Several international initiatives on cybercrime raise concerns for Internet freedom. One is the Council of Europe (COE) treaty on computer crime. Another major issue concerns legal mandates on ISPs to retain data about their customers’ Internet usage. CDT here collects various materials on these and other initiatives.
The Council of Europe has adopted a “Convention on Cybercrime,” the first international treaty to address criminal law and procedural aspects of various types of criminal behavior directed against computer systems, networks or data.
The Convention was approved by the COE in November 2001. Thereupon it was opened for signature by member states of the COE and other countries invited by the COE to adopt it. As a treaty, the convention has no binding legal force in any country until it is ratified by the national government. The treaty entered into force on January 7, 2004, after five states ratified it. The US, as a participant in the drafting of the treaty, was invited to ratify the treaty and did so in August 2006.
The Convention requires countries that ratify it to adopt similar criminal laws on hacking, infringements of copyright, computer-related fraud, and child pornography. It also contains provisions on investigative powers and procedures, such as the search of computer networks and interception of communications, and requires cross-border law enforcement cooperation in searches and seizures and extradition. It has been supplemented by an additional protocol making any publication of racist and xenophobic propaganda via computer networks a criminal offence.
|Analyses of COE Convention
|Industry and Privacy Comments on Drafts of the COE Treaty
- CDT Comments on Draft #25, February 6, 2001
- International Treaty on Cybercrime Poses Burden on High-Tech Companies, Mike Godwin, April 5, 2001
- Opinion of the EC Data Protection Working Party (pdf), March 22, 2001
- Net Coalition Comments, January 2001
- GILC letter signed by 21 privacy groups worldwide, December 12, 2000
- Comments of American for Computer Privacy, December 7, 2000
- Comments from Americans for Computer Privacy, November 15, 2000
- Comments from the Information Technology Association of Canada, October 23, 2000
- Comments of CDT and other non-governmental organizations, October 18, 2000
- Comments of the Internet Alliance (on draft #19), October 2000
- Statement of Concern from Technology Professionals
One of the most contentious issues is whether governments should require communications service providers to retain traffic data or transactional records on all communications.
|COE Protocol on Terrorist Messages
|COE Protocol on Racist Speech
- Eleven member States of the Council of Europe signed the Racism Protocol to the Convention on Cybercrime, on January 28, 2003. The Protocol was adopted by the Committee of Ministers of the Council of Europe on 7 November 2002.
- In November 2002, the Council of Europe approved the protocol to the Cybercrime Treaty, requiring states to criminalize the dissemination of racist and xenophobic material through computer systems, as well as racist and xenophobic-motivated threat and insult.
- COE Draft Protocol on Racist and Zenophobic Speech: Prelimiary draft [pdf] December 18, 2001 accompanying report of the Committee of Experts (dated January 7, 2002)
- Letter to Sec. Powell and Attorney-General Ashcroft from US industry and public Interest Groups, Feb. 7, 2002
- Letter Calling for Disclosure of Draft Protocol, Feb. 6, 2002
- Specific Terms of Reference, [pdf] December 13, 2001
- Council of Europe’s Parliamentary Assembly recommendation on racism and xenophobia in cyberspace
|European Commission Materials