A Closer Look at the Cyber-crime Convention

9 July 2001
After years of debate and nearly 30 revisions, the European Committee on Crime Problems (CDPC) has passed its final draft of its convention on cyber-crime.

The CDPC is an intergovernmental expert body reporting to the Council of Europe's Committee of Ministers, and the draft will be looked upon as the leading guide for settling cross-border cyber-crime disputes.

The convention focuses on Internet crimes relating to infringements of copyrights, computer-related fraud, child pornography and offences relating to security of networks.

It also contains a range of procedural powers, including search of computer systems and interception. Its main objective, defined in the preamble, is to pursue "a common criminal policy aimed at the protection of society against cyber-crime, inter alia by adopting appropriate legislation and fostering international cooperation."

The draft convention is the outcome of four years of work by Council of Europe experts and their colleagues from the United States, Canada, Japan and other countries.

The previous drafts passed the scrutiny of public debate, allowing Internet access providers, civil liberties organizations, academics and independent experts to make their contributions to the text.

In April, the Council of Europe Parliamentary Assembly gave its opinion on the draft.

CDPC also decided to complement the convention by an additional protocol making it a crime to spread racist and xenophobic propaganda through computer networks.

The convention covers three main topics: harmonization of the national laws which define offenses; definition of investigation and prosecution procedures to cope with global networks; and establishment of a rapid and effective system of international cooperation.

For an offense to be listed, it must meet a two-tier standard. To qualify as a criminal offense, the act must be committed deliberately and "without right" so that legal responsibility can be triggered.

Four main categories of offenses are listed in the convention:

  • Offenses against the confidentiality, integrity and availability of computer data and systems: illegal access, illegal interception, data interference, system interference, misuse of devices.
  • Computer-related offenses: forgery and computer fraud.
  • Content-related offenses: production, dissemination and possession of child pornography. A protocol is to cover the propagation of racist and xenophobic ideas over the Web.
  • Offenses related to infringement of copyright and related rights: the wide-scale distribution of pirated copies of protected works, etc.

The convention embodies basic rules that will make it easier for the police to investigate computer crimes, with the help of new forms of mutual assistance. These include: preservation of computer-stored data, preservation and rapid disclosure of data relating to traffic, system search and seizure, real-time collection of traffic data and interception of content data.

To protect human rights and the principle of proportionality, the rules are subject to the conditions and safeguards provided for in the law of signatory states. Specifically, proceedings may not be started except under certain conditions such as prior authorization by a judge or another independent authority.

In addition to the traditional forms of international cooperation, covered by such texts as the European conventions on extradition and on mutual assistance in criminal matters, the new convention will enforce cooperation corresponding to powers defined in the convention and as a consequence the legal authorities and police in one country will be able to collect computer-based evidence for police in another, though not to conduct trans-frontier investigations or searches.

The information obtained must be passed on rapidly. A contact network, operating round the clock and seven days a week, is being set up to provide immediate assistance with current investigations.

Countries must establish jurisdiction for offenses committed on their territory, on ships or aircraft which they have registered, or by their nationals--unless another state has territorial jurisdiction.

Also this week, CDPC approved the draft European Code of Police Ethics, aimed at setting clear standards required of police in a modern, democratic society. This text includes guidelines concerning the objectives of the police, their organizational structures, recruitment and training of police staff, accountability and control of the police, as well as police action in specific situations, such as during investigation or deprivation of liberty.

The CDPC plenary session was also the occasion to mark the Committee's 50th anniversary since its establishment in 1958.

Opening the session, Deputy Secretary General of the Council of Europe Hans Christian Krüger pointed to the tremendous amount of work accomplished by CDPC, which had drafted more than 40 conventions and over 100 recommendations, produced more than 70 reports and organized over 40 conferences and colloquia on penological and criminological matters.

Krüger stressed in particular that the draft cyber-crime convention, "arguably one of the most important legal instruments elaborated within the Council of Europe," also provided an excellent example for fruitful cooperation beyond the confines of the continent, as several non-member states had actively participated in its elaboration.

The Council of Europe's 43 member states helped to prepare the text. Canada, the United States, Japan (which have observer status) and South Africa were also actively involved. They will all be able to sign the convention, which will cover most of the world's data traffic.

The convention is expected to be signed by the end of July.

Click here to view the final activity report.