[ccwg-internet-governance] Fwd: [Internet Policy] ITU circumventing Budapest Convention?

Dr. Tatiana Tropina t.tropina at mpicc.de
Mon Nov 28 07:55:52 UTC 2016

Dear all,

I have not written to this list yet though I am reading it :-) as
someone who has been working in the field of cybercrime legislation for
quite a number of years and is well aware of the ITU-EU projects, I feel
like I need to bring my 2c.

While I am a big supporter of the CoE cybercrime convention and in
general I do oppose the ITU-EU developed model laws (I was myself
participating in one of those project in Caribbean and frankly speaking
I don't see the value in such "hamronsiation" and rather see it as
further fragmentation of approaches), I find this article about Vanuatu
provided in the email very alarmist and to some extent incorrect.

Just some background - while cybercrime convention is very important,
many countries are not a party of it. It would be completely unfair to
say that they - or ITU or UN for that matter - are circumventing the
convention. ITU is certainly out of play in the cybercrime field now.
The lost the mandate on the legislative help on cybercrime to UNDOC in
2010 after trying hard (they even published a model legislative language
for developing countries that later was taken down from the web site)
and UNODC later in 2013 failed to push forward the Comprehensive Study
on Cybercrime that called for global convention - failed because of the
strong support of the Council of Europe Convention from the states that
are a party of it and that strongly opposed the UN-led solution. It has
been a deadlock and the Council of Europe is the only body that has a
long-term existing and working solution that is constantly being worked
on. Neither ITU nor UN can really circumvent it or create something
meaningful in response.

ITU-EU sponsored projects were meant to enhance connectivity and
security and ICT policy in different regions like Caribbean or small
countries in Asia-Pacific. I do find it a failed attempt because they do
not really contribute to the real legal cooperation in cybercrime.
However, they were launched well before it was clear that UNODC or ITU
can't push for a global solution and that this "help" will be so
patchworked. So it's not something ITU is plotting now, the ITU-EU
projects are being carried out from 2010 and frankly speaking I don't
think anyone really believes they would be as successful as planned.
Many people realised that it was better to push for meaningful solution
like Budapest convention instead of creating competing approaches that
do not give real instruments for international cooperation and mutual
legal assistance.

I am very well aware of the content of model laws and from this point of
view the article about Vanuatu law is misleading, e.g. in terms of what
"illegal devices" mean in the ITU/EU laws. This might get
misinterpretations on the national level during adoption, but the
cybercrime model laws for the ITU/EU projects were drafted quite closely
to the Budapest convention actually though with some strange novelties
such illegal remaining. But illegal remaining does exist in some laws
and has been widely discussed in professional circles as one of the
possible forms of criminalisation. The model laws were drafted by the
academics that at times were at the forefront of cybercrime legal

I am not defending the ITU laws, I never liked them and was against some
of the provisions, but at the end they were not that bad, just mostly
useless from practical point of view. There are some lessons learnt
since then - and for many of us one of them that there is nothing better
that Budapest convention yet, however, the process with ITU/EU model
laws started well before we lawyers learnt this.  At the end of the day
- and article (unknowingly, I think) confirms it - the laws are adopted
on the national level and sometimes are narrowed down, sometimes
expanded. ITU has no control on this process and it's only national
jurisdictions and legislators who are responsible for drafting them.
Shifting this debate to the ITU that has not done much in this area of
legislating crime for quite a long time - and frankly speaking - I don't
see it taking over in this field in the nearest future because it has
neither mandate nor real resources - it simply wrong. One either have to
work on the national level or to put otherwise political pressure on the
governments who adopt national laws like that.

To really fight against poorly drafted solution one really needs good
legal arguments related to the poor construction of cybercrime offences
or poor oversight of investigatory powers (which frankly speaking is not
only the case of Vanuatu - look at the current debate in the UK
regarding the newly adopted legislation).

If anyone on this list is interested in getting to know more of
political/historical/legal context on this - happy to assist.

Warm regards


On 28/11/16 02:49, Sam Lanfranco wrote:
> Since there is a sense of urgency here I am quickly posting the
> following which may be additional useful information.
> It may be good counterpoint to what is proposed in Vanuatu... I will
> compare contents but that will take a day or so.
> Sam L.
> The European Union Agency for Network and Information Security (ENISA)
> is a centre of expertise for cyber security in Europe. It has just
> published a 60 page booklet Good Practice Guide on National Cyber
> Security Strategy. The booklet (in English) can be downloaded at:
> https://www.enisa.europa.eu/publications/ncss-good-practice-guide
> ENISA published its first National Cyber Security Strategy Good
> Practice Guide in 2012. Since then, EU Member States and EFTA
> countries have progressrf in developing and implementing their
> strategies. This guide is updating the different steps, objectives and
> good practices of the original guide and analyses the status of NCSS
> in the European Union and EFTA area. The aim is to support EU Member
> States in their efforts to develop and update their NCSS. Therefore,
> the target audience of this guide are public officials and policy
> makers. The guide also provides useful insights for the stakeholders
> involved in the lifecycle of the strategy, such as private, civil and
> industry stakeholders.
> On 11/27/2016 6:35 PM, Greg Shatan wrote:
>> I am forwarding this email which is of considerable interest on
>> several levels.
>> Greg
>> ---------- Forwarded message ----------
>> From: *Dan McGarry* <dmcgarry at imagicity.com
>> <mailto:dmcgarry at imagicity.com>>
>> Date: Sun, Nov 27, 2016 at 5:01 PM
>> Subject: [Internet Policy] ITU circumventing Budapest Convention?
>> To: "internetpolicy at elists.isoc.org
>> <mailto:internetpolicy at elists.isoc.org>"
>> <internetpolicy at elists.isoc.org <mailto:internetpolicy at elists.isoc.org>>
>> As a media professional and technologist with over 2 decades'
>> experience, I am deeply concerned about Vanuatu's proposed cybercrime
>> bill, due to be voted on in the 2nd Ordinary Session of Parliament.
>> I'm not the only one with concerns. This report for the Council of
>> Europe raises concerns that the new bill is a step backward, not forward.
>> <http://dailypost.vu/news/cybercrime-bill-unsafe/article_20246b0c-7b6f-5bba-b766-41dd3de32b80.html
>> <http://dailypost.vu/news/cybercrime-bill-unsafe/article_20246b0c-7b6f-5bba-b766-41dd3de32b80.html>>
>> This is one of dozens of engagements between ITU-funded consultants
>> and small states in the developing world. The report suggests that
>> the ITU's offer of 'technical assistance' is effectively an attempt
>> to subvert the Budapest Convention, to poison the well where
>> international cooperation on cybercrime is concerned, and to use
>> 'child protection' as a lever widen the ITU's own mandate and powers.
>> The effects on the ground are worrying to say the least. As near as I
>> can tell, the proposed bill (linked on the article's page above)
>> knocks holes in human rights protections, and creates alarming search
>> & seizure and surveillance powers for the state. Effectively, we're
>> one bad magistrate away from having a secret police if this becomes law.
>> I'm happy to fight my own battles of course, but I'm raising the
>> issue here because it appears that this is part of an international
>> campaign against a free and open internet as those of us on this list
>> might imagine it.
>> I'd encourage anyone with technical/legal expertise to take a look at
>> the link above, and the cybercrime bill itself, and either to raise
>> any issues here or contact me directly.
>> The CoE report on which the story is based can be found here:
>> <https://www.coe.int/t/dghl/cooperation/economiccrime/Source/Cybercrime/TCY/2014/3021_model_law_study_v15.pdf
>> <https://www.coe.int/t/dghl/cooperation/economiccrime/Source/Cybercrime/TCY/2014/3021_model_law_study_v15.pdf>>
>> -- 
>> Dan McGarry      dmcgarry at imagicity.com <mailto:dmcgarry at imagicity.com>
>> Photos:          http://humansofvanuatu.com/
>>                  http://imagicity.com/
>> _______________________________________________
>   <content deleted>
> -- 
> ------------------------------------------------
> "It is a disgrace to be rich and honoured
> in an unjust state" -Confucius
>  邦有道,贫且贱焉,耻也。邦无道,富且贵焉,耻也
> ------------------------------------------------
> Dr Sam Lanfranco (Prof Emeritus & Senior Scholar)
> Econ, York U., Toronto, Ontario, CANADA - M3J 1P3
> email: Lanfran at Yorku.ca   Skype: slanfranco
> blog:  https://samlanfranco.blogspot.com
> Phone: +1 613-476-0429 cell: +1 416-816-2852
> _______________________________________________
> ccwg-internet-governance mailing list
> ccwg-internet-governance at icann.org
> https://mm.icann.org/mailman/listinfo/ccwg-internet-governance

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ccwg-internet-governance/attachments/20161128/dc049ed9/attachment-0001.html>

More information about the ccwg-internet-governance mailing list