The Convention on Cybercrime is the work of the Council of Europe and is aimed at facilitating international cooperation in the investigation and prosecution of computer crimes. Since the Convention came into being in 2001, the COE has been working to address the growing international concern over the threats posed by hacking and other computer-related crimes.
Alexander Seger currently heads the Economic Crime Division at the Directorate General of Human Rights and Legal Affairs at the COE. We caught up with him before his presentation at AusCERT, which commences this week in Queensland, and ask him why it would beneficial to Australia to become a full party to the treaty and why he thinks the Convention should go from being a primarily European instrument to a global one.
What will your talk at AusCERT be about?
The presentation will be about the Convention on Cybercrime as one response to the global challenge of cybercrime. Nobody questions the fact that societies are increasingly relying on information and communication technologies and that they are thus increasingly vulnerable to threats such as cybercrime. Countries therefore need a consistent and complete legal framework that criminalises conduct in a way that it is not easily overtaken by technology. They need to provide law enforcement and criminal justice authorities with the means for efficient investigations and the possibility to secure volatile evidence. And - given that cybercrime is the most transnational of all crimes - they need to be able to cooperate internationally in an efficient manner. Moreover, considering that the vast majority of internet users use ICT for perfectly legitimate purposes, measures against cybercrime must respect privacy, freedom of expression, protection of personal data and other rights of users. My presentation will show how the Convention can help societies meet these challenges.
How can Australia benefit from the Convention on Cybercrime?
The Convention is useful in two ways: (1) It serves as a guideline helping countries develop consistent cybercrime legislation that is also compatible with that of other countries, and (2) it provides a framework, a legal basis for cooperation with other countries that are parties to the Convention.
With regard to the first point, Australia already has legislation covering a range of cyber offences as well as procedural law tools. One would have to see whether existing legislation would need to be further strengthened. The Convention could help in this respect. With regard to the second point, the Convention on Cybercrime is the only international treaty covering this topic. It would certainly be beneficial for Australia to become a full party to the treaty to be able to make use of this framework for international cooperation. Most cyber offences have an international element - eg data stored on a server abroad or email traffic passing through a server in another country or a service provider based abroad - and it is very difficult to investigate such crimes without efficient international cooperation.
What has the Convention achieved for those who have complied with it?
Countries that have complied with the Convention have considerably strengthened their cybercrime legislation. This improvement of the legal framework is clearly documented. Moreover, international cooperation between parties to the Convention has become much more intensive in many cases. Obviously, this is still a young treaty and some countries (e.g. France, USA, Romania, Bulgaria) make more use of the opportunities that it provides than others.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.