Convention on Cybercrime/ Budapest, 23/11/2001,

Total number of signatures not followed by ratifications 4

Total number of ratifications/accessions 62

Pakistan is not till yet signatures of this convention on Cybercrime

“Joyce Hakmeh, Cyber Research Fellow, International Security Department, and Co-Editor of the Journal of Cyber Policy 6
June 2017 , Building a Stronger International Legal Framework on Cybercrime www.chathamhouse.org” access on 25th
December, 2018.

A few weeks ago, organizations in more than 150 countries were victims of an
unprecedented cyberattack which used the ransom ware Wannacry, disrupting
thousands of businesses and public institutions around the world. The global
scope of the attack meant that in order to identify and catch the culprits
a complex international investigation is needed. However, the existing
international legal framework for cooperation on cybercrime is a fragmented one,
with no single governance architecture, which complicates investigations and risks
leaving the perpetrators at large.

Normally, perpetrators seek refuge in countries that provide safe havens where there
are no, or insufficient, cybercrime laws to implement an extradition request. And
because the extradition treaties of many countries have a ‘double criminality’
requirement, it means that country A will only extradite a suspect to stand trial in
country B for breaking its law when there is a similar law criminalizing that offence
in the extraditing country. So if cybercrimes are not criminalized in certain
countries, or if the relevant laws are not in harmony with the investigating states,
perpetrators can roam free.

In addition, jurisdictional limitations can hamper(rukawat)one of the most

challenging aspects of a cybercrime investigation – attribution. Every time a law
enforcement agency needs to undertake a cross-border investigation, it has do so
through official, and at times bureaucratic, legal channels to request assistance
which makes investigations more complicated to navigate. Not only is this process
lengthy and convoluted but it also jeopardizes the global evidence gathering process.
This is due to the volatile and fragile nature of the electronic evidence which requires
agility in its collection while protecting its integrity and maintaining the chain of
custody.

These challenges can be met – public-private partnerships in particular can help use
the flexibility of the private sector to overcome some of the jurisdictional challenges
and provide access to evidence held by private industry. But a better international
framework is still needed.
 The council of Europe Convention on Cybercrime 23/11/2001 the first international convention
on Cybercrime, that contains a series of powers and procedures Cybercrime investigations, identify, search and
seizure of digital forensic evidence and catch the culprits. The convention also called as the “Budapest Convention”
the main purpose is to protection society against cybercrime and international cooperation.

The Council of Europe Convention on Cybercrime (also known as the

Budapest Convention) is at present the main international instrument
on cybercrime. It aims to help its state parties harmonize their national
laws, improve their investigative techniques and increase cooperation.
In addition to most EU countries, the US, Japan, Australia, Canada and
others have ratified the convention. Indeed, the EU’s law enforcement
agency, Europol, and its Joint Cybercrime Action Taskforce, which also
includes the FBI and the US secret service, have been cooperating
together and have been playing an important role in the investigation of
the latest attack. In addition, INTERPOL, through its National Central
Bureaus in 190 countries, has been providing coordination
efforts, primarily through supporting national police, facilitating
information exchange and providing updates on investigations.

However, Russia, China, India and other big countries have refused to ratify the
Budapest Convention, giving two main reasons: either because they have not
participated in its drafting process or because it infringes on their sovereignty.
Russia has traditionally had a far from straightforwardcooperation relationship with
EU states on cybercrime. and similarly, China has been less than keen on
information and intelligence sharing with other countries. For several
years, Russia has been backing a proposal for a UN global treaty on cybercrime, a
position reconfirmed recently again by the government and by Putin after the recent
attack. However, this proposal has been blocked for years, mainly by EU states and
the US, who argue that there is already a cybercrime international convention in
place – the Budapest Convention.

Practically speaking, negotiating a new UN treaty on cybercrime will take years of

intense diplomatic effort and fruitful results are not guaranteed. Even if it sees the
light, implementing a new global treaty properly takes many years. In contrast, the
Budapest Convention has been in place for more than 15 years. It provides a global
legal framework for cooperation and has proven to be reasonably effective in
creating more synergies between its signatories. Its state parties have harmonized
their domestic laws accordingly and non-state parties have been using it as a model
for their cybercrime legislation.

Hence, dismissing it and starting from scratch seems like a wasted opportunity,
especially given how difficult it is to achieve a global consensus on how to deal with
cybercrime. But by the same token, imposing it on the rest of the countries as the
global treaty on cybercrime, without addressing the concerns of the non-members,
and without engaging with them in a structured dialogue, seems to be a non-starter
too. It seems sensible that more diplomatic efforts should be exerted by the
Secretariat of the Convention, and importantly by its state parties, to engage more
countries in the Convention and make it truly international