With the explosive growth of the Internet worldwide, computer crimes increasingly are prone to have international dimensions. Some of the challenges faced by law enforcement on the international front include: harmonization of countries' criminal laws; locating and identifying perpetrators across borders; and securing electronic evidence of their crimes so that they may be brought to justice. Complex jurisdictional issues arise at each step. The Department of Justice is working with foreign governments through many channels to address global threats related to computer crime.
On May 10-11, 2004, Attorney General John Ashcroft and Secretary of Homeland Security Tom Ridge met in Washington, DC with the Ministers for Justice and Home Affairs from the G8 countries (Canada, France, Germany, Italy, Japan, Russia, and the United Kingdom) and with the European Commissioner for Justice and Home Affairs. There were four primary topics of discussion: prevention of terrorism and serious criminal acts; border and transportation security; combating cybercrime and enhancing cyber-investigations; and fighting foreign official corruption and recovering stolen national assets. The joint Communiqué issued by the Ministers and additional information is available via the link below.
On November 23, 2001, in Budapest, Hungary, the United States and 29 other countries signed the Council of Europe Cybercrime Convention, the first multilateral instrument drafted to address the problems posed by the spread of criminal activity on computer networks. The Cybercrime Convention will require parties to establish laws against cybercrime, to ensure that their law enforcement officials have the necessary procedural authorities to investigate and prosecute cybercrime offenses effectively, and to provide international cooperation to other parties in the fight against computer-related crime.
The United States actively participated in the drafting of the Cybercrime Convention from the beginning and accepted comments and consulted with interested persons and groups, especially after the draft text was first made public in April 2000. Ambassador Nancy Brinker signed the Convention on behalf of the United States. In order for the Convention to enter into force in the United States, it first must be ratified by the President, after the President receives the advice and consent of the Senate. On November 17, 2003, President Bush transmitted the Convention to the Senate with a view to receiving its advice and consent to ratification. See the full report of the President's Message to the Senate on the Council of Europe Convention on Cybercrime (November 17, 2003).
The Senate Foreign Relations Committee held a hearing concerning the Convention on Cybercrime and other law enforcement treaties on June 17, 2004. Deputy Assistant Attorney General Bruce Swartz testified on the Convention and other Multilateral Law Enforcement Treaties, urging the Senate to give rapid advice and consent to its ratification. See Statement of Deputy Assistant Attorney General Bruce Swartz before the United States Senate Foreign Relations Committee, "Multilateral Law Enforcement Treaties" (June 17, 2004).
On August 3, 2006, the United States Senate voted to ratify the Cybercrime Convention.
On September 22, 2006, the President signed the United States instrument of ratification for the Council of Europe Convention on Cybercrime. The United States became a party to the Convention upon despoit of the instrument of ratification at the Council of Europe on September 29, 2006. The Convention entered into force for the United States on January 1, 2007.
The text of the Convention and its accompanying Explanatory Memorandum are available through the following links:
On November 7, 2002, the Council of Ministers adopted an additional protocol, separate from the main Cybercrime Convention, which addresses racist and xenophobic materials on the Internet. The United States was not a signatory to this protocol.
On October 14, 2004, Assistant Attorney General Laura H. Parsky spoke at the "The Major Challenges of Intellectual Property Protection" Conference in Rome, Italy hosted by the US Mission to Italy and the American Chamber of Commerce in Italy. Her speech addressed the history and strategy of IP enforcement, Italy's cooperation, as well as general IP enforcement challenges. The speech is available via the link below.
Deputy Assistant
Attorney General John Malcolm Remarks before the OECD-APEC Forum:
Policy Frameworks for the Digital Economy, January 15, 2003.
On January 15, 2003, Deputy Assistant Attorney General Malcom's spoke
beofore the OECD-APEC Global Forum that was entitled "Policy
Frameworks for the Digital Economy." Malcom discussed issues that
face all of us, the significant challenges of cybersecurity and cybercrime.
The Organisation for
Economic Cooperation and Development (OECD) announced on August 7, 2002
the completion of "Guidelines for the Security of Information Systems
and Networks: Towards a Culture of Security." These guidelines, which
replace the original guidelines published in 1992, provide a set of principles
to help ensure the security of today's interconnected communications systems
and
networks.
The United States actively served on the OECD Experts Group charged with reviewing and revising the Security Guidelines and reporting its recommendations to the OECD Working Party on Information Security and Privacy (WPISP). The U.S. delegation was comprised of representatives from the Federal Trade Commission and the Departments of State, Commerce, Justice and Treasury. Although the Guidelines are non-binding, they are the product of a consensus between OECD governments resulting from discussions that also involved representatives of the information technology industry, business users and civil society. The press statement and the guidelines are available via the links below.
In September 1995, the Council of Europe adopted eighteen (18) recommendations relating to problems of criminal procedural law connected with information technology. These recommendations are available via the link below.
On January 6, 2001, the European Commission (the executive body for the European Union) issued a Communication . . . to the Council, the European Parliament, the Economic and Social Committee and the Committee of the Regions, titled Creating a Safer Information Society by Improving the Security of Information Infrastructures and Combating Computer-related Crime. This document is commonly referred to as the EC Cybercrime Communication. The Communication addressed such topics as threats, substantive and procedural law issues (e.g., interception of communications, retention of traffic data, anonymous access and use, practical co-operation at international level), and jurisdictional issues, and it proposed both legislative and non-legislative measures as responses to Cybercrime.
In March 2001, the United States Government submitted to the European Commission its response to the Cybercrime Communication.* The response of the USG addressed, point-by-point, the legislative and non-legislative proposals contained in the Communication (e.g., approximating laws in the area of high-tech crime; data retention and preservation, anonymity; promoting security products; and training and forensics).
On June 6, 2001, the European Commission issued a Communication, titled Network and Information Security: Proposal for A European Policy Approach. The Communication discussed network and information security issues, provided an overview of security threats, and set forth a European Policy Approach, which included awareness raising; a European warning and information system; technology support; support for market oriented standardization and certification; legal framework; security in government use; and international co-operation. In November 2001, the United States Government submitted to the European Commission its response to the Network Security Communication.
On November 27, 2001, the European Commission held a meeting, under the auspices of the EU Forum on Cybercrime, on the topic of data retention by Internet and mobile communications service providers. Mark M Richard, Senior Counselor for Law Enforcement Matters at the U.S. Mission to the European Union, delivered a statement on behalf of the United States Government.
(Note: This document reflects the position of the United States at the time of its drafting in 2001. In light of ongoing discussions and evolving policy positions on issues relating to some substantive and procedural issues, it may no longer reflect the official position of the Department or the United States.)
Deputy Assistant Attorney General DiGregory's Remarks before the European Parliament on International Cooperation in Combating Cybercrime, September 19, 2000
On September 19, 2000 Deputy Assistant Attorney General Kevin DiGregory spoke before a conference in the European Parliament that was entitled "Fighting Cybercrime- What are the Challenges Facing Europe?" DiGregory discussed the Transatlantic perspective on combating cybercrime, including international cooperation.
On May 29, 2000, Assistant Attorney General James K. Robinson spoke at the International Computer Crime Conference in Oslo, Norway, on "Internet as the Scene of Crime." His speech addressed the types of computer crime that exist, as well as the legal and technical challenges that face law enforcement and prosecutors in their efforts to combat this crime. The speech is available via the link below.
On September 29, 1999, Deputy Attorney General Eric Holder gave remarks on "Combating Child Pornography on the Internet" at Vienna, Austria International Child Pornography Conference. The conference sought to combat child pornography and exploitation on the Internet and was based on existing international obligations and committments for the protection of children, including the Conventionon the Rights of the Child. The conference built and acted upon commitments undertaken at the Stockholm World Congress against the Commercial Sexual Exploitation of Children (1996) and ongoing initiatives in many countries and regions.
In early 1996 the Organization for Economic Cooperation and Development (OECD) initiated a project on cryptography policy by forming the Ad hoc Group of Experts on Cryptography Policy Guidelines. The Ad hoc Group was charged with drafting Guidelines for Cryptography Policy ("Guidelines") to identify the issues which should be taken into consideration in the formulation of cryptography policies at the national and international level. The Ad hoc Group had a one year mandate to accomplish this task and it completed its work in December 1996. Thereafter, the Guidelines were adopted as a Recommendation of the Council of the OECD on 27 March 1997. The OECD Guidelines and relevant background material are linked below: