The Convention on Cybercrime has in many ways shaped the international criminal justice response to cybercrime and e-evidence since 2001. It had an impact on all regions of the world. The following snapshots simply serve as examples illustrating achievements of the Budapest Convention, and consistent multi-year support available to permit States to apply this treaty in practice and to engage in effective international cooperation.
Considerable impact on cybercrime legislation across the Globe
Since 2001, cybercrime legislation across the Globe has been considerably shaped by the Budapest Convention, directly or indirectly. By June 2021:
- some 124 States (or 64% of UN Member States) seem to have had substantive criminal law provisions covering offences against and by means of computers “largely in place”, that is, they had adopted specific domestic provisions corresponding to most of the substantive criminal law articles of the Budapest Convention;
- some 48% of States had specific procedural powers largely in place similar to those of the Budapest Convention;
- 40% of UN Member States were either Parties or Signatories to the Budapest Convention or had been invited to accede. These 77 States were thus members or observers in the Cybercrime Convention Committee (T-CY). There is consistent progress in terms of membership.
Enhanced international cooperation
The Budapest Convention provides for international cooperation mechanisms accessible to all Parties.
The achievements of the Budapest Convention with regards to international cooperation stem not only from the text of the Convention, but also the large network of practitioners participating in the Cybercrime Convention Committee (T-CY) and in capacity building activities who can call and rely on each other when needed in the investigation and prosecution of cases that more often than ever are transnational in nature. The benefit of these relationships is immeasurable.
- One Party has noted that, as a small, poor country, it could not possibly find the resources to negotiate all the bilateral agreements it would need to obtain electronic data rapidly from every country from which it might need assistance. However, once it acceded to the Convention, dozens of partner countries were instantly bound to provide assistance. This prospect of immediate connections to possible assistance was a crucial factor in this country’s decision to seek accession.
- Another Party, added that, “since the majority of cybercrime attacks are of transnational nature, the Budapest Convention is indispensable in order to investigate perpetrators effectively, especially for countries such as small countries, which do not have international service providers based within their own jurisdiction.”
Improvements to cooperation with the private sector
Over the last 20 years, cooperation with the private sector thanks to membership in the Convention has significantly improved.
Cooperation with US-based providers is especially significant for investigations by countries other than the US as these providers are in possession or control of data needed in a specific criminal investigation. When such providers decide whether to respond to requests to disclose certain types of that data to non-US officials without formal mutual assistance, they consider whether a requesting country is a Party to the Budapest Convention.
Parties to the Convention send hundreds of thousands of requests for subscriber information to major US providers and these provide information in about 2/3 of all cases.
Extensive use of the 24/7 network of contact points
The network of 24/7 points of contact is conceived to provide assistance in urgent matters, and the expedited preservation of data is one of the measures.
However, immediate assistance may also comprise a range of other measures, including cases of mutual legal assistance.
According to Article 35, Contact Points shall "ensure the provision of immediate assistance for the purpose of investigations or proceedings concerning criminal offences related to computer systems and data, or for the collection of evidence in electronic form of a criminal offence."
- For instance, for the period of January to September 2019, the UK reported 77 incoming preservation requests from eighteen Parties and 169 outgoing preservation requests to twenty-seven Parties.
- Also, France makes extensive use of the Budapest Convention’s 24/7 network not only for computer-related crime but for all matters in which electronic evidence is necessary. France used the network at the time of the Charlie Hebdo attacks to obtain information on foreign forums about possible new terrorist attacks.
- Panama reported that, “covered by articles 16 and 17 of the Budapest Convention, we have succeeded in assisting nations such as Israel, Switzerland and Australia, through their contact points.”
States requesting accession or that Parties to the Convention can become priority countries for capacity building programmes.
Such technical assistance is to facilitate full implementation of the Convention, to improve capacities for domestic investigations and prosecutions and to enhance the ability to cooperate internationally. Donors are consistently providing resources to support countries in this undertaking, in particular through the Cybercrime Programme Office of the Council of Europe (C-PROC). The COVID-19 pandemic did not stop us. During the past 12 months (October 2020 – September 2021), C-PROC supported some 500 activities worldwide (see the news on activities).
The following snapshots may serve as examples illustrating that, for States committed to joining the Budapest Convention, consistent multi-year support is available to permit such States to apply this treaty in practice and to engage in effective international cooperation.