As the investigation of cybercrime by law enforcement is often not effective without the cooperation of Internet service providers, it is essential that both cooperate with each other in an efficient manner.

The roles of both are different: law enforcement must uphold the law, while service providers are to provide users with the ability to communicate.

The question that many countries are faced with is how both can best cooperate with each other to make the Internet safer while at the same time respect their different roles and the fundamental rights of users.

A crucial part of the solution - and in many ways a precondition for cooperation - is clear legislation that defines responsibilities, authorities and limitations. Full implementation of the Convention on Cybercrime, in particular its procedural law provisions, is essential in this respect.

Discussions in many countries all over the world have shown the need for practical guidelines  that can help law enforcement and service providers organise and structure their cooperation.

In 2007, therefore, the Council of Europe - under the Project on Cybercrime - set up a working group with representatives from law enforcement, industry and service provider associations that prepared draft guidelines which were adopted by the global Octopus Interface conference in Strasbourg in April 2008.


They:

  • include common guidelines for both law enforcement and service providers and specific guidelines for each of them
  • are not to substitute legislation or other formal regulations, but rather to supplement and help regulations work in practice
  • are based on good practices already available  
  • are to be adapted to the specific circumstances in each country.


In practical terms, representatives of law enforcement and service providers in a given country may establish a working group with the aim of reaching an understanding or even a formal agreement on how to cooperate with each other. The guidelines could serve as a blue-print or simply as a basis for discussion.

Guidelines:

Since the adoption of the guidelines in April 2008:

  • the European Union's Justice and Home Affairs Council in November 2008 recommended that the European Commission work on the basis of the guidelines adopted by the Council of Europe conference and took note of eight specific recommendations
  • the Government of Romania decided in January 2009 that judicial, law enforcement and regulatory bodies should make use of these guidelines. They were posted on the websites of the Ministry of Justice, the Office the Prosecutor General, the Ministry of Interior and other bodies
  • the Ministry of Interior of France and the French Internet service provider association AFA drafted an agreement based on the guidelines
  • in Ukraine a working group was established in July 2009 to reach an agreement between law enforcement and service providers
  • in India the guidelines were presented to law enforcement and industry (March 2009) in view of the amendments to the Information Technology Act adopted by Parliament in December 2008 (see presentation).


Moreover, the European Court of Human Rights referred in the case of  K.U v. Finland to the Guidelines as relevant international materials applying in this case related to the protection of the right to respect for private and family life (article 8 of the European Convention for Human Rights).

In addition to these guidelines law enforcement - service provider cooperation in the investigation of cybercrime, the Council of Europe has elaborated a number of other guidelines and recommendations regarding Internet service providers:

The question of the protection of fundamental rights and the role of the Internet industry in this respect is being addressed by a number of initiatives. For example, the Global Network Initiative has established:

contact us contact us

  Online Form

Alexander Seger
Cybercrime Division
Agora Building
F-67075 Strasbourg Cedex