Speeches and Op-eds
Octopus Conference on Cybercrime. Special session 15th anniversary Budapest Convention on Cybercrime
Check against delivery
Dear friends, welcome to the Octopus Conference, and welcome to this special session on the 15th anniversary of the Budapest Convention on Cybercrime.
It is a pleasure to welcome to Strasbourg so many cybercrime experts from across the globe.
Special thanks to Estonia, Japan and the USA for co-funding this event.
Before anything, let me start with some good news: as of today, I can confirm that we have 50 state Parties to the Budapest Convention. Please can Andorra join me to make it official.
My congratulations. I hope even more states will soon follow your lead.
The world has become very complicated in many respects, including with regard to cybercrime.
More than ever we need to work across borders – and the Budapest Convention offers the best possible framework for doing so.
When I stood here five years ago, for the 10th anniversary of the Convention, I warned that hundreds of millions of personal data sets were being stolen each year.
A few weeks ago it was reported that the user data of at least 500 million accounts had been stolen from Yahoo alone.
Increasingly we hear of hackers attempting to influence democratic processes.
We see terrorists abuse information technology to spread hate, radicalise new recruits and enable violent extremism. And this, of course, is why the Protocol to the Convention on xenophobia and racism remains so important.
And, while last year I described cybercrime as having reached “epic proportions”, today the situation is considerably worse. I am afraid we are running out of adjectives to describe the scale of the problem.
So what shall we do? Governments are obliged to protect the rights of individuals in cyberspace, too. This responsibility cannot be ignored.
Well, the only way of doing so, effectively, is by co-operation at all levels, guided by the rule of law. This we know.
The Budapest Convention on Cybercrime was opened for signature in 2001.
During the last 15 years we have seen huge progress:
68 States are either party to it already, or have formally committed to that end. At least a further 70 countries have drawn on the Convention as a guideline for domestic legislation. I am sure many of them will sooner or later seek accession to the treaty.
Its implementation and the co-operation between states have improved tremendously – and that is very much thanks to the work of the Cybercrime Convention Committee. The Guidance Notes adopted by the Committee have helped keep the Convention relevant and up-to-date, strengthening our ability to fight terrorism, identity theft or attacks against critical information infrastructure.
Capacity building programmes have been put in place. In 2014, we established a specific office in Bucharest, Romania – The Cybercrime Programme Office – which has just one purpose: to help countries worldwide strengthen their legislation and train their authorities to investigate and prosecute cybercrime. And we continue to see concrete results, with more investigations, prosecutions and judgments in many places.
So over the last 15 years we have developed a kind of “dynamic triangle” – the Convention, the Committee and capacity building – and as a result the Budapest Convention continues to be the most important international treaty on cybercrime and electronic evidence today.
As I said, however, we cannot be complacent. Cybercrime is increasing. The technology evolves continuously. And we need to keep up.
We see this with “cloud computing”.
Five years ago, at the tenth anniversary of the Convention, I said that we needed an effective response to the challenge of “cloud computing”. Data, and therefore electronic evidence, is increasingly stored on servers in foreign, unknown or multiple jurisdictions. This can make it extremely difficult for criminal justice authorities to lawfully secure such evidence. And without it, criminals operating in cyberspace cannot be prosecuted.
I applauded the Committee for taking on this extremely complex problem.
In 2014, it established a Cloud Evidence Working Group, which has now come up with a credible, workable set of recommendations. Some can be applied in the short term, and will have an immediate impact. Others include the negotiation of an additional Protocol to the Budapest Convention, which will require a bit more time.
Yesterday, the Committee discussed the various proposals, and I very much welcome the progress that has been made. In principle the recommendations have received broad support.
As a result, we can start moving forward on a number of fronts. Practical measures to improve co-operation between law enforcement and service providers can, for example, be discussed here, this week.
And we can now credibly aim to have started work on the Additional Protocol I mentioned by the middle of next year. So watch this space.
15 years is a rather short period in the lifetime of an international treaty. But in cyberspace, 15 years is more like a millennium.
The 5th anniversary of the Budapest Convention, in 2006, was a turning point in that the Cybercrime Convention Committee was set up, the USA became the first non-European country to ratify this treaty, and the Global Project on Cybercrime was launched to reach out to other continents.
The 10th anniversary, in 2011, was another turning point, in that the “dynamic triangle” was established: common standards, follow-up and capacity building.
I am delighted to say that the 15th anniversary is another turning point, in that the Budapest Convention is now reaching out into the “clouds”.That is an excellent record, of which we should be proud. And it should make us ambitious for the next five years. I want to thank you for being here. And for your work to help protect millions of citizens by keeping cyberspace subject to the rule of law. All the best for your stay.