Computerworld

Cybercrime Convention will benefit Australia, says proponent

Countries that have complied with the Convention have considerably strengthened their cybercrime legislation.

The Convention on Cybercrime is the work of the Council of Europe and is aimed at facilitating international cooperation in the investigation and prosecution of computer crimes. Since the Convention came into being in 2001, the COE has been working to address the growing international concern over the threats posed by hacking and other computer-related crimes.

Alexander Seger currently heads the Economic Crime Division at the Directorate General of Human Rights and Legal Affairs at the COE. We caught up with him before his presentation at AusCERT, which commences this week in Queensland, and ask him why it would beneficial to Australia to become a full party to the treaty and why he thinks the Convention should go from being a primarily European instrument to a global one.

What will your talk at AusCERT be about?

The presentation will be about the Convention on Cybercrime as one response to the global challenge of cybercrime. Nobody questions the fact that societies are increasingly relying on information and communication technologies and that they are thus increasingly vulnerable to threats such as cybercrime. Countries therefore need a consistent and complete legal framework that criminalises conduct in a way that it is not easily overtaken by technology. They need to provide law enforcement and criminal justice authorities with the means for efficient investigations and the possibility to secure volatile evidence. And - given that cybercrime is the most transnational of all crimes - they need to be able to cooperate internationally in an efficient manner. Moreover, considering that the vast majority of internet users use ICT for perfectly legitimate purposes, measures against cybercrime must respect privacy, freedom of expression, protection of personal data and other rights of users. My presentation will show how the Convention can help societies meet these challenges.

How can Australia benefit from the Convention on Cybercrime?

The Convention is useful in two ways: (1) It serves as a guideline helping countries develop consistent cybercrime legislation that is also compatible with that of other countries, and (2) it provides a framework, a legal basis for cooperation with other countries that are parties to the Convention.

With regard to the first point, Australia already has legislation covering a range of cyber offences as well as procedural law tools. One would have to see whether existing legislation would need to be further strengthened. The Convention could help in this respect. With regard to the second point, the Convention on Cybercrime is the only international treaty covering this topic. It would certainly be beneficial for Australia to become a full party to the treaty to be able to make use of this framework for international cooperation. Most cyber offences have an international element - eg data stored on a server abroad or email traffic passing through a server in another country or a service provider based abroad - and it is very difficult to investigate such crimes without efficient international cooperation.

What has the Convention achieved for those who have complied with it?

Countries that have complied with the Convention have considerably strengthened their cybercrime legislation. This improvement of the legal framework is clearly documented. Moreover, international cooperation between parties to the Convention has become much more intensive in many cases. Obviously, this is still a young treaty and some countries (e.g. France, USA, Romania, Bulgaria) make more use of the opportunities that it provides than others.

Page Break

Do you have tangible examples of people prosecuted as a result of it?

If a country ratifies the Convention it means that it has consistent cybercrime legislation in place. What we see in most of these countries is that the number of investigations and prosecutions increases considerably based on such legislation. What is sometimes lacking behind are actual court rulings. Therefore, the training of judges must be given priority in the near future.

A complete realisation of a common legal framework does not seem possible with the Convention. Is that a problem/weakness of it?

The reason behind turning the Convention from a primarily European into a global instrument is the need for a common, global legal framework. In addition to European countries, Canada, Japan and South Africa have signed it and the USA also ratified it in 2006. Costa Rica, Mexico and the Philippines have been invited to accede. What is equally, if not more important at this stage is that a vast number of countries in Africa, the Americas and Asia are now reforming their legislation. There is a global trend towards a common legal framework using the Convention as a reference.

The Convention has been described by the US Department of Justice as something which "removes or minimizes the many procedural and jurisdictional obstacles that can delay or endanger international investigations". Can you elaborate. What are some of the changes that have occurred since the member states signed the Convention? What would Australia need to do?

With regard to cybercrime investigations the main problems are their international nature and time. Electronic evidence is highly volatile and can disappear quickly. An investigator in one country therefore needs to have the possibility to ask an investigator in another country to request a service provider to preserve specific data. This should then give the necessary time to initiate the formal procedures for mutual legal assistance. This is one of the possibilities that the Convention foresees. The Convention also formalises the creation of 24/7 points of contact who facilitate immediate action in urgent cases.

Another issue is the already mentioned harmonization or compatibility of legislation: what is a crime in one country must also be a crime in another country, otherwise international cooperation is very difficult.

Australia would need to see whether its legislation is already meeting the requirements of the Convention, in terms of substantive and procedural law. If so, it can be invited to accede to the Convention. If not, legislative amendments would need to be implemented first.

When the US ratified the treaty the EFF called it The World's Worst Internet Laws. Was this a valid comment/concern?

An international treaty is always a compromise and can never be perfect. However, the Convention on Cybercrime has clearly proven its value. The fact that seven years after its opening for signature it still covers most of what is needed against cybercrime - in spite of all the technological changes since and the evolving nature of cybercrime - shows that it is a high quality treaty.

Some aspects of the comment that you refer to are simply not correct. A country can require dual criminality when dealing with a request for assistance from abroad. The comment does not provide any alternative, other than the impossible idea of securing a society against cybercrime in isolation without cooperating with the rest of the world.