The cybercrime-focused research of this project will look at legal requirements for combatting cybercrime and promoting ICT security.
The international nature of cybercrime requires enhanced cooperation between states. Image source: Wikimedia Commons. Used under CC.
The Cybercrime Convention
Much of the research will focus on the Cybercrime Convention (Budapest Convention of 2001). The Convention requires contracting states to make provision in their national laws not just for hacking and other standard “CIA” offences (i.e. activities impinging upon the confidentiality, integrity, and availability of computer data and systems) but certain content-related offences as well, namely dissemination of child pornography, dissemination of racist and xenophobic material (Additional Protocol of 2003) and breach of intellectual property rights.
The Convention is otherwise noteworthy not just for being a rare instance of a treaty regime attempting to deal directly with internet-related security but also for its impact beyond the circle of COE member states. It was prepared with the assistance of several states from outside that circle and is the only COE Convention to have been signed and ratified by the USA.
It constitutes a significant point of departure for legal developments outside Europe. Australia, for instance, recently passed legislation allowing it to accede to the Convention. However, question marks continue to dog the legitimacy and long-term viability of the Convention. Moreover, there are question marks over whether its conceptual apparatus takes sufficient account of present cyberspace realities. The research will investigate these putative weaknesses.
EU Regulatory Framework on Cybercrime
The research will also examine developments in the EU regulatory framework in this field. The EU has adopted legislation modelled on the Budapest Convention. Additionally, the EU is in the process of adopting new legislation on “network and information security”. This requires, inter alia, government agencies along with designated “market operators” to take appropriate security measures for their networks and information systems (Article 14).
The SIGNAL research will closely monitor the progress of this legislative initiative. In doing so, the research will also examine its significance for Norway.