Due to the Internet’s ubiquitous nature, cyber crimes do not have territorial limits. A perpetrator can execute a cyber attack impacting one or multiple countries simultaneously. A hacker can use computers and networks as tools, targets, or as a facilitator for traditional crimes. They can also use these IT systems as a place for criminal activity, for example, hosting child sexual abuse material (CSAM) content. This article looks at essential provisions from laws of various countries and what they say about the extent of extraterritorial jurisdiction.

Existing Provisions

In India, Section 75 of the Information Technology Act, 2000, gives the courts extraterritorial jurisdiction to entertain offences committed outside the Indian territory. This provision makes the nationality of the person committing the act immaterial. However, it specifies that the act or conduct involves a computer, computer network, or computer system in India.

Section 15.1(b) of the Australian Criminal Code Act 1995 allows the Australian courts to try offences that affect Australia, even if they are conducted outside the country’s territory. While hearing a stalking case, the Victorian Supreme Court held that Australian courts had the power to try the accused for offences even if one of the ingredients of the offence occurred in Canada.

In Libman v. The Queen (1985), the Canadian Supreme Court upheld the appellant’s conviction on fraud charges even though the impact was in the United States. The court noted that jurisdiction applies to an act that affects a place, either wholly or partly, or where the act occurred entirely or partially or where any part of the act occurred. On the other side, the United States has numerous laws, such as the Computer Fraud and Abuse Act (CFAA), Espionage Act, and Wiretap Act, that allow the prosecution of cyber crimes with a substantial connection to the US, irrespective of the perpetrator’s location.

Section 9 of the Computer Misuse Act 1990 extends the jurisdiction of the courts over cyber crimes committed outside the United Kingdom. However, the courts must see that the act has a significant link to the UK or should target UK citizens or infrastructure. The UK has also signed the EU’s Budapest Convention on Cyber Crime. This convention requires signatory states to cooperate in cyber crime investigations and prosecutions, including extraditing suspects or gathering evidence abroad.

Chinese laws allow the government to prosecute individuals beyond its territorial jurisdiction. While the country has not signed any international agreement regarding international cooperation in cyber crime investigations, it has bilateral agreements with several countries, including Russia, Singapore, France, South Korea, and Brazil. The specific terms and scope of the agreement vary based on partner countries and their legal systems.

In Russia, the Federal Law on Information, Information Technologies, and the Protection of Information 2006 governs the country’s cyber space. It allows the government to prosecute individuals surpassing the territorial jurisdiction of Russia. While the country is not a signatory to the Budapest Convention, it has tried to propose multiple treaties on cyber crime at the UN over the years. The United States and the European Union opposed Russia’s 2019 proposal, citing the lack of human rights protection.

EU member states such as France and Germany are signatories to the Budapest Convention. France incorporates the idea of international cooperation in cases related to cyber crimes. Germany’s laws do not explicitly mention extraterritorial jurisdiction; however, it has cooperation treaties with multiple countries.

Japan, through the Act on Prohibition of Unauthorized Computer Access, 1999, regulates criminal offences in cyberspace. This act has no provision limiting its jurisdiction to only Japanese citizens. It allows for a holistic view and gives scope for broader interpretations. Moreover, the act’s provisions can be interpreted to prosecute individuals even for cyber crimes committed outside the Japanese territory. Japan is also a party to the EU’s Budapest Convention, making it responsible for international collaboration.

In Israel, the Computers Law 1995 is not limited in its applicability to Israeli citizens only. The government can prosecute individuals for crimes committed outside the country’s jurisdiction. Israel is also a party to the Budapest Convention, making international cooperation in cyber crimes obligatory.

Budapest Convention: A step in the right direction?

EU’s Budapest Convention on Cyber Crime came into effect in 2004. It is a treaty binding on signatories and open to all UN states. As per the convention’s preamble, the treaty’s aim is to:

“pursue, as a matter of priority, a common criminal policy aimed at the protection of society against cyber crime, among other things, by adopting appropriate legislations fostering international cooperation.”

The convention defines a wide range of cyber crimes, including illegal computer access, computer fraud, and data theft, among others. It also underlines the importance of cooperation between signatories in investigating cyber crimes. It requires the investigation agencies to share their intel with other agencies and emphasises mutual assistance. However, the signatory states can include clauses defining circumstances for refusing cooperation in their domestic legislation. While countries like the US and the UK are parties to the convention, countries like India, China, and Russia have yet to become parties to this, citing national security reasons.

Resolution 55/25 brought the UN Convention against Transnational Organized Crime into effect in 2003. Although it is not a treaty specifically designed to address cyber crimes, it obliges the signatories to make laws against transnational crimes. Cyber crimes are a significant chunk of these transnational crimes that this treaty seeks to address.

Conclusion

The discussion so far highlights the absence of international consensus over the jurisdiction in cyber crime cases. The ever-expanding cyber space presents an opportunity to the perpetrators to exploit it. In cases of the transnational nature of cyber crimes, escape has become easy due to a lack of international cooperation. Even when a country brings a domestic law granting extraterritorial jurisdiction to its courts, the lack of cooperation makes such laws impossible to implement. There is an apparent need for a comprehensive and binding international framework. However, such a framework would face the obstacle of having an overarching effect on the countries’ sovereignty and their power to make their own laws.

To envisage a secure tomorrow, you need a secure present. As we envision the future, we must ask ourselves how to ensure a secure cyber space? This question prompts us to reflect on the urgency of enhancing international cooperation and implementing measures to safeguard individuals from the evolving complexities of cyber crimes.