EPIC logo

The Council of Europe's Convention on Cybercrime

Introduction | Summary of Convention | EPIC's Position | Treaty Documents | News | Government Resources | NGO Resources | Industry Comments | Papers/Law Review Articles | Conferences

Top News


In 1997, the Council of Europe (CoE) formed a Committee of Experts on Crime in Cyber-space, and met in secret for several years drafting an international treaty entitled the "Convention on Cybercrime," (the Convention) that was released in final form in June, 2001. Although thirty-four countries participated in the ceremonial act of signing the Convention in November, 2001, only six have actually ratified the Convention. No major European country has agreed to be bound by the Convention. The only countries which have ratified it are Albania, Croatia, Estonia, Hungary, Lithuania, and Romania.

On November 17, 2003, President Bush transmitted the Convention, along with the State Department's report on the treaty, to the US Senate with a view to receiving its advice and consent to ratification. To become binding on the US, the treaty requires approval of two-thirds of the Senate. When the Senate considers a treaty, it may approve it as written, approve it with specified conditions, reservations, or understandings, reject and return it, or prevent its entry into force by withholding approval. The Senate's consideration of a treaty is usually expedited, and generally takes one or two years. Now, the Senate Committee on Foreign Relations has scheduled a hearing on the Convention for Thursday, June 17.

Summary of Convention

According to the preamble, the main aim of the Convention is to pursue "a common criminal policy aimed at the protection of society against cybercrime, inter alia by adopting appropriate legislation and fostering international co-operation."

The Convention includes a list of crimes that each signatory state must transpose into their own law. It requires the criminalization of such activities as hacking (including the production, sale, or distribution of hacking tools) and offenses relating to child pornography, and expands criminal liability for intellectual property violations. It also requires each signatory state to implement certain procedural mechanisms within their laws. For example, law enforcement authorities must be granted the power to compel an Internet Service Provider to monitor a person's activities online in real time. Finally, the Convention requires signatory states to provide international cooperation to the "widest extent possible" for investigations and proceedings concerning criminal offenses related to computer systems and data, or for the collection of evidence in electronic form of a criminal offense. Law enforcement agencies will have to assist police from other participating countries to cooperate with their "mutual assistance requests."

EPIC's Position

Independent legal experts and human rights activists have continually posited objections to the Convention because it threatens core civil liberties protections currently afforded to US Citizens. Common criticisms are that the treaty fails to provide meaningful privacy and civil liberties protections, and that its scope is too broad and covers much more than computer-related crimes. The treaty also lacks a "dual criminality" provision, under which an activity must be considered a crime in both countries before one state could demand cooperation from another. Thus, the treaty would require US law enforcement authorities to cooperate with foreign police forces even when such agencies are investigating an activity that, while constituting a crime in their territory, is perfectly legal in the US. Furthermore, the drafting of the treaty has been conducted in a very secretive and undemocratic manner, and did not take human rights' groups concerns into account. For this reason, the treaty seems more like a law enforcement "wish list" than an international instrument truly respectful of human rights already enshrined in many international conventions, such as the 1948 Declaration of Human Rights and the 1950 European Convention of Human Rights. Again, no major European country has ratified this treaty at this time. The US government's support for the ratification of the Convention on Cybercrime - a treaty very controversial in Europe - appears like an attempt to obtain more powers than what it could obtain with the USA PATRIOT Act after September 11, 2001.

Treaty Documents


Government Resources

NGO Resources

Industry Comments

Papers/Law Review Articles


EPIC Privacy Page | EPIC Home Page

Last Updated: December 16, 2005
Page URL: http://www.epic.org/privacy/intl/ccc.html