Cybercrime jurisdiction

The principles that govern a sovereign’s exercise of jurisdiction to prohibit conduct and to sanction those who violate such prohibitions are well-established as to conduct occurring in the real, physical world. These principles evolved over the last several millennia, as law increased in sophistication and life became more complex. Real-world crime is, almost exclusively, a local phenomenon; the perpetrator(s) and victim(s) are all physically present at a specific geographical point when a crime is committed. The principles that govern the exercise of criminal jurisdiction are therefore predicated on the assumption that “crime” is a territorial phenomenon. Cybercrime makes these principles problematic in varying ways and in varying degrees. Unlike real-world crime, it is not physically grounded; cybercrime increasingly tends not to occur in a single sovereign territory. The perpetrator of a cybercrime may physically be in Country A, while his victim is in Country B, or his victims are in Countries B, C, D and so on. The perpetrator may further complicate matters by routing his attack on the victim in Country B through computers in Countries F and G. The result of these and other cybercrime scenarios is that the cybercrime is not committed “in” the territory of a single sovereign state; instead, “pieces” of the cybercrime occur in territory claimed by several different sovereigns.