Wednesday, September 3, 2014
Mark N. Gasson and Bert-Jaap Koops (University of Reading - Department of Cybernetics and Tilburg University - Tilburg Institute for Law, Technology, and Society (TILT)) have posted Attacking Human Implants: A New Generation of Cybercrime (5 Law, Innovation and Technology (2), p. 248-277) on SSRN. Here is the abstract:
Human ICT implants, such as RFID implants, cochlear implants, cardiac pacemakers, Deep Brain Stimulation, bionic limbs connected to the nervous system, and networked cognitive prostheses, are becoming increasingly complex. With ever-growing data processing functionalities in these implants, privacy and security become vital concerns. Electronic attacks on human ICT implants can cause significant harm, both to implant subjects and to their environment. This paper explores the vulnerabilities that human implants pose to crime victimisation in light of recent technological developments, and analyses how the law can deal with emerging challenges of what may well become the next generation of cybercrime: attacks targeted at technology implanted in the human body.
After a state-of-the-art description of relevant types of human implants and a discussion how these implants challenge existing perceptions of the human body, we describe how various modes of attacks, such as sniffing, hacking, data interference, and denial of service, can be committed against implants. Subsequently, we analyse how these attacks can be assessed under current substantive and procedural criminal law, drawing on examples from UK and Dutch law. The possibilities and limitations of cybercrime provisions (e.g., unlawful access, system interference) and bodily integrity provisions (e.g., battery, assault, causing bodily harm) to deal with human-implant attacks are analysed.
Based on this assessment, the paper concludes that attacks on human implants are not only a new generation in the evolution of cybercrime, but also raise fundamental questions on how criminal law conceives of attacks. Traditional distinctions between physical and non-physical modes of attack, between human bodies and things, and between exterior and interior of the body need to be re-interpreted in light of developments in human implants. As the human body and technology increasingly merge, cybercrime legislation and body-integrity crime legislation will become intertwined, posing a new puzzle that legislators and practitioners will sooner or later have to solve.