Convention on Cybercrime

The Convention on Cybercrime, also known as the Budapest Convention on Cybercrime or just the Budapest Convention, is the first international treaty seeking to address Computer crime and Internet crimes by harmonizing national laws, improving investigative techniques and increasing cooperation among nations.[1][2] It was drawn up by the Council of Europe in Strasbourg with the active participation of the Council of Europe's observer states Canada, Japan and China.

The Convention and its Explanatory Report was adopted by the Committee of Ministers of the Council of Europe at its 109th Session on 8 November 2001. It was opened for signature in Budapest, on 23 November 2001 and it entered into force on 1 July 2004.[3] As of 28 October 2010, 30 states had signed, ratified and acceded to the convention, while a further 16 states had signed the convention but not ratified it.[4]

On 1 March 2006 the Additional Protocol to the Convention on Cybercrime came into force. Those States that have ratified the additional protocol are requited to criminalize the dissemination of racist and xenophobic material through computer systems, as well as of racist and xenophobic-motivated threats and insults.[5]

Contents

Objectives

The Convention is the first international treaty on crimes committed via the Internet and other computer networks, dealing particularly with infringements of copyright, computer-related fraud, child pornography, hate crimes[6] and violations of network security. It also contains a series of powers and procedures such as the search of computer networks and Lawful interception.

Its main objective, set out in the preamble, is to pursue a common criminal policy aimed at the protection of society against cybercrime, especially by adopting appropriate legislation and fostering international co-operation.

The Convention aims principally at:

  1. harmonising the domestic criminal substantive law elements of offences and connected provisions in the area of cyber-crime
  2. providing for domestic criminal procedural law powers necessary for the investigation and prosecution of such offences as well as other offences committed by means of a computer system or evidence in relation to which is in electronic form
  3. setting up a fast and effective regime of international co-operation.

The following offences are defined by the Convention: illegal access, illegal interception, data interference, system interference, misuse of devices, computer-related forgery, computer-related fraud, offences related to child pornography and offences related to copyright and neighbouring rights.

It also sets out such procedural law issues as expedited preservation of stored data, expedited preservation and partial disclosure of traffic data, production order, search and seizure of computer data, real-time collection of traffic data, and interception of content data. In addition, the Convention contains a provision on a specific type of transborder access to stored computer data which does not require mutual assistance (with consent or where publicly available) and provides for the setting up of a 24/7 network for ensuring speedy assistance among the Signatory Parties.

The Convention is the product of four years of work by European and international experts. It has been supplemented by an Additional Protocol making any publication of racist and xenophobic propaganda via computer networks a criminal offence. Currently, cyber terrorism is also studied in the framework of the Convention.

Accession by the USA

Its ratification by the United States Senate in August 2006 was both praised and condemned. The U.S. became the 16th nation to ratify the convention. Forty-three nations have signed the treaty.[7][8] The Convention entered into force in the USA on January 1, 2007.

"While balancing civil liberty and privacy concerns, this treaty encourages the sharing of critical electronic evidence among foreign countries so that law enforcement can more effectively investigate and combat these crimes," said Senate Majority Leader Bill Frist.[9]

"The Convention includes a list of crimes that each signatory state must transpose into their own law. It requires the criminalization of such activities as hacking (including the production, sale, or distribution of hacking tools) and offenses relating to child pornography, and expands criminal liability for intellectual property violations. It also requires each signatory state to implement certain procedural mechanisms within their laws. For example, law enforcement authorities must be granted the power to compel an Internet Service Provider to monitor a person's activities online in real time. Finally, the Convention requires signatory states to provide international cooperation to the widest extent possible for investigations and proceedings concerning criminal offenses related to computer systems and data, or for the collection of evidence in electronic form of a criminal offense. Law enforcement agencies will have to assist police from other participating countries to cooperate with their mutual assistance requests."[10]

Although a common legal framework would eliminate jurisdictional hurdles to facilitate the law enforcement of borderless cyber crimes, a complete realization of a common legal framework may not be possible. Transposing Convention provisions into domestic law is difficult especially if it requires the incorporation of substantive expansions that run counter to constitutional principles. For instance, the U.S. may not be able to criminalize all the offenses relating to child pornography that are stated in the Convention, specifically the ban on virtual child pornography, because of its First Amendment free speech principles. Under Article 9(2)(c) of the Convention, a ban on child pornography includes any “realistic images representing a minor engaged in sexually explicit conduct.” According to the Convention, the U.S. would have to adopt this ban on virtual child pornography as well, however, the U.S. Supreme Court, in Ashcroft v. Free Speech Coalition, struck down as unconstitutional a provision of the CPPA that prohibited "any visual depiction” that "is, or appears to be, of a minor engaging in sexually explicit conduct." In response to the rejection, the U.S. Congress enacted the PROTECT Act to amend the provision, limiting the ban to any visual depiction “that is, or is indistinguishable from, that of a minor engaging in sexually explicit conduct.” 18 U.S.C

The United States will not become a Party to the Additional Protocol to the Convention on Cybercrime.

Accession by other non-European states

The Convention has been signed by Canada, Japan, USA and the Republic of South Africa on 23 November 2001 (the signing took place in Budapest, Hungary). Further accessions by other non-European states are planned.

See also

Cyberstalking legislation

References

  1. ^ Convention on Cybercrime, Budapest, 23 November 2001. on the website of the Council of Europe
  2. ^ Arizona Daily Star
  3. ^ Staff. The COE International Convention On Cybercrime Before Its Entry Into Force, UNESCO.ORG, January - March 2004
  4. ^ List of signatories and ratifications of the treaty, website of the Council of Europe
  5. ^ Frequently asked questions and answers Council of Europe Convention on cybercrime by the United States Department of Justice
  6. ^ Arias, Martha L. INTERNET LAW - The European Union Criminalizes Acts of Racism and Xenophobia Committed through Computer Systems, April 20, 2011
  7. ^ ArsTechnica article "World's Worst Internet Law" ratified by Senate published August 4, 2006 by Nate Anderson
  8. ^ sc magazine article Senate ratification of cybercrime treaty praised
  9. ^ Independent News & Media online
  10. ^ Electronic Privacy Information Center The Council of Europe's Convention on Cybercrime

Further reading

External links