UN rejects international cybercrime treaty

A growth in legitimate cross-border computing, such as cloud computing, has been accompanied by a growth in cross-border crime and led to calls for international laws to be brought up to speed.

Talks at the UN last week were unable to reconcile differences between developing countries and the most advanced capitalist countries, led by the EU, US and Canada.

The 12th pentennial UN Crime Congress in Salvador, Brazil, declared yesterday a compromise that at least left a window open for a global agreement.

A UN advisory committee would consider conducting a study of cybercrime, legislation and law enforcement. The process might bring opposing countries closer together and lead in some years to proposals that may open a way to preparatory talks for a global agreement. Such talks might also take years.

The UN did make a firm commitment for developed countries to step up the assistance they gave developing countries to build resources to tackle cybercrime and bring national legislation up to date. There was unanimous agreement that this must be done urgently.

The EU and US had refused to countenance a new treaty on cyber crime when there had already been one in place for 10 years. The Budapest Convention on Cyber Crime had been signed or ratified by 46 countries since it had been drafted by the Council of Europe in 2001.

The convention had become the gold standard for countries drafting computer law. Numerous countries outside Europe were aiming to ratify the treaty. Some already had. But developing countries wanted a new treaty drafted by a global process.

Cloud computing trends in particular have led the Council of Europe to open a review of the Budapest Convention. But the process may lead to a strengthening of powers that have proved the most controversial.

The Budapest Convention gives police powers to access servers in other countries without the permission of the authorities, as long as the system owners sanction the access. Criminals can hop between servers in different countries quickly, police want to be able to secure electronic evidence before they move on, and need to be able to subpoena service providers to hand it over.

But Russia has opposed the practice ever since US police in 2000 hacked computers belonging to two Russian men who had been defrauding American banks.

US and EU legislators meanwhile want privacy provisions to protect people's data against arbitrary or over-zealous police interference when it is stored in another country by a cloud computing provider. This was another stickler for UN talks in Salvador.

This article was first published by Computer Weekly

What’s hot on Infosecurity Magazine?