Cybercrime Treaty Gains More Interest, Momentum

The number of countries that will have ratified the only international treaty addressing cybercrime is expected to nearly double this year, a sign that momentum is building behind efforts to police the Internet.

The Council of Europe’s Convention on Cybercrime, which sets guidelines for laws and procedures for dealing with Internet crime, was adopted in 2001. Countries can sign the treaty, which indicates their willingness to comply, and then can ratify it after their laws have been modified.

So far, 22 countries have ratified the treaty, a lower number than expected since the treaty was introduced seven years ago, said Alexander Seger, head of the economic crime division for the Council of Europe, on Tuesday.

However, the Council hopes around 40 countries will ratify it by February 2009. “We were a bit disappointed about the number of accessions and full ratifications in 2007, but we are very encouraged now,” Seger said.

The slow pace comes from the legal and legislative complexities that come with modifying laws in order to comply with the treaty, Seger said. The Council often works with countries to ensure their compliance.

Countries outside the 47-member Council, which represents European countries, may apply for accession, the first step in implementing the treaty. The U.S., for example, has ratified the treaty, and more countries outside Europe are indicating their interest in joining, Seger said.

The Philippines, Dominican Republic, Mexico, Costa Rica, South Africa and Brazil are in various stages of conforming with the treaty.

So far, 43 countries have signed the Convention. Twenty-one nations have yet to ratify it, and 22 have put the treaty into force, according to a scorecard on the Council’s Web site.

The Convention is aimed at providing for swifter prosecutions of cybercrime as well as better cooperation between law enforcement agencies, as investigations often cross borders. For example, it requires countries to have a law enforcement contact available at all hours to assist in a digital investigation.

The treaty has already contributed to some successes. In Romania, which is seen as a hotbed of cybercrime in Eastern Europe, the convention has prompted an increasing number of cybercrime investigations and prosecution resulting in a few convictions, Seger said.

But the legal systems in many countries are still catching up. Judges in many countries have little or no experience handling cybercrime cases since the technology came along far after they were trained, Seger said.

However, many of the same obstacles were present when money laundering cases started to proliferate, Seger said, and legal systems will inevitably catch up.

The Council of Europe is hosting two successive conference this week in Strasbourg, France. The first, which runs through Wednesday, is aimed at creating a set of best practices for law enforcement and ISPs (Internet service providers) when cooperating on Internet crime cases. Those guidelines pay particular attention to preserving the privacy rights of Internet users and nonconfrontational ways ISPs and police can work together.

On Thursday and Friday, the Council will host its third conference covering the progress of the Convention on Cybercrime.