The threat of cyber-crime is growing across the globe, but how can we defend ourselves against attack?
Cyber-crime is on the rise worldwide and governments, the private sector and civil society need to cooperate to combat it. The threat is growing in every continent. And it will grow more as societies increasingly make use of information technologies. Cyber-crime – and with it the lack of reliability and trust in information and communication technologies – risk undermining the development potential of such technologies.
Many countries have adopted cyber-security strategies aimed at the protection of information and communication technologies. Still though, many countries need to design specific cyber-crime strategies - that not only address attacks, but also criminal offences committed using computers. There is a need for countries to address this growing threat and for governments to develop specific strategies aimed at strengthening the rule of law and human rights on the internet; and, by doing this, protect people and their rights.
Cyber-crime strategies should always provide safeguards limiting the powers of the police and the judicial institutions and should focus on legislation, institution building measures and cooperation. A crucial step to help countries meet the challenge of cyber-crime is the adoption of comprehensive legislation. Although, it is of utmost importance that legislation is harmonised internationally. Much progress has been made over the last five years. A large number of countries around the world have adopted legislation using the Budapest convention, of the Council of Europe, as a guideline. This ensures that legislation is not only consistent, but also compatible with that of other countries.
The convention promotes a criminal justice approach to cyber-crime. This means that it criminalises hacking, denial of service attacks through botnets, child pornography or fraud on the internet. It provides the police and the judicial institutions with efficient tools to investigate cyber-crime and secure electronic evidence on computer systems and it serves as a framework for international cooperation. But, this also means that enforcement must follow rule of law and human rights principles. For example, law enforcement can only search a computer if a judge has authorised this. And the measure taken by law enforcement must be proportional to the offence committed. The convention, therefore, helps make sure that governments can protect their citizens by prosecuting offenders and at the same time do not violate the rights of citizens when investigating cyber-crime.
Some governments argue that the convention has been developed by European countries and serves their interests. The truth is that South Africa, Canada, Japan and the United States also participated in the negotiations and signed it in 2001. In recent years - Argentina, Australia, Chile, Costa Rica, Dominican Republic, Mexico, Philippines and Segenal have been invited to accede. So far, 55 countries have signed or ratified this treaty or been invited to accede. Many others have not taken those steps, but have used its provisions for drafting national legislation.
For very practical reasons, any country needs to be able to engage in police and judicial cooperation with those countries where data servers are located and which provide much of the internet infrastructure. That is where much of the electronic evidence is hosted and from where it has to be obtained. The use of the convention as a guideline when enacting legislation helps create the basis for such cooperation, even if that country is not a party. However, only by becoming a party can a country make full use of it as a framework and legal basis for international cooperation and that is why the Council or Europe is encouraging countries throughout the world to accede. It is also encouraging governments to adopt legislation on the protection of personal data and to join the data protection convention.
While discussions as to whether or not the convention is a regional or a global instrument will continue in the near future for political reasons, for practical purposes this treaty is already there and it has brought many advantages for countries that have implemented it. It has helped mobilize resources for technical assistance and capacity building - including training for law enforcement, prosecutors and judges; and by doing so making its provisions truly effective in practice.
Alexander Seger is head of the cyber-crime and data protection division at the Council of Europe