Professional Documents
Culture Documents
Budapest Convention
Budapest Convention
“Joyce Hakmeh, Cyber Research Fellow, International Security Department, and Co-Editor of the Journal of Cyber Policy 6
June 2017 , Building a Stronger International Legal Framework on Cybercrime www.chathamhouse.org” access on 25th
December, 2018.
A few weeks ago, organizations in more than 150 countries were victims of an
unprecedented cyberattack which used the ransom ware Wannacry, disrupting
thousands of businesses and public institutions around the world. The global
scope of the attack meant that in order to identify and catch the culprits
a complex international investigation is needed. However, the existing
international legal framework for cooperation on cybercrime is a fragmented one,
with no single governance architecture, which complicates investigations and risks
leaving the perpetrators at large.
Normally, perpetrators seek refuge in countries that provide safe havens where there
are no, or insufficient, cybercrime laws to implement an extradition request. And
because the extradition treaties of many countries have a ‘double criminality’
requirement, it means that country A will only extradite a suspect to stand trial in
country B for breaking its law when there is a similar law criminalizing that offence
in the extraditing country. So if cybercrimes are not criminalized in certain
countries, or if the relevant laws are not in harmony with the investigating states,
perpetrators can roam free.
These challenges can be met – public-private partnerships in particular can help use
the flexibility of the private sector to overcome some of the jurisdictional challenges
and provide access to evidence held by private industry. But a better international
framework is still needed.
The council of Europe Convention on Cybercrime 23/11/2001 the first international convention
on Cybercrime, that contains a series of powers and procedures Cybercrime investigations, identify, search and
seizure of digital forensic evidence and catch the culprits. The convention also called as the “Budapest Convention”
the main purpose is to protection society against cybercrime and international cooperation.
However, Russia, China, India and other big countries have refused to ratify the
Budapest Convention, giving two main reasons: either because they have not
participated in its drafting process or because it infringes on their sovereignty.
Russia has traditionally had a far from straightforwardcooperation relationship with
EU states on cybercrime. and similarly, China has been less than keen on
information and intelligence sharing with other countries. For several
years, Russia has been backing a proposal for a UN global treaty on cybercrime, a
position reconfirmed recently again by the government and by Putin after the recent
attack. However, this proposal has been blocked for years, mainly by EU states and
the US, who argue that there is already a cybercrime international convention in
place – the Budapest Convention.
Hence, dismissing it and starting from scratch seems like a wasted opportunity,
especially given how difficult it is to achieve a global consensus on how to deal with
cybercrime. But by the same token, imposing it on the rest of the countries as the
global treaty on cybercrime, without addressing the concerns of the non-members,
and without engaging with them in a structured dialogue, seems to be a non-starter
too. It seems sensible that more diplomatic efforts should be exerted by the
Secretariat of the Convention, and importantly by its state parties, to engage more
countries in the Convention and make it truly international