Key Takeaways:
- The convention provides a comprehensive list of crimes, including illegal access, data and systems interference, computer-related fraud, and dissemination of child abuse material.
- The Convention encourages member states to develop national laws that criminalise acts like hacking, online fraud, and distribution of illegal content.
- The Convention sets standards for collecting and handling electronic evidence to ensure its admissibility in court as evidence of a criminal offense.
The internet has revolutionised communication, commerce, and information access on a global scale. However, this interconnectedness has also created new vulnerabilities, fostering the rise of cybercrime.
The Budapest Convention on Cybercrime, also known as the Council of Europe Convention on Cybercrime, stands as the first international treaty specifically designed to address this growing threat.
This article delves into the Budapest Convention, exploring its history, key objectives, core principles, and its impact on the global fight against cybercrime.
Protect Your Brand & Recover Revenue With Bytescare's Brand Protection software
Origins and Development of the Budapest Convention
The rapid growth of the internet in the late 1990s exposed the limitations of existing legal frameworks in addressing cybercrime.
Traditional national laws often struggled to keep pace with the evolving nature of online threats, and international cooperation was fragmented.
Recognising this challenge, the Council of Europe, an intergovernmental organisation promoting human rights and democracy, initiated the development of a comprehensive treaty to combat cybercrime.
Drafted in Strasbourg, France, with significant contributions from observer states like Canada, Japan, and the United States, the Convention was opened for signature in Budapest, Hungary, in November 2001.
It entered into force in July 2004, marking a significant milestone in international cooperation against cybercrime.
The Budapest Convention on Cybercrime
The Convention on Cybercrime of the Council of Europe, opened for signature in Budapest in November 2001, remains the most relevant international agreement on cybercrime and electronic evidence twenty-two years later.
Since then, information and communication technologies (ICT) have transformed societies worldwide, but they have also introduced significant security risks such as cybercrime, misinformation, disinformation, and foreign influence.
The convention is the first multilateral international treaty on cybercrime that has legal force. It makes some cybercrime behaviours illegal and organises international cybercrime investigations.
It provides a framework for international collaboration amongst state signatories to this treaty and acts as a roadmap for any nation creating comprehensive national legislation against cybercrime.
A Protocol on Xenophobia and Racism Committed via Computer Systems is an addition to the Budapest Convention.
There is a growing recognition of the need to enhance security, confidence, and trust in ICT, as well as to strengthen the rule of law and protect human rights in cyberspace.
Cyber issues have become increasingly important as they impact both the fundamental rights of individuals and the national security interests of states.
The Budapest Convention is a criminal justice treaty that provides states with:
- The criminalisation of a list of attacks against and by means of computers.
- Procedural law tools to make the investigation of cybercrime and the securing of electronic evidence in relation to any crime more effective, while ensuring adherence to rule of law safeguards.
- International police and judicial cooperation on cybercrime and electronic evidence.
The convention is open for accession by any state prepared to implement its provisions and engage in international cooperation.
Protect Your Brand & Recover Revenue With Bytescare's Brand Protection software
Acceptable Norms of Behavior in Cyberspace
As of January 27, 2023, the Council of Europe’s Chart of signatures and ratifications of the Convention on Cybercrime (ETS No. 185) indicates that 68 countries have ratified or acceded to the convention.
In essence, this means that 68 countries have agreed on certain unacceptable behaviors in cyberspace, incorporating these prohibitions into their national laws. Consequently, there is a strong consensus among these states on what constitutes acceptable and unacceptable behavior in cyberspace.
To illustrate, the first paragraph below outlines the provisions of Title 1 of the Cybercrime Convention.
The following paragraph demonstrates how these provisions have been codified into the Australian Criminal Code Act (Cth).
Similar provisions exist in the laws of the other 68 countries. While one state cannot impose its laws on another, the result of the convention is that all states share the same expected behaviors in cyberspace.
Objectives of the Convention on Cybercrime
The Convention on Cybercrime is the first international treaty addressing crimes committed via the Internet and other computer networks.
It specifically deals with copyright infringements, computer-related fraud, child pornography, hate crimes, and violations of network security. Additionally, it includes a range of powers and procedures, such as searching computer networks and lawful interception.
The main objective of the Convention, as stated in the preamble, is to establish a common criminal policy aimed at protecting society against cybercrime through the adoption of appropriate legislation and fostering cooperation.
The Convention primarily aims to:
- Harmonise the domestic criminal substantive law elements of offenses and related provisions in the area of cybercrime.
- Provide domestic criminal procedural law powers necessary for the investigation and prosecution of such offenses, as well as other offenses committed by means of a computer system or where evidence is in electronic form.
- Establish a fast and effective regime of international cooperation.
Protect Your Brand & Recover Revenue With Bytescare's Brand Protection software
Accession by Non–Council of Europe States
On the 23rd of November 2001, in Budapest, the United States, Canada, Japan, and South Africa signed the Convention on Cybercrime.
In April 2023, the following non-Council of Europe states ratified the treaty: Ghana, Israel, Japan, Mauritius, Morocco, Nigeria, Peru, the Philippines, Senegal, Sri Lanka, Tonga, Australia, Brazil, Cabo Verde, Canada, Chile, Colombia, Costa Rica, the Dominican Republic, Ghana, Israel, Japan, Mauritius, Peru, USA, and Mauritius.
Although Egypt has not signed the Convention, in 2018, President el-Sisi’s government enacted two significant computer-crime-related laws. These laws target social networking services such as Facebook and Twitter, criminalising fake news and terrorism, and flagging accounts with more than 5,000 subscribers or followers.
Amnesty International criticised the early legislation, but it allows websites to appeal to the courts within seven days of being blacklisted.
India, too, is reconsidering its position on becoming a member of the Budapest Convention due to the surge in cybercrime, especially following the push for a digital India.
India’s Position
India remained outside of the Budapest Convention, which was headed by Europe. Nevertheless, India supported a UN resolution to establish a distinct convention that was led by Russia.
The Intelligence Bureau (IB) claims that sharing data with foreign law enforcement agencies violates India’s right to national sovereignty.
India has also said in the past that it will not ratify the Budapest Treaty because it was not involved in its drafting.
The Budapest Convention’s Role in International Cooperation
Nearly all parties involved concur that the Mutual Legal Assistance Treaty (MLAT), which currently facilitates cross-border data sharing for law enforcement, is inadequate in the digital age.
The question of whether to create this Convention as a whole or to completely replace the MLAT is still being debated.
Since its inception in 2001, this Convention has enthusiastically solicited Indian participation; nevertheless, India has chosen not to become a party to it.
Benefits of the Budapest Convention
The advantages of the Budapest Convention in fostering international collaboration include:
- It offers a legal framework for criminal justice cooperation concerning cybercrime and other crimes involving digital evidence. This includes both standard and specific provisions for collecting electronic evidence. An ongoing negotiation aims to integrate more tools for cooperation in emergency scenarios through the 2nd Additional Protocol.
- The Convention benefits from a vast network of practitioners within the Cybercrime Convention Committee (T-CY) and related capacity-building activities. These experts support one another in investigating and prosecuting predominantly transnational cases, making these connections invaluable.
- The Convention encourages legal and procedural reforms and strengthens mechanisms for international cooperation. For instance, in 2014, the T-CY assessed the effectiveness of mutual legal assistance provisions, leading to recommended practices and calls for continued enhancement in 2017.
Provisions for International Cooperation in the Budapest Convention on Cybercrime
The Budapest Convention on Cybercrime facilitates international law enforcement cooperation through a framework of mutual information sharing and formal assistance. This section delves into the key provisions that govern this cooperation.
General Principles for Cooperation (Article 23):
Article 23 establishes the foundation for international cooperation under the Convention. It encourages member states to collaborate “to the widest extent possible” in investigations and prosecutions related to cybercrime. This cooperation can leverage existing international instruments, bilateral agreements, and domestic laws.
Supplementing Existing Agreements (Article 39):
The Convention’s provisions are designed to supplement, not replace, existing multilateral and bilateral treaties on international cooperation in criminal matters. This ensures that established frameworks remain operational while the Convention provides additional tools for cybercrime investigations.
Mutual Legal Assistance (Article 27):
Where no formal agreements exist between member states, Article 27 outlines procedures for facilitating Mutual Legal Assistance (MLA) in cybercrime cases. This allows one state to request assistance from another in gathering evidence or taking legal actions.
Extradition Procedures (Article 24):
The Convention also details procedures for extradition, the process of surrendering an individual suspected of a crime to another jurisdiction for prosecution. Article 24 provides a framework for extradition in cybercrime cases, streamlining cooperation between member states.
Harmonisation and Dual Criminality:
While the Convention itself doesn’t explicitly require “dual criminality” (where the act is considered a crime in both countries), its adoption fosters harmonization of national cybercrime laws. This creates a situation of reciprocal criminalization, making it easier to process requests for assistance and extradition when both countries consider the act a crime.
The Cybercrime Convention Committee (T-CY):
The T-CY serves as a forum for member states to discuss and address issues related to the Convention. Through biannual meetings and working groups, the T-CY facilitates communication, identifies potential shortcomings in the Convention, and considers amendments to keep pace with evolving challenges.
This breakdown highlights the core provisions of the Budapest Convention that enable international law enforcement cooperation in combating cybercrime.
An Overview of Cybercrime Coverage Under the Budapest Convention
The Budapest Convention aims to address criminal mishandling of equipment, unlawful access, and interference with and interception of data and system networks.
The Convention’s substantive offences fall into four general categories:
(1) offences against computer data and systems’ secrecy, integrity, and availability;
(2) offences connected to computers;
(3) offences involving content; and
(4) criminal copyright infringement.
The Additional Protocol criminalises the use of computer networks for the dissemination of racist and xenophobic propaganda. Nevertheless, the Budapest Convention does not address all forms of cybercrime. These include online crimes including identity theft, child sex trafficking, and unsolicited emails and spam.
Is Cybercrime Affect the Brand?
Absolutely, cybercrime can have a very negative impact on a brand. Here are some of the ways it can hurt a company’s reputation:
- Loss of trust: If a company experiences a data breach where customer information is stolen, it can shatter customer trust. Customers may worry their financial information or personal data is no longer secure and be hesitant to do business with the company again.
- Negative publicity: News of a cyberattack can spread quickly and damage a brand’s image. Customers may see the company as careless or incompetent when it comes to cybersecurity, and this perception can be difficult to overcome.
- Financial losses: In addition to the cost of responding to the attack itself, a company may also face financial penalties from regulators or lawsuits from customers.
- Disruption of operations: A cyberattack can also disrupt a company’s operations, leading to lost revenue and productivity.
The severity of the impact will depend on the nature of the cybercrime and how the company responds. However, there’s no doubt that cybercrime can be a major brand reputation risk.
What’s Next?
The Budapest Convention on Cybercrime stands as the world’s first international convention to address cybercrime.
It establishes a legal basis for international cooperation in fighting a growing threat.
The convention outlines a list of cyber-enabled crimes, including illegal access (unauthorized access) to computer systems and interference with communications technologies. This comprehensive approach to cybercrime encourages nations to criminalize these acts and equip law enforcement with the tools to investigate them.
By working together, countries can create a safer online environment. However, cybercriminals are relentless.
To truly protect your brand from online threats, consider a robust cyber security solution. Book a demo with Bytescare brand protection today and see how we can safeguard your brand reputation from the ever-evolving world of cybercrime.
The Most Widely Used Brand Protection Software
Find, track, and remove counterfeit listings and sellers with Bytescare Brand Protection software
FAQs
What new tools does the Second Additional Protocol to the Budapest Convention provide to law enforcement authorities to combat cybercrime?
The Second Additional Protocol provides tools such as direct cooperation with service providers and registrars, expedited means to obtain subscriber information and traffic data, and expedited cooperation to access stored computer data in emergencies. These measures, aimed at facilitating access to electronic evidence, are implemented with human rights and rule of law safeguards.
Why is the Mutual Legal Assistance Treaty (MLAT) considered insufficient for cross-border data sharing in the digital age according to the latest updates on the Budapest Convention?
The MLAT is considered insufficient because stakeholders agree that its current form does not adequately support the rapid cross-border data sharing needed for effective law enforcement in the digital age.
Why did countries like India support the Russia-led Convention over the Budapest Convention?
Countries like India supported the Russia-led Convention because it addresses national sovereignty issues and offers more extensive provisions for cross-border access to data compared to the Budapest Convention.
What are the key areas covered by the Cybercrime Convention to combat cybercrime?
The Cybercrime Convention covers three key areas: criminalisation of conduct such as illegal access, data and systems interference, computer-related fraud, and dissemination of child abuse material; providing procedural powers for investigating cybercrime and securing electronic evidence for any crime; and facilitating efficient international cooperation between parties to address and mitigate cybercrime effectively.
Why do several human rights groups criticise the UN proposal as a way to extend a Chinese and Russian form of internet governance?
Several human rights groups criticise the UN proposal because it aims to create a new treaty that extends far beyond the Budapest Convention’s provisions for cross-border data access, including limiting the ability of a signatory to refuse data requests.
They argue this promotes a “closed Internet” or “state-controlled internet,” reflecting Chinese and Russian governance models, which could undermine internet freedoms and human rights.
What is the purpose of the Convention on Cybercrime?
The Budapest Convention unites countries in the fight against cybercrime. It sets a global standard by outlining a list of criminal acts like hacking and online fraud. Member nations agree to criminalise these acts and work together to gather evidence across borders. This international cooperation helps hold cybercriminals accountable and fosters a safer online environment.
How does the Budapest Convention affect cybercrime?
The Budapest Convention throws a net over cybercrime. It forces member countries to criminalise acts like hacking and online scams, creating a united front against these global threats.
By streamlining evidence sharing across borders, it empowers law enforcement to investigate cybercrime more effectively. This discourages criminals and fosters a safer digital space.
Ready to Secure Your Online Presence?
You are at the right place, contact us to know more.