1. Organised by UNODC, it was held between 25 and 28 February 2013, in Vienna, the second meeting of the Intergovernmental Expert Group on Cybercrime of the United Nations, attended by expert representatives of 85 UN Member States, besides of representatives of many international organizations (including the Council of Europe). This group’s mandate, issued by the 12th United Nations Congress on Crime Prevention and Criminal Justice, held in Salvador, Brazil, in April 2010 (paragraph 42 of the conclusions) states that a comprehensive study on the impact and responding to cybercrime should be drafted. After the first meeting, in January 2011, a draft comprehensive study was prepared by the Secretariat of UNODC (http://www.unodc.org/unodc/en/organized-crime/expert-group-to-condu...). This study gathers information about some relevant international instruments, best practices, technical assistance and international cooperation. It also points out some options to strengthen the response to the phenomenon of cybercrime, both nationally and internationally.
2. Several issues were raised on the circumstances of the preparation and dissemination of the study. This study was written by the Secretariat, based on information gathered via the dissemination of questionnaires by all UN Member States. But in fact, only 69 States responded to this study (around one third of the UN members). And some of them did not provide information to all the questions. Thus, the information collected is not representative of the majority of the countries in the world. On the other hand, the study was made available just one week before the meeting (even if it is a 300 pages “heavy” report). Thus, it was not possible to many States to develop proper internal consultation on this regard. Besides, the study was only published in English - and was not translated to the other official UN languages - which surely inhibited some States to analyze it in deep.
3. The reading of the study and the discussions revealed that a good part of the States (the study mentions 60% of the respondent States) did not establish yet proper internal cybercrime legislation and regulations on gathering digital evidence. Within the European States this number falls to 20%, but in the rest of the world it rises up to 80%, the number of States that did not adopt yet a comprehensive legal framework. Most delegates underlined that these figures clearly claim the need of increasing the support to developing countries to establish their domestic legislation. A similar conclusion was achieved regarding specialized agencies and bodies, within law enforcement agencies and prosecutorial bodies.
A very broad consensus was expressed referring the urgent need of technical cooperation among States and support in capacity building, in view of developing international cooperation and in view of strengthening effectiveness and efficiency investigating computer crimes.
4. One of the most highlighted discussions referred the need – or not -, of a new international instrument on cybercrime. It was quite clear to all the delegations the importance of considering the international dimension of cybercrime and the essential role, in most of the concrete cases, of international cooperation in the investigation of this type of crimes. It was also emphasised by some States the need to revisit the principles of national sovereignty and territoriality. In fact, in the “cloud environment”, the classic international instruments of cooperation are no longer really useful: the classic mechanism of rogatory letters requires too much time and bureaucracy. And this leads the discussion to the need to implement new possibilities and channels to international cooperation.
5. At this point of the discussions, it was pretty clear that since 2011, the landscape evolved: during the first meeting of the expert group, many States were quite expressive, requiring a new treaty – now, during the 2013 meeting, only a few of them openly supported that option. On the opposite side, many delegations insisted that Budapest Convention already provides practical interesting possibilities of international cooperation, including obtaining data from outside their borders.
An interesting issue was raised: most of the States against Budapest Convention are also against any possibility of considering with flexibility the principle of national sovereignty: they don’t accept Budapest because this convention already allows the Parties to obtain data stored in another Party, without prior authorisation of that Party. It is the most debated questions of Article 32, b, of Budapest Convention. But on the other hand, they don’t provide any solution to the need of obtaining evidence from the “cloud” and always refer to the cooperation between sovereign States.
6. Still regarding the need – or not –, of a new international instrument, most States expressed their concerns referring the collateral consequences of initiating a new process of discussion of a new treaty: the negotiation would be certainly very long and time consuming; besides, the final result of this process is absolutely unknown. The fact that a new process begins doesn’t mean that a new treaty is effectively draft. But even if consensus is achieved and it is possible to draft a new treaty on cybercrime, it is clear that the final result will be modest, for example if compared with the standard of Budapest Convention. In fact, as some of the States opposed Budapest because this instrument already includes practical measures to transborder access to data – and they claim that such approach violates the principle of sovereignty – the Convention is thus unacceptable for them. And it will be certainly unacceptable to them any further development of this concept. The question is, in one hand, that obtaining very simply and quickly data from outside the investigating Stare is essential in cybercrime cases; on the other hand, most States mentioned a strong support to the need of enlarge the possibilities already described under Article 32, b, of Budapest Convention and a refusal to reduce them. Besides, those who support the drafting of a new treaty, even if confronted with this question, did not seem to have any solution to it.
It must be said that most of the delegations who expressed themselves, opposed new legal solutions to the problem of cybercrime. And that includes soft law solutions, or model laws that, it seems, nobody supported.
At the end of the day, there was the impression that the only reason to some States to refuse Budapest Convention is the fact that they didn’t take part or intervene in the process of drafting it.
7. The outcome of the working group is pretty clear: there is consensus on the need of implementing comprehensive and holistic action plans against cybercrime, considering technical assistance to many States, and training; but regarding eventual legal solutions, the group only assumed that “the deliberations, as well as the study reflected a compilation of views and different approaches taken by States to preventing and combating the phenomenon of cybercrime”. This diplomatic and open statement means, in the polite UN language, that no consensus was obtained, at all, on this topic. The report from this meeting of the Intergovernmental Expert Group on Cybercrime will be submitted to consideration to the UN Crime Commission (CCPCJ) that will meet from 22 to 26 April, in Vienna. Next leg will be then played by end-April.