~ 1 ~ Noting that states share sovereignty in cyberspace and have a common interest in its regulation and protection;

Transcription

1 ~ 1 ~ Draft Resolutions Section 4 Preamble The participants of the Preparatory Colloquium for Section IV held in Helsinki from 9 to 12 June 2013 propose the following resolutions to the XIX International Congress of Penal Law, to be held in Rio de Janeiro from 31 August to 6 September 2014: Considering that people s lives in the 21 st century are heavily influenced and shaped by information and communication technology (ICT) as well as by the opportunities and risks that accompany information society and cyberspace, and that therefore crimes in these areas affect important personal and collective interests; Noting that states share sovereignty in cyberspace and have a common interest in its regulation and protection; Recognizing that states have made considerable efforts to vest jurisdiction and determine the locus delicti of offences that may affect the integrity of ICT systems and cyberspace as well as the related interests of persons and society; Keeping in mind the particularities of cyberspace, such as the speed at which data flows, its volatility, and the fact that it can be accessed anywhere in the world; Recognizing further the difficulties in localizing information and evidence in cyberspace; Stressing the fundamental importance of the protection of human rights, in particular the principle of legality, the right to privacy, the right to a fair trial, the principle of proportionality in the investigation and prosecution of offences, and in general all the rules and principles regarding due legal process; Referring to international and regional instruments that seek to guide and coordinate efforts and to harmonize legislation, such as the Budapest Convention on Cybercrime of 23 November 2001, EC E-Commerce Directive 2000/31/CE, EU Framework Decision 2005/222/JHA on attacks against information systems, EC Data Retention Directive 2006/24/CE, the Commonwealth of Independent States Agreement on Cooperation in Combating Offences related to Computer Information of 2001, the Arab Convention on Combating Information Technology Offences of 2010, the Shanghai Cooperation Organization Agreement on Cooperation in the Field of International Information Security of 2010, and the draft African Union Convention on the Establishment of a Legal Framework Conducive to Cybersecurity in Africa of 2012; Building on the debates and resolutions of past International Congresses of Penal Law, especially the resolutions of Section II of the XV International Congress (1994) held in Rio de Janeiro, on computer crimes and other crimes against information technology, and the

2 ~ 2 ~ resolutions of Section IV of the XVIII International Congress (2009) held in Istanbul, on universal jurisdiction; recommend the following: A. General Considerations 1. States should develop a coherent response to the challenge of cybercrime, in particular by keeping their legislation and practice under review in order to ensure that their criminal law, criminal procedure and mutual legal assistance regimes meet the needs of today s interconnected globalised world. 2. States should consider acceding to existing international instruments on cybercrime or developing further international legal mechanisms in order to establish the rule of law in cyberspace and avoid potential conflicts between states on the enforcement of their legislation and policies in cyberspace. B. Substantive Jurisdiction and Locus Delicti 3. The principle of territoriality remains the primary principle of jurisdiction also in cyberspace. 4. States should exercise restraint in the establishment of extraterritorial jurisdiction, with a view to preventing conflicts of jurisdiction rather than relying primarily on their resolution once they occur. 5. With the exception of those crimes for which universal jurisdiction is accepted under international law, a state may not apply universal jurisdiction de facto or de jure in cases of prohibited content in cyberspace. 6. Offences may have more than one locus. States may establish a locus delicti within their borders if conduct takes place there or causes effects there. 7. States should exercise restraint in applying the effect theory in situations in which the effect is not pushed by a perpetrator into the state, but pulled into it by an individual in that state. 8. In determining effects, states shall consider the existence of a particular nexus with the offence, such as the intent of the perpetrator.

3 ~ 3 ~ 9. When a state localizes the effects of an offence within its borders, the principle of legality requires that the perpetrator could have had a reasonable expectation that his or her conduct would cause effects in that country. 10. A state may exercise its jurisdiction over an individual on its territory who pulls content that is prohibited under its own legal system, even though it is legal under the legal system of the producer. 11. States may consider establishing corporate criminal liability for legal entities with regard to cybercrime. C. Investigations in Cyberspace 12. No state has exclusive sovereignty over the publicly accessible IT networks. 13. Law enforcement agencies, in the same way as citizens, have the right to navigate the free IT networks without permission from providers, and regardless of where the content looked at is stored. 14. States should consider establishing, under national law, an obligation on service providers to cooperate with law enforcement agencies, by making data transfer in the cyberworld traceable, giving access to passwords, decrypting content or installing search devices for investigative purposes. This obligation is subject to the principle of proportionality. 15. All persons are entitled to the protection of a national legal system, if there is a legitimate expectation of protection by that system. 16. States may, subject to national law, freely use evidence that they find on publicly accessible IT networks. 17. Regardless of the nationality of the person in question, no state may apply coercive measures in another state, unless permitted by the territorial state. D. International Cooperation in Criminal Matters and Enforcement 18. States should implement the necessary investigative techniques that enable them to provide mutual assistance in respect of cyber offences, on the basis of the proportionality principle.

4 ~ 4 ~ 19. States should in particular be able to provide fast assistance, and a provisional order to preserve data should be introduced. Such an obligation to preserve data should be for a reasonable time only. 20. In situations where there is a common understanding of cybercrime offences, the trend towards the elimination of the requirement of double criminality as a condition for mutual legal assistance should be encouraged. 21. Information obtained through mutual legal assistance for investigative purposes may, subject to national law, be used for evidence. 22. A (provisional) decision by a criminal court to close down a server, website or corresponding entity may be enforced directly if provided for by an international agreement or by the law of the state in which the service provider is located. E. Real Human Rights in a Virtual World 23. States shall respect internationally recognized human rights standards also in the context of the digital world. 24. If states act extraterritorially while investigating in cyberspace, they shall comply with the human rights standards applicable to their jurisdiction (agent control standard). 25. States should record investigations in cyberspace with a view to ensuring state accountability in the event of violations of human rights. 26. The responsibilities of a specific state for violations of human rights should be decided after a finding of a violation and not as a condition for admissibility of a complaint with supervisory mechanisms. F. Virtual Court Room 27. Communications may be sent by the authorities directly to the accused, witnesses, victims and experts who are physically present in another state, subject to the acceptance of said state of this method of communication. 28. On condition of the consent of the individual concerned, the possibilities of making use of digital technology, such as videolinks, should be expanded in order to lessen the need for such intrusive measures as extradition.

5 ~ 5 ~ 29. States should be encouraged to consider the possibility of and conditions for the collection of evidence through digital technology, even though the individual was not physically present at the hearing. 30. The security and reliability of the lines of communication in use by the authorities must be of the highest standard. The communications should be protected against hacking.