Cybercrime convention

PROCEDURAL POWERS UNDER THE CYBERCRIME CONVENTION FROM THE (EUROPEAN) HUMAN RIGHTS

PERSPECTIVEMarko Jurić

University of [email protected]

Convention on Cybercrime

Budapest, 2001

Signed by Moldova in 2001, entered into force in 2009

Scope of Cybercrime Convention

Substantive criminal law (criminal offences to be established under domestic law)Procedural law (six procedural powers to be established under domestic law)

Rules on international co-operation

Convention on Cybercrime: Section 2

Art. 16: Expedited

preservation of stored

computer data

Art. 17: Expedited

preservation and partial

disclosure of traffic data

Art. 18: Production

order

Art. 19: Search and seizure of

stored computer data

Art. 20: Real-time collection of traffic data

Art. 21: Interception of content data

PROCEDURAL POWERS NECESSARY TO DETECT, INVESTIGATE AND PROSECUTE CYBERCRIME

Art. 15: Conditions and

safeguards

NECESSARY TO SAFEGUARD HUMAN RIGHTS & FREEDOMS

Procedural powers restrict fundamental human rights and freedoms

1. Right to respect for private and family life, home and correspondence [ECHR Article 8]

2. Right to freedom of expression [ECHR Article 10]

3. Right to freedom of assembly / association [ECHR Article 11]

4. ...

Procedural powers defined in Section 2 of the CC are subject to conditions and safeguards

A. Relevant international human rights treaties, Art. 15(1)

B. Conditions and safeguards specified in the Cybercrime Convention, Art. 15(2)

International human rights treaties

■International law– European Convention on Human Rights (ECHR)– International Covenant on Civil and Political

Rights (ICCPR)■European Union law

– Charter of Fundamental Rights of the EU

Requirements under the ECHR and ICCPR

Restriction is prescribed by law (in accordance with the rule of law)

Restriction pursues legitimate aim

Restriction is necessary in a democratic society

Restriction pursues legitimate aim(s)

Prevention of crime

Protection of national security / public safety

Protection of economic well-being of the country

Restriction must be prescribed by law

There is a legal basis for a restriction in national law

National legal rules are accessible

National legal rules are precise and foreseeable

There are adequate safeguards against arbitrary application of national law

Restriction must be necessary in a democratic society

There is a pressing social need for a restrictionRestriction is proportionate to the aims pursued

Requirements under the Cybercrime Convention, Art. 15(2)

(1) application of the principle of proportionality(2) judicial or other independent supervision(3) grounds justifying application(4) limitation of the scope and the duration of such power or procedure

Surveillance of communications – ECtHR’s case-law1. Klass and others v Germany2. Weber and Saravia v Germany3. Liberty and others v UK4. Association for European Integration and Human Rights and

Ekimdzhiev v Bulgaria5. Iordachi and Others v Moldova6. Kennedy v UK7. Zakharov v Russia8. ...

Minimum safeguards according to the ECtHR■ nature of offences which may give rise to surveillacne■ definition of the categories of people liable to have their

communication intercepted■ limit on the duration of surveillance■ procedure to be followed for examining, using and storing the data

obtained■ precautions to be taken when communicating the data to other

parties■ circumstances in which recordings may or must be erased or

destroyed

Offences which may give rise to interception order

Cybercrime convention: interception is applicable „in relation to a range of serious offences to be determined by domestic law”

National law: measure to be used in relation to serious, very serious or exceptionally serious offences, as defined in Criminal

Code

ECtHR: “more than one half of the offences provided for in the Criminal Code fall within [these categories]”

Persons who are liable to have their communications intercepted

National law: suspect, defendant or other person involved in a criminal offence

ECtHR: “who exactly falls within the category of “other person involved in a

criminal offence”?

Persons who are liable to have their communications intercepted

National law: suspect, defendant or person „who may have information about an offence,

or other information relevant to the case”

ECtHR: there are no clarifications in national legislation or case-law as to how these terms

are to be applied in practice

Duration of a measure

Not necessary to provide strict statutory limitation of overall duration of a measure

But, national legislation should prescribe: - initial duration of a measure

- conditions under which an order can be renewed- Obligation to discontinue measure when it is no longer

necessary

Obligation to destroy data

- in a reasonable time after the investigation, if person concerned was not charged

- if person was charged, state has wider margin of appreciation

- but, data which are not relevant for the purpose for which they have been collected should be deleted immediately

Authorisation of a measure

■ Competent authority– Court– non-judicial authority, if it is sufficiently independent

■ Scope of review– Verify the existence of factual basis necessary to authorize the

measure– Verify that necessity / proportionality requirement is satisfied

■ Content of the authorisation order must identify– Specific person, or– Single set of premises

Direct access to communications

System which enables authorities to intercept communications directly... without requiring them to

show an interception authorization to service provider, or anyone else, is particularly prone to

abuse...

Supervision

1. Supervisory body must be independent of authorities carrying out the measure

2. Must have sufficient powers and competences to exercise effective and continuous control

Thank you!

[email protected]