Ministers at the Council of Europe, an international human rights body, adopted the second Additional Protocol to the Budapest Convention on Wednesday (17 November) to tackle the current surge in cybercrime.
The Budapest Convention, which turned 20 on Tuesday, is the first international treaty on cybercrime to ensure a common criminal policy approach and foster international cooperation.
The Second Additional Protocol will provide a legal basis for disclosure of the registration of domain names and direct cooperation between service providers, as well as mutual assistance tools and personal data protection safeguards.
“This text is a significant step forward in technological capacity and co-operation between governments and with service providers,” Council of Europe Secretary-General Marija Pejčinović Burić said in a statement.
The protocol will help extend the rule of law further into cyberspace and help to “provide justice for those who become victims of crime,” Burić added.
While being rooted in the human rights regime of the Council of Europe, the convention has managed to attract countries across the globe.
Among the 66 states that have currently ratified the Budapest Convention are not only most of the EU member states, but also countries from other continents, including the United States, Chile, Ghana, or Japan, thus making it a global standard for the fight against cybercrime.
Budapest Convention and the EU
While the EU has a number of different sector-specific regulations and directives in the pipeline to tackle cybercrime, they are all built on the provisions set out in the Budapest Convention.
“The Convention gives law enforcement concrete tools in their daily fight against digital crime,” the EU Commissioner for home affairs, Ylva Johansson, said on Tuesday.
“The Budapest Convention forms the foundation of anti-cybercrime laws in more than 80 % of countries worldwide,” she added.
The EU has made the fight against cybercrime one of the key priorities in its Security Union Strategy, which outlined that law enforcement authorities should be enabled to work together more closely to address the cross-border nature of cybercrime – for instance through the Cybercrime Action Task Force in Europol.
The Additional Protocol of the Budapest Convention is meant to help achieve this goal and foster an environment of international cooperation.
“It will make a big difference to all of you who work in law enforcement,” Commissioner Johansson said, emphasizing that once the protocol is fully in force, law enforcement will be able to ask service providers in other countries for subscriber information, obtain traffic data more quickly, and work together more closely in Joint Investigation Teams.
“The Protocol is based on the values we share,” she said, adding that it “is an essential modernisation that makes the Budapest Convention ready for the future.”
Surge in cybercrime
The global shift towards digitalisation that was accelerated due to the COVID-19 pandemic has also led to an unprecedented surge in cybercrime.
During the pandemic, ransomware attacks increased by 300%, with the most recent example being the German consumer electronics retailer Media Markt.
At the same time, the sums requested by cybercriminals have more than doubled. While the average ransom demanded was at €70,000 in 2019 it is now at €155,000, according to a report by the EU Cybersecurity Agency (ENISA).
To tackle the evolving threats, the EU plans to set up a joint EU-US working group against ransomware and improve transatlantic cooperation on the matter.
Johansson emphasised that the new Additional Protocol will further help to tackle the problem and “make the Internet safe. Safe for our citizens and for our fundamental values”.
[Edited by Luca Bertuzzi/Zoran Radosavljevic]