[ccwg-internet-governance] Fwd: [Internet Policy] ITU circumventing Budapest Convention?
Dr. Tatiana Tropina
t.tropina at mpicc.de
Mon Nov 28 20:28:46 UTC 2016
> I also agree that the ITU has no mandate and also no knowledge in th
> area. They tried to gain traction by offing some capacity building
> money but even this failed as the itu could not follow thru on this
> since it had no experts.
I think ITU was trying to take over (2008 - 2010) when it was obvious
that no other international organisation was dealing with this issue on
practice on the global scale. Except Council of Europe, but ITU probably
decided they were more "global" and thus can compete or at least tackle
the areas that Council of Europe didn't cover. But due to the lack of
mandate and lack of actual understanding where to go ITU's efforts were
rather strange. For example, they published the ITU Toolkit for
cybercrime legislation that was supposed to help developing countries to
meet their "special needs" in bringing their legislation into conformity
with international standards. This toolkit was developed by American Bar
Association and it didn't have much to do with either developing
countries' needs or international cybercrime standards. I can say this
openly - I was criticising this Toolkit at times when it was published
(even co-authored an article about its shortcomings). So when the UNODC
kind of "took over" it looked like a logical step, again, for the time
> Also i had thought that the UNODC who is in charge of cybercrimes. I
> have not followed the, closely but thought that when they finally had
> gotten a new head things would move faster and they would be providing
> more capacity building in this area
UNODC has this mandate. What they are doing with it is another story.
There were hopes that UNODC would take over as a body that will set
cybercrime standards on the global level, e.g. UN Cybercrime convention
or something like this. UNDOC - with this in mind - carried out the
so-called Global Comprehensive Study on Cybercrime (published in 2013),
which as a study was really good and comprehensive. However, in the
beginning of 2013, when the study was published, the meeting in Vienna
didn't approve the UNODC's call for the global convention on cybercrime.
Only the study itself (as a document) got kind of approved, basically it
was like saying "well done, so what".
The reason was, as I said, that countries who are parties of the
Budapest Convention do not want to lower the standards - this would be
inevitable with the UN-led solution, probably. So it was decided that
the Study will get translated into the official UN languages and the
results will be forwarded further to Crime Commission, but nothing
substantial happened since then, at least not to my knowledge. UNODC is
dealing with cybercrime, but more in a kind of legislation repository
and some capacity building. But to effectively set the standards in
cybercrime legislation, capacity building and repository is sure not
enough, there is now a pressing need for kind of harmonisation of
criminal procedure measures and mutual legal assistance. Up to now, it
is only Council of Europe who is taking substantive efforts in this
field (except some bilateral treaties and some EU efforts to harmonise
mutual legal assistance on criminal matters in general).
I think the UN (be it UNODC or ITU) was too late to address the issue
effectively - it is CoE that is really setting standards. They (CoE) did
start earlier and they managed to accumulate resources, knowledge and
broad engagement and leveraged this from the regional to international
level going with this instrument far outside of Europe.
I am sorry if this all goes far outside the IG interests of this group!
...and a disclaimer - all I write here is about cybercrime.
Cybersecurity is a different beast! :-)
Disclaimer 2 - I wrote all this in my personal capacity.
> Sent from my iPad
> Judith at jhellerstein.com <mailto:Judith at jhellerstein.com>
> Skype ID: judithhellerstein
> On Nov 28, 2016, at 2:55 AM, Dr. Tatiana Tropina <t.tropina at mpicc.de
> <mailto:t.tropina at mpicc.de>> wrote:
>> Dear all,
>> I have not written to this list yet though I am reading it :-) as
>> someone who has been working in the field of cybercrime legislation
>> for quite a number of years and is well aware of the ITU-EU projects,
>> I feel like I need to bring my 2c.
>> While I am a big supporter of the CoE cybercrime convention and in
>> general I do oppose the ITU-EU developed model laws (I was myself
>> participating in one of those project in Caribbean and frankly
>> speaking I don't see the value in such "hamronsiation" and rather see
>> it as further fragmentation of approaches), I find this article about
>> Vanuatu provided in the email very alarmist and to some extent incorrect.
>> Just some background - while cybercrime convention is very important,
>> many countries are not a party of it. It would be completely unfair
>> to say that they - or ITU or UN for that matter - are circumventing
>> the convention. ITU is certainly out of play in the cybercrime field
>> now. The lost the mandate on the legislative help on cybercrime to
>> UNDOC in 2010 after trying hard (they even published a model
>> legislative language for developing countries that later was taken
>> down from the web site) and UNODC later in 2013 failed to push
>> forward the Comprehensive Study on Cybercrime that called for global
>> convention - failed because of the strong support of the Council of
>> Europe Convention from the states that are a party of it and that
>> strongly opposed the UN-led solution. It has been a deadlock and the
>> Council of Europe is the only body that has a long-term existing and
>> working solution that is constantly being worked on. Neither ITU nor
>> UN can really circumvent it or create something meaningful in response.
>> ITU-EU sponsored projects were meant to enhance connectivity and
>> security and ICT policy in different regions like Caribbean or small
>> countries in Asia-Pacific. I do find it a failed attempt because they
>> do not really contribute to the real legal cooperation in cybercrime.
>> However, they were launched well before it was clear that UNODC or
>> ITU can't push for a global solution and that this "help" will be so
>> patchworked. So it's not something ITU is plotting now, the ITU-EU
>> projects are being carried out from 2010 and frankly speaking I don't
>> think anyone really believes they would be as successful as planned.
>> Many people realised that it was better to push for meaningful
>> solution like Budapest convention instead of creating competing
>> approaches that do not give real instruments for international
>> cooperation and mutual legal assistance.
>> I am very well aware of the content of model laws and from this point
>> of view the article about Vanuatu law is misleading, e.g. in terms of
>> what "illegal devices" mean in the ITU/EU laws. This might get
>> misinterpretations on the national level during adoption, but the
>> cybercrime model laws for the ITU/EU projects were drafted quite
>> closely to the Budapest convention actually though with some strange
>> novelties such illegal remaining. But illegal remaining does exist in
>> some laws and has been widely discussed in professional circles as
>> one of the possible forms of criminalisation. The model laws were
>> drafted by the academics that at times were at the forefront of
>> cybercrime legal discussions.
>> I am not defending the ITU laws, I never liked them and was against
>> some of the provisions, but at the end they were not that bad, just
>> mostly useless from practical point of view. There are some lessons
>> learnt since then - and for many of us one of them that there is
>> nothing better that Budapest convention yet, however, the process
>> with ITU/EU model laws started well before we lawyers learnt this.
>> At the end of the day - and article (unknowingly, I think) confirms
>> it - the laws are adopted on the national level and sometimes are
>> narrowed down, sometimes expanded. ITU has no control on this process
>> and it's only national jurisdictions and legislators who are
>> responsible for drafting them. Shifting this debate to the ITU that
>> has not done much in this area of legislating crime for quite a long
>> time - and frankly speaking - I don't see it taking over in this
>> field in the nearest future because it has neither mandate nor real
>> resources - it simply wrong. One either have to work on the national
>> level or to put otherwise political pressure on the governments who
>> adopt national laws like that.
>> To really fight against poorly drafted solution one really needs good
>> legal arguments related to the poor construction of cybercrime
>> offences or poor oversight of investigatory powers (which frankly
>> speaking is not only the case of Vanuatu - look at the current debate
>> in the UK regarding the newly adopted legislation).
>> If anyone on this list is interested in getting to know more of
>> political/historical/legal context on this - happy to assist.
>> Warm regards
>> On 28/11/16 02:49, Sam Lanfranco wrote:
>>> Since there is a sense of urgency here I am quickly posting the
>>> following which may be additional useful information.
>>> It may be good counterpoint to what is proposed in Vanuatu... I will
>>> compare contents but that will take a day or so.
>>> Sam L.
>>> The European Union Agency for Network and Information Security
>>> (ENISA) is a centre of expertise for cyber security in Europe. It
>>> has just published a 60 page booklet Good Practice Guide on National
>>> Cyber Security Strategy. The booklet (in English) can be downloaded
>>> at: https://www.enisa.europa.eu/publications/ncss-good-practice-guide
>>> ENISA published its first National Cyber Security Strategy Good
>>> Practice Guide in 2012. Since then, EU Member States and EFTA
>>> countries have progressrf in developing and implementing their
>>> strategies. This guide is updating the different steps, objectives
>>> and good practices of the original guide and analyses the status of
>>> NCSS in the European Union and EFTA area. The aim is to support EU
>>> Member States in their efforts to develop and update their NCSS.
>>> Therefore, the target audience of this guide are public officials
>>> and policy makers. The guide also provides useful insights for the
>>> stakeholders involved in the lifecycle of the strategy, such as
>>> private, civil and industry stakeholders.
>>> On 11/27/2016 6:35 PM, Greg Shatan wrote:
>>>> I am forwarding this email which is of considerable interest on
>>>> several levels.
>>>> ---------- Forwarded message ----------
>>>> From: *Dan McGarry* <dmcgarry at imagicity.com
>>>> <mailto:dmcgarry at imagicity.com>>
>>>> Date: Sun, Nov 27, 2016 at 5:01 PM
>>>> Subject: [Internet Policy] ITU circumventing Budapest Convention?
>>>> To: "internetpolicy at elists.isoc.org
>>>> <mailto:internetpolicy at elists.isoc.org>"
>>>> <internetpolicy at elists.isoc.org
>>>> <mailto:internetpolicy at elists.isoc.org>>
>>>> As a media professional and technologist with over 2 decades'
>>>> experience, I am deeply concerned about Vanuatu's proposed
>>>> cybercrime bill, due to be voted on in the 2nd Ordinary Session of
>>>> I'm not the only one with concerns. This report for the Council of
>>>> Europe raises concerns that the new bill is a step backward, not
>>>> This is one of dozens of engagements between ITU-funded consultants
>>>> and small states in the developing world. The report suggests that
>>>> the ITU's offer of 'technical assistance' is effectively an attempt
>>>> to subvert the Budapest Convention, to poison the well where
>>>> international cooperation on cybercrime is concerned, and to use
>>>> 'child protection' as a lever widen the ITU's own mandate and powers.
>>>> The effects on the ground are worrying to say the least. As near as
>>>> I can tell, the proposed bill (linked on the article's page above)
>>>> knocks holes in human rights protections, and creates alarming
>>>> search & seizure and surveillance powers for the state.
>>>> Effectively, we're one bad magistrate away from having a secret
>>>> police if this becomes law.
>>>> I'm happy to fight my own battles of course, but I'm raising the
>>>> issue here because it appears that this is part of an international
>>>> campaign against a free and open internet as those of us on this
>>>> list might imagine it.
>>>> I'd encourage anyone with technical/legal expertise to take a look
>>>> at the link above, and the cybercrime bill itself, and either to
>>>> raise any issues here or contact me directly.
>>>> The CoE report on which the story is based can be found here:
>>>> Dan McGarry dmcgarry at imagicity.com <mailto:dmcgarry at imagicity.com>
>>>> Photos: http://humansofvanuatu.com/
>>> <content deleted>
>>> "It is a disgrace to be rich and honoured
>>> in an unjust state" -Confucius
>>> Dr Sam Lanfranco (Prof Emeritus & Senior Scholar)
>>> Econ, York U., Toronto, Ontario, CANADA - M3J 1P3
>>> email: Lanfran at Yorku.ca Skype: slanfranco
>>> blog: https://samlanfranco.blogspot.com
>>> Phone: +1 613-476-0429 cell: +1 416-816-2852
>>> ccwg-internet-governance mailing list
>>> ccwg-internet-governance at icann.org
>> ccwg-internet-governance mailing list
>> ccwg-internet-governance at icann.org
>> <mailto:ccwg-internet-governance at icann.org>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ccwg-internet-governance