Cybercrime Cooperation for Developing Countries: International Frameworks

4 September 2014 - A Workshop on Other in Istanbul, Turkey

Brief substantive summary of the workshop and presentation of the main issues that were raised during the discussions

The workshop was aimed at building capacity for developing country participants in terms of developing countries receiving cooperation in connection with cybercrime investigation and prosecution from developed/infrastructure countries where the data resides. The workshop commenced with a presentation of a fictional scenario to set the scene and in order to assist with the discussion of practical issues as opposed to an academic or theoretical debate with a particular focus on methods and frameworks available and useable by developing countries. In this respect the workshop aimed to be practical rather than aspirational in order to actually give developing countries valuable and useable assistance with regards to obtaining cross border cooperation in combatting cybercrime. The scenario described neighbouring States and victims involved in cyber crime incidents which could have an impact on not only economic and criminal justice matters but potentially impact international relations and strategic resources such as access to undersea cables. Panellists explored the possibilities for cooperation for the investigation and prosecution of cyber crime in the absence of cyber crime legislation and refusal to extend cooperation. The panellists explored avenues of informal cooperation and formal cooperation and considered not only examples but also weighed the advantages and disadvantages of the aforesaid avenues, concluding that although informal cooperation is helpful it is inadequate since informal cooperation in unenforceable. This led to a discussion of the elements required in order to ensure international cooperation namely a formal international obligation, quick, ensures the protection of human rights, engenders confidence, is limited to criminal justice, harmonizes laws, is not technology specific, provides a baseline, is inclusive, harmonizes procedures, harmonizes cross border procedures and cooperation and its members include infrastructure countries where data is held and from whom information is sought. Available frameworks and in particular frameworks which would be effective for developing countries were discussed. Participants and panellists especially those from developing countries unanimously approved of the appropriateness, adequacy and effectiveness of the Budapest Convention as the only adequate instrument available to developing countries to further what was described as their sovereign national interests by protecting their citizens and national interest by combatting cybercrime. The Convention was identified as the only model law and only international instrument with global and cross regional reach which includes these elements and gave examples of their respective experiences in Developing Countries including the incorporation of baseline standards and how the mutual legal assistance provisions facilitate the receipt of data from infrastructure countries. The advantages of acceding to the Budapest Convention for Developing Countries namely enabling Developing Countries' Law Enforcement Agencies to obtain data from Infrastructure Countries, ensure sovereignty and target practical and achievable benefits were also discussed. It was underscored that a delay in any developing country failing to acceding to or use the Convention would be a serious loss to the interest of developing countries and be advantageous to cyber criminals and transnational organized crime including money laundering and terrorism. Panellists and participants also highlighted the enormous benefit of assistance provided in terms of capacity building, training and legislative drafting and access to legislative networks provided by the frameworks of the Budapest Convention.

Questions were raised as to whether the Budapest Convention represented a global instrument in response to which many participants were surprised to hear that the Convention had representation across all continents comprising developed and developing countries and had recently seen a spate of increased ratifications in eighteen to twenty four months leaving no doubt that the instrument was indeed a global treaty with global membership and global reach and constituted a global response to the cybercrime threat.* It was even noted that in addition to the several countries that had actually signed, ratified and/or acceded to the Convention, there were several others that had drafted legislation based on the Convention, even further extending its global international relevance and reach. Participants also queried the possibility any other international treaty in regards cybercrime and the response was remarkably unanimous in the inappropriateness of this suggestion, its unworkability, impracticality and the failure of such an idea in providing any appropriate relevant or effective assistance to developing countries. Firstly it was clear that achieving consensus on a cybercrime treaty would be near to impossible. If such a consensus were to be arrived at, the baseline established would be at a very low threshold and therefore, in comparison with the Convention, such a treaty would lack usefulness and relevance. Additionally, certain parties may attempt to include provisions which violate civil liberties and human rights. In any case it was also pointed out that the Convention was not mutually exclusive and that adoption of the Convention did not exclude the possibility of a country also adopting and being party to other frameworks. Secondly, the panellists and participants agreed that any treaty would take a minimum if not upwards of five years to discuss, possibly longer to negotiate language, up to a decade to achieve the minimum number of signatures and come into effect, possibly another decade to ensure a sufficient number of parties had not just signed but ratified the treaty and possibly longer to ensure that such parties had implemented the necessary domestic legislation and other measures to enable any level of effectiveness and relevance of such a treaty for combatting cyber crime. There was unanimous agreement that a quarter of a century was too long to wait for a cyber crime treaty and action was required now. Pursuing such a treaty would be a waste of valuable time, resources and energy, particularly of developing counties, which would be more efficiently spent in ensuring that more countries became parties to the Budapest Convention on Cyber Crime and were provided capacity building in order to have the necessary tools and resources to combat this menace. Such wastage and delay would result in self sustained damage to developing countries who are attempting to achieve both a secure as well as a productive and enabling environment for ICTs. The panellist from the private sector highlighted that such delay would have a direct impact on the development and comparative advantage of developing countries which want to have economic growth such as investment through secure and efficient ICTs which require globally sourced investment. Consequently, rather than delay joining the Convention and thereby combatting cybercrime in anticipation of an alternative treaty which may either never arise or result in an ineffective convention, or if at all useful, take decades to become effective, it was clear that the sovereign national interest of developing countries required action now. Any delay would only further endanger not only developing countries and their citizens but the global community. Rather it would be more beneficial if the existing legal framework under the Budapest Convention was adopted. The Panellists also commented on regional conventions which prove ineffective when cooperation between regions is required. By comparison the Budapest Convention allows for not only greater harmonization but includes provisions for international cooperation where countries do not have bilateral agreements. The panellists from Developing Countries also highlighted the support received from the Council of Europe in terms of assistance with legislative drafting and capacity building with law enforcement agencies and the judiciary.

The availability of powers of preservation of data, disclosure of traffic data production orders real time collection of traffic data and content data search and seizure subject to human rights civil liberties safeguards and independent judicial supervision were demonstrated as a vital means of addressing the scenario discussed in the workshop. It was also noted that no other international model or instrument provided any of these provisions particularly in a mutual legal assistance and cross border cooperation framework operated under international law by which developing counties could be assured of reasonable cooperation in terms of international law when requesting information evidence and assistance from developed/ infrastructure states. Participants queried whether the Convention ensures the protection of civil liberties and the panellists highlighted Article 15 of the Convention which references the UNHCR and ICCPR in addition to providing for the restriction of the scope and duration of procedural powers.

*http://conventions.coe.int/Treaty/Commun/print/ChercheSig.asp?NT=185&CL=ENG

Conclusions drawn from the workshop and possible follow up actions

From a Developing Country standpoint, the Budapest Convention is an ideal international best practice model which covers all the necessary elements including international cooperation and most importantly the only available international instrument with global reach. Panellists emphasized the importance of Mutual Legal Assistance Treaties (MLATS) for international cooperation and highlighted the positive impact of having effective cyber crime legislation on business and investment. The panellists also commented on the feeling of community engendered by acceding to the Budapest Convention and emphasized the importance of supporting other Developing Countries in this process. A participants highlighted that this was the only panel where the participant witnessed the discussion of a positive role of the government and it was essential that more governments become aware of, support and take measures consistent with the Convention. Developing countries particularly stressed the importance of being provided capacity building and assistance from the Convention when discussing harmonizing cyber crime legislation since it is vital to ensure that any model legislation aims to be consistent with the Convention. This is particularly relevant given the unhelpful and technically and legally incorrect language sometimes used in certain recent model laws promoted by certain organizations which have suffered serious criticism by civil society, the technical community and the private sector. Avoiding such unhelpful outcomes and wastage of resource and instead utilizing the same resources to further the positive agenda of consistent, compatible and convergent legislation such as undertaken in the form of the commonwealth model law was a more useful resource. Developing countries also require international funding and development assistance.

Estimation of the overall number of participants present at the workshop

80

Estimation of the overall number of women present at the workshop

about half of the participants were women

Extent to that the workshop discuss gender equality and/or women’s empowerment

it was not seen as related to the workshop’s theme and was not raised

A brief summary of the discussions in case that the workshop addressed issues related to gender equality and/or women’s empowerment

No information provided

Reported by

Zahid Jamil and Zahra Rose Dean