On 7/8 March, the Netherlands Presidency of the EU organized an Expert Conference on Jurisdiction in Cyberspace in Amsterdam. The Dutch Presidency has put as a priority in the EU Agenda the issue of operational cooperation between Law Enforcement Authorities within the EU and, more broadly, the need to review obstacles to criminal investigations on Cybercrime (notably on issues of competent Jurisdiction and rules on access to evidence and information).
Cybercrime was branded by the World Economic Forum as among the “top ten global risks” in 2015 and was a key theme of the 2016 Forum in Davos. Speakers welcomed a set of WEF recommendations on public/private partnership to address Cybercrime.
During this week Conference, representatives from the Judiciary, the Law Enforcement Agencies, national Ministries, private companies and Academia discussed on those jurisdictional issues that currently hamper the effective Rule of Law in Cyberspace. The borderless nature of Internet does not fit well with the concept of territorial Jurisdiction. However, Jurisdiction and Laws do still have borders.
Experts discussed around three main issues:
- how to create more effective Mutual Legal Assistance (MLA) processes in order to accommodate specific needs in gathering electronic evidence
- how to avoid or minimize conflicting regulations that hamper cooperation with private parties
- on legal challenges when it cannot be determined the origin of a given cyber-attack
The issue of location can be very frustrating for a Law Enforcement Agency when the victim, the suspect, the crime committed are all in its country, but the e-evidence is in another country. Moreover, the issue of the applicable Law is also an important element and questions might raise about what Data Protection Law applies to the concrete case (e.g. Yahoo, Skype, Microsoft Cases).
Discussants stressed the role of the Council of Europe Convention on Cybercrime, the so-called Budapest Convention, the first international Treaty on crimes committed via the Internet and other computer networks (dealing particularly with infringements of copyright, computer-related fraud, child pornography and violations of network security). The Budapest Convention constituted a first step forward with the objective to pursue a common criminal policy aimed at the protection of society against Cybercrime, inter alia, by adopting appropriate legislation and fostering international cooperation (e.g. Art. 18 on production order).
Participants exchanged views on how to improve international Law Enforcement cooperation mechanisms in order to work towards a common understanding on the way forward. Lively discussions followed on the importance to modernize and streamline existing mechanisms (like MLA) to adapt them to the needs of Cyber-investigation (e.g. expeditous data gathering). While at the same time maintaining their basic principles, which remain valid and are necessary guarantees and safeguards in terms of protecting the Fundamental Rights of the individuals, the legal certainty for companies and the needs of a fair process. All these principles are highly aligned with the ICC Document No. 373/512.
In his concluding remarks on behalf of the Netherlands Presidency of the EU, Arie Ijzerman, from the Dutch Ministry of Security and Justice, stressed the importance to avoid safe havens for cyber criminals for a sustainable Internet. The forthcoming Slovak Presidency will follow-up the discussion building on the work done by its predecessor and assessing how far concrete proposals can be put on the table.