17th Plenary of the Cybercrime Convention Committee (T-CY)

Strasbourg , 

As delivered

Ladies and gentlemen,

May I welcome each and every one of you to the opening of the 17th Plenary of the Cybercrime Convention Committee here in Strasbourg.

I would like to extend a particularly warm welcome to the representatives of Chile, Greece, Monaco, Senegal and Tonga whose countries have become Parties since we met the last time in November last year.

We also have ad-hoc observers from Belarus, Cabo Verde, Jordan, Malaysia, New Zealand, Nigeria and Tunisia and I hope this meeting will confirm their interest in the Budapest Convention.

A few weeks ago, cybercrime again made headlines when the Wannacry ransomware attack hit several hundred thousand computers in more than 150 countries.

Governments, hospitals and universities were all hit – in some instances paralysed – alongside many businesses and individuals, some of whom paid money in order to remove the malware from their systems and release the data.

The offenders have not yet been identified and may never be brought to justice.

Certainly, much of the damage could have been prevented had these institutions and individuals updated their software and taken the basic preventative measures recommended by industry.

And yes, this incident also highlights the value of national security institutions disclosing software vulnerabilities rather than keeping that knowledge to themselves, for their own purposes.

For our part, we are in the process of setting up the platform for co-operation with major Internet Companies in accordance with the Council of Europe’s Internet Governance Strategy 2016-19, adopted by the Committee of Ministers.

This platform will help us to tackle these crucial issues more effectively.

But prevention is not enough.

Without an effective criminal justice response, computer systems will be hit again and again. Because, when the rewards of cybercrime remain high and the risk of being caught and convicted remains low, there will always be a perverse incentive for further attacks – and the next wannacry’s consequences could be even more severe.

So this is what I would like to underline today: the importance of bringing offenders to justice.

Many of the tools needed to achieve this are already in the Budapest Convention.

The illegal access, and data and system interference involved in that attack are criminalised under the terms of the Convention.

Some of the law enforcement powers needed to secure evidence and to co-operate internationally are also included in the agreement.

However, when many nations are hit in an attack like this, the evidence needed to trace and identify the perpetrators is held in multiple countries and servers in the cloud.

That attack is further proof that additional solutions are required to co-operate more efficiently and to obtain quicker access to evidence in the cloud while protecting the rights of individuals.

In particular, prosecuting authorities need quicker access to so called subscriber information, so they can identify users of Internet Protocol addresses.

Ladies and gentlemen, you may recall that in 2011, at the tenth anniversary of the Budapest Convention, the Secretary-General underlined the need for an effective response to the challenge of “cloud computing”, including in this key area of enforcement.

At the 15th anniversary of the Convention in November last year, he welcomed the fact that the Committee had identified clear proposals to address the matter.

Today, in this Plenary session, you will have the opportunity to go further and decide on the preparation of an additional Protocol to the Budapest Convention.

The effect would be to make mutual legal assistance more efficient, establish a framework for accessing evidence in the cloud in criminal cases, and make new, additional law enforcement powers subject to rule of law and data protection safeguards.

I sincerely hope that the Committee will decide to move ahead and that we can inform the Committee of Ministers of this positive news.

But there is still more that we can do.

Last November the Secretary General also referred to the already existing Protocol to the Convention covering xenophobia and racism on the Internet.

In recent times we have witnessed a surge in hate speech and we see how the misuse of information technology by terrorists contributes to radicalisation and violent extremism.

This too is a crime, as the Protocol to the Budapest Convention on xenophobia and racism makes clear.

In his recent report on the State of Human Rights, Democracy and the Rule of Law, the Secretary General cited this Protocol as a means to prevent discrimination and to contribute to social integration in the face of increased populism.

So I call on the Committee to put more emphasis on –and to follow more closely – the Protocol on Xenophobia and Racism as a regular item on the agenda, so that we can assess implementation, share best practice, and find new ways to further its effectiveness.

Ladies and gentlemen, the Budapest Convention has now been in place for more than 15 years, but it has never been more relevant than it is today.

From cyber-attacks to terrorism, hate speech to child abuse, and organised crime to electoral interference and attacks against critical infrastructure, the Budapest Convention is part of the solution to some of the biggest challenges we face.

Its relevance is reflected in the increasing size of its membership.

That is to the good.

The more countries sign up to the Convention, work together, and implement its terms, the better placed we will be to discourage, prevent and address cybercrime.

But at the same time, pressing needs and wider membership heighten expectations.

It gives you – us – the responsibility to find solutions.

Today, you have the opportunity to move ahead with such solutions.

Going ahead with a Protocol would be a landmark decision.

I am sure with that we can rise to the challenge. Thank you very much.