Spammers, phishers escape proper punishment
Little guidance for judges on how to set cyber-crims straight
Customer Success Testimonial: Recovery is Everything
Australia has no data describing the sentences imposed upon criminals convicted of crimes enabled by phishing and similar scams and no guidelines for sentencing such crimes, leaving Judges with little guidance to fashion effective and appropriate punishments.
That's the thrust of a paper from the Institute of Criminology, Sentencing scammers: Law and practice.
The paper considers only consumer frauds, but does cover “money transfer requests; banking, credit card and online account scams; golden investment opportunities and health and medical scams,” all of which are common crimes generated by unsolicited email. The research goes on to note that “there are no comprehensive data available in Australia on sentencing practices in relation to those convicted of carrying out a scam” and therefore little chance of assessing their effectiveness.
Judges therefore apply general sentencing principles when punishing scammers, considering if sentences are proportional, likely to act as a deterrent and/or punishment, and taking into account the magnitude of the crime and the criminal's intentions and culpability in each matter.
The research also notes that it is hard to know if Australia's different jurisdictions sentence scammers consistently. It also queries whether, in light of recent cases, sentences are sufficiently flexible to offer judges options that allow a response to particular crimes.
The research concludes that:
“What is required now, however, is greater guidance for criminologists and legal practitioners about how sentencers do and should respond to such cases. Research is therefore required on the types of sentences currently imposed in consumer fraud cases, including any jurisdictional variation.”
Further, the research points out, the UK has recently developed a fine model for sentencing fraudsters, and therefore recommends that:
“In light of the paucity of research and clear guidance in Australia this area, it may be of benefit for Australian researchers, policymakers, practitioners and judicial officers to collaborate in developing guidelines such as those [from the UK] ...in order to promote consistency of approach in similar cases.”
But the research also says that while “a harmonised approach is particularly desirable, given the likely inter-jurisdictional nature of the offences” the need to tailor sentence for such crimes means it is “undesirable to set down any prescriptive mandatory minimum sentences.” ®
COMMENTS
At the risk of being seen as a heartless barsteward...
Villain X decides to run a scam that cons elderly couple A & B out of their retirement savings of $Q00,000.
Why should the sentence be any different to what would be given from the bench if X had held up a store/bank/broken into their home and taken the $Q00,000?
It's premeditated robbery no matter which way you look at it.
Needless to say, IANAL.
UK Model
In the UK, the theory is a crime committed online is no different to a crime comitted offline.
In practice, it seems to depend more on the size of your pockets, and your relationship with the party of Government.
In that respect, Australia is already 'aligned' with the UK, I'm told.
Re: "... effective and appropriate punishments."
Whilst I cannot agree with your punishment prescription, it must be recorded here that I too began receiving phishing emails ( purportedly from Westpac bank, ANZ bank, Paypal and some most definitely from 419ers) since *ahem* this site's inadvertent, accidental and hopefully never-to-be-repeated release of subscriber addresses a while back. My response has been to forward the offending emails to the security wonks at the falsely represented organizations ( usually spoof@ etc.) and to blacklist the source. The flow, never more than trickle-ish, is steadily diminishing. Well done, those security wonks, I say.
To whichever reader(s) passed my address on, a pox on you, btw.
IT infrastructure monitoring strategies
What you need to know about cloud backup
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Customer Success Testimonial: Recovery is Everything
