Octopus conference 2015: Co-operation against cybercrime
The growing threat of cybercrime
Distinguished guests, dear friends,
Welcome to the 2015 Octopus conference on co-operation against cybercrime.
It is great to see – once again – participants from around the world. And I am grateful to Japan and the USA for co-funding this meeting.
Cybercrime is reaching epic proportions.
Each day millions of attacks take place against the computers our societies rely upon – and it’s getting worse.
And these are not just attacks on our machines they are an assault on our way of life and our fundamental rights and freedoms.
The right to private life: hundreds of millions of personal data sets are stolen each year.
Freedom of expression: just two months ago, right here in France, the TV5 Monde network was brought down for four hours – disrupting broadcasts on 11 channels, reaching 200 million people.
Democracy: because our public institutions are targeted every day. No country is immune. In just the last few days we have heard that the German Parliament’s computers have been infected by hackers so that they can steal information.
And when computer systems are used, as they are by terrorists, to spread racist and xenophobic propaganda, it is an attack on tolerance and equality too.
The need for internationalism
So the threat is clear.
And we have only one option:
To work together, at international level, guided by the rule of law.
Because, if one issue shows more clearly than any other that we are stronger together than we are apart it is cybercrime.
These are, by definition, borderless acts.
Cyberspace does not fit, neatly, into territorial boundaries.
The first duty of any government is to protect its people but, in today’s world, states simply cannot do so alone.
That is why, under our Budapest Convention, the first ever international treaty to co-ordinate efforts on cybercrime, not only are states required to put effective laws in place crucially: everyone is working from the same page.
The Convention allows for unprecedented co-operation.
In many cases it enables authorities to share information in a matter of hours going after the perpetrators and preventing attacks.
Compare that to a situation where effective co-operation doesn’t take place.
A child is kidnapped.
A ransom email is sent.
The origins of that email contain vital clues and evidence.
But the police can’t access it.
The provider hosting the account is based in another country.
They believe they are bound by client confidentiality so they tell the authorities to send a mutual legal assistance request which can take months.
And, in the meantime, what happens to that child?
These are real lives we are talking about.
And so I want to pay tribute to all those who have made the Budapest Convention a success.
This year, Luxembourg, Poland and Turkey have all ratified.
Recently, Paraguay, Peru and Tonga have been invited to accede and I very much welcome the accession by Sri Lanka three weeks ago.
We now have 46 Parties and another 20 countries that have either signed or been invited to accede.
That makes 66 States - one third of all countries worldwide.
A further third have drawn on the Convention as a guideline for their domestic legislation too.
Implementing the Convention
So we are doing well in terms of quantity.
Our task now is ensuring quality, through the implementation of Budapest.
This is where I ask for your help.
The expertise in this room is unmatched and I need you to help us get to grips with the current challenges facing our international efforts.
How can we ensure that governments are able to meet their obligations to protect society and individuals from these crimes?
Can the victims expect justice?
What can we do to encourage more states to take up our Additional Protocol to the Budapest Convention which outlaws the use of computer systems to disseminate xenophobic and racist material and is hugely important in the fight against radicalisation?
How can criminal justice authorities obtain evidence stored in the cloud? Something, as you know, the Cybercrime Convention Committee is also looking at.
And – perhaps the most important question you will consider today – how do we give the police and courts the powers they need to act but in a way which safeguards human rights?
I began by saying that these attacks are an affront to basic liberties.
Well, it would be a tragic irony if – in trying to stop them – we sacrificed those liberties ourselves.
For that reason I have insisted that the Council of Europe steps up our work on so-called ‘capacity-building’.
In other words, supporting the concrete projects which will ensure that our values are being upheld.
To that end, our Cybercrime Programme Office is now up and running in Romania.
It has been operational for a year and every week, across the world it is delivering training and working with states to improve their policies and laws often in co-operation with the European Union.
There have already been many successes including helping governments strengthen police powers to investigate cybercrime but with rule-of-law conditions in place such as the need to get permission from a judge before searching personal computers.
There have also been less positive instances where we have not been involved in the way we would like and parliaments have, for example, adopted laws which disproportionately inhibit free speech.
But, if anything, these cases strengthen my resolve – and, I hope, yours too.
The Council of Europe will continue to assert ourselves.
We will continue to argue for strength-in-numbers bringing together states from around the world to combat cybercrime and protect their people.
In these efforts your insights will be crucial.
So I wish you all the best for your conference, and I thank you very much.
22 December 2017
Letter to the President of Romania, Klaus Iohannis