The feeble legal protection afforded this area often enables cyber criminals to do their "work" with impunity. Currently, strengthening network security seems to be the only protection on which businesses and organisations can really count.

Generally speaking, cyber crimes can be divided into two major categories: (1) the computer as the target of the crime; and (2) the computer as the instrument of the crime.

In the first category, criminals penetrate the network system by detonating computer codes, damaging, altering or intercepting computer data, information, programmes or software, or blocking network operations.

In the second category, telecommunication technologies such as the Internet and encryption technology are used to facilitate and conceal organised crimes, including drug trafficking, gambling, prostitution, money laundering and fraud.

In short, today's cyber crimes are not confined to theft of telecommunication services, such as cracking dialing circuits to make unauthorised calls, as they were a couple of decades ago. Rather, new breeds of crimes, ranging from intellectual property piracy to more serious terrorist activities, are being invented.

Why is IT the target of criminal attacks and the preferred medium for various crimes? Because of the following:

It is transnational. Access to the official websites of different governments around the world is now possible at the speed of light. Due to countries' heavy reliance on information systems for data processing and communication, damage to, or interference with, these systems can cause devastating harm to national defence. Terrorists seem to have spotted this vulnerability a long time ago, with the notorious "I Love You" virus evidence of this.

IT has greatly improved the quality of intellectual creation, even making piracy much easier. Multimedia applications facilitate perfect reproductions of images and music, and copyrighted materials can now be fabricated at minimal cost. MP3s infringing the copyright of the songwriter and Hollywood movies available on the Internet before their official release are not uncommon.

It is relatively "safe" to use IT to commit crimes. A number of child pornography websites operate using sophisticated technologies of concealment. Member-only access to these websites is password-protected and the obscene contents are encrypted. These measures place criminal activities beyond the reach of law enforcement bodies.

Although governments around the world are aware of the seriousness of cyber crime, only a handful have laws to combat them. Even when nations do have comprehensive domestic laws, the lack of international co-operation means that such laws are unlikely to have any teeth due to the transnational nature of cyber crime. For example, if a victim country wants to prosecute a culprit of a foreign nationality, it may have to satisfy the double criminality requirement, which means that there has to be an equivalent law in the culprit's native country that criminalises his act. Bringing the culprit to the prosecuting country won't work without an extradition treaty with the hacker's country.

As an attempt to weaken the insufficiency of nations' domestic laws and the international dimension of cyber crime, the Convention On Cyber Crime was signed by the member states of the Council of Europe at the end of 2001. More detailed definitions of various types of cyber crimes are laid down in the Convention, providing a uniform guide for all signatories. A special chapter is devoted to international co-operation to solve disputed issues, including extradition and jurisdictional arguments.

In Asia, we are lagging behind in providing legal protection in this area. The failure of the Philippines government to prosecute the student responsible for the "I Love You" virus is a vivid illustration of this. Fortunately, Hong Kong is relatively up-to-date in terms of e-legislation, although relevant laws are scattered among various ordinances. For example, the Electronic Transactions Ordinance regulates crimes arising from e-commerce, while unauthorised access to computers via telecommunications and access to computers with criminal or dishonest intent are proscribed crimes under the Telecommunications Ordinance and Crime Ordinance, respectively. The Personal Data Privacy Ordinance prevents improper access to personal data using computers, while the Control of Indecent Articles Ordinance prohibits the posting of indecent materials on the Internet.

Implementing thorough policies for network operation and developing robust technologies, such as firewalls and anti-virus software, are always the best solutions for self-protection. If hackers break through all these security layers, the law still serves as a deterrent to fend off illicit temptations. Therefore, to ensure that we can all enjoy a safe and trustworthy cyberspace, extending the rule of law into the IT arena is vital. Updating state laws to accommodate the rapid changes in cyberspace is only the first step. Joining other nations in the fight against cyber crimes and seeking mutual assistance are inevitable byproducts of these efforts.