Reports suggest that 1.5 million people become victims of cybercrime every day (e.g. Symantec), that 1000+ denial of service attacks are recorded worldwide every 24 hours (e.g. ARBOR SERT Atlas Threat Index), that some 50,000 unique phishing attacks are noted every month (e.g. RSA Online Fraud Reports) or that thousands of children are victims of online sexual exploitation and abuse (e.g. Operation Sunflower). Listings of cyber-attacks in 2012 are truly frightening (e.g. Hackmageddon.com). It is, therefore, no wonder that the vast majority of people believe that the risk of becoming victim of cybercrime keeps increasing (e.g. Eurobarometer of July 2012).
This begs the question whether we did make any progress at all in the course of 2012?!
A year ago, I argued that there was no single solution but that we need – through a multi-stakeholder approach – “to weave a web of responses” to the threat of cybercrime. The Council of Europe contribution to this web consists in particular of the Budapest Convention on Cybercrime and the many measures built around it: “In such a web, the Budapest Convention is a node linked to crime prevention and criminal justice in general, to law enforcement capabilities and to many other rule of law as well as human rights issues. And, importantly, it is connected to the many measures taken by the private sector, by governments and by other international organizations.”
I believe that in 2012, our web of responses has become stronger, larger and more close-knit:
As a result, we see more cooperation between Parties to the Budapest Convention and more investigations and prosecution in countries that have brought their laws in line with this treaty.
We did a cursory review of the criminal law reforms undertaken by governments around the world in recent years. Our preliminary analysis suggests that at least 140 out of 193 members of the United Nations have undertaken or are undertaking reforms of their legislation related to cybercrime and/or electronic evidence. And at least 125 (some 90%) of them have used the Budapest Convention as a guideline or at least as a source of inspiration. The progress made towards greater global harmonization of criminal law frameworks is good news.
On the other hand, it is also clear that many of them would need further assistance to fully implement the principles of this treaty and to set up the necessary criminal justice capacities for enforcement and international cooperation. A major technical assistance effort is required.
The most sensible way ahead in 2013 would thus seem to be to:
- Use the Budapest Convention as a guideline to allow as many States as possible to implement the principles of this treaty (whether or not they actually wish to become Parties).
Encourage additional States to seek accession to this treaty so that they can make use of it as a framework for efficient international cooperation.
- Provide technical assistance to enhance the criminal justice capacities of States to investigate, prosecute and adjudicate cybercrime and other offences involving electronic evidence and to engage in international as well as public/private cooperation.
The Council of Europe will pursue this approach in 2013. We plan, among other things, to launch a new joint project with the European Union to support implementation of the Budapest Convention worldwide.
We are nevertheless conscious that a number of States – for political reasons – may continue to oppose the Budapest Convention and call for a new international treaty on cybercrime. There has been no consensus on a new international treaty in recent years and it is unlikely that a consensus will come about in 2013. Continued controversies in this respect – as pointed out previously – not only run the risk of disrupting reforms currently underway in many countries and of undermining technical assistance but also of sharpening international divisions.
At the end of February, the United Nations Intergovernmental Expert Group on Cybercrime will meet in Vienna. Hopefully, the Expert Group will not go down that path but will use this unique opportunity to add impetus to global capacity building efforts. This would give practitioners what they need and have an effective and immediate impact on criminal justice action and international cooperation against cybercrime.