Thursday, December 16, 2004

Cybercrime Convention- Critisisms

The overall criticisms on the Council of Europe’s Convention on Cybercrime

The condition of the Convention to be entered into force was depending on 5 ratifications including at least 3 member States of the CoE.
As of December 12, 2004 [i] total number of signatures is 30 and there are 8 states those ratified. The protocol on “Acts of a racist or xenophobic nature” has received 22 signatures and one ratification. Although it entered into force in July 1, 2004 it cannot be said that the first effects are apparent, as few countries have ratified at the moment. The Convention aimed three main topics; “harmonisation of the national laws which define offences”, “definition of investigation and prosecution procedures to cope with global networks”, “establishment of a rapid and effective system of international co-operation” and made no party so satisfied in particular the NGO’s whose participation was not given importance. [ii] Most of the civil liberty organizations including “Cyber-Rights-Cyber-Liberties”[iii] criticized the Convention as follows:

  • It is fundamentally imbalanced. It includes powers of computer search and seizure and government surveillance of voice, email and data communications, but no correspondingly standards to protect privacy and limit government use of such powers. In other words, the procedural provisions, which also are threatening the human rights, have more space than the substantial provisions.
  • It has some positive and some negative elements. It is very broad, reaching far beyond computer crime as such. Whilst it requires signatories to adopt laws giving the government access to computer data (for all crimes) and while it states that such powers must be subject to procedural safeguards protecting privacy, it fails to specify such procedural safeguards. Accordingly, developing countries should be cautious in approaching the Council of Europe convention as a model. A major section of the treaty aims to require governments to cooperate with other countries seeking to search and seize computers, compel disclosure of data stored in computers, and carry out real-time interceptions – in all kinds of criminal cases – in other countries. It also covers extradition for computer crimes as defined under the treaty. [iv]
  • The Explanatory Report states that the phrase “without right” may refer to conduct undertaken without contractual authority. This interpretation seems unwise, for it could make violations of a service provider’s terms of service into a criminal offence. Within the first drafts “hacking” was about to without any circumstances be criminalized, but later on it was formulated with “without right”. Whilst it is so sensitive matter to assess “who has or has not the right” through the objective criteria or substantial rules, leaving that to judges or law enforcement circles’ judgement is a way which is far from equity rules.
  • It brings too heavy responsibilities to ISP’s. (Article 15)
  • The word of “Privacy” has never been used in the Treaty except the “Introduction” volume of the explanatory report.
  • A vague reference to proportionality will not be adequate to ensure that civil liberties are protected. It is recognized that countries have varying methods for protection of civil liberties, but as a Council of Europe Convention drafted in consultation with other democratic nations, this document missed an important opportunity to ensure that minimum standards consistent with the European Convention on Human Rights and other international human rights instruments were actually implemented. This failure is, in part, a result of the non-transparency of the process. [v]
  • It fails to consistently require dual criminality as a condition for mutual assistance between countries. No nation should ask another to interfere with the privacy of its citizens or to impose onerous requirements on its service providers to investigate acts, which are not a crime in the requested nation. Governments should not investigate a citizen who is acting lawfully, regardless of whatever mutual assistance conventions are in place. Article 34 (Mutual assistance regarding the interception of content data) allows interception to the extent permitted by other treaties and domestic law. An acceptable condition would have been that requests for interception could only take place if it is permitted under the relevant criminal law as an offence that merits interception in both countries. Requests should also have a specified level of authorisation, i.e. where warrants are only acted upon if they are received from a judicial authority in the requested country. [vi]


No comments: