Home | About this site

LAW COMES TO CYBERSPACE

A presentation at the 11th UN Criminal Congress, 18-25 April 2005, Bangkok, Thailand. Workshop 6: Measures to combat computer-related crime.

By Stein Schjolberg
Chief judge
Moss tingrett Court
Norway

I. INTRODUCTION

Being present here today at a workshop on computer-related crime or cybercrime represents in many ways the story of my life. I still remember the luncheon meeting in Washington D.C. in the summer of 1976 with Telly Kossack, then an Assistant Attorney General at the U.S. Department of Justice, when he spoke for two hours of something he called computer crime.

With great assistance from the U.S. Department of Justice and the FBI in the late 1970’s, I began on the long struggle for computer crime laws on the national level in Norway and for the international harmonization of such laws.

Then an Ass. Commissioner of police in Oslo, Interpol was the natural choice. In conjunction with an Interpol conference on computer crime in 1981 1), I organized a survey of Interpol member countries on computer crime and penal legislation and identified several problems in the application of existing penal legislation.

I met with the OECD in Paris in September 1982 and we decided on organizing a new survey of OECD member countries, and to summon to a meeting on the legal aspects of computer criminality with selected European individuals at the OECD in Paris in May 1983. The wheels were put in motion. That meeting was later expanded to the OECD expert committee. This committee made a proposal in 1986 for, the so-called OECD Recommendation.

The Council of Europe Recommendation of 1989 was very much based upon the work at the OECD. And the chapter on substantive criminal law in the Council of Europe Convention on Cybercrime is to a great extent based on the 1989 Recommendation.

II. THE GLOBAL LEGAL FRAMEWORK ON CYBERCRIME

Cybercrime laws
The G 8 countries established in 1997 the Subgroup of High-Tech Crime. At a meeting in Washington D.C. in 1997 2), the G8 countries adopted Ten Principles in the combat against computer crime. The goal was to ensure that no criminal receives “safe havens” anywhere in the world.

At the last Meeting of G-8 Justice and Home Affairs Ministers in Washington D.C., on May 10-11, 2004 3), a joint communiqué was issued, including as follows:

“Continuing to Strengthen Domestic Laws. To truly build global capacities to combat terrorist and criminal uses of the Internet, all countries must continue to improve laws that criminalize misuses of computer networks and that allow for faster cooperation on Internet-related investigations. With the Council of Europe’s Convention on Cybercrime coming into force on July 1, 2004, we should take steps to encourage the adoption of the legal standards it contains on a broad basis”

Stanford University in California, organized in December 1999 a Conference on International Cooperation to Combat Cyber Crime and Terrorism. Based on the experience at the conference, Stanford University introduced in 2000 a Proposal for an International Convention on Cyber Crime and Terrorism 4).

A United Nations Resolution was adopted by the General Assembly in 2000 on combating the criminal misuse of information technologies 5). In this resolution it was noted the value of certain measures to combat the criminal misuse of information technologies, including:

“a. States should ensure that their laws and practice eliminate safe havens for those who criminally misuse information technologies.

e. Legal systems should protect the confidentiality, integrity and availability of data and computer systems from unauthorized impairment and ensure that criminal abuse is penalized.”

In the European Union, the Commission of the European Communities presented on April 19, 2002 a proposal for a Council Framework Decision on attacks against information systems 6).

The Council of Europe Convention on Cybercrime
7) is a historic milestone in thecombat against cyber crime. Member States of the Council of Europe should complete the ratification of the Council of Europe Convention on Cybercrime of 2001, and other States should evaluate the advisability of implementing the principles of the Convention, and consider the possibility of acceding to that Convention.

In a joint statement at the Ministerial Meeting in Santiago, Chile, November 17 - 18, 2004, APEC 8) leaders agreed to strengthen the respective economies ability to combat cybercrime by enacting domestic legislation consistent with the provisions of international legal instruments, including the Convention on Cybercrime (2001), and relevant United Nations General Assembly Resolutions.

The Fifth Meeting of Ministers of Justice or of Ministers or Attorneys General of the Americas in Washington D.C. on April 28-30 9), 2004, approved conclusions and recommendations to the General Assembly of the OAS, including as follows:

“That Member States evaluate the advisability of implementing the principles of the Council of Europe Convention on Cybercrime (2001), and consider the possibility of acceding to that convention.”

Cybercrime laws have, according to my knowledge, never included laws to control illicit drug trafficking. I do not recommend such a development. Computer-related crime or Cybercrime are traditionally well defined and should not be mixed up with other categories of crimes. Based on the Council of Europe Convention on Cybercrime and the United Nations recommendation, we may reach our goal of a global legal framework against cybercrime.

Courts case laws

The next logical step would be to include the courts case laws. An appropriate international legal instrument for the standardization and integration of Supreme Court decisions on the Internet should be established. The Supreme Court or High Court decisions on cybercrimes should, when posted in their native language on the Internet, have a short case summary with possibilities of a multilingual retrieval systems based on structured classifications or keywords.

The second level would be the retrieval system. By using tested search technology global surveillance, structuring, and presentation/distribution of relevant information should be organized. The end-user would then, through a website, be presented with an easy-to-use interface where all search-parameters regarding cybercrime courts case laws are pre-defined.

III. THE INTERNATIONAL CRIMINAL COURT

The Rome Statute of the International Criminal Court was established in 1998, when 160 countries participating at a conference adopted the Statute 10). This court is the first ever permanent, treaty based, independent international criminal court, established to promote the rule of law and ensure that the gravest international crimes do not go unpunished. The Statute entered into force on July 1, 2002, and it has been signed by 139 countries and ratified by 98 countries. The Court does not replace national courts; the jurisdiction is only complementary to the national criminal jurisdictions. It will investigate and prosecute if a State, party to the Statute, is unwilling or unable to prosecute. Anyone, who commits any of the crimes under the Statute will now be liable for prosecution by the Court.

Article 5 limits the jurisdiction to the most serious crimes of concern to the international community as a whole. This may also be understood as an umbrella for future developments 11). The article describes the jurisdiction as including crimes of genocide, crimes against humanity, war crimes and the crimes of aggression. In the final Conference for the establishment of an international criminal court 12), other serious crimes such as terrorism and drug crimes were discussed, but the conference regretted that no generally acceptable definition could be agreed upon. The conference recommended that a review conference pursuant to the article 123 of the Statute of the International Criminal Court consider such crimes with the view of their inclusion in the list within the jurisdiction of the Court. Thus, Article 5 does not exclude the list to be expanded to other most serious crimes of concern to the international community as a whole.

I recommend that the International Law Commission should be invited to resume work on a proposal for amendments of the Rome Statute of the International Criminal Court in 2009, in accordance with article 121 and 123 with jurisdiction to include cyberterrorism and serious cybercrimes. Serious cybercrimes may be understood as defined in the Council of Europe Convention on Cybercrime of 2001, or another acceptable definition.

With a reference to the diplomatic conference in Rome, July 17, 1998 13), and the recommendation on expanding the Statute of the International Criminal Court to include crimes of terrorism, cyberterrorism should also be included in the amendments.

Being one of the founders of the international harmonization of computer crime laws I have three recommendations:

IV. RECOMMENDATIONS


1. Recommends that the Member States of the Council of Europe should complete the ratification of the Council of Europe Convention on Cybercrime of 2001, and that other States evaluate the advisability of implementing the principles of the Convention, and consider the possibility of acceding to that Convention. I strongly advice ratification or acceding to the Convention.

2. Recommends that the Review Conference in 2009 pursuant to Article 123 of the Rome Statute of the International Criminal Court consider the crimes of cyberterrorism and cybercrimes with a view to arriving at an acceptable definition and their inclusion in the list of crimes within the jurisdiction of the Court.

I would like to close my presentation by citing professor Peter Grabowsky, Australia:

“Those who fail to anticipate the future are in for a rude shock when it arrives”

Thank you for your attention

 

Footnotes:

1) The First Interpol Training Seminar for Investigators of Computer Crime, Saint-Cloud, Paris, France, December 7-11, 1981. The keynote speaker at the conference was Donn B. Parker, SRI International, USA, and the “founder” of the combat against computer crime.

2) The Washington Communiqué of December 10, 1997

3) See http://www.usdoj.gov/ag/events/g82004/index.html

4) See http://cisac.stanford.edu

5) The resolution was adopted by the General Assembly on December 4, 2000 (A/res/55/63)

6) See http://europa.eu.int/information_society/topics/telecoms/internet/crime/index_en.htm

7) See http://conventions.coe.int/Treaty/en/Treaties/Html/185.htm

8)See: http://www.apecsec.org.sg/apec/ministerial_statements/annual_ministerial/2004_16th_apec_ministerial.html

9) See http://www.oas.org/

10) See www.icc-cpi.int/about/ataglance/history.html

11) See www.un.org/law/icc/statute/99_corr/2.htm

12) Final Act of the United Nations diplomatic conference of plenipotentiaries on the establishment of an International Criminal Court, Rome July 17, 1998 (U.N. Doc. A/CONF.183/10)  

13) See no. 12