March 11, 2009, 1:30 PM — Countries are ratifying the only global cybercrime treaty slower than expected, but many are closer to implementing it, a senior Council of Europe official said Wednesday.
The Convention on Cybercrime, adopted in 2001, defines legal guidelines for countries seeking to establish effective laws against computer crime. The Council of Europe (COE), an organization composed of 47 European countries, has spearheaded a drive to help countries either create computer crime laws or bring existing ones in line with the treaty.
So far 24 countries have ratified it, with Germany being the latest one earlier this week. Twenty-three others have signed it but not ratified it. The COE was hoping that as many as 40 countries would have ratified it by the year, but the pace has been slower than expected, said Alexander Seger, head of the COE's economic crime division.
"When we look at every single case, there is an explanation," Seger said during an interview Wednesday at the COE's International Conference on Cybercrime in Strasbourg, France. "On the other hand, I also believe countries should have made stronger efforts."
There are other reasons. One is that countries must have fully implemented laws complying with the treaty before they can sign it, Seger said. That's different from other international treaties, where countries can often sign on before complying, he said.
It means that nations must first revise their own laws, a process that takes time and can be disrupted by changes in administrations.
"There are sometimes long discussions that take place," Seger said.
Since 2006, the COE has provided legal expertise to help countries comply with the treaty. The first phase of the project, called the Project on Cybercrime, ended last month. The Council, Microsoft and Estonia provided funds for the €1.2 million (US$1.5 million) program, Seger said.
The second phase of the program started last month and will run through June 2011. It will again focus on legislative compliance and other initiatives, such as the 24/7 Network. Under the treaty, countries are required to have a computer security professional on hand at all times in order to assist other countries with breaking cybercrime investigations.
Many countries are very close to ratifying the Convention. Countries outside the COE are invited to accede to the treaty, which means they conform to it like a COE member state.
In a few weeks, Serbia's Parliament is expected to ratify the treaty, Seger said. The Dominican Republic has also passed a good computer crime law, putting it on the path to accession.
Strong progress is also being made in Asia, where the Council expected less enthusiasm since the treaty originated in Europe.
"The doors are wide open," Seger said. "It shows that countries are really looking for guidance in how they can cope with new technologies, the regulatory framework and how to deal with cybercrime."
The Philippines has been invited to accede to the Convention along with Mexico and Costa Rica. Indonesia is also almost 90 percent complete in its cybercrime law development, Seger said.
Laos and Cambodia do not have specific computer crime laws. However, the Council has translated the Convention into Lao, which has kick-started work in that country. Vietnam is undertaking a rewrite of its criminal code and also asked for assistance. Vietnam wants "us to come as soon as possible," Seger said.
This year, the Council has seen seven new countries attend the cybercrime conference, including Congo, Kenya, and Botswana, Seger said. Sixty-five countries were represented last year; 72 are represented at the conference this week.