Locus delicti (the location of the offense).
Computer crimes are unique in that they can be committed across international borders with relative ease. Before the use of computers, most crimes would occur in the same physical location as the individual committing the crime. This would make matters of determining jurisdiction a lot simpler. So then the question becomes what is the best way to handle these trans-border crimes.
Obliviously, if all nations could agree on what is considered a crime offense then determining jurisdiction might be somewhat easier. However, computer-based crimes are very complicated. Additionally, not all people see right from wrong in the same way. This is where international cooperation comes into effect.
Crimes that can be committed with out the use of computers but are perpetrated with the use of a computer are fairly easy to deal with such as identity theft or forbidden materials/information. There is precedence already associated with these crimes, so therefore there is some mechanism in place to effectively deal with them. But what about a virus or DDoS attack aimed at taking down a country’s data infrastructure as the recent claims by Estonia as made against Russia. What about tax evasion? Different countries see that very differently. Should the crime be determined on a countries vital interest? Then the question becomes what is vital to them may not be vital to us. Economic interests for sure… and that to a certain degree can be clear defined.
The ‘non bis in idem’ rule (Not twice for the same).
Many crimes such as a computer virus can have effects in multiple jurisdictions at the same time. So the question then becomes which jurisdiction has the right to try the individual. SPAM and other Internet drive scams that are aimed at parting an individual from their money. These can all take place at the same time and in different parts of the world. How will we effectively deal with that situation?
One of the things that I found interesting was extradition. The act committed needs to be a crime in both the country requesting extradition as well as the country granting the request. This to a certain extent can be agreed upon. Many states will perform their own investigation before handing an individual over to the requesting jurisdiction. With the instantaneous nature of computers and data, evidence can disappear before the investigation has even been finished.
So who determines which state is the most aggrieved?
The Hague Service Convention makes it possible for different countries to cooperate with one another. Currently there are 67 signers to this agreement. Currently, there are 194 recognized countries in the world, 192 of them part of the United Nations (Vatican City and Taiwan being the exceptions). Unfortunately the vast majority of countries are not signers of the Hague Service Convention. More traditional but slower ways of dealing with the countries are possible through the use of a Letter Rogatory or Letter of Request. The US Department of State does not recommend going this route because of the time it takes to complete the process. Lastly there is international comity that can be seen as a form for courtesy/reciprocity between countries. This is often applied to the rules governing extradition.
Exclusive and concurrent jurisdiction
What is really important to note is that concurrent jurisdiction allows the parties to maneuver each other into a jurisdiction where they believe the laws are more likely to result an outcome in their favor. Things like the Hague Service Convention and the U.N.’s Manual on the Prevention and Control of Computer-Related Crime all try to minimize this type of shopping for a favorable forum. Unfortunately this again calls into question what one society/state thinks are wrong and the level to which they think the crime infringes on its society.
