Text Box: The Council of Europe and cybercrime

The Council of Europe and cybercrime

Key points

·         Cybercrime is one of the major challenges facing modern society. The Council of Europe Convention on Cybercrime, which entered into force on 1 July 2004, is the only binding international instrument on this issue. It serves as a guide for any country developing comprehensive national legislation on cybercrime and also as a framework for international co-operation between signatory countries.

·         The Council of Europe believes its convention is an ideal way for governments to anticipate problems and resolve them, working together to create security for the citizens of Europe and beyond.

·         To fight online crimes, countries worldwide are turning to the Council of Europe’s innovative cybercrime convention, which includes provisions for a 24/7 online crime-fighting network and also facilitates public-private partnerships.

·         The convention is complemented by a protocol on xenophobia and racism committed through computer systems.

·         The Council of Europe is supporting countries around the world in the implementation of the Convention through the Project on Cybercrime. Guidelines to strengthen co-operation between law-enforcement agencies (the police and criminal justice authorities) and Internet service providers in the investigation of cybercrime were adopted in April 2008 under this Project.

·         Annual conferences are organised in Strasbourg to take stock of current legislation on cybercrime, discuss the new tendencies and threats and strengthen co-operation between the public and private sectors in combating crimes committed via the Internet.

Summary

The internet has a tremendous impact on societies all over the world. In 1999 there were 300 million internet users. Today there would be more than a billion, according to ComScore Networks.

As societies rely on information and technology they become increasingly vulnerable to risks, in particular cybercrime. The Convention on Cybercrime provides a response to this risk, not only in Europe but worldwide.

Cybercrime poses many challenges for law enforcement and criminal justice systems. The internet makes it easy for criminals to operate from abroad, especially those countries where regulations and enforcement capacities are weak. 

Through the Project on Cybercrime the Council of Europe supports countries all over the world in the implementation of the Convention which defines conduct rather than technology, ensuring that laws and procedures remain valid even as technology evolves.

The convention is based on the principles of the European Convention on Human Rights. It is subject to a range of conditions and safeguards, which means that people’s freedom of expression and their right to privacy will not be sacrificed.

Questions and Answers

What are the main threats today?

Cybercrime is the most global of all transnational crime, thus requiring extensive and efficient international cooperation.

This phenomenon can take several forms:

-       Malware, that is, malicious codes and programmes including viruses, worms, trojan horses, spyware, bots and botnets;

-       Botnets which are one of the central tools of criminal enterprises;

-       Spam not only as a nuisance but also as carriers of malware;

-       Child pornography and the increasingly commercial sexual exploitation of children on the internet;

-       The dissemination of hatred and bigoted materials through websites or spam e-mails;

-       The use of the internet for terrorist purposes (attacks against critical infrastructure, recruitment, financing of terrorism, propaganda);

-       Offenders who are increasingly organising for crime aimed at generating illicit profits (hacking;phishing, fraud, or money laundering);

-       A shift in the threat from broad, mass, multi-purpose attacks to targeted attacks on specific users, groups, organisations or industries, increasingly for economic criminal purposes.

The development of e-commerce, of social networking web sites and cloud computing have been challenging the fight against cybercrime and data protection. In this context, the Council of Europe intends to ensure that its Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data is in adequacy with the technological progress which has occurred since its adoption in 1981, and has a comprehensive approach.

Who can join the convention?

The Cybercrime Convention was designed to have a global scope from the beginning. Canada, Japan, South Africa and the USA signed the convention. The USA also ratified it.

More than 100 countries around the world are now strengthening their legislation using the Convention on Cybercrime as a guideline or “model law”. These include Argentina, Benin, Botswana, Brazil, the countries of the Caribbean, Chile, Colombia, Costa Rica, the Dominican Republic, India, Indonesia, Morocco, Mexico, Niger, Nigeria, Pakistan, the Philippines and Sri Lanka.

Why is it necessary?

Societies need to be protected against cybercrime, but there must be freedom to use and develop information and communication technologies properly, and a guarantee that people are free to express themselves.

If there is one crime that requires international co-operation, it is cybercrime. Cybercriminals rely on being able to operate across borders and exploit differences in national law.

Law enforcement and criminal justice authorities need to be given the means to prevent and control cybercrime.

Measures against cybercrime must be based on law; and laws need to be harmonised, or at least compatible, to permit co-operation.

Does the Council of Europe convention meet these needs?

The convention clearly defines cybercrime by requiring countries to criminalise four types of offences, thus promoting a harmonised approach:

-       Offences against the confidentiality, integrity and availability of computer data and systems (CIA offences) – including illegal access to computer systems, illegal interception, data interference, systems interference and the misuse of devices;

-       Computer-related offences – including computer-related forgery and fraud;

-       Content-related offences – that is, child pornography (the protocol to the convention also covers racism and xenophobia);

-       Offences related to the infringement of copyright and related rights.

The convention sets up procedures to make investigations more efficient:

-       through the immediate preservation of computer data;

-       by empowering authorities to request the hand-over of specific computer data;

-       by allowing investigators to collect traffic data and intercept content in real-time.

It also puts procedures and systems in place to facilitate international co-operation, for example:

-       It sets up a 24/7 network able to provide immediate help to investigators;

-       It facilitates extradition and the exchange of information;

-       It helps authorities from one country to collect data in another and promotes mutual legal assistance between countries.

Protecting civil rights meeting security concerns: is there a right balance?

The vast majority of people use ICT for perfectly legitimate purposes, and their rights to privacy, the protection of their personal data, freedom of expression and other civil rights must not be unnecessarily restricted. At the same time, cybercriminals pose threats to the security of societies that are serious enough to necessitate countermeasures. It is perfectly legitimate that societies engage in discussions on how to balance rights one the one hand and security concerns on the other, in particular if these involve controversial measures.

The Convention on Cybercrime helps meet both concerns. It requires States to establish the necessary safeguards to prevent abuse and ensure due process.

More information: www.coe.int/cybercrime and www.coe.int/economiccrime

Contact

Estelle Steiner, Press officer

Tel. +33 (0)3 88 41 33 35

Mobile +33 (0)6 08 46 01 57

Email [email protected]

Updated: August 2009