The US Senate this month agreed to ratify the Council of Europe’s Convention on Cybercrime.

The convention, which came into force in some territories in 2004, was drawn up to harmonise measures against computer crime across the globe. Countries signing up to the treaty are expected to prohibit various IT crimes under national law; adopt best practices to investigate offences; and cooperate with other countries to aid investigations.

The US Senate said that ratification will improve its work with other governments to fight offences such as computer hacking and money laundering. It also expects the move will help the US gain assistance from other nations in fighting computer crime and prosecuting cross-border offences.

According to experts, US law is already largely compliant with the convention, so ratification is a partly symbolic gesture. However, it still attracted criticism from some parts.

According to reports, the Electronic Frontier Foundation, a San Francisco-based free speech campaign, expressed concern about the lack of a dual-criminality requirement within the international cooperation element. It argued that this would mean other countries would be obliged to spy on their citizens at the request of the US, for example – even if those citizens were not suspected of contravening the laws of their own nation.

IT lawyer George Gardiner said that the dual-criminality concerns were unfounded, however. “The whole point is to harmonise the approach to cybercrime, so countries agree on what constitutes an offence,” he said. So, for example, ISPs and other firms would not be asked to preserve evidence unless it related to possible offences agreed by both countries.

Gardiner added that applications of the convention may also be challenged under other laws, such as the US Constitution and the European Human Rights Act. “The challenge might come after [a request for international cooperation under the convention] has been complied with, though. If local authorities receive a request and just carry it out, there’s a huge scope for abuse,” he said.

Fifteen European nations, including France and Norway, have fully ratified the final document, but the UK has yet to do so. Gardiner said that it is unclear to what extent the UK complies with the convention through current national laws such as the Computer Misuse Act.
http://conventions.coe.int/Treaty/en/Treaties/Html/185.htm