The Budapest Convention, a New Legal Standard
The Council of Europe’s Convention on Cybercrime, also known as the Budapest Convention, is the first international treaty that is specifically geared towards both preventing and fighting the threats of cybercrime and cyberterrorism on an international scale. The treaty was signed on November 23, 2001, and the Purpose of the Budapest convention is to “better combat cybercrime by harmonizing national laws, improving investigative abilities, and boosting international cooperation”. The U.S. ratified the convention in 2006, and 65 nations around the world have signed the treaty as of 2021. While there have been many supporters and detractors of the convention, the treaty nevertheless serves as a deterrent to individuals or organizations who wish to engage in cybercrime, as the convention mandates that the countries who sign the treaty take certain measures to aid in the fight against said cyber threats.
What are the requirements of countries that have signed the Budapest Convention?
The 65 countries that have signed the Budapest Convention as of 2021 agree to fulfill the following requirements at all times:
- Define criminal offenses and sanctions under their domestic laws for four categories of computer-related crimes– Under the Budapest Convention, countries who sign the treaty agree to define criminal offenses in the context of four specific categories of cybercrime. These four categories include copyright infringement, fraud and forgery, child pornography, and security breaches, including system interference, hacking, and illegal data interception. Moreover, the terms of the treaty mandate that countries “enact laws establishing jurisdiction over such offenses committed on their territories, registered ships or aircraft, or by their nationals abroad”.
- Establish domestic procedures for detecting, investigating, and prosecuting computer crimes, and collecting electronic evidence of any criminal offense– These procedures include expediting the preservation of electronic communications and computer-stored data, seizures and system searches, and the interception of data or information in real-time. Furthermore, countries who sign the treaty are also responsible for guaranteeing “the conditions and safeguards necessary to protect human rights and the principle of proportionality”.
- Establish a rapid and effective system for international cooperation– Under the Budapest Convention, cybercrimes are considered to be an extraditable offense. To this end, the treaty permits law enforcement agencies from respective countries to collaborate with one another through the means of collecting computer-based information and evidence. Additionally, the treaty also calls for “establishing a 24-hour, seven-days-a-week contact network to provide immediate assistance with cross-border investigations”.
What are the benefits and risks associated with the Budapest Convention?
Proponents of the Budapest Convention argue that the provision of the treaty that enables law enforcement agencies from different jurisdictions and countries to work with each other to tackle cybercrime around the world represents a significant step forward as it relates to reducing cyberattacks around the world. As many of the countries that have not signed the treaty do not consider cybercrimes to be an extraditable offense, proponents of the treaty argue that this effectively allows cybercriminals to act with impunity, as they can conceivably commit a cybercrime in one particular country, and then flee to another with little fear of resistance or punishment. As it relates to the U.S., many members of the information technology or IT community support this stance, as the nature of cybercrime is different from virtually any other of criminality as there is often no physical evidence that is associated with such crimes.
Alternatively, skeptics of the treaty have argued that the nations around the world who have ratified the treaty as of 2021 are not the “problem countries” as it pertains to the international threat of cybercrime. To this end, many of the countries that have signed the treaty are developed first nation countries such as the U.S. and U.K. that already have significant legislation in place that is designed to protect citizens from the threat of cyberattacks. What’s more, many civil liberties groups from around the world have also argued that the provisions of the Budapest Convention undermine the individual privacy rights of the citizens living in the countries who have ratified the treaty, as the requirements of the treaty can be viewed in the context of the expansion of government surveillance power that extends too far. Such civil liberties groups often cite legislation such as the U.S. Patriot Act as an example of a law that was designed to protect citizens but has instead led to privacy concerns.
As the internet has connected the various nations around the globe in a manner that has never been seen before, treaties such as the Budapest Convention are all but inevitable. Through the creation of such treaties, major nations around the world can use more traditional forms of law enforcement to fight the threat of cybercrime, as catching cybercriminals can be extremely difficult due to a multitude of factors. However, as many countries around the world have also passed data protection and privacy laws such as the EU’s GDPR law and the California Privacy Rights Act of CPPA, future treaties that are similar in nature to the Budapest Convention will need to be drafted in accordance with the provisions that have been set forth by these laws, as expanding government power can always lead to the potential for the invasion of privacy.