CLE Conference, 24-25 October 2002 CoE’s Cyber Crime Convention

CLE Conference, 24-25 October 2002

CoE’s Cyber Crime Convention

Content and background

Prof. Dr. Henrik W.K. Kaspersen

Vrije Universiteit Amsterdam

The Netherlands

CLE Conference, Sydney October 24 & 25, 2002

2

Overview of the presentation

Reasons for international negotiations Content of the cyber crime convention Discussion of some dilemma’s Meaning of the convention


3

Procedure in the Council of Europe Start :1997 Completion: officially December 2000,

factually August 2001 Adoption by Committee of Ministers:

November 2001 Signature Ceremony: Budapest November

23, 2001 ETS 185, coming into force: ??


4

Negotiating Parties

Council of Europe Member States– 43

Non-member States– U.S.A.– Canada– Japan– South Africa


5

Signatories to the Convention

EU-member states (out of 15): 13

Non-European States: 4

===

(includes All G-7) 17

Other CoE members states, 16

===

Parties to the Convention 33

Ratifications: 1


6

Aims of the Cyber Crime Convention Harmonisation of criminal substantive law, basis

R (89) 9. Harmonisation of criminal procedural law, basis R

(95) 13. Instruments for mutual legal assistance, basis

existing co-operation instruments. Codification of international law Framework for future developments


7

Scope of the Cyber Crime Convention Minimum character Substantive law:

– categorisation; distinction cyber crime in narrow and in broad sense.

Procedural law– specific investigative powers related to IT,

preliminary measures


8

Scope CCC- continued

Mutual assistance– supplementing existing bilateral and

multilateral instruments– extradition with regard to cybercrimes– scope of application of coercive powers– further assistance


9

Harmonising of substantive criminal law Cyber crime in the narrow sense

– C.i.a.-offences: artt. 2-6 Cyber Crime in the broader sense:

– Computer-related offences: artt. 7-8 – Content-related offences: art. 9– I.p.r.-related offences: art. 10

Accessory provisions: artt. 11-13 Civil and criminal liability legal persons


10

General provisions

Definitions: art. 1 – computer system – computer data

Notion: “without right” Notion: “intentionally”


11

Content-related offences

Child porn– Defines child porn material

refers to sexually explicit conduct including adult actors and realistic virtual material

– Criminalised Conduct possession, production, distribution of digital child porn

material including procurement, offering, making available by means of a computer system

Exemptions: to be defined under domestic law as “with right”


12

Issues considered but not included Surreptitiously gathering of personal data

(“Cookies”) Spam (unsolicited e-mail) Spoofing and integrity internet-communications Racism and xenophobia (see hereafter) Other Content-related offences (e.g. gambling) (Non)-liability of ISP’s


13

Jurisdiction

Scope art. 22: only relating to substantive provisions

Principle: territoriality Includes ships and aircrafts Restricted nationality principle Dedere aut judicare Determining jurisdiction (substantial link) Conflicts: Consulting mechanism


14

Criminal procedural law

Starting point: Recomm. CoE R(95) 13 Aim: gathering of electronic evidence of a

specific criminal offence Scope: cyber crimes art.14:

a) offences established in the CCC;

b) computer system instrument of the crime;

c) any other crime for which electronic evidence is needed.


15

Criminal Procedural law- general principles Scope: art. 14 relating to art. 20/21 Scope, conditions and safeguards art. 15:

domestic law Distinction between stored data (in

existence) and flowing data (in transmission)


16

Definitions

Art. 1– computer system

stand-alone, networks, telecommunication systems

– computer data– service provider: communication services: TO

and ISP equal footing– traffic data: functional definition (path, source)


17

Measures concerning stored computer data Search of computer system and files: art. 19 Production order: art. 18 Expedited preservation: art. 16 Expedited preservation of stored traffic

data: art. 17


18

Preservation of traffic data

EU-directive Telecommunications and Privacy 1997: – deletion of non-billing data– 2002-review: extension to marketing– mandatory retention possible

Other Parties: no privacy restrictions Principle CCC: “preserve traffic data as is” G8: establish necessary traffic data


19

Real time collection of traffic data/interception of content Art. 20/21 parallel in structure Art. 21: serious crime only (domestic law) Specific communication by means of a

computer system Direct through Law enforcement authorities or

with assistance of service provider “As is available”, no technical requirements Confidentiality clause possible


20

Measures considered but not included Measures to restrict proliferation of encryption Order to undo encryption Specification of individual safeguards Mandatory retention of traffic data

– efficacy vs burden innocent third parties– reasonable time limit– legal safeguards

Harmonisation of collection/interception powers


21

International mutual legal assistance General principles, art. 24, 26

– to the widest extent possible– scope: art. 14– expedited, flexible, modern means of (direct)

communication– basis always domestic law– no refusal possible for fiscal offences– flexible interpretation of ‘dual criminality’– spontaneous information


22

Mutual legal assistance in general

Extradition: extraditable offences (art. 24) Factual co-operation:

Can the request be executed on the basis of an existing bilateral or multilateral instrument? (EI) Y, proceed. N, apply art. 27 CCC (comprehensive set for MLA).

Is the application of specific measures necessary? Apply CCC or EI or both.


23

Mutual legal assistance- specific measures Expedited preservation of computer data (art. 29) Expedited partial disclosure in case of traffic data

(art. 30) Access to computer systems and data (art. 31) Transborder investigative measures that are lawful

(art. 32) Real time collection of traffic data (art. 33) Real time interception of content (art. 34) 24/7 network central authority


24

Transborder investigative measures CCC: only through MLA, except

– Accessing and downloading of “Open source”– With permission of the person in control on the

territory– Possibly through production order of art. 18

EU MLA: interception of satellite communications: notification


25

Mutual assistance instruments considered but not included Adaptation of existing MLA- instruments Data protection exception Misuse of jurisdiction (U-turn) International order for collection/retention

of traffic data Trans-border network search


26

Final provisions

Coming into force: 5 ratifications required Accession: unanimity of Parties and majority

of Committee of Ministers CoE Declarations, reservations Conference of Parties Amendments Dispute Resolution: no court but consultation


27

Cyber Crime Convention- final observations (I) Minimum character: electronic environment Framework character: ongoing development Need for flanking, internationally co-ordinated

measures Enhances practical co-operation of law

enforcement authorities– exchange of expertise– training and education– prevention


28

Cyber Crime Convention - final observations (II) Transparency of the drafting process Industry and NGO involvement Human rights and privacy concerns


29

1st Additional Protocol on Racism and XenophobiaProcedure:

– decision by CDPC in June 2001– drafting December 2001-April 2002– adoption CDPC June 2002; Parliamentary

Assembly September 2002– adoption by Committee of Ministers November

6, 2002– opening for signature: January 2003


30

Meaning of the Protocol

Harmonising criminal offences concerning dissemination of racist and xenophobic material and related acts in computer networks

Provide for adequate means of criminal investigations as defined by the Cyber Crime Convention

Most Parties to the Convention


31

Crimes under the 1st Add. Protocol art. 3: dissemination art 4: threats art. 5: insults art. 6: denial art. 7: aiding and abetting


32

art. 2: racist and xenophobic material written or any other representation

– data carrier thoughts and theories advocating, promoting, inciting hatred, discrimination, violence race, colour, decent, national or ethnic

origin, religion (qualified)


33

art. 3: dissemination

dissemination or otherwise making available through a computer system– excludes private communications– excludes production, possession, procurement

racist and xenophobic material (art. 2) intentionally without right reservation clauses concerning discrimination


34

art. 4 threats

threat – (private communications included)

with commission of a serious crime factors from art. 2


35

art. 5 insults

insulting publicly intentionally/without right factors from art. 2 reservation clauses


36

art. 6 denial

denial, gross minimisation, holocaust or future genocide or crime

against humanity reservation clause


37

Other issues

attempt of art. 3-6 not criminalised copying definitions and notions of the

Cyber Crime Convention powers and instruments of the Cyber Crime

Convention applicable


38

Not included in the Protocol

factors of art. 2: gender, sexual nature, age etc.

set up, running and supporting of racist and xenophobic associations

specific investigative measures


39

Conclusion

framework of human rights, Rome Convention 1950

major step forward in global approach since UN-CERD 1967

meaning Protocol not restricted to– computer networks– scope of art. 2; role national legislator /court– model law

Date post:	31-Dec-2015
Category:	Documents
Upload:	candice-emerson
View:	22 times
Download:	2 times

CLE Conference, 24-25 October 2002 CoE’s Cyber Crime Convention

Documents