Budapest Convention on Cybercrime – 10th anniversary meeting

Strasbourg , 

Speech by the Secretary General

Budapest Convention on Cybercrime – 10th anniversary meeting
Strasbourg, 23 November 2011

Check against delivery / embargo until delivery
Crime is just as much a threat online as it is offline. Cyberspace is not always a very safe place to be. The news is dominated by reports of computer hacking, of data theft, of attacks against public websites, of copyright infringement or of sexual exploitation of children in the context of the Internet.
Last week, my home country Norway witnessed the biggest wave of hacking and espionage attacks in its history. Key defence and energy companies were among the targets according to the National Security Agency.
Online criminality is a threat to human rights. It affects the rights of individuals all over the world. It must be prevented and combated. Because it is transnational in nature, it requires an international response.
Ten years ago, on 23 November 2001, the Council of Europe adopted the Budapest Convention on Cybercrime. Ten years onwards, the treaty still represents the only accepted international text on how to protect against and control online crime while at the same time respecting human rights.
At a recent London Conference on Cyberspace, the importance of the Budapest Convention was underlined by many speakers. UK Foreign Secretary William Hague and US Vice-President Biden emphasised the following regarding the Budapest Convention, and I quote: "the best form of international agreement in this area" which "sets out the steps countries must take to reduce cybercrime while still protecting human rights".
Together, we can take pride in the results. The convention has proven to work. Thanks to it, there has been a broad harmonisation of cybercrime legislation. Not only in Europe but worldwide. In addition, offences such as illegal access to computer data or illegal interception of computer data or computer-related forgery or fraud, have been criminalised.
We also see a rise in the number of investigations. In Germany, for example, more than 27,000 cases of computer-related fraud were recorded in 2010 alone, leading to law enforcement investigations.
Thanks to the Budapest Convention, international co-operation between the Parties has been strengthened. All of them have created points of contact for urgent co-operation available 24 hours a day seven days a week. Some of the Parties exchange information on an almost daily basis.
Ladies and gentlemen,
We must not forget that it took more than ten years to prepare the Budapest Convention. Negotiation of a new international treaty going beyond this Convention would seem a daunting task, and
I believe Foreign Secretary Hague echoed the international sentiment when he said that there is "little appetite for negotiating a new instrument".
Canada, Japan, South Africa and the USA participated in the convention's preparations. Most recently Argentina, Australia and Senegal have been invited to join. So far, 55 countries have ratified or signed or been invited to accede to it. Once all these 55 countries are Parties that co-operate with each other, we will cross a historical threshold.
The Council of Europe will continue to do what it can to enhance the cooperation. We have provided technical assistance to at least another 55 countries around the globe to bring the legislation in line with the Budapest Convention or train law enforcement, prosecutors and judges.
Let there be no doubt, the Budapest Convention is a treaty with global impact.
And let me add: while there is little need for a new instrument, we are of course open for more countries to accede to this instrument.
At the same time, we all know that technology and, with it, techniques used by cybercriminals evolve much faster than legal responses.
It is remarkable that the Budapest Convention captures most types of cybercrime, and contains measures needed to investigate, secure electronic evidence and co-operate internationally. In 2003, a Protocol on xenophobia and racism through computer systems was added. This has proved valuable.
So, the Budapest Convention is certainly not a static treaty. It allows for an effective response to new challenges, and there are a few of them which need to be met. A major one is cloud computing. More and more, data is stored in the so-called "cloud" because this is less expensive and more convenient. This poses problems of jurisdiction and law enforcement, and this is why the Cybercrime Convention Committee is reflecting on how best to tackle these challenges.
Of course, no one can claim to have all the answers to all the emerging challenges. The multi-stakeholder approach is therefore very important. And we need to look for complementarity rather than duplication.
Dear friends,
When you return from this meeting someone may have hacked your Facebook account – or worse has been able to steal your online-identity.
In Cyberspace there are big opportunities, but as individuals we are extremely vulnerable. Governments have an obligation to protect individuals through criminal law and other measures. The Budapest Convention is a key guiding tool for governments to meet this obligation.
Obviously, human rights and rule of law principles must be respected. Law enforcement powers must be prescribed by law, must be proportional and justified, and must be subject to judicial or other independent supervision. This is an important purpose of the Budapest Convention.
"Travelling through hyperspace ain't like dusting crops, boy", the fictional character Han Solo said in Star Wars.
Cyberspace is perhaps a less dangerous place than the hyperspace of Star Wars, but we must continuously work to safeguard the big opportunities cyberspace provides to billions of individuals world wide. We may not be up against Darth Vader, but the threat of cybercrime must be taken seriously and combated.
The Budapest Convention is the international community's most forceful and agreed upon response. It serves as a common ground for international co-operation and partnerships and has the interest of you and me in mind: to protect our rights in cyberspace!
Congratulations for the first ten successful years. And may the force be with you.
Thank you.