Home Page | About Us | Press Enquiries| Reports | Policy Issues | News Items | Press Releases | Mailing Lists | Bookstore

November 2002

The Council of Europe fights against racism and xenophobia on the Internet

Strasbourg, 07.11.2002 - The Council of Europe's Committee of Ministers today adopted the Additional Protocol to the Convention on Cybercrime. The Protocol requires States to criminalise the dissemination of racist and xenophobic material through computer systems, as well as racist and xenophobic-motivated threat and insult including the denial, gross minimisation, approval or justification of genocide or crimes against humanity, particularly those that occurred during the period 1940-45. It also defines the notion of this category of material and establishes the extent to which its dissemination violates the rights of others and criminalises certain conduct accordingly.

The scope of this Protocol is twofold :
- to harmonise substantive criminal law in the fight against racism and xenophobia on the Internet,
- to improve international co-operation in this area, while respecting the right to freedom of expression enshrined, more than 50 years ago, in the European Convention on Human Rights.

All the offences recognised by the Protocol must be committed "intentionally" for criminal liability to apply. For example, under this provision a service-provider will not be held criminally liable for having served as a conduit for, or having hosted, a website or newsroom containing such material, unless the intentional nature of the dissemination of racist and xenophobic material can be established under domestic law in each given case.

Global threats and challenges needing global responses, the negotiation process of this Protocol, as for the Convention on Cybercime, also involved Council of Europe non-member States: the USA, Canada, Japan, Mexico and South Africa - the Protocol is also open to signature by them.

The Committee of Ministers decided to open the Additional Protocol for signature on the occasion of the next Parliamentary Assembly session (27-31 January 2003).

- Text of the additional Protocol to the Convention on cybercrime
- Explanatory report


February 2002 - Second Additional Protocol to the CyberCrime Convention?

From http://cm.coe.int/stat/E/Decisions/2001/776/d01_6.htm

776th meeting – 6 December 2001

Item 1.6

Committee of Ministers – Follow-up to the 109th Session
(including date of the 110th Session in Vilnius in May 2002)
(Strasbourg, 7-8 November 2001)
(CM(2001)PV2 prov., SG/Inf(2001)35, CM/Del/Dec(2001)772/1.5b,773/1.6, 774/1.5 and 1.4,
CM/Inf(2001)34 and 39)

Decisions

The Deputies

1. invited the Bureau of the Steering Committee on Crime Problems (CDPC) to extend the terms of reference of the Committee of experts on the Criminalisation of Acts of a racist or xenophobic nature through computer networks (PC-RX) with a view to drafting a Second Protocol to the Convention on Cybercriminality to cover also terrorist messages and the decoding thereof, after having received the opinion of the Multidisciplinary Group on international action against terrorism (GMT) on the proposed second protocol, an opinion which should be given before 30 April 2002, following the drafting of the First Protocol on the Criminalisation of Acts of a Racist or Xenophobic nature;

2. took note of the intention of the Chair to contact the Committee of Senior Officials of the Council of the Baltic Sea States (CBSS), with a view to organising a meeting in Strasbourg at a mutually agreed date;

3. authorised the Secretary General to make practical arrangements for the meeting;

4. decided to examine the possibility of similar contacts with other regional organisations at one of the forthcoming meetings of their Rapporteur Group GR-EDS;

5. agreed with the Chair’s proposal that the 110th Session of the Committee of Ministers (Vilnius) be held on 2 and 3 May 2002.


February 2002 - CoE published the draft version of the first additional protocol

The Council of Europe published the Preliminary draft of the First Additional Protocol to the Convention on Cybercrime on the criminalisation of acts of a racist or xenophobic nature committed through computer systems and its Explanatory Report on 19 February, 2002. 

Note also the Specific Terms of Reference of the Committee of Experts on the Criminalisation of Acts of Racist or Xenophobic Nature committed through Computer Networks (PC-RX) which is developing the above mentioned additional protocol.

According to the Council of Europe "many States have already criminalised certain acts related to racist or xenophobic content. However, the dissemination of such material through computer networks poses even greater challenges for law enforcement. It was thus necessary to adopt a co-ordinated approach which enables an effective domestic and international response, based on common elements to be included in an additional Protocol to the Convention. This Protocol entails an extension of the Cybercrime Convention’s scope, including its substantive, procedural and international cooperation provisions, so as to cover also offences of racist or xenophobic propaganda. Thus, apart from harmonising the substantive law elements of such behaviour, the Protocol aims at improving the ability of the Parties to make use of the means and avenues of international cooperation set out in the Convention in this area."


30 states sign the Convention on Cybercrime at the opening ceremony

Budapest, 23.11.2001 - The Convention on Cybercrime was opened for signature today in Budapest. It is the first ever international treaty on criminal offences committed against or with the help of computer networks such as the Internet. Ministers or their representatives from the 26 following Member States signed the treaty: Albania, Armenia, Austria, Belgium, Bulgaria, Croatia, Cyprus, Estonia, Finland, France, Germany, Greece, Hungary, Italy, Moldova, the Netherlands, Norway, Poland, Portugal, Romania, Spain, Sweden, Switzerland, "the Former Yugoslav Republic of Macedonia", Ukraine and the United Kingdom. Canada, Japan, South Africa and the United States, who took part in the drafting, also signed the treaty today. Other non-member States may also be invited by the Committee of Ministers to sign this treaty at a later date.

Adopted by the Council of Europe's Committee of Ministers on 8 November last, this binding treaty will come into force as soon as five states, at least three of which must be Council of Europe members, have ratified it. The signing ceremony took place in the Hungarian Parliament in the presence of István Stumpf, Head of the Hungarian Prime Minister's Office, Ibolya David, Minister of Justice of Hungary, Paulius Koverovas, Vice Justice Minister of Lithuania (Chair of the Council of Europe's Committee of Ministers), Lord Russell-Johnston, President of the Parliamentary Assembly and Hans Christian Krüger, Deputy Secretary General of the Council of Europe.

The Convention deals in particular with offences related to infringements of copyright, computer-related fraud, child pornography and offences connected with network security. It also covers a series of procedural powers such as searches of and interception of material on computer networks. Its main aim, as set out in the Preamble, is to pursue "a common criminal policy aimed at the protection of society against cybercrime, inter alia by adopting appropriate legislation and fostering international co-operation." It will have an Additional Protocol making it a criminal offence to disseminate racist or xenophobic propaganda via computer networks. The drafting of this Additional Protocol will begin in December 2001.

The Convention on Cybercrime, a unique instrument for international co-operation

 Budapest, 23.11.2001 - "Cybercrime and cyber-terrorism represent a serious challenge to society as a whole and this Convention provides the first co-ordinated and international response to this challenge", in the words of Mr Hans Christian Krüger, Deputy Secretary General of the Council of Europe, speaking on the occasion of the ceremony at which the Convention on Cybercrime drawn up by the Council was opened for signature.

The Convention was signed on 23 November, at the Hungarian Parliament in Budapest, by 26 Council of Europe member States and the four non-member States which had helped with the drafting (Canada, Japan, South Africa and the United States). This binding treaty will be able to be opened at a later date to other non-member States, at the invitation of the Committee of Ministers. It will come into force once it has been ratified by five States, at least three of which must be Council of Europe members.

He stated that the Convention would give national legal systems ways of reacting together to crimes committed against or through computer networks, especially those related to terrorism.

The Deputy Secretary General said that the Convention would evolve, as it should soon have protocols added to it which would enable it to be adapted to new challenges arising in the international context. He was pleased that the Committee of Ministers might decide in the near future to strengthen the Convention through provisions on terrorist messages sent via the Internet and their decoding.

At this early stage, a new specific committee of experts has been set up to prepare, within a year, a draft protocol to be added to the Convention which will make racist and xenophobic propaganda via computer networks an offence.

The treaty has a threefold aim: to lay down common definitions of certain criminal offences relating to the use of the new technologies, to define methods for criminal investigations and prosecution, and to define methods for international communication. The criminal offences concerned are:

Another objective is to facilitate the conduct of criminal investigations in cyberspace, thanks to a number of procedural powers, such as the powers to preserve data, to search and seize, to collect traffic data and to intercept communications.

The previous day, at the opening of the Conference on Cybercrime, in Budapest, Guy De Vel, Director General of Legal Affairs at the Council of Europe, had pointed out that "the text covers only specific criminal investigations, and certainly does not lend itself to the setting up of an Orwellian-style general electronic surveillance system".

He concluded by saying that the Convention had been drawn up with care so as to strike "a precious balance between the requirements of criminal investigations and respect for individual rights".

See generally http://www.coe.int/T/E/Communication_and_Research/Press/Themes_Files/Cybercrime/ 

The cybercrime convention : a pioneering effort of wide legal scope

Address by Guy DE VEL,
Council of Europe Director General of Legal Affairs

Budapest, 22-23 November 2001,
on the occasion of the Conference on Cybercrime
First Session - Opening Address

I. Introduction

I should first like to express my recognition and congratulations to the Government of Hungary for hosting this Conference on Cybercrime, jointly organised with the Council of Europe, in Budapest. I am all the more grateful to the Hungarian authorities for the fact that this conference comes one day before the ceremony at which the Convention on Cybercrime is to be opened for signature, having been adopted on 8 November 2001 by the Committee of Ministers of the Council of Europe, at its 109th session at ministerial level. Tomorrow, a large number of ministers and other high authorities of Council of Europe member states and other countries will sign this treaty, an outstanding and pioneering document as it is the first one in this matter, at a ceremony to be held at the Hungarian Parliament.

This clearly illustrates the importance and urgency of the subject, cybercrime, which we are here to discuss at this conference, which is so well timed. That said, this conference must also bring hope, since, for the first time, we shall not confine ourselves to discussing the scope or seriousness of the problem. We shall instead study the Convention on Cybercrime, which, in our belief at least, brings an initial legal response to this problem, which is increasingly affecting the security of the citizens of our states.

Much is at stake: can the criminal law designed to deal with the physical world be applied to offences committee in the virtual one? Can legal rules safeguard the individual rights and fundamental values and principles to which our societies are attached, when human beings are active - expressing their views, engaging in exchanges, selling and seeking amusement - in cyberspace? Can the Internet remain an area where no law applies, a space where freedom is absolute, as seems to be the wish of several thousand Internet users who are calling for an anarchy which they would be quite unable to put up with in the physical world to be allowed on the Internet?

By hosting this event and the signature of the convention tomorrow morning, the Hungarian Government is making clear its desire to make effective responses to the challenges of 21st century crime, which is sophisticated, technological and organised. And to do so with all its partner countries in the Council of Europe, members and observers, and with those who share our values: protection of rights and fundamental freedoms, the rule of law and economic and social progress. I should therefore like to thank the Hungarian authorities for their generous hospitality, but also to congratulate them for their clear vision of a shared future within the rediscovered European family.

So the Convention on Cybercrime will be opened for signature tomorrow, on 23 November, in the magnificent building which is home to the Hungarian Parliament. The ceremony will be the culmination of almost five years of work, and of difficult and tough negotiations at the Council of Europe to clear a path which was full of obstacles and which was virgin territory from the legal point of view.

Its adoption was not a peaceful one, nevertheless. Not only were there difficulties inherent in negotiation between states on a technically complex draft, but, following its declassification in April 2000, there was some virulent criticism from certain associations, groups and sectors of the industry, which accused the draft of the worst possible evils and intentions, describing it as a suppressor of freedom, an interventionist text and an accomplice of a new era of widespread surveillance ŕ la "Big Brother". When I read the text of the convention, I still find it difficult to understand why these accusations were made. It is possible that the true motivations of the draft were, unfortunately, not always properly understood.

It is clear to me that the virtual impunity from which criminal conduct in cyberspace has seemed to benefit hitherto could no longer continue, at risk of jeopardising both the future and the potential of computerised networks, and particularly of the Internet. At the risk of leaving unprotected the individual rights of all Internet users in the face of attacks committed against or through the networks by certain pirates of cyber-terrorists. Thus the convention has to be regarded and understood as a first step in a resolute commitment to combat cybercrime, and this for several reasons:

1. firstly, because the world has become a global information society which no longer has any borders for either legitimate activities or offenders;
2. next, because all information has become accessible - lawfully or illicitly - to all users, without impediment, from a distance, from anywhere in the world;
3. lastly, because the networks carry within them the promise of a new age of "on-line trade", the value of which will soon go beyond hundreds of billions of euros.
But this virtual world full of promise is under threat from a new kind of crime.

Computer networks now make it possible to distribute at phenomenal speed and to an unlimited number of users unlawful content, such as child pornography, computer viruses, or even the encoded orders of terrorist organisations. Through these networks, confidential information is spied upon and stolen, information which is often of great economic value, or governments' and private companies' computer systems are attacked from afar by people who are completely anonymous, causing a very significant degree of damage.

Not all of this is done by young computer whizz kids trying out their knowledge; it is frequently deliberately done by pirates, cyber-terrorists or cyber-spies who are professionals, acting for other individuals, companies or even governments, in return for payment. Consequently, the advantages offered by a worldwide information network can rapidly disappear if impunity is the only response to these criminal abuses.

In theory, the response to these criminal problems can come only from concerted action by the international community, each individual state being unable to deal on its own with the offences committed transnationally, through computer networks. That said, such a concerted response has several prerequisites of a substantive nature (what offences are to be prosecuted?), of a procedural nature (what resources do the authorities responsible for ensuring that the criminal law is applied have available to them?) and relating to international co-operation (the setting up of a legal basis for co-operation).

Thus the convention pursues three aims:
· to lay down common definitions of certain criminal offences, enabling national law to be harmonised;
· to define investigation and criminal prosecution methods appropriate to the computerised environment and enabling national criminal procedures to be brought more closely into line with each other;
· to define ways and means of co-operating internationally against cybercrime, whether these be traditional or new.

II. Offences

Thus the convention is primarily intended to define in a harmonised way the criminal offences committed against or through computerised networks. This should eliminate the problems associated with the requirement for an act to be an offence in both the countries concerned. Such offences may be divided into four categories:

1. offences committed against the confidentiality, integrity and availability of computer data or systems;
2. computer-related offences;
3. content-related offences;
4. offences connected with violations of intellectual property rights and related rights.

The specific offence of attacking computer systems or data is based on a clear choice of crime policy, that of ensuring that both networks and the communications and data that they contain are protected. The damage caused by such attacks certainly should not be underestimated: penetration of a computer system to place a virus within it may easily lead to the destruction of data or of whole systems of colossal value, as a result of the interconnection of networks (remember the "I LOVE YOU" bug).

However, in order for them to be offences, such attacks must always be deliberately and unlawfully committed, which means unauthorised. Acts which are duly authorised and carried out by state services or which are generally accepted as lawful commercial practices are not covered by the convention. This explicitly exempts from any criminal liability or other legal consequence the design and testing of software intended to protect the security of computer systems.

Offences in the second category cover the commission on computer networks of offences (fraud and forgery) hitherto committed in the physical world. It seemed necessary to make acts of "virtual" fraud and forgery offences because the number of victims of this type of offence is frequently very high, and traditional criminal definitions do not - in most legal systems - cover acts committed via networks.

The third category, content-related offences, concerns a number of acts connected with child pornography, a veritable scourge of contemporary society and an object of international trafficking, the suppression of which has become one of the main priorities of the Council of Europe. The convention makes offences of a wide range of acts, from possession to intentional distribution of child pornography.

There are many people, especially in Europe, who would have liked the convention also to make it an offence to disseminate via computer networks certain other unlawful contents, such as racist propaganda. The fact is that the convention to be signed tomorrow does not touch upon this problem, on which it proved impossible for the negotiators to reach agreement. That said, instructions have nevertheless been given to a new specific committee of experts to draw up, within a year, a draft protocol to be added to the convention, which will make racist and xenophobic propaganda via computer networks an offence.

Similarly, following the tragic events of 11 September 2001, the Council of Europe Parliamentary Assembly has asked for the convention to be strengthened through the addition of provisions relating to the transmission of terrorist messages via the Internet and their decoding. The Committee of Ministers is therefore considering the possibility of extending the terms of reference of the committee of experts that I have just mentioned so that it will also deal with this extremely topical issue.

Finally, the fourth category covers offences against copyright and related rights committed via the networks, including, for example, the distribution on a large scale of illegal copies of works which are protected by intellectual property rights. In fact, the draft makes an offence acts which other conventions (WIPO) had already defined as "piracy", but extends its scope to other fields.

III. Procedural provisions

The procedural part of the convention also draws on the previous work of the Council of Europe (Recommendation No. R(95)13 concerning problems of criminal procedural law connected with information technology). The intention is to facilitate the conduct of criminal investigations in cyberspace. There remain in practice sometimes insurmountable difficulties in applying to the virtual world investigation methods designed for the physical world. In addition, the lack of clear rules on the collection, conservation and presentation to the courts of reliable electronic evidence is a major obstacle. The text therefore lays down fundamental rules on certain procedural methods (preservation of data, search and seizure of data, collection of traffic data, interception of communications), the use of which will make it possible to find and collect electronic evidence relating both to the offences defined by the convention itself (such as child pornography) and other offences (such as terrorism or money laundering). It follows that the field of application of the procedural part of the convention is broader than that of the substantive part.

The text covers only specific criminal investigations, and certainly does not lend itself to the setting up of an Orwellian-style general electronic surveillance system. Let it be clear that the convention definitely does not authorise, and could not be used as a legal basis (excuse) for, the creation of "Big Brother", as, unless a criminal investigation has been opened, the convention certainly does not authorise the monitoring of communications or connections by either suppliers or law enforcement agencies.

What is more, there are many procedural guarantees which will enable any abuse to be forestalled. First of all, the introduction, use and application of the powers and procedures in the text will be subject to the conditions and safeguards for which the domestic law of each Contracting Party provides, so as to ensure that human rights are honoured, as they are defined in the applicable international instruments, such as the European Convention on Human Rights. And the text requires the test of proportionality to be applied, taking account both of the nature and of the circumstances of the offence which is the object of the investigation. And lastly, every procedural method will be placed in the framework of existing guarantees, including the prior authorisation of a judge, according to the country's legal system.

International co-operation

By definition, cybercrime disregards borders, and no investigation will be able to progress without efficient and speedy international co-operation. It is therefore vital for the law enforcement agencies of a state to have the ability to conduct investigations on behalf of another state, where electronic evidence is concerned, evidence which is by its very nature highly volatile, and they must communicate this with greater speed. The convention provides not only for application to cybercrime of the traditional forms of international co-operation in the criminal sphere (mutual judicial assistance and extradition), but also for the implementation as new forms of mutual judicial assistance of the new procedural methods which I have just mentioned (such as the acquisition of data or their preservation on behalf of another party).

Although the convention does not, at this stage, allow for real transfrontier computer searches, because the states which have negotiated the draft were unable to reach agreement on this point, it does, nevertheless, contain the idea of rapid co-operation through the setting up of a network of contact points which are available 24 hours a day and seven days a week. Speedy reference to these contact points will enable investigations to be started and information to be instantaneously communicated. This contact network will not supersede the more traditional communication channels, but will supplement these.

IV. Conclusions

Mr Minister of the Interior of Hungary,
Mr Minister of Justice of Belgium,
Mr Commissioner of Informatics of Hungary,
Ladies and gentlemen,

This convention represents a pioneering effort of wide legal scope, capable of providing an effective response to the challenges presented to Europe and the world by computer crime or cybercrime. Now that the convention is about to be opened for signature, tribute must be paid to all who, over a period of almost five years, have devoted themselves to achieving this outstanding result. First and foremost, Professor Kaspersen, who skilfully led intense discussions and successfully helped the committee to find its way out of political impasses, legal tangles and technical complexities. Also, to the national and scientific experts who generously contributed not only their knowledge and experience, but also their passionate interest, and who never gave up, in spite of many moments of despair. It is not possible for me to mention them all here, but I should like to say that they may be rightly proud of the result achieved. Particular credit is due in this context to the non-member states - especially the United States, Canada, Japan and South Africa, which contributed to the drafting of the text. I am sure that they will all be signatories.

I'd also like to thank the Parliamentary Assembly and its Rapporteur Mr Tallo for that major contribution to the drafting of the treaty.

I should also like to point out in this context that the "15" have expressed their support for the negotiations, particularly by adopting a common position of the 15 member states, and that the European Commission also played an active part in the work. There were also regular consultations with the G8, which has also been working in this field for years. I am sure that you will excuse me if I take the liberty, just in conclusion, of making a brief reference to my own organisation, citing the decisive contribution made by my colleagues in the Directorate General of Legal Affairs, first and foremost Mr Peter Csonka, who applied his very high degree of skill and his huge capacity for work to achieving the adoption and opening for signature, in his native country, of the most important international treaty concluded for a very long time at the Council of Europe.
Ministers, ladies and gentlemen,

It was time for legislation in this field. The Council of Europe convention is, I hope, going to become a worldwide reference standard, on which reforms in the criminal and criminal procedure sphere will draw in the years ahead. As a result, our legal systems will acquire ways of working together against these serious forms of crime, avoiding a certain feeling of impunity which seemed to exist hitherto in this sphere, and striking a precious balance between the requirements of criminal investigations and respect for individual rights.

Thank you for your attention.


Council of Europe Policy

New Scientist, European ministers approve cybercrime convention, 09 November, 2001
17:55 09 November 01, Duncan Graham-Rowe

European ministers approved the long-awaited Convention on Cybercrime on 8 November.

Among other things, the convention will outlaw the dissemination of child pornography on the internet, as well as the propagation of
racist and xenophobic ideas. The convention should also bring an end to the confusion surrounding complex legal issues concerning jurisdiction. It will allow the extradition of suspected cyber criminals, for example.

"It will certainly give security agencies what they want - but without regard to data protection," says Yaman Akdeniz, director of
Cyber-Rights and Cyber-Liberties UK.

The problem with the convention lies not with what it outlaws, but with the procedural powers it will give to security agencies, say
critics. For example, it will allow countries to exchange information without considering data protection.

"My concern is this will lead to an Orwellian nightmare," says Akdeniz.

Five years 

Ministers will meet again in Budapest on 23 November to sign the convention. But it will only become enforceable when five of the 43
signatory countries ratify it by incorporating it into their legislation. For some countries this could take as long as five years, says
Akdeniz. The approval comes at the same time as reports that US President Bush has written to the current EU president, Guy Verhofstadt, asking that the current European data protection directive be strengthened in wake of the terrorist attacks in the US. 
According to the European Voice newspaper, Bush has requested that provisions be made to allow for electronic data surveillance
during criminal investigations. 

Parliamentary Assembly Standing Committee : racism in cyberspace

Strasbourg, 31.10.2001 - The Standing Committee of the Council of Europe Parliamentary Assembly will meet in Strasbourg on Thursday 8 November 2001.

Louis Michel, Belgian Minister for Foreign Affairs, will address parliamentarians during the morning.

The parliamentarians will debate a report on racism and xenophobia in cyberspace (Doc. 9263), which reiterates the Assembly's call for the preparation of a protocol to the Cybercrime Convention outlawing racist websites and "hate speech" on the Internet, including "unlawful hosting". 

The Racism and xenophobia in cyberspace report prepared by Mr Ivar Tallo, Estonia, Socialist Group for the Committee on Legal Affairs and Human Rights dated 12 October 2001 follows a previous opinion of the Assembly on the draft Council of Europe Convention on Cyber-crime, and
reiterates the Assembly's request that an additional protocol be drawn up to the Convention as quickly as possible, defining and criminalizing hate messages, and taking into account "unlawful hosting" on Internet sites. The report also asks that it be specified how racist sites can be eliminated from the Internet and how the effective prosecution of those responsible can be encouraged.

The Parliamentary Assembly will recommend (if the report is approved) that the Committee of Ministers:

i. approve the terms of reference of the Committee of Experts on the criminalisation of racist or xenophobic acts using computer networks (PC-RX), instructing it to prepare a draft protocol to the future Convention on Cyber-crime;

ii. give this committee sufficient means to enable it to complete its task by 30 April 2002, when its terms of reference expire. The committee should complete its work in time for the protocol to come into force as soon as possible after the entry into force of the future convention;

iii. make specific mention of “unlawful hosting” in the terms of reference of this committee.

iv. specify the means by which it is possible to eliminate racist sites from the Internet and to encourage the effective prosecution of those responsible.

See also the special file "Cybercrime

The reports and summaries of them are available on the Assembly's website at http://stars.coe.fr/index_e.htm 

The Standing Committee acts for the Parliamentary Assembly in between sessions, and meets at least twice a year. It is made up of the Assembly's President and 18 Vice-Presidents, the leaders of the Assembly's political groups, national delegations and general committees as well as specially elected members. Its work is open to the press.


International Conference on Cybercrime and Signing Ceremony of the Council of Europe Convention on Cybercrime
22 - 23 November 2001, Budapest, Hungary.
The rapid growth of the new information technologies and their use for criminal purposes have created serious problems, which cannot easily be solved, using traditional international co-operation methods. The Committee of Experts on Crime in Cyberspace was set up to deal with cybercrime and criminal procedure problems linked with information technology. It was given the task of preparing a legally binding instrument. The Convention on Cybercrime will be presented for formal adoption to Foreign Affairs Ministers meeting in Strasbourg on 8 November 2001, with the opening for signature by member states taking place at the international conference, organised in Budapest on 22 and 23 November 2001.


First international treaty to combat crime in cyberspace approved by Ministers' Deputies - 646a(2001) - http://press.coe.int/cp/2001/646a(2001).htm 

Strasbourg, 19.09.2001- The Council of Europe Ministers' Deputies have just approved the Convention on Cybercrime.

The Deputies decided to present the Convention for formal adoption to Foreign Affairs Ministers meeting in Strasbourg on 8 November, with
the opening for signature by member states taking place at an international conference in Budapest at the end of November. It will enter into force when five states, at least three of which are members of the Council of Europe, have ratified it.

The Convention will be the first international treaty on crimes committed via the Internet and other computer networks, dealing particularly with infringements of copyright, computer-related fraud, child pornography and violations of network security. It also contains a series of powers and procedures such as the search of computer networks and interception.

Its main objective, set out in the preamble, is to pursue a common criminal policy aimed at the protection of society against cybercrime,
especially by adopting appropriate legislation and fostering international co-operation. The Convention is the product of four years of work by Council of Europe experts, but also by the United States, Canada, Japan and other countries which are not members of the organisation. It will be supplemented by an additional protocol making any publication of racist and xenophobic propaganda via computer networks a criminal offence.

In 1997, the Council of Europe's Committee of Ministers asked a committee of experts to "draft a binding legal instrument" examining the issues of offences, substantive criminal law, the use of coercive powers - including at international level - and the problem of jurisdiction over computer crimes. In April 2000, the draft text was declassified - a very unusual step in the drafting of an international legal text - and made public on
the Internet so as to garner the opinions of professionals and network users. In March 2001, the Parliamentary Assembly held a hearing of
international experts and then adopted an opinion on the draft text at its April plenary session.

Press Contact Sabine Zimmer, Council of Europe Press Service Tel. +33 3 88 41 25 97 - Fax. +33 3 88 41 27 90 E-mail: PressUnit@coe.int


European Committee on Crime Problems (2001) 'Committee of Experts on Crime in Cyberspace (PC-CY)', Final Draft Convention on Cyber-crime,’ CDPC (2001) 17, Strasbourg, 29 June 2001. Note also the Final Draft Explanatory Report to the Convention on Cyber-Crime.

22.06.2001 - Council of Europe's Committee on Crime Problems approved the final draft of Cyber-crime Convention
The European Committee on Crime Problems (CDPC) - an intergovernmental expert body reporting to the Council of Europe's Committee
of Ministers - has approved the final draft of the Convention on cyber-crime, during its 50th plenary session. Once adopted by
the Committee of Ministers, the Convention will be the first international treaty on criminal offences committed through the use of Internet
and other computer networks, dealing in particular with infringements of copyrights, computer-related fraud, child pornography, as well as
offences relating to security of networks. It also contains a range of procedural powers, including search of computer systems and
interception. Its main objective, defined in the preamble, is to pursue "a common criminal policy aimed at the protection of society against
cyber-crime, inter alia by adopting appropriate legislation and fostering international co-operation". 

Council of Europe's Committee on Crime Problems approves final draft of Cyber-crime Convention
Strasbourg, 22.06.2001 - The European Committee on Crime Problems (CDPC) - an intergovernmental expert body reporting to the Council of Europe's Committee of Ministers - has just approved the final draft of a Convention on cyber-crime, during its 50th plenary session this week.

Once adopted by the Committee of Ministers, the Convention will be the first international treaty on criminal offences committed through the use of Internet and other computer networks, dealing in particular with infringements of copyrights, computer-related fraud, child pornography, as well as offences relating to security of networks. It also contains a range of procedural powers, including search of computer systems and interception. Its main objective, defined in the preamble, is to pursue "a common criminal policy aimed at the protection of society against cyber-crime, inter alia by adopting appropriate legislation and fostering international co-operation".

The draft Convention is the outcome of four years of work by Council of Europe experts and their colleagues from the United States, Canada, Japan and other countries. The previous drafts passed the scrutiny of public debate, allowing Internet access providers, civil liberties organisations, academics and independent experts to make their contributions to the text. In April this year, the Council of Europe Parliamentary Assembly gave its opinion on the draft (see Press Release 288 of 24.04.2001).

CDPC also decided to complement the Convention by an additional protocol making it a crime to spread racist and xenophobic propaganda through computer networks.The definitive version of the draft Convention will be available as from Friday 29 June at the Council of Europe Press Service or on Internet at: conventions.coe.int.

Also this week, CDPC approved a draft European Code of Police Ethics, aimed at setting clear standards required of police in a modern, democratic society. This text includes guidelines concerning the objectives of the police, their organisational structures, recruitment and training of police staff, accountability and control of the police, as well as police action in specific situations, such as during investigation or deprivation of liberty.

The CDPC plenary session was also the occasion to mark the Committee's 50th anniversary since its establishment in 1958. Opening the session, Deputy Secretary General of the Council of Europe Hans Christian Kruger pointed to the tremendous amount of work accomplished by CDPC, which had drafted more than 40 conventions and over 100 recommendations, produced more than 70 reports and organised over 40 conferences and colloquia on penological and criminological matters. Mr Kruger stressed in particular that the draft cyber-crime convention - "arguably one of the most important legal instruments elaborated within the Council of Europe" - also provided an excellent example for fruitful cooperation beyond the confines of the continent, as several non-member States had actively participated in its elaboration. 

Press Contact
Dmitri Marchenkov and Sabine Zimmer, Council of Europe Press Service
Tel. +33 3 88 41 38 44 / 25 97 - Fax. +33 3 88 41 27 90 E-mail: PressUnit@coe.int

NEW: Report of debates of the Second Part of the 2001 Ordinary Session on the Draft Cyber-Crime Convention, Council of Europe, 
Parliamentary Assembly (Assembly Spring Session, 23-27 April 2001), 24 April, 2001. 

Draft Convention on Cyber-crime (Version No. 27 Revised - Word version, there is also an html version)
This text prepared by Committee of Experts on Crime in Cyber-Space (PC-CY), will be submitted to the European Committee on Crime Problems
(CDPC) at its 50th plenary session (18 - 22 June 2001) . The text then will be submitted to the Committee of Ministers for adoption.

Draft Convention on Cyber-crime - Version No. 25 - (Word format only)

This text has been declassified after the last Plenary meeting of Committee PC-CY, held in Strasbourg, from 11 to 15 December 2000. This text has also been submitted to the Parliamentary Assembly for opinion, which is expected to give its opinion in April 2001. In the light of this opinion, the text will be subject to a further revision by the European Committee on Crime Problems (CDPC), which is then expected to approve it at its next Plenary session in June 2001. The text then will be submitted to the Committee of Ministers for adoption.

As from 14 February 2001, the text of the draft Explanatory Memorandum has also been made public to help readers of the draft Convention better understand the scope and meaning of its provisions, as intended by the drafters. Explanations provided in this document should therefore be read in conjunction with the draft treaty's provisions. Any comments on this draft Explanatory Memorandum would also be welcome.

"The Working Party takes the view that the Council of Europe, in promoting international co-operation in matters of cyber-crime outside its own membership, needs to pay particular attention to the protection of fundamental rights and freedoms, especially the right to privacy and personal data protection. The Working Party therefore sees a need for clarification of the text of the articles of the draft convention because their wording is often too vague and confusing and may not qualify as a sufficient basis for relevant laws and mandatory measures that are intended to lawfully limit fundamental rights and freedoms. Explanations in the explanatory memorandum cannot replace legal clarity of the text itself." - Opinion 4/2001 on the Council of Europe's Draft Convention on Cyber-crime (European Commission) Document adopted by the Data Protection Working Party, March 2001. (PDF version also available)

Council of Europe Draft Cyber-Crime Convention, version no 24, 24 November, 2000

See also the Council of Europe Treat Office pages for the draft CyberCrime Convention which includes a point of contact pages related to the draft Convention.

Euro-RIP Act? asks Diana Wallis, MEP, 03 December, 2000
“It’s down to the European Commission to make sure that the various governments do not get together and agree this convention. The Commission has its own proposals on cybercrime and there is no need for such email surveillance measures to be included. “I have asked the Commission a further question relating to the Council’s proposals in the light of the RIP experience in the UK.” 

Security Focus: Cybercrime Treaty: Take Two, October 8, 2000.
The new, improved draft of the international Cybercrime treaty is out, and David Banisar says it's bigger and badder than ever.

Council of Europe Draft Cyber-Crime Convention, version no 22, October 2000.

Civil Liberties, Human Rights Groups Criticise the Draft Convention
Global Internet Liberty Campaign Member Letter on Council of Europe Convention on Cyber-Crime, 18 October, 2000. Cyber-Rights & Cyber-Liberties signed this letter and was involved with the drafting of this letter. See the press release for this letter through http://www.cyber-rights.org/press/. See also the Draft Convention on Cyber-crime (version 22). An html version is offered by CR&CL here. The letter was sent just prior to a closed meeting that will be held 23-27 October in Berlin by the G-8 to discuss the treaty.

AP, Europe Debates Cybercrime Treaty, March 6, 2001, at http://news.excite.com/news/ap/010306/13/europe-cybercrime-treaty 
PARIS (AP) - As Europe moves closer to an ambitious international treaty on cybercrime, Internet industry specialists on Tuesday raised concerns that the final version might endanger users' privacy. Four years in the works and now in its 25th draft, the Council of Europe's treaty is likely to be ready for signature by year's end. But some industry observers say the convention could stifle the Net's free-for-all nature by giving governments too much power. On Tuesday, the Council of Europe's parliamentary assembly convened a panel of private Internet experts, police officers and academics in Paris to debate the controversial text in front of reporters for the first time. The treaty, drafted by representatives of the 43-nation Council of Europe, covers the destruction of data or hardware - such as the damage caused by the Love Bug virus - as well as online child pornography, copyright theft and other Internet crimes. Computer attacks still are not universally recognized as crimes. The speakers agreed that the council's work was an important step toward standardizing laws on cybercrimes. But Fred Eisner, a consultant for the Dutch government and private companies, said the draft made unfair demands on Internet service providers by asking them to track Web users' online movements. "This draft convention lacks balance," Eisner told the assembly. "The convention explicitly gives much more power to law enforcement agencies and it has no system of checks and balances." Bruce McConnell, president of McConnell International, a Washington-based consulting firm, said the treaty should be more forceful in protecting the privacy of Web users - who are already worried about being spied on. "There is concern that the powers of surveillance ... are not balanced by comparable protections for individuals' privacy," he said. When the draft convention was declassified in April 2000, concerned Web users flocked to chat rooms and set up newsgroups to talk about what they perceived as a threat to Net freedom. The council has addressed many of their concerns in more than two dozen version of the text, and it is not likely to evolve much before it is ratified and opened for country signatures, said Guy de Vel, the council's director of legal affairs. "Everything has been so carefully weighted, I don't really see important parts of it changing," he said. Some critics say the treaty doesn't go far enough. They have slammed it for focusing on financial measures such as copyright infringement while leaving out provisions to fight online racism. The United States, which often stresses freedom of expression over measures to fight hate speech, had pushed to keep such anti-racism measures out of the treaty. "You're stopping short of protecting human dignity," lawyer Marc Levy told the group. Levy has represented one of several French advocacy groups that sued California-based Yahoo! for hosting online auctions of Nazi memorabilia. The United States, along with Canada, Japan and South Africa, has been working with the Council to develop the treaty, and will have a right to sign on once it is ratified. Though the U.S. government has endorsed the gist of the treaty, it is unclear whether the Bush administration might have objections with the final version, McConnell said. "The new administration is becoming very interested in the treaty but is not yet up to speed," he said in an interview. "We still need to see how it will play out."

Reuters, Freedom v rules bring cybercrime treaty clashes, March 6, 2001 
PARIS, March 6 (Reuters) - The Internet industry and governments clashed head-on on Tuesday over efforts to come up with the world's first treaty 
against cybercrime. From the Internet purveyors and providers came calls for minimal restrictions. From governments came pressure for sufficient powers and rules to fight crime online. Industry representatives at a hearing held by the Council of Europe, which is drafting the pioneer convention, said passages requiring Internet service providers (ISPs) to store user data for long periods would be unacceptably costly. Echoing a growing trend in Europe, the European Union said it wanted the convention to help fight hate crimes and racism, an issue highlighted by a recent French court decision ordering the U.S.-based site Yahoo to remove Nazi 
memorabilia from its auction pages. The differing views were aired at the first public discussion of the draft text, which sparked a storm of online protest from Web libertarians when the Strasbourg-based Council of Europe posted it on its website last year. 

NEED FOR CONVENTION ACCEPTED 
"There are some real differences here and they have to be taken into account," rapporteur Ivar Tallo said after the day-long debate in Paris. "Many contributions were critical but they did not deny the need for a convention." The Council of Europe, a 43-nation human rights watchdog, has been adjusting the draft in light of criticisms from industry and pressure groups. It plans to approve a final version in June. The council has been working since May 1997 on the treaty to harmonise laws against hacking, fraud, computer viruses, child pornography and other Internet crimes and ensure common methods of securing digital evidence to trace and 
prosecute cybercriminals. Presenting an industry view, Fred Eisner from the Dutch Association of Internet Providers said the convention was biased towards governments and underestimated the costs it would generate. "This draft convention lacks balance," he said. "While it gives far more powers to law enforcement agencies, there are no built-in checks and balances...on behalf of all other actors." 

STORING DATA FOR EVIDENCE 
Eisner said the treaty, which would require ISPs to provide police data about content such as child pornography that users view or send, "asks from ISPs far 
more information than they are allowed to look at." He was especially critical of the treaty's goal to require ISPs to store user information for at least two months as evidence if requested. "Strict limits should be set to both the kind and the amount of data to keep and the period to keep them," he said. "'Not less than 60 days' cannot be taken seriously."' Beatrice Metraux of the Swiss Institute of Comparative Law said there were about 4,000 openly racist websites around the world, 2,500 of them in the United States, but the American doctrine of free speech made it difficult to apply European-style restrictions on them. "If we add hate crime restrictions to this convention, the ISPs will get even more upset," said one expert who asked not to be named. "It costs time and money to filter these sites out." 
Guy de Vel, the council's director general of legal affairs, said the council would consider the criticisms and suggestions as it worked out the final version of the text for approval. He admitted that the public debate triggered by the draft convention presented a new challenge to governments used to negotiating treaties privately. "The pressure certain groups try to exercise does not necessarily contribute to a calm debate or create a climate of trust," he remarked. "Criticism is legitimate and welcome because this draft can be improved. But we must not drain it of its substance just to please this or that group."