The condition of the Convention to be entered into force was depending on 5 ratifications including at least 3 member States of the CoE.
As of December 12, 2004 [i] total number of signatures is 30 and there are 8 states those ratified. The protocol on “Acts of a racist or xenophobic nature” has received 22 signatures and one ratification. Although it entered into force in July 1, 2004 it cannot be said that the first effects are apparent, as few countries have ratified at the moment. The Convention aimed three main topics; “harmonisation of the national laws which define offences”, “definition of investigation and prosecution procedures to cope with global networks”, “establishment of a rapid and effective system of international co-operation” and made no party so satisfied in particular the NGO’s whose participation was not given importance. [ii] Most of the civil liberty organizations including “Cyber-Rights-Cyber-Liberties”[iii] criticized the Convention as follows:
- It is fundamentally imbalanced. It includes powers of computer search and seizure and government surveillance of voice, email and data communications, but no correspondingly standards to protect privacy and limit government use of such powers. In other words, the procedural provisions, which also are threatening the human rights, have more space than the substantial provisions.
- It has some positive and some negative elements. It is very broad, reaching far beyond computer crime as such. Whilst it requires signatories to adopt laws giving the government access to computer data (for all crimes) and while it states that such powers must be subject to procedural safeguards protecting privacy, it fails to specify such procedural safeguards. Accordingly, developing countries should be cautious in approaching the Council of Europe convention as a model. A major section of the treaty aims to require governments to cooperate with other countries seeking to search and seize computers, compel disclosure of data stored in computers, and carry out real-time interceptions – in all kinds of criminal cases – in other countries. It also covers extradition for computer crimes as defined under the treaty. [iv]
- The Explanatory Report states that the phrase “without right” may refer to conduct undertaken without contractual authority. This interpretation seems unwise, for it could make violations of a service provider’s terms of service into a criminal offence. Within the first drafts “hacking” was about to without any circumstances be criminalized, but later on it was formulated with “without right”. Whilst it is so sensitive matter to assess “who has or has not the right” through the objective criteria or substantial rules, leaving that to judges or law enforcement circles’ judgement is a way which is far from equity rules.
- It brings too heavy responsibilities to ISP’s. (Article 15)
- The word of “Privacy” has never been used in the Treaty except the “Introduction” volume of the explanatory report.
- A vague reference to proportionality will not be adequate to ensure that civil liberties are protected. It is recognized that countries have varying methods for protection of civil liberties, but as a Council of Europe Convention drafted in consultation with other democratic nations, this document missed an important opportunity to ensure that minimum standards consistent with the European Convention on Human Rights and other international human rights instruments were actually implemented. This failure is, in part, a result of the non-transparency of the process. [v]
- It fails to consistently require dual criminality as a condition for mutual assistance between countries. No nation should ask another to interfere with the privacy of its citizens or to impose onerous requirements on its service providers to investigate acts, which are not a crime in the requested nation. Governments should not investigate a citizen who is acting lawfully, regardless of whatever mutual assistance conventions are in place. Article 34 (Mutual assistance regarding the interception of content data) allows interception to the extent permitted by other treaties and domestic law. An acceptable condition would have been that requests for interception could only take place if it is permitted under the relevant criminal law as an offence that merits interception in both countries. Requests should also have a specified level of authorisation, i.e. where warrants are only acted upon if they are received from a judicial authority in the requested country. [vi]
- "Treaty on Cybercrime Sounds Like A Great Idea Until You Read Fine Print..."
The analogy between the WIPO treaty and the Convention on Cybercrime ... http://www.cryptome.org/cycrime-godwin.htm
- Civil rights and ambiguity of crime “prevention” Statement by ALCEI - January 24, 2004
- "CoE "cybercrime" convention: legitimising internet surveillance"
- "Eight Reasons the US Should Reject the International Cybercrime TreatyThe International Cybercrime Convention: What Is It? "
[i] Albania, Croatia, Estonia, Hungary, Lithuania, Slovenia and the Former Yugoslav Republic of Macedonia Romania. http://conventions.coe.int/Treaty/EN/CadreListeTraites.htm
[ii] Under the acronym GILC (Global Internet Liberty Campaign), 22 associations in nine European countries (Austria, France, Germany, Italy, Netherlands, Spain, Ukraine, United Kingdom), the US, Japan, Australia and South Africa have campaigned against the draft Convention. They saw it as a "portmanteau" text embodying measures, which are disproportionate, destructive of liberty, and a threat to fundamental rights and national sovereignty.
[iii] Dr. Yaman Akdeniz, “An Advocacy Handbook for the NGO’s, The CoE’s Cyber-Crime Convention 2001 and the additional protocol on the criminalisation of acts of a racist and xenophobic nature committed through computer systems”, December 2003, Updated March 2004 – Online: http://www.cyber-rights.org/cybercrime/coe_handbook_crcl.pdf
[vi] http://www.crime-research.org/articles/CoE_Cybercrime/ P.3