Address by Ms Maud De Boer-Buquicchio,
Deputy Secretary General of the Council of Europe at the Cybercrime Ministerial Conference
“2011 – 10th anniversary of the Budapest Convention”
Budapest, 13 April 2011
Deputy Prime Minister,
Ladies and Gentlemen,
Ten years ago in Budapest, 25 Council of Europe member States as well as Canada, Japan, South Africa and the USA signed the Convention on Cybercrime.
The Budapest Convention is the first and so far only international treaty seeking to curb computer and internet crimes. It aims to do so by harmonising national laws, improving investigative techniques and increasing cooperation among nations.
As of today, the Convention is signed by 47 states; 30 of those states have also ratified it. We can see that in ten years the number of signatures has doubled.
Is that too many or is that too few?
As classic international treaties go, the Budapest Convention enjoys impressive success. However, when compared to the technological and legal challenges of cybercrime and to the alarming speed with which it mutates into new forms, the rate of signatures and ratifications is too slow.
Computer crime knows no borders. The evidence of wrongdoing, more often than not exists in the form of tiny, separate packets of data whirling around the globe through a maze of Internet connections, perhaps several times over by the time I finish this sentence. While these packets of data only make sense when they are assembled together, they are subject to instant manipulation at any time.
Internet has shrunk the globe and given an entirely new meaning to the moniker “global village”. In one real world example, a company under investigation was incorporated in Vanuatu, operated its business from Australia, maintained its computer server in Denmark, kept its source code in Estonia and the original developers resided in the Netherlands.
That is why we need harmonisation and co-operation globally. If we cannot have a global treaty, we must have a global reference – and that reference is the Budapest Convention. If all Council of Europe member states do not ratify the Convention, if we do not actively support and promote it together, we will have difficulties in convincing the rest of the world of its merits. And we will miss the best chance that we have to effectively fight cybercrime.
Therefore my first and most important message on this anniversary occasion is to the four Council of Europe member States who have neither signed nor ratified and to the fourteen member States who have signed but have yet to ratify – please sign and ratify the Budapest Convention now.
There can be no better place than Budapest, where this treaty was opened for signature ten years ago, to make such a call. The actual date was the 23 November 2001. Why not target 23 November 2011 for ratification by all?
Ladies and Gentlemen,
This is also the right place to thank the European Union for the excellent co-operation we have against cybercrime and to commend the Hungarian EU Presidency for having made cybercrime one of their Chairmanship priorities.
We look forward to cooperating with the European Union in the implementation of the Stockholm Programme and the Internal Security Strategy, both of which underline the need for strong action against cybercrime.
Cybercrime is a real and present danger, and this danger is growing at an alarming pace. We have become dependent on Internet not only for exchanging knowledge and information, but for maintaining our power grids and banking systems, the security of our air traffic and other transportation networks, for supplying our supermarkets and for upkeeping our hospitals. A concerted criminal cyber attack can upset entire industries and perhaps countries.
Short of extreme cases scenarios, in everyday use Internet has the potential to empower millions but can also magnify the problems and ills of our societies by spreading greed, xenophobia, hatred, child pornography.
The European Union and the Council of Europe have started to discuss the possibility of launching a joint programme to support measures against cybercrime at the global level and on the basis of the Budapest Convention. Such a project would enhance the contribution of the Budapest convention to the global Internet security.
Without a firm commitment of States – not only in Europe, but all over the world – to cooperate in eradicating organised crime on the Internet, the Budapest Convention will remain little more than a well-wishing text put on paper. Moreover, effective and efficient action against cybercrime requires concerted action by State and non-State actors - Internet Service Providers, big private companies such as Microsoft, Google, Facebook, to name but a few. We need a real Coalition of the Willing for Internet under the Rule of Law.
This morning, I referred to internet as a space with a fragile ecology. A space that needs a form of governance based on values and democratic principles. The Budapest Convention is a key component of that governance.
Nature gives us many examples on how some species adapt to a challenging environment. One way is evolution. Another way is through symbiosis.
The Budapest convention can do both.
The Committee of the Parties of the Budapest Convention is the body tasked with overseeing the proper implementation of the Convention, exchanging of information between the Parties and consideration of possible amendments and supplementation of the Convention.
10 years on from the entry into force of the Budapest Convention, the Committee of the Parties is busy mapping out the future of the Convention, ensuring it is well adapted to the needs of the 21st century information society.
One of the manifold challenges facing law enforcement on the Internet is the question of jurisdiction, not only in terms of which State could prosecute an alleged offence, but more importantly: how to carry out criminal investigations on the Internet efficiently and in full respect of applicable international law.
The Committee of the Parties is currently examining this question with a view to establishing how to solve the problems involved, including whether new legislation would be necessary.
I am pleased to see, how the States Parties to the Budapest Convention are increasingly taking up “ownership” of the Convention, now that it is coming of age.
It also becomes increasingly evident that Budapest Convention can and should achieve a good symbiosis with other Council of Europe instruments.
I have in mind the Protocol to the Budapest Convention on Xenophobia and Racism but also the Convention on the Laundering, Search, Seizure and Confiscation of Proceeds from Crime and the Financing of Terrorism, the Convention on the Protection of Children against Sexual Exploitation and Sexual Abuse, the Convention on the Prevention of Terrorism and the Convention on the Protection of Personal Data. And, of course, the European Convention on Human Rights.
Some of the situations we are dealing with look like one of those impossible cases imagined by teachers of international law to challenge law students. Unfortunately, cybercrime complexity goes often beyond imagination and is never virtual. Let me illustrate this through a recent case of computer criminals getting caught and brought to justice. In February 2011, a Court in Novosibirsk sentenced Russian hacker Eugene Anikin to a five-year suspended prison term for his role in an international fraud operation that resulted in the theft of $ 10 million from US-based mail-order and Internet payments processing company RBS WorldPay.
The sentence took into account the fact that Mr Anikin co-operated with the investigation and had begun reimbursing the defrauded company.
As some of you may recall, the case goes back to 2008, when RBS WorldPay system was hacked in just one subsidiary of Royal Bank of Scotland. Credit cards information was stolen and in the next 12 hours $ 10 million were withdrawn from 2,100 automated teller machines in 280 different cities in Spain, Japan, China, Turkey, UK, US, the Netherlands, the Philippines, Ukraine and Russia. In 2009, in connection with this case, another Russian citizen, a citizen from Estonia and another one from Moldova were indicted by a grand jury in Atlanta, US and were later sentenced by national courts.
This case underlines the need for and the effectiveness of international co-operation. It also shows that where there is political will, there is a way.
As I said this morning, it may be too naïve to believe that we can make of internet a kind of paradise, a perfect place. Internet will keep evolving, mirroring our society and its contradictions, showing the good and the evil in mankind. However, I trust that you are all convinced that we can and should make of internet a much better place for all.
For me, there is no better guarantee of success than building a coalition to make sure that human rights, democracy and rule of law values become the “natural forces” governing the internet. The Budapest Convention is there to defend these values. So is the Council of Europe. And we count on you!
Thank you for your attention!