AI as a target and tool for crime
AI systems, like other information technologies, can both be a target of, and tool for, criminal activity. Infecting an autonomous driving system with AI malware exemplifies both dimensions, but they also occur independently from one another.
AI-targeted crime need not be perpetrated by means of a computer. As researchers have shown, simple manipulations of physical street signs can fool AI vision systems. Vulnerabilities inherent in AI systems deployed prematurely in ever more important domains are exacerbated by insufficient computer and network security.
AI as a tool for crime is also broader than what is usually understood as cybercrime. AI systems can for instance enable or speed up preparatory acts involving data analysis, with the actual offence being committed by humans, such as kidnapping a high-value target identified through AI. Nonetheless, in many instances AI enables automation of much of the human labor required by traditional crime and thus dramatically increases the potential scale of attacks.
Treaty landscape
The need for international cooperation in the fight against computer-related crime has long been recognized. In addition to a number of non-binding cooperation frameworks and many bilateral channels, five treaties have been adopted by regional organizations to address this need.
Regional conventions
Overview
| Adoption | Organization | Title |
|---|---|---|
| 2001 | Council of Europe | Convention on Cybercrime |
| 2001 | Commonwealth of Independent States | Agreement on Cooperation in Combating Offences related to Computer Information |
| 2010 | Shanghai Cooperation Organization | Agreement on Cooperation in the Field of International Information Security |
| 2010 | League of Arab States | Arab Convention on Combating Information Technology Offences |
| 2014 | African Union | African Union Convention on Cyber Security and Personal Data Protection |
Among these, the most widely ratified treaty is the 2001 Budapest Convention on Cybercrime.1 It was elaborated within the Council of Europe (CoE) framework, but with active participation of non-member states from the outset.2 More on this below.
Other regional treaties have a much smaller geographical scope, and the African Union Convention is not in force yet. An in-depth analysis and comparison of regional treaties can be found in the Comprehensive Study on Cybercrime (Draft–February 2013) of the UN Office on Drugs and Crime (UNODC).
Budapest Convention on Cybercrime
Budapest Cybercrime Convention (adopted 2001, in force 2004)
Data last updated: 2023-02-22, CSV, Source: CoE
As can be seen from this map, thus far 68 states have become party to the Convention, and the growth rate outside the CoE area is accelerating.
While universal ratification may be out of reach for political reasons, one of the main aims of this treaty is the harmonization of domestic substantive and procedural criminal law as a pre-condition for more effective international cooperation given dual criminality requirements.3 As the most well-known international convention on cybercrime, it may achieve this aim even without formal global participation, simply by serving as a model instrument. The above-mentioned Comprehensive Study on Cybercrime among others have documented the global influence of the Budapest Convention on treaties, non-binding cooperation mechanisms and national laws. Thus, it is worth looking at the key provisions to assess its relevance for both AI-targeted and AI-enhanced crime.
AI-targeted crime: articles 2-6
Articles 2-6 of the Convention define offences against the confidentiality, integrity and availability of computer data and systems.
The notion of ‘computer system’ is defined in a relatively technology-neutral way as ‘any device or a group of interconnected or related devices, one or more of which, pursuant to a program, performs automatic processing of data’ (art 1(a)). ‘Computer data’, in turn, is construed broadly as ‘any representation of facts, information or concepts in a form suitable for processing in a computer system, including a program suitable to cause a computer system to perform a function’ (art 1(b)).
AI applications can fall under both definitions, depending on how central their role is in the computer system. If the entire computer system is AI-driven, such as an autonomous delivery drone, or swarm of drones, then the hindering of the AI component’s proper functioning could qualify as system interference under article 5, rather than, or in addition to, data interference under article 4.
Data interference refers to intentional unauthorized4 ‘damaging, deletion, deterioration, alteration or suppression of computer data’ (art 4(1)), and parties may require that the conduct result in serious harm (art 4(2)).
System interference is the intentional ‘serious hindering without right of the functioning of a computer system’, either via data interference as defined in art 4(1), or by inputting or transmitting computer data, such as in denial-of-service attacks.5
In line with the preventive approach of the Convention, illegal access to computer systems and illegal interception of non-public transmissions of computer data to, from, or within computer systems, including electromagnetic emissions from a computer system carrying computer data, are also to be established as criminal offences subject to certain conditions.6
These somewhat abstract definitions have been made more concrete by Guidance Notes issued by the Cybercrime Convention Committee in accordance with art 46(1) in order to facilitate the effective use and implementation of the Convention. Topics covered include botnets, phishing, spam, distributed denial-of-service attacks, critical infrastructure attacks, election interference, and terrorism.
AI-enabled crime: articles 6-10
As for AI as a tool for compromising the confidentiality, integrity and availability of computer data and systems, for instance in attacks against critical national infrastructure, article 6 of the Budapest Convention stipulates that the mere production, possession and distribution or otherwise making available of ‘a device, including a computer program, designed or adapted primarily for the purpose of committing any of the offences established in accordance with articles 2 through 5’ is to be criminalized under certain conditions (art 6(1)).
The Convention also describes a few specific offences which raise particular challenges or gain new proportions when committed through the use of computer systems, namely computer-related forgery (art 7), computer-related fraud (art 8), offences related to child pornography (art 9) and offences related to infringements of copyright and related rights (art 10). Deep fakes are a prime candidate for enabling ever more sophisticated criminal activities.
Other offences considered for inclusion in the Convention were racist and xenophobic threats, insults and propaganda, as well as denial, gross minimisation, approval or justification of genocide or crimes against humanity committed through computer systems. However, these were ultimately relegated to an additional protocol which entered into force about two years after the Convention.7 AI chatbots have already proven to be perversely efficient tools for propagating hate speech.
Note that all of these offences require criminal intent, which may be difficult to prove. Nonetheless, if the data used to train machine learning systems can be identified, it may be a strong indicator of the developer’s intent in certain cases. For instance, if someone trains a chatbot on Nazi speeches and then spreads its message in public fora in countries where such speech is criminalized, the developer may be prosecuted.
Procedural law
As mentioned above, the investigation and prosecution of AI-related crime will in many cases hinge on the ability to secure electronic evidence in a timely manner wherever in the world it may be stored. This transborder aspect is so important that most of the procedural provisions of the Convention apply not only to the offences established in accordance with its substantive law section, but also to other criminal offences committed by means of a computer system (art 14(2)(b)), as well as to the collection of evidence in electronic form of any criminal offence (art 14(2)(c)).
A Second Additional Protocol to the Convention on Cybercrime on enhanced co-operation and disclosure of electronic evidence was adopted in 2022 (CETS No.224). Among others, it provides a legal basis for direct cooperation by competent authorities in one party with private sector service providers based in another party for obtaining domain name registration information (art 6) and subscriber information (art 7) in the context of “specific criminal investigations or proceedings”. International cooperation between authorities is also strengthened and personal data protection safeguards are laid out in detail, including a provision on automated decisions. In particular, article 14(6) stipulates:
Decisions producing a significant adverse effect concerning the relevant interests of the individual to whom the personal data relate may not be based solely on automated processing of personal data, unless authorised under domestic law and with appropriate safeguards that include the possibility to obtain human intervention.
Access, rectification and redress for individuals is also provided for to some extent by article 14, but how effective these safeguards are in practice remains to be seen.
Global instruments
UN member states are currently negotiating a new convention on countering the use of information and communications technologies for criminal purposes. An Ad Hoc Committee was established for this purpose and is expected to conclude its work in early 2024.
Pending the adoption of a global ICT crime agreement, several existing global treaties are applicable to at least some uses of AI.
UNTOC
The UN Convention against Transnational Organized Crime (UNTOC)8 provides a legal basis for global cooperation among states in the many cases where cybercrime activities constitute transnational organized crime.
Convention against Transnational Organized Crime (adopted 2000, in force 2003)
Data last updated: 2022-08-14, CSV, Source: UNTS
Terrorist Bombings Convention
The 1997 Convention for the Suppression of Terrorist Bombings9 enjoys similarly broad participation as UNTOC.
Terrorist Bombings Convention (adopted 1997, in force 2001)
Data last updated: 2022-08-14, CSV, Source: UNTS
The convention covers ‘explosive[s] or other lethal device[s]’ that are delivered, placed, discharged, or detonated in, into, or against “a place of public use, a State or government facility, a public transportation system or an infrastructure facility” (art 2(1)). The latter is defined as “any publicly or privately owned facility providing or distributing services for the benefit of the public, such as water, sewage, energy, fuel or communications.” (art 1(2)).
CBRN attacks are explicitly included, by clarifying that the convention governs not only traditional explosives but also any “device that is designed, or has the capability, to cause death, serious bodily injury or substantial material damage through the release, dissemination or impact of toxic chemicals, biological agents or toxins or similar substances or radiation or radioactive material” (art 1(3)(b)). Thus, for example terrorist use of agricultural drones repurposed to spray toxic chemicals onto crowds would also qualify as an offence under the Convention.
Interpol
At the law enforcement level, the International Criminal Police Organization (INTERPOL) supports transnational cybercrime investigations and operations among its 195 member states.
International Criminal Court
Footnotes:
Convention on Cybercrime (opened for signature 23 November 2001, entered into force 1 July 2004) 2296 UNTS 167.
In particular Canada, Japan, South Africa, and the USA.
For international cooperation in the investigation and prosecution of crime, typically all cooperating states need to have the same conduct criminalized in their national law and have the relevant procedures in place.
The term used in the Convention is ‘without right’, which according to the Explanatory Report to the Convention was deliberately left open for parties to interpret, but ‘may refer to conduct undertaken without authority (whether legislative, executive, administrative, judicial, contractual or consensual)’. See Explanatory Report to the Convention on Cybercrime, para 38.
DoS attacks were already mentioned as an example of what is covered by article 5 in the official Explanatory Report to the Convention on Cybercrime.
Budapest Convention arts 2 and 3 respectively.
Additional Protocol to the Convention on Cybercrime, Concerning the Criminalization of Acts of a Racist and Xenophobic Nature Committed Through Computer Systems (opened for signature 28 January 2003, entered into force 1 March 2006) 2466 UNTS 205. As compared to the Convention, this Additional Protocol has only about half the number of parties thus far (31 as of 1 November 2018).
United Nations Convention against Transnational Organized Crime (adopted 15 November 2000, entered into force 29 September 2003) 2225 UNTS 209.
International Convention for the Suppression of Terrorist Bombings (adopted 15 December 1997, entered into force 23 May 2001) 2149 UNTS 256.
Rome Statute of the International Criminal Court (adopted 17 July 1998, entered into force 1 July 2002) 2187 UNTS 3.