European conference sets agenda for cybercrime fight

The Council of Europe has called for a worldwide implementation of its Convention on Cybercrime to fight the growing problem of economic crime on the web.

During the fifth annual CoE conference on cybrecrime in Strasburg this week, participants spoke in favour of greater international cooperation in sharing existing tools, instruments, best practices and initiatives. The conference also heard calls for improved co-operation between law enforcement and industry (ISPs, IT firm and national CETS).

Delegates also backed requests for ICANN to tighten up domain name registration processes to make life more difficult for spammers and other riff-raff. It was suggested that police ought to able to use the WHOIS database to fight cybercrime, while protecting the privacy of individual registrants - arguably a competing goal.

Russia and China both recently tightened up their domain registration process, requiring photo ID before authorities allocate new domains, for example. The measures have been welcomed by security watchers, even though rumours suggests ID-forging services designed to circumvent the new checks have already emerged in the digital underground.

The conference also considered the security and privacy implications of greater use of cloud-based technology, making a number of recommendations.

In order to meet the law enforcement and privacy challenges related to cloud computing existing instruments on international cooperation – such as the Data Protection Convention (CETS 108) and the Budapest Convention – need to be applied more widely and efficiently.

Additional international standards on law enforcement access to data stored in the “clouds” may need to be considered.

Globally trusted privacy and data protection standards and policies addressing those issues need to be put in place and the Council of Europe is encouraged to continue addressing these issues in its standard- setting activities as well as by the Global Project on Cybercrime.

Eurocrats called for an upcoming UN convention on cybercrime in Salvador, Brazil to adopt Europe's approach as a globally-applied action plan for fighting cybercrime, electronic espionage and related threats.

Council of Europe Deputy Secretary General Maud de Boer-Buquicchio told delegates: “The UN Crime Congress in April 2010 will be an opportunity to reinforce our global response to the global threat of cybercrime and cyberterrorism.

"I think we will have the best chance to succeed if we unite around one international instrument which already exists – namely the Council of Europe Cybercrime Convention.”

A total of 29 countries, mostly European but also including the USA, have ratified the Budapest Convention since its adoption in 2001. Portugal and Montenegro announced the ratification of the Convention at the conference this week while Argentina made a request for adopt the treaty.

Nineteen countries have signed but not ratified the Treaty, including the UK and Spain. The convention provides guideline for any country developing comprehensive national legislation against cybercrime as well as framework for international cooperation.

Around 300 cybercrime experts from some 60 countries took part in the CoE cybercrime conference this week. Topics on the agenda included mapping networks and combating online child pornography, as well as training for judges and prosecutors. Human rights and privacy have already been pencilled into the agenda of next year's conference.

A summary of the main conclusions of the conference and background information on the Council of Europe's cybercrime busting efforts can be found here. ®