internet; • the adoption of an Arab platform reporting the ethical criteria on the use of the Internet. CybercriminaliteEngl 1/03/12 14:39 Page 71 This conference was attended by experts and research professors in the field of computing, representatives of national and regional organizations, representatives of private companies specialized in NICT in the Arab world. ISESCO representatives presented a contribution relative to their efforts as to the implementation of the strategy for the development of ICT in the Muslim world. In November 2011, in Nouakchott, ISESCO, in co-operation with UNESCO Rabat-Office, held a meeting of experts on “Ethical and cultural dimensions of the information society between the freedom of expression and the respect of human rights”. The participants stressed the importance of the ethical and cultural dimension and the need for respecting the legal limits of freedom of expression in close relationship with human rights and the ethics of the information profession, recognized in international charters and declarations. In the last five to six years, some Arab countries obtained satisfactory results in the area of ICT. Most Arab States show an increasingly significant interest in the various initiatives of technology and increase the creation of opportunities for research and development, benefiting their social and economic environment by creating new employment opportunities. A regional initiative relates to the creation of a “Computer Emergency Response Team” at the level of OIC for its 57 Member States (OIC-CERT: Computer Emergency Response Team: institution affiliated to OIC), to face the risks against the computer security. Countries such as Tunisia, Saudi Arabia and Oman have already implemented national CERTs. Qatar, Egypt and Morocco planned the establishment of CERTs as a priority in their agenda. For other countries, the creation of a legislative structure of regulation in the area is a prerequisite for the creation of CERTs. The countries which established national CERTs decided to coordinate with regional CERTs with a view to sharing points of view and good practices. At the regional Workshop on “Policy Advocacy and Capacity Building in Child Online Protection for the Arab region” in Muscat, Oman, 30-31 October 2011, recommendations were made and approved by ITU. 71 CybercriminaliteEngl 1/03/12 14:39 Page 72 CybercriminaliteEngl 1/03/12 14:39 Page 73 RECOMMENDATIONS Individual: • Interest that parents could assign to the games of their children and encourage the latter to take up activities other than the Internet, particularly sports; • Moderation of dialog more systematically by people accustomed to being in contact with youngsters; • Non replacement of listening to a close relative, a friend, a parent or a professional by the Internet; Institutional: • Installation of software filtering or blocking of illegal contents by Internet access providers; • Making available to minors, by the managers of cybercafés, reserved stations equipped with filters; • Implementation of awareness campaigns for users, including parents and teachers; • Integration in constitutions the prevention, identification, prosecution and repression of the persons charged with acts related to child trafficking, child prostitution, pornography and pedophile tourism; • Development and implementation of a special criminal law in order to protect children against all cybercrimes; • Involvement of telecommunication operators in an efficient and effective way in the fight against cybercrime, by providing technical and financial resources to ensure the secure use of their products; • Development and implementation of codes of ethics by ICT companies 73 CybercriminaliteEngl 1/03/12 14:39 Page 74 within their internal structure and in the operations of their companies, based on the recognition of the rights of children; • Fight against illegal contents by establishing hot lines allowing the public to notify illegal contents and transmit the relevant information to the organization that can take action. 74 CybercriminaliteEngl 1/03/12 14:39 Page 75 BIBLIOGRAPHY [1] «Convention sur la Cybercriminalité», Conseil de l'Europe, Budapest, 23 novembre 2001. [2] «Cybercriminalité: enjeux, sources de données et faisabilité de recueillir des données auprès de la police», Centre canadien de la statistique juridique, No 85-558-XIF au catalogue, 2002. [3] «La Convention Internationale du Conseil de L'Europe sur la Cybercriminalité avant son Entrée en Vigueur», Développements Juridiques, e.Bulletin du droit d'auteur janvier - mars 2003. [4] «L'internet et les drogues: risques et enjeux de la cybercriminalité à l'éducation préventive», Lutte contre le dopage, Vers un instrument juridique international, Mise en réseau de l'information dans le domaine de l'éducation préventive contre l'abus de drogues, Revue Peddro n°7, éditée conjointement par l'UNESCO et la Commission Européenne Juin 2003. [5] «Déclaration de principes Construire la société de l'information: un défi mondial pour le nouveau millénaire», Sommet Mondial sur la société de l'information, Genève 2003-Tunis 2005, Document WSIS03/GENEVA/DOC/4-F, 12 mai 2004. [6] «Agenda de Tunis pour la Société de l'information», Sommet Mondial sur la société de l'information, Genève 2003-Tunis 2005, Document WSIS05/TUNIS/DOC/6-F, 18 novembre 2005. [7] «Protection de l'Enfant et usages de l'Internet», Ministère des Solidarités, de la Santé et de la Famille, Délégation interministérielle à la famille, Conférence de la famille, France, 2005. [8] «Comprendre La Cybercriminalité: Guide pour les Pays en Développement», Division applications TIC et cyber-sécurité, Département des politiques et stratégies, Secteur du développement des télécommunications de l'UIT Projet de document - avril 2009. 75 CybercriminaliteEngl 1/03/12 14:39 Page 76 [9] «La cybercriminalité au centre d'une réunion de l'ONU sur la prévention du crime», Centre d'Actualités de l'ONU, dépêches du service d'information des Nations Unies, avril 2011. [10] «L'UNESCO lance un nouveau site Web sur les TIC dans l'éducation», Le magazine en ligne des TICs en Afrique et dans le monde, 3 juin 2011 (http://pcafrique.wordpress.com). [11] “La Stratégie de développement des TIC dans le monde islamique”, adoptée par la 5ème Conférence islamique des Ministres de la Culture, Tripoli, 2007. [12] “Plan d'Action triennal (2010-2012)”, Rapport ISESCO, 2010. [13] “Plan à Moyen Terme (2010-2018), Rapport ISESCO, 2010. 76