Cybercrime knows no borders. The internet’s pervasive reach allows cybercriminals to operate from anywhere, necessitating a response that transcends geographical boundaries. The fight against cybercrime must be global. To make that possible, an international treaty was implemented: the Budapest Convention.
No fight against cybercrime without international cooperation
Cybercrime differs a lot from traditional crime. Although international crime has been around for a long time, the Internet has opened the path to many new offences. Existing crimes have evolved, encompassing data theft, online identity theft, fraud, and various scams. Moreover, entirely new forms of criminal conduct have emerged, including ransomware attacks, child pornography, denial-of-service attacks, etc. Unlike traditional crime, the interconnected nature of the World Wide Web means that criminals and victims may reside in different states. Collaboration between perpetrators can occur seamlessly across distances, adding complexity to the identification and apprehension process.
In order to effectively combat the evolving landscape of cybercrime, international institutions like Interpol and Europol have created specialised task forces. However, for operational efforts to be truly impactful, it is crucial that all cyber offences are firmly established and recognized within the framework of law. This principle, known as “nulla poena sine lege” or “No punishment without law,” highlights the necessity for legal harmonisation on a global scale. Addressing this need for legal alignment, the Budapest Convention assumes a pivotal role.
The story of the Budapest Convention
The Budapest Convention (or Convention on Cybercrime or Budapest Convention on Cybercrime) stands as the world’s first legally binding treaty aimed at combating cybercrime. This text was drawn up by the Council of Europe which gathered experts on law and cybercrime. It was officially opened for signature in Budapest, Hungary in 2001. The convention has encouraged governments to incorporate into their criminal law a list of new offences committed against or with computers. It equips judicial authorities with the necessary tools to investigate cybercrimes and gather electronic evidence while ensuring vital safeguards are in place to prevent any abuse of power.
As technology and practices have rapidly evolved since its inception in 2001, the convention has undergone necessary adaptations to align with the new realities. In response, the Committee of Ministers of the Council of Europe has adopted new protocols to augment the convention’s effectiveness.
In 2003, the first additional protocol, known as the “Additional Protocol to the Convention on Cybercrime, concerning the criminalization of acts of a racist and xenophobic nature committed through computer systems,” was opened to signature. This protocol broadens the scope of the treaty by encompassing provisions on substantive law, criminal procedure, and international cooperation to address offences related to xenophobic and racist propaganda.
In 2022, the second additional protocol, titled the “Second Additional Protocol to the Convention on Cybercrime on enhanced cooperation and disclosure of electronic evidence,” was opened to signature. This protocol establishes a legal framework for the disclosure of domain name registration information and facilitates direct cooperation between law enforcement and service providers regarding subscriber information. However, it is important to note that this protocol has not yet entered into force. At least five ratifications are required for its implementation, and as of now, only Serbia has ratified the new protocol on February 9, 2023.
Benefits of this unique treaty
The Budapest Convention has established a robust 24/7 system of international cooperation, enabling the relentless pursuit of cybercriminals across borders. Its methods and principles have been disseminated worldwide, significantly strengthening criminal justice systems by adapting them to the challenges of cybercrime and electronic evidence. The convention complements national legislation and facilitates the enhancement of investigative and prosecutorial capabilities.
Finally, the Budapest convention is more than a legal text. It has generated numerous initiatives and projects to strengthen the fight against cybercrime’s capacities. For this reason, the Council of Europe decided to create the “Cybercrime Programme Office” (C-PROC) in Bucharest, Romania. C-PROC has supported almost a thousand activities since 2014. It’s currently managing projects with a volume of almost 40 million euros. These projects include joint programs with the European Union and initiatives financed through voluntary contributions.
Currently, it’s the only legally binding international text on cybercrime. It has been ratified by 68 states, both Europeans and non-Europeans. The ratification of the United States marked a significant milestone in the global fight against cybercrime. The convention aims to safeguard human rights, protect democracy, and promote justice and equity in the realm of cyberspace.
In a recent development, on April 19, 2023, Kazakhstan was extended an invitation to join the Budapest Convention. The invitation stands for a period of five years, and if accepted, Kazakhstan would become the 71st country to sign the convention, further expanding its reach and impact.
M2 Cyberjustice – Promotion 2022/2023
– Convention on Cybercrime (ETS No. 185)
– Additional Protocol to the Convention on Cybercrime, concerning the criminalisation of acts of a racist and xenophobic nature committed through computer systems (ETS No. 189)
– Second Additional Protocol to the Convention on Cybercrime on enhanced co-operation and disclosure of electronic evidence (CETS No. 224)