Cybercrime
Several international initiatives on cybercrime raise concerns for Internet freedom. One is the Council of Europe (COE) treaty on computer crime. Another major issue concerns legal mandates on ISPs to retain data about their customers’ Internet usage. CDT here collects various materials on these and other initiatives.
Council of Europe Treaty |
The Council of Europe has adopted a “Convention on Cybercrime,” the first international treaty to address criminal law and procedural aspects of various types of criminal behavior directed against computer systems, networks or data.
The Convention was approved by the COE in November 2001. Thereupon it was opened for signature by member states of the COE and other countries invited by the COE to adopt it. As a treaty, the convention has no binding legal force in any country until it is ratified by the national government. The treaty entered into force on January 7, 2004, after five states ratified it. The US, as a participant in the drafting of the treaty, was invited to ratify the treaty and did so in August 2006.
The Convention requires countries that ratify it to adopt similar criminal laws on hacking, infringements of copyright, computer-related fraud, and child pornography. It also contains provisions on investigative powers and procedures, such as the search of computer networks and interception of communications, and requires cross-border law enforcement cooperation in searches and seizures and extradition. It has been supplemented by an additional protocol making any publication of racist and xenophobic propaganda via computer networks a criminal offence.
- The final draft convention and explanatory memorandum, June 29, 2001
Analyses of COE Convention |
- GIPI, Trust And Security In Cyberspace: The Legal and Policy Framework for Addressing Cybercrime [pdf] September 2005 – Overview on cybercrime and the legal standards for government surveillance, including GIPI’s commentary and recommendations regarding the COE convention.
- Cyber-Rights & Cyber-Liberties, Advocacy Handbook for NGOs: The Council of Europe’s Cyber-Crime Convention 2001 and the additional protocol on the criminalisation of acts of a racist or xenophobic nature committed through computer systems, December 2003.
Industry and Privacy Comments on Drafts of the COE Treaty |
- CDT Comments on Draft #25, February 6, 2001
- International Treaty on Cybercrime Poses Burden on High-Tech Companies, Mike Godwin, April 5, 2001
- Opinion of the EC Data Protection Working Party (pdf), March 22, 2001
- Net Coalition Comments, January 2001
- GILC letter signed by 21 privacy groups worldwide, December 12, 2000
- Comments of American for Computer Privacy, December 7, 2000
- Comments from Americans for Computer Privacy, November 15, 2000
- Comments from the Information Technology Association of Canada, October 23, 2000
- Comments of CDT and other non-governmental organizations, October 18, 2000
- Comments of the Internet Alliance (on draft #19), October 2000
- Statement of Concern from Technology Professionals
Data Retention |
One of the most contentious issues is whether governments should require communications service providers to retain traffic data or transactional records on all communications.
- A country-by-country analysis compiled by the Council of Europe is available on EFF Finland’s website: COUNCIL OF THE EUROPEAN UNION: Answers to questionnaire on traffic data retention
COE Protocol on Terrorist Messages |
- Letter concerning the Council of Europe activities on computer-related crime and international co-operation, Feb. 28, 2002
- COE Drafting Second Protocol on Terrorism Feb. 20, 2002
COE Protocol on Racist Speech |
- Eleven member States of the Council of Europe signed the Racism Protocol to the Convention on Cybercrime, on January 28, 2003. The Protocol was adopted by the Committee of Ministers of the Council of Europe on 7 November 2002.
- In November 2002, the Council of Europe approved the protocol to the Cybercrime Treaty, requiring states to criminalize the dissemination of racist and xenophobic material through computer systems, as well as racist and xenophobic-motivated threat and insult.
- COE Draft Protocol on Racist and Zenophobic Speech: Prelimiary draft [pdf] December 18, 2001 accompanying report of the Committee of Experts (dated January 7, 2002)
- Letter to Sec. Powell and Attorney-General Ashcroft from US industry and public Interest Groups, Feb. 7, 2002
- Letter Calling for Disclosure of Draft Protocol, Feb. 6, 2002
- Specific Terms of Reference, [pdf] December 13, 2001
- Council of Europe’s Parliamentary Assembly recommendation on racism and xenophobia in cyberspace
European Commission Materials |
- Public and corporate comments on the Commission Communication
- Statement of Jeffrey Pryce to the EC, March 7, 2001
- Communication on Cybercrime, January 26, 2001 pdf html
Other Resources |
- EU cybercrime web site
- US Department of Justice International issues page
- A very useful overview of international cooperation efforts on cyber-crime
- Privacy International
- Cyber-Rights and Cyber-Liberties
- TreatyWatch – a web site maintained by NGOs on the COE Cybercrime Treaty