Cybercrime/Cybersecurity

Information Technology Security Handbook, sponsored by the infoDev project of the World Bank (Dec. 2003) – a major resource, covering security for individuals and for organizations, government policy and IT security for technical administrators.

Security is an imoprtant component of the policy framework for the Internet. Developing and transitional countries should examine their laws to ensure that they cover cybercrime and provide law enforcement agencies the investigative tools they need, consistent with privacy protection. But the criminal law is only a small part of the cybersecurity framework. Governments and private sector systems need to cooperate in improving the security of those systems by applying sound security practices, improving sharing of information, and raising awareness.

Several international initiatives on cyber-crime raise concerns for Internet freedom. Most notably, the Council of Europe (COE) fails to specify adequate procedures protecting the privacy of communications. Here is a collection of various materials on cybercrime, focusing on the COE treaty.

The Legal Framework for Creating Trust in Cyberspace: Security and Privacy [PowerPoint] – presentation by Jim Dempsey, Skopje, March 2006.

Protecting Privacy and Freedom of Communication in the Fight against Cybercrime [PowerPoint] – Jim Dempsey’s presentation on cybersecurity and privacy at the Sofia Conference, September 8, 2003.

Council of Europe Treaty

In 2001, the Council of Europe completed drafting a Convention on Cybercrime. As of September 15, 2005, the treaty had been ratified by only 11 countries, mostly in Eastern Europe. The number of ratifications has been sufficient for the convention to enter into force, on January 7, 2004. As of September 15, 2005, the convention had not been ratified by most Western European countries, nor had it been ratified by the United States, which played a major role in its drafting and had been invited to ratify it.

As a model, the convention has some positive and some negative elements. The convention is very broad, reaching far beyond computer crime as such. And having taken on the issue of government access to computer data (for all crimes), the treaty fails to address half of the issue (the privacy and human rights half). Accordingly, developing countries must be very cautious in approaching the COE convention as a model.

The COE convention is really three conventions in one, covering three different sets of issues, and developing nations looking to it as a model need not take on all three sets of issues at the same time.

COE Cybercrime Convention

Trust And Security In Cyberspace: The Legal And Policy Framework for Addressing Cybercrime [pdf] September 2005

Memo focusing on cybercrime and the legal standards for government surveillance, including GIPI’s commentary and recommendations regarding the COE convention.

Other Resources