It is, it seems, the only treaty dealing with the issues of online fraud, hacking, theft of data, child pornography and damage to data. That seems surprising, since it was agreed on 23 November 2001!
The convention is typical in that it prescribes matters that parties should adopt in local law, although Article 2 provides that it should deal with offences committed internationally as well. The principal areas dealt with are:
- Title 1 – Offences against the confidentiality, integrity and availability of computer data and systems
- Title 2 – Computer-related offences (fraud)
- Title 3 – Content-related offences (child pornography)
- Title 4 – Copyright and related rights
- Title 5 – Aiding, abetting, corporate liability
After setting out the offences, it goes on to deal with matters such as protection of rights, but also preservation of data for investigative purposes. The latter is where things can get murky, as it starts to delve into areas requiring ISPs to do certain things. While every business quite rightly has record-keeping obligations, I trust that these laws will be proportionate and not driven by self-interest of just one stakeholder.
Article 20 deals with real-time collection of traffic data, but notes that the law should be able to
compel a service provider, within its existing technical capability… to produce traffic data, in real-time, associated with specified communications…Let’s hope the focus here doesn’t just end up on theft of copyright material. Better still, let’s hope that rights holders find great ways to easily licence their material!
Matters such as extradition, information sharing for investigations and mutual assistance generally are also dealt with in Chapter III. In summary, this Convention seems like a good thing, but as always, the devil is in the detail (or in this case, the local law).