Abstract
It is all too common to call for an intervention by means of criminal law whenever a severe wrong occurs—such as when private personal data of politicians are leaked, when malicious websites use a special JavaScript applet to mine Bitcoin on visitors’ computers (cryptojacking), or when a social bot spreads “fake news”. In this article, I provide an overview over core concepts, models, and limitations of a regulation of IT security through criminal law. On the basis of the German and European Union legal orders, I discuss generic regulatory aspects of substantive criminal law (1) and provide an overview on the criminal law provisions on cybercrime (2). On this basis, I analyse the role criminal law already has in regulating IT security in the EU and in Germany, and how this role may expand in the future (3).
A Spanish version of this contribution, translated by Maria Belén Linares, is published in Brodowski (2021), pp. 85 ff.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Except otherwise noted (see, in particular, infra Sect. 3.2), I will focus on criminal law in a formal sense in this article, and exclude administrative or other alternative, quasi-criminal sanctioning mechanisms.
- 2.
- 3.
See German Federal Constitutional Court, Decision of 21.09.2016 – 2 BvL 1/15 = ECLI:DE:BVerfG:2016:ls20160921.2bvl000115 = BVerfGE 143, 38.
- 4.
See Brodowski (2018), pp. 373 ff.
- 5.
Binding (1922), pp. 35 ff., 45.
- 6.
- 7.
- 8.
Brodowski (2018), p. 393.
- 9.
- 10.
See, in further detail, Brodowski (2018), pp. 383 ff.
- 11.
See critically Hassemer (1989).
- 12.
Cf. Jahn and Brodowski (2016), p. 972.
- 13.
- 14.
German Federal Constitutional Court, judgment of 30.6.2009 – 2 BvE 2/08 = ECLI:DE:BVerfG:2009:es20090630.2bve000208 mn. 358 ff., 365.
- 15.
- 16.
- 17.
On different perspectives on ultima ratio see Jahn and Brodowski (2016), p. 974 ff.
- 18.
- 19.
Council Document 16542/09 of 23.11.2009.
- 20.
COM [2011] 573 final of 20.09.2011.
- 21.
“An EU approach to criminal law. European Parliament resolution of 22 May 2012 on an EU approach to criminal law,” 2010/2310[INI], OJ C 264E of 13.09.2013, p. 7.
- 22.
See also the comparison in Council Document 10137/15 of 24.06.2015, Annex 1.
- 23.
ECJ, decision of 12.07.2018 – C-707/17 (Pinzaru and Cirstinoiu) = ECLI:EU:C:2018:574, mn. 26 ff., 33, 35; see beforehand ECJ, judgment of 16.07.2015 – C-255/14 (Chmielewski) = ECLI:EU:C:2015:475, mn. 31, 35.
- 24.
See generally Wohlers (2018).
- 25.
- 26.
- 27.
Cf. Mattes (1977), p. 41.
- 28.
Cf. Gärditz (2016), p. 641 ff.
- 29.
On time discounting, intertemporal choice and temporal myopia in criminals, see Mamayek et al. (2017); Nagin and Pogarsky (2004) (showing a high relevance for property offending); and already Wilson and Herrnstein (1985), p. 50. For these features of human-decision making from the perspective of general psychology and economic decision-making theory, see, inter alia, Ahlbrecht and Weber (1997); Kahneman and Tversky (1979) Loewenstein and Elster (1992); Öncüler (2010); Tversky and Kahneman (1992); Williams (2014).
- 30.
- 31.
A different aspect, not to be addressed in this contribution, relates to special prevention, that is the aspect that a criminal cannot commit further crimes outside of prison while he or she is imprisoned, and that the sanction may teach him or her a lesson to not commit (further) crimes in future.
- 32.
- 33.
As an example, see the view on criminal law taken by Cárdenas et al. (2009).
- 34.
- 35.
- 36.
- 37.
Just see Brodowski (2013).
- 38.
Cf. Art. 3 (1) Directive 95/46/EC. The scope of that Directive was limited to the “the processing of personal data wholly or partly by automatic means” or by filing systems. The GDPR (see infra), which replaced this Directive, does not contain a similar limitation.
- 39.
See Council Document 12711/17 of 02.10.2017, p. 8, 16 ff.
- 40.
See Council Document 10007/16 of 09.06.2016.
- 41.
- 42.
- 43.
Cf. Council Framework Decision 2005/222/JHA, OJ 2005 L 69 of 15.03.2005, p. 67.
- 44.
Cf. Directive 2013/40/EU, OJ 2013 L 218 of 13.08.2013, p. 8.
- 45.
For further details, see Brodowski (2016), pp. 347 f.
- 46.
Cf. Brodowski (2016), p. 348.
- 47.
See, in particular, Art. 5 Directive 2011/93/EU, OJ 2011 L 335 of 16.12.2011, p. 1.
- 48.
See the Directive [EU] 2019/713, OJ 2019 L 123 of 10.05.2019, p. 18.
- 49.
Directive [EU] 2017/541, OJ 2017 L 88 of 31.03.2017, p. 6.
- 50.
Directive [EU] 2018/1673, OJ 2018 L 284 of 12.11.2018, p. 22.
- 51.
Art. 3 [1] [I] Directive (EU) 2017/541, Art.2 [1] [v] Directive [EU] 2018/1673.
- 52.
Council Framework Decision 2008/841/JHA, OJ 2008 L 300 of 10.11.2008, p. 42.
- 53.
Regulation [EU] 2016/679 [GDPR], OJ 2016 L 119 of 04.05.2016, p. 1. However, the GDPR leaves the option open to member states to sanction grave breaches by means of criminal sanctions, cf. Art. 84 GDPR.
- 54.
Just see Brodowski and Nowak (2020), mn. 4.
- 55.
See also § 270 StGB.
- 56.
Zweites Gesetz zur Bekämpfung der Wirtschaftskriminalität, BGBl I 1986, p. 721.
- 57.
41. StrÄndG, BGBl I 2007, p. 1786.
- 58.
Most recently in Siebenundfünfzigstes Gesetz zur Änderung des Strafgesetzbuches – Versuchsstrafbarkeit des Cybergroomings, BGBl I 2020, p. 431.
- 59.
See BR-Drs. 47/18.
- 60.
Just see Vogelgesang and Möllers (2016).
- 61.
Just see German Federal Court of Justice, decision of 11.01.2017 – 5 StR 164/16 = ECLI:DE:BGH:2017:110117B5STR164.16.0.
- 62.
- 63.
Just see Kammergericht Berlin, decision of 22.07.2009 – (4) 1 Ss 181/09 (130/09) = ECLI:DE:KG:2009:0722.4.1SS181.09.130.0.0A.
- 64.
Just see Brodowski (2019b).
- 65.
On this question, see Brodowski (2019b), p. 55 f. with further references.
- 66.
On this question, see Brodowski (2019b), p. 55 with further references.
- 67.
However, service providers are increasingly tasked with asserting the legality of the actions their users take on their platforms. Exemplary for this trend is the German Gesetz zur Verbesserung der Rechtsdurchsetzung in sozialen Netzwerken (NetzDG).
- 68.
- 69.
See Sieber and Brodowski (2018), mn. 7 ff. with further references.
- 70.
Sieber and Brodowski (2018), mn. 152.
- 71.
Sieber and Brodowski (2018), mn. 174. Legal requirements to report crimes exist, however, in the context of critical infrastructure and the GDPR (Art. 33, Art. 34 [1] GDPR).
- 72.
Just see Sieber and Brodowski (2018), mn. 108 ff. with further references.
- 73.
Just see Brodowski (2016), p. 353 f. with further references.
- 74.
Just see UNODC (2013).
- 75.
Just see Schjolberg (2014), pp. 43 ff.
- 76.
Just see the CCC [supra Sect. 2.2] and recent discussions on a second additional protocol to this convention, T-CY(2017)3 (available at https://www.coe.int/en/web/cybercrime/t-cy-drafting-group. Accessed 27 Aug 2021).
- 77.
See, among others, Directive 2014/41/EU, OJ 2014 L 130 of 30.04.2014, p. 1, and a Proposal for a Regulation of the European Parliament and of the Council on European Production and Preservation Orders for electronic evidence in criminal matters, COM [2018] 225 final of 17.04.2018 as well as the [Commission] Recommendation for a Council Decision authorising the opening of negotiations in view of an agreement between the European Union and the United States of America on cross-border access to electronic evidence for judicial cooperation in criminal matters, COM [2019] 70 final of 05.02.2019.
- 78.
While, for example, Art. 8 (1) Directive 2013/40/EU requires that incitement, or aiding and abetting in relation to one of the cybercrimes referenced in the Directive are punishable as a criminal offence, such incitement, aiding and abetting requires at least some knowledge of the specific crime, and/or some intent with regard to the commission of the crime.
- 79.
At least not on their own. It requires further research whether such obligations may become requirements in the interplay with contractual obligations, tort law, and (criminal or civil) compliance requirements.
- 80.
Brodowski (2019b), p. 55.
- 81.
Brodowski (2019b), p. 55 f.
- 82.
Just see Brodowski and Freiling (2011), pp. 187 f.
- 83.
Just see Brodowski and Freiling (2011), pp. 100, 189.
- 84.
Gesetz zur Erhöhung der Sicherheit informationstechnischer Systeme [IT-Sicherheitsgesetz], BGBl I 2015, 1324.
- 85.
In addition, it created a similar requirement for providers of critical infrastructure in § 14 (1) Nr. 1 i.V.m. § 8a (1) 1 BSI-G (Gesetz über das Bundesamt für Sicherheit in der Informationstechnik); see further Mansdörfer (2018), p. 166.
- 86.
- 87.
BT-Drs. 18/4096, p. 34.
- 88.
Reimer (2018), mn. 48 f.
- 89.
- 90.
Cf. McBarnett (2003), pp. 229 ff.
- 91.
See also Council Document 16542/09 of 23.11.2009 on the policy question.
- 92.
- 93.
- 94.
Keenlab (2016).
- 95.
Cf. von Leitner (2020).
- 96.
Just see Vogel and Bülte (2020), mn. 164 ff. with further references.
- 97.
- 98.
See, in particular, German Federal Court of Justice, judgment of 06.07.1990 – 2 StR 549/89; on this judgment, see Timpe (2017).
- 99.
See, in further detail, Brodowski (2020), mn. 87.
- 100.
In this direction, see Eisele (2019), mn. 101j.
- 101.
Cf. German Federal Court of Justice, decision of 22.03.2012 – 1 StR 359/11, mn. 35.
- 102.
See, in extensive detail, Frisch (1988), pp. 230 ff.
- 103.
Brodowski (2020), mn. 87.
- 104.
See Brodowski (2018), pp. 373 ff.
- 105.
References
Ahlbrecht, M., & Weber, M. (1997). An empirical study on intertemporal decision making under risk. Management Science, 43(6), 813–826.
Alur, R. (2015). Principles of cyber-physical systems. MIT Press.
Asp, P., Bitzilekis, N., Bogdan, S., Elholm, T., Foffani, L., Frände, D., et al. (2009). Manifest zur Europäischen Kriminalpolitik. Zeitschrift für Internationale Strafrechtsdogmatik, 4(12), 697–706.
Bernasco, W., van Gelder, J.-L., & Elffers, H. (2017). The Oxford handbook of offender decision making. OUP.
Binding, K. (1922). Die Normen und ihre Übertretung I (4th ed.). Engelmann.
Bock, D. (2011). Criminal compliance. Nomos.
Bock, M. (2013). Kriminologie (4th ed.). Vahlen.
Brodowski, D. (2010). EU actions on cybercrime and cybercrime investigations. In M. Bellini, P. Brunst, & J. Jähnke (Eds.), Current issues in IT security. Proceedings of the interdisciplinary conference in Freiburg i. Br./Germany, May 12–14, 2009 (pp. 145–161). Max-Planck-Institut für ausländisches und internationales Strafrecht/Duncker & Humblot.
Brodowski, D. (2013). Preparatory colloquium for the XIXth international congress of penal law (Moscow, 24–27 April 2013). Russian Law Journal, 1(1), 94–103.
Brodowski, D. (2016). Transnational organised crime and cybercrime. In P. Hauck & S. Peterke (Eds.), International law and transnational organised crime (pp. 334–360). OUP.
Brodowski, D. (2018). Alternative enforcement mechanisms in Germany. In M. Dyson & B. Vogel (Eds.), The limits of criminal law (pp. 365–396). Intersentia.
Brodowski, D. (2019a). Cybercrime, human rights and digital politics. In B. Wagner, K. Vieth, & M. C. Kettemann (Eds.), Research handbook on human rights and digital technology. Global politics, law and international relations (pp. 98–112). Edward Elgar.
Brodowski, D. (2019b). Hacking 4.0: Seitenkanalangriffe auf informationstechnische Systeme; Zugleich ein Beitrag zur Theorie und Dogmatik des IT-Strafrechts. Zeitschrift für Internationale Strafrechtsdogmatik, 14(1), 49–61.
Brodowski, D. (2020). Gefahrenabwehr und Sanktionierung. In D.-K. Kipker (Ed.), Cybersecurity: Rechtshandbuch.
Brodowski, D. (2021). Cibercrimen y protección de la seguridad informática. AdHoc.
Brodowski, D., Espinoza de los Monterros de la Parra, M., Tiedemann, K., & Vogel, J. (2014). Regulating corporate criminal liability. Springer.
Brodowski, D., & Freiling, F. C. (2011). Cyberkriminalität, Computerstrafrecht und die digitale Schattenwirtschaft. Forschungsforum Öffentliche Sicherheit.
Brodowski, D., & Nowak, D. (2020). § 41 BDSG. In H. A. Wolff & S. Brink (Eds.), Beck’scher Onlinekommentar Datenschutzrecht (32th ed.). Beck.
Cárdenas, A. A., Amin, S., Sinopoli, B., Giani, A., Perrig, A., & Sastry, S. (2009). Challenges for securing cyber physical systems. Workshop on Future Directions in Cyber-physical Systems Security, 5(1).
Chawki, M., Darwish, A., Khan, M. A., & Tyagi, S. (2015). Cybercrime, digital forensics and jurisdiction. Springer.
Duff, A. (2001). Punishment, communication, and community. OUP.
Eisele, J. (2019). Vor §§ 13ff. In: A. Schönke & H. Schröder (founders), Strafgesetzbuch: Kommentar (30th edn). Beck.
Eisele, J., & Vogel, J. (2018). Art. 83 AEUV. In E. Grabitz, M. Hilf, & M. Nettesheim (Eds.), Das Recht der Europäischen Union (65th ed. suppl). Beck.
Engelhart, M. (2012). Sanktionierung von Unternehmen und compliance (2nd ed.). Duncker & Humblot.
Feinberg, J. (1965). The expressive function of punishment. The Monist, 49(3), 397–423.
Fiorella, A. (2012). Corporate criminal liability and compliance programs: Toward a common model in the European Union. Jovene.
Frisch, W. (1988). Tatbestandsmäßiges Verhalten und Zurechnung des Erfolgs. Müller.
Frisch, W. (2016). Voraussetzungen und grenzen staatlichen Strafens. Neue Zeitschrift für Strafrecht, 36(1), 16–25.
Gärditz, K. F. (2016). Demokratizität des Strafrechts und Ultima Ratio-Grundsatz. Juristenzeitung, 71(13), 641–650.
Gillespie, A. A. (2016). Cybercrime: Key issues and debates. Routledge.
Goeckenjan, I. (2015). Überprüfung von Straftatbeständen anhand des Verhältnismäßigkeitsgrundsatzes: überfällige Inventur oder Irrweg? In M. Jestaedt & O. Lepsius (Eds.), Verhältnismäßigkeit (pp. 184–209). Mohr Siebeck.
Graf, J.-P. (2007). “Phishing” derzeit nicht generell strafbar! Neue Zeitschrift für Strafrecht, 27(3), 129–132.
Greco, L. (2013). Verfassungskonformes oder legitimes Strafrecht? Zu den Grenzen einer verfassungsrechtlichen Orientierung der Strafrechtswissenschaft. In B. Brunhöber, K. Höffler, J. Kaspar, T. Reinbacher, & M. Vormbaum (Eds.), Strafrecht und Verfassung (pp. 13–36). Nomos.
Haase, A. (2017). Computerkriminalität im Europäischen Strafrecht. Mohr Siebeck.
Hamm, R. (2016). Richten mit und über Strafrecht. Neue Juristische Wochenschrift, 69(22), 1537–1542.
Hassemer, W. (1989). Symbolisches Strafrecht und Rechtsgüterschutz. Neue Zeitschrift für Strafrecht, 9(12), 553–559.
Hassemer, W. (1994). Strafrechtswissenschaft in der Bundesrepublik Deutschland. In D. Simon (Ed.), Rechtswissenschaft in der Bonner Republik (pp. 259–310). Suhrkamp.
Hilgendorf, E. (Ed.). (2017). Autonome Systeme und neue Mobilität. Nomos.
Hörnle, T. (2011). Straftheorien. Mohr Siebeck.
Husak, D. N. (2008). Overcriminalization. OUP.
Ignor, A. (2016). Gedanken zur Krise des Strafrechts. In V. Bouffier, H.-D. Horn, R. Poseck, H. Radtke, & C. Safferling (Eds.), Grundgesetz und Europa. Liber Amicorum für Herbert Landau zum Ausscheiden aus dem Bundesverfassungsgericht (pp. 375–392). Tübingen.
Jahn, M., & Brodowski, D. (2016). Krise und Neuaufbau eines strafverfassungsrechtlichen Ultima Ratio-Prinzips. Juristenzeitung, 71(20), 969–980.
Jahn, M., & Brodowski, D. (2017). Das Ultima Ratio-Prinzip als strafverfassungsrechtliche Vorgabe zur Frage der Entbehrlichkeit von Straftatbeständen. Zeitschrift für die gesamte Strafrechtswissenschaft, 129(2), 363–381.
Jahn, M., Schmitt-Leonardy, C., & Schnoop, C. (2018). Unternehmensverantwortung für Unternehmenskriminalität – “Frankfurter Thesen”. Wistra, 37(1), 27–31.
Jakobs, G. (1991). Strafrecht Allgemeiner Teil (2nd ed.). de Gruyter.
Kahneman, D., & Tversky, A. (1979). Prospect theory: An analysis of decision under risk. Econometrica, 47(2), 263–291.
Kaspar, J. (2014). Verhältnismäßigkeit und Grundrechtsschutz im Präventionsstrafrecht. Nomos.
Keenlab (2016). Car Hacking Research: Remote Attack Tesla Motors. Retrieved August 27, 2021, from https://keenlab.tencent.com/en/2016/09/19/Keen-Security-Lab-of-Tencent-Car-Hacking-Research-Remote-Attack-to-Tesla-Cars/
Kshetri, N. (2010). The global cybercrime industry. Springer.
Kudlich, H. (2003). Grundrechtsorientierte Auslegung im Strafrecht. Juristenzeitung, 58(3), 127–133.
Kühl, K. (2008). Fragmentarisches und subsidiäres Strafrecht. In U. Sieber & G. Dannecker (Eds.), Strafrecht und Wirtschaftsstrafrecht (pp. 29–46). Heymann.
Lagodny, O. (1996). Strafrecht vor den Schranken der Grundrechte. Mohr Siebeck.
Landau, H. (2015a). Das ultima-ratio-Prinzip im Strafrecht. In W. Hadding & U. Herrmann (Eds.), Festschrift für Wolfgang Schlick (pp. 523–533). Heymann.
Landau, H. (2015b). Die jüngere Rechtsprechung des Bundesverfassungsgerichts zu Strafrecht und Strafverfahrensrecht. Neue Zeitschrift für Strafrecht, 35(12), 665–671.
Laufer, W. S. (2006). Corporate bodies and guilty minds. University of Chicago Press.
Laufer, W. S. (2018). The compliance game. Revista dos Tribunais, 107(2), 67–80.
Loewenstein, G., & Elster, J. (1992). Choice over time. Russell Sage.
Lüderssen, K. (1979). Die generalpräventive Funktion des Deliktssystems. In W. Hassemer, K. Lüderssen, & W. Naucke (Eds.), Hauptprobleme der Generalprävention (pp. 54–80). Metzner.
Mamayek, C., Paternoster, R., & Loughran, T. A. (2017). Temporal discounting, present orientation, and criminal deterrence. In W. Bernasco, J.-L. van Gelder, & H. Elffers (Eds.), The Oxford handbook of offender decision making (pp. 209–227). OUP.
Mansdörfer, M. (2018). Über die strafrechtliche Verantwortlichkeit beim Einsatz maschinell-autonomer cyberphysischer Systeme – oder: Prolegomena zu einem Allgemeinen Teil des Cyberstrafrechts. In S. Barton, R. Eschenbach, M. Hettinger, E. Kempf, C. Krehl, & F. Salditt (Eds.), Festschrift für Thomas Fischer (pp. 155–170). Beck.
Mattes, H. (1977). Untersuchungen zur Lehre von den Ordnungswidrigkeiten. Erster Halbband: Geschichte und Rechtsvergleichung. Duncker & Humblot.
McBarnett, D. (2003). When compliance is not the solution but the problem: From changes in law to changes in attitude. In V. Braithwaite (Ed.), Taxing democracy: Understanding tax avoidance and evasion (pp. 229–243). Ashgate.
Meier, B. (2016). Kriminologie (5th ed.). Beck.
Meyer, F. (2015). Art. 83 AEUV. In H. von der Groeben, J. Schwarze, & A. Hatje (Eds.), Europäisches Unionsrecht (7th ed.). Nomos.
Nagin, D. S., & Pogarsky, G. (2004). Time and punishment: Delayed consequences and criminal behavior. Journal of Quantitative Criminology, 20(4), 295–317.
Öncüler, A. (2010). How do we manage an uncertain future? Ambiguity today is not ambiguity tomorrow. In E. Michel-Kerjan & P. Slovic (Eds.), The irrational economist. Making decisions in a dangerous world (pp. 107–115). PublicAffairs.
Pieth, M., & Ivory, R. (2011). Corporate criminal liability. Springer.
Popp, A. (2006). “Phishing”, “Pharming” und das Strafrecht. Multimedia und Recht, 9(2), 84–86.
Reimer, P. (2018). Art. 5. In G. Sydow (Ed.), Europäische Datenschutzgrundverordnung (2nd ed.). Nomos.
Rengier, R. (2018). Strafrecht Allgemeiner Teil (10th ed.). Beck.
Renzikowski, J. (2002). Die Unterscheidung von primären Verhaltens- und sekundären Sanktionsnormen in der analytischen Rechtstheorie. In D. Dölling (Ed.), Festschrift für Karl Heinz Gössel zum 70. Geburtstag (pp. 3–13). Müller.
Rotsch, T. (Ed.). (2014). Criminal compliance. Nomos.
Roxin, C., & Greco, L. (2020). Strafrecht Allgemeiner Teil, Band 1 (5th ed.). Beck.
Satzger, H. (2018). Art. 83 AEUV. In R. Streinz (Ed.), EUV/AEUV (3rd ed.). Beck.
Schjolberg, S. (2014). The history of cybercrime, 1976–2014. Books on Demand.
Schlepper, C. (2014). Strafgesetzgebung in der Spätmoderne. Springer.
Schmitt-Leonardy, C. (2013). Unternehmenskriminalität ohne Strafrecht? Müller.
Sieber, U. (2008). Mastering complexity in the global cyberspace. In M. Delmas-Marty, M. Pieth, & U. Sieber (Eds.), Les chemins de l’harmonisation pénale (pp. 127–202). Société de Législation Comparée.
Sieber, U. (2018). Administrative sanction law in Germany. In M. Dyson & B. Vogel (Eds.), The limits of criminal law (pp. 301–332). Intersentia.
Sieber, U., & Brodowski, D. (2018). Teil 19.3: Strafprozessrecht. In T. Hoeren, U. Sieber, & B. Holznagel (Eds.), Handbuch Multimedia-Recht (47th ed. suppl). Beck.
Sieber, U., & Engelhart, M. (2014). Compliance programs for the prevention of economic crimes: An empirical survey of German companies. Duncker & Humblot.
Suhr, O. (2016). Art. 83 AEUV. In C. Calliess & M. Ruffert (Eds.), EUV/AEUV (5th ed.). Beck.
Summers, S., Schwarzenegger, C., Ege, G., & Young, F. (2014). The emergence of EU criminal law. Hart.
Swoboda, S. (2010). Die Lehre vom Rechtsgut und ihre Alternativen. Zeitschrift für die gesamte Strafrechtswissenschaft, 122(1), 24–50.
Tiedemann, K. (1969). Tatbestandsfunktionen im Nebenstrafrecht. Mohr Siebeck.
Tiedemann, K. (1975). Der Entwurf eines Ersten Gesetzes zur Bekämpfung der Wirtschaftskriminalität. Zeitschrift für die gesamte Strafrechtswissenschaft, 87(2), 253–328.
Timpe, G. (2017). Die strafrechtliche Produzentenhaftung. Höchstrichterliche Rechtsprechung im Strafrecht, 18(6), 272–281.
Tversky, A., & Kahneman, D. (1992). Advances in prospect theory: Cumulative representation of uncertainty. Journal of Risk and Uncertainty, 5(4), 297–323.
UNODC. (2013). Comprehensive study on cybercrime. United Nations.
Vogel, J. (1993). Norm und Pflicht bei den unechten Unterlassungsdelikten. Duncker & Humblot.
Vogel, J. (2008). Towards a global Convention against cybercrime. First World Conference of Penal Law. Revue électronique de l’AIDP C-07:1 Retrieved August 27, 2021, from http://www.penal.org/sites/default/files/files/Guadalajara-Vogel.pdf
Vogel, J., & Bülte, J. (2020). § 15. In H. W. Laufhütte, R. Rissing-van Saan, & K. Tiedemann (Eds.), Leipziger Kommentar (Vol. 1, 12th ed.). De Gruyter.
Vogelgesang, S., & Möllers, F. (2016). Ransomware als moderne Piraterie: Erpressung in Zeiten digitaler Kriminalität. Juris – Die Monatszeitschrift, 3(10), 381–387.
von Hirsch, A. (2005). Fairness, Verbrechen und Strafe. BWV.
von Leitner, F. (2020). Fefes blog. Retrieved August 27, 2021, from https://blog.fefe.de/?ts=a19dfb18
Wall, D. S. (2007). Cybercrime: The transformation of crime in the information age. Polity Press.
Wall, D. S. (2010). The organization of cybercrime and organized cybercrime. In M. Bellini, P. Brunst, & J. Jähnke (Eds.), Current Issues in IT Security. Proceedings of the interdisciplinary conference in Freiburg i. Br./Germany, May 12–14, 2009 (pp. 51–66). Max-Planck-Institut für ausländisches und internationales Strafrecht/Duncker & Humblot.
Williams, S. H. (2014). Probability errors: Overoptimism, ambiguity aversion, and the certainty effect. In E. Zamir & D. Teichmann (Eds.), The Oxford handbook of behavioral economics and the law (pp. 335–353). OUP.
Wilson, J. Q., & Herrnstein, R. J. (1985). Crime and human nature. Free Press.
Wohlers, W. (2018). Criminal law as a regulatory tool. In M. Dyson & B. Vogel (Eds.), The limits of criminal law (pp. 235–262). Intersentia.
Wörner, L. (2019). Der Weichensteller 4.0: Zur strafrechtlichen Verantwortlichkeit des Programmierers im Notstand für Vorgaben an autonome Fahrzeuge. Zeitschrift für Internationale Strafrechtsdogmatik, 14(1), 41–48.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Brodowski, D. (2022). The Role of Criminal Law in Regulating Cybercrime and IT Security. In: Borges, G., Sorge, C. (eds) Law and Technology in a Global Digital Society. Springer, Cham. https://doi.org/10.1007/978-3-030-90513-2_12
Download citation
DOI: https://doi.org/10.1007/978-3-030-90513-2_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-90512-5
Online ISBN: 978-3-030-90513-2
eBook Packages: Law and CriminologyLaw and Criminology (R0)