“Legislators dictate the law enforcement response to any

activity; thus we must understand how and why some

crimes are classified…”

(Holt, Burruss & Bossler, 2015, p. 6)

 

Cybercrime legislation in Ireland is still at its infancy and needs an effective consistent constitution and framework. Though crime deters societal and economic growth, the definition, impact measurement and response to cybercrime has been difficult and needs further investigation. Cybercrime can be briefly understood as a crime using and targeted against computers but it requires legal recognition and this research questions how to approach cybercrime in Ireland. 

​

Effectiveness of current legislation

Although there are current laws in Ireland used to defend against cybercrime

e.g., Computer Misuse Act 1990, Information Technology Act, the Criminal Justice Act 2011 – “serious and complex offences” and the new GDPR 2016/2018 [amongst others], they have been used inconsistently and public awareness remains low. Cybercrime is cheap to carry out, on a larger scale with poor measurement tools to evaluate the cost to society compared to traditional cirmes. Although linked with computer use, cybercrime has physical real world consequences and legislation cannot ignore pervasiveness of cyberspace which is often influenced by traditional crime.  Legislation can be rushed, helping business growth rather than crime regulation, doesn’t deal with all instances, can have ambiguous definitions, have issues of jurisdiction and international exceptions. There remains low education in relevant security sectors in an area that is dynamic and fast moving involving under reporting, low funding resulting in a stigmatisation in the public to security policies/legislation. Under themes of 'data access' and 'harmful communications', this research identifed four pieces of Irish legislation an anaylsed their effectiveness and relevance with regard to current psychological and legal research:

1. Criminal Damage Act 1991

2. Criminal justice (Theft and Fraud Offences) Act 2001

3. The Criminal Justice (Offences Relating to Information Systems) Act 2017

4. Harmful Communications and Related Offences Bill 2017 [Third Stage]

​

Defence vs prevention

Current cybercrime legal models often focus on defence rather than predictive action which results in prosecution difficulties. The impact of cybercrime today has been primarily in the IT sector to create technology with a “privacy by design” focus. However, there still remains human error with public misconceptions of cause and consequence of actions online. This creates a never ending circle of defending against cybercrime with higher more sophisticated software against further higher more sophisticated methods of cybercrime. It is important to understand the ‘human aspect’ of technology use and the behavioural theories that may lead to increased cybercrime victimisation with particular focus on risk taking and awareness of computer use in cybercrime.

​

What about security professionals?

This research will focus the impact of current legislation in legal proceedings and job efficacy in legal, law enforcement and security job sectors who all work towards public safety. It reviewed themes such as education and awareness, jurisdiction, reporting and accountability. An important implication of legal efficacy is public trust where public engagement and partnership is required for support in reporting, information gathering and resource allocation. It is important to remember that via the Rational Choice Theory; a victim will only report or trust in the legal system if s/he believes it is beneficial to her/him to do so. As well, the legal system requires reporting of crimes to gain a further understanding of an issue and thus creates a cyclical nature of trust and police/legislative effectiveness. However, limits remain in levels of professional legislative awareness, cultural norms to legislative effectiveness, lengthily court and legal administrative reaction times and limits in current defensive technology and increased data processing quantities.

Therefore, this research has interviewed 17 digital security professionals in their experiences with cybercrime and thematically analysed their main concerns with legislation identified in the figure below.

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

 

 

 

 

 

 

 

 

 

 

 

 

​​Who is responsible?

Legislative limits have created new norms of lay policing online. Victims may report to the site host or administrator instead of the police. This also highlights issues of jurisdiction with increased supervision of online activities remain in Western countries creating a loophole or safe haven for cybercriminal activity in other countries.  Cybersecurity is recommended to have a central governance to manage the dozens of government initiatives and legal frameworks already in place to protect against cybercrime which are all needed to cover many jurisdictions. However, many disparities emerge in work resources, education and management across these working groups and jurisdictions.

​

What can research do?

Over all, this research will recommend gaps in legislation and legal system yet to be addressed in the area of cybercrime legislation. It will aim to understand how security practitioners and legislators deal with cybercrime legislation in Ireland today.

​

Research model

This research utilised investigation methods in psychological and social sciences and applied it to a legal field extending socio-legal studies and jurisprudence research to the cyber field for the first time in an Irish context. Law in no way compulsory and relies on communication of societal meanings i.e., what is legal and illegal and the result being “law’s reproduction of meaning”. Therefore, law is seen as an illustration of meaning derived from culture and society, i.e., law is culturally constructed, defined and changes with time. As Law and society are interlinked and not separate entities that coincide together, it is integral to understand how the legal meaning of cybercrime was constructed to improve further legislation following a  social constructionist approach of qualitative thematic analyses.

​

Publications

• Friend, C. (2021). An investigation into the difficulties and obstacles of Irish legal history: Intent to Harm or Lawful excuse other psychological factors in Irish cybercrime legislation. Dublin Law and Politics Review.

• Friend, C, Bowman-Grieve, L, Kavanagh, J and Palace, M (2020) Fighting Cybercrime: A Review of the Irish Experience. International Journal of Cyber Criminology, 14 (2). pp. 383-399.

​

​​Conferences presented at

Psychological Society of Ireland Early Graduate Group 2017

• Title: Investigation into the difficulties, obstacles and history of the Irish legal system dealing with emerging cybercrime cases

The Irish Postgraduate Criminology Conference (IPGCC) February 2017

• Title: Investigation into the difficulties, obstacles and history of the Irish legal system dealing with emerging cybercrime cases

Irish Association of Law Teachers November 2017

• Title: Investigation into the difficulties, obstacles and history of the Irish legal system dealing with emerging cybercrime cases

Irish Postgraduate Conference November 2018 [poster]

• Title: An investigation into the Irish legal approach and reactions to emerging cybercrime regulation and related technology use.

Dublin Law and Politics Review Conference March 2019

• Title: An investigation into the Irish legal approach and reactions to emerging cybercrime legal accountability

The 19th Annual Conference of the European Society of Criminology Ghent, Belgium September 2019 [abstract accepted]

• Title: How legislation deals with emerging cybercrime: An Irish digital security perspective

The 2nd annual Conference on the Human Factor in Cybercrime, Netherlands October 2019 [abstract submitted]

• Title: How legislation deals with emerging cybercrime: An Irish digital security perspective