Ðóñ Eng Cn Translate this page:
Please select your language to translate the article


You can just close the window to don't translate
Library
Your profile

Back to contents

International Law
Reference:

The Role of international Organizations in the Process of countering Cybercrime

Gorelik Il'ya Borisovich

Postgraduate student, Department of International Law, Diplomatic Academy of the Russian Foreign Ministry

119021, Russia, Moscow, Ostozhenka str., 53/2, p. 1

gorelik.ilya@yandex.ru
Other publications by this author
 

 

DOI:

10.25136/2644-5514.2022.3.38585

EDN:

YRFGHQ

Received:

07-08-2022


Published:

28-08-2022


Abstract: The subject of the study is the role of international organizations in the formation of an international legal system for countering cross-border cybercrime. The purpose of the study is to identify current trends in the work of international organizations in the field of the formation of regional and global legal systems for countering cybercrime. The system approach and formal legal approach are used as the main research methods. As a result of the study, specific features of regional international organizations and legal problems of countering cybercrime were identified, the question of the applicability of existing international law to cyberspace was analyzed. In particular, it is noted that at the moment modern international law is not capable of adequately and effectively countering cybercrime. The absence of a universal international legal act regulating the process of combating cybercrime is emphasized. On the other hand, the positive role of individual international organizations in the formation of the international legal system of counteraction is noted. In particular, the study describes the practice of forming expert groups by such organizations, as well as assistance to other regional international organizations in the process of creating their own international legal systems. One of the main conclusions is the conclusion that the absence of a universal UN legal document creates certain difficulties in the course of interstate coordination of procedural actions of law enforcement agencies and interaction of relevant international organizations. The author also concludes that the law-making experience of individual international organizations can be taken as a basis for the creation of a universal international legal act regulating the fight against cybercrime.


Keywords:

cybercrime, international law, international organizations, The Internet, Budapest Convention, United Nations, Commonwealth of Independent States, International Telecommunication Union, NATO, Council of Europe

This article is automatically translated. You can find original text of the article here.

The current stage of globalization is inextricably linked with the implementation of communications using digital technologies. The new self-developing reality required an appropriate legal organization due to the fact that digital communications began to be used for the purpose of committing cross-border crimes. It is precisely the technological peculiarity of this new type of crime that has required the intensification of interstate cooperation (both in the context of regional international organizations and within the framework of United Nations Organizations) in order to counter cybercrime and develop the foundations of international law in this area.

At the same time, the question arose – in which direction should international law develop and which of its principles are applicable or inapplicable to global cyberspace?

At the same time, cyberspace is rapidly developing and becoming one of the environments where various social networks and relations between states are being built with the help of digital technologies that transmit information in real time. It is obvious that the management of processes taking place in cyberspace, including countering cybercrime, requires a special legal methodology and adequate reflection in international law. With all possible technological digital innovations, according to A. A. Danelyan and E. E. Gulyaeva, this does not mean that states can be "free from any international legal obligations when it comes to cyberspace" [6, p. 49].

In addition, there is an opinion that the principle of state sovereignty is not applicable to the virtual supranational space or hardly agrees with its system characteristics [5, p. 144]. Thus, the English scientist E. L. Anselmo believes that "attempts to control the Internet based on the old territorial principle is a temporary solution that the international legal system must overcome" [2]. For example, the well-known Budapest Convention of the Council of Europe, which refers to international cooperation in the field of combating cybercrime, admits that it is actually possible to ignore the principle of State sovereignty within the limits of procedural actions.

For his part, A. A. Danelyan notes that "for Russia, as for many other countries, the approach laid down in paragraph "b" of Article 32 of the Budapest Convention is unacceptable" [8, p. 265] and such principles and norms of international law as non-use of force and threat of force are quite applicable to cyberspace non-interference in matters within the internal competence of States; the obligation of States to cooperate with each other; sovereign equality of States; respect for human rights and fundamental freedoms, etc." [8, p. 263].   

In the context of the topic under consideration, it should be noted that the formation of a constantly developing global cyberspace objectively required the intensification of international cooperation and increased the importance of the activities of international organizations in the field of cybersecurity and the fight against cybercrime.  At the same time, it was necessary to create appropriate institutions of cooperation, to work out mechanisms for reaching consensus in the process of organizing international legal regulation of cybercrime and its classification in a number of existing types of cross-border crimes.  This required the creation of specialized bodies under the leadership of the UN, where the problems of combating crime in cyberspace and the development of international legal documents would take place, and eventually, perhaps, the formation of a new branch of international law. Moreover, from a conceptual point of view, various variants of the possible name of this potential industry are mentioned: "cyber law", "digital law" [4, p. 16], "Internet law" [1, p. 137].

Perhaps the creation of such an industry will happen in the future, because international law is constantly developing, it takes into account an increasing range of problems that arise again in accordance with the trends of individual historical periods, its internal organization is being improved [7, p. 12]. Thus, in the structure of international law, such a branch as international space law has been formed, regulating relations in outer space, which, by analogy with cyberspace, both from a general scientific and purely legal point of view, was a poorly studied phenomenon and up to a certain point had never been the object of legal regulation. Thus, in the context of the problem of the formation of international digital law as a new branch, it is possible to draw a parallel with the process of formation of space international law. The experience of creating this branch shows that the development of a new section of international law is a complex and lengthy process [10, p. 337].

In the context of international legal regulation of cyberspace and international cooperation in countering cross-border cybercrime, the lack of a universal international legal act that could regulate such processes is particularly difficult, which creates certain difficulties in the course of coordinating the procedural actions of law enforcement agencies and the interaction of relevant international organizations. This problem is especially aggravated by the lack of understanding of cyber technologies by the parties to this process, as well as due to the often fundamental differences in national legal systems. In particular, the subject of separate discussions are the so-called "American freedoms" or "universal values and human rights" as guidelines for international cooperation [22, p. 3].

The UN plays a leading role in the processes of forming an international legal system for countering cybercrime. The UN international conventions and the UN Congress on Crime Prevention have created the primary basis of the international legal system for curbing cross-border cybercrime.

Thus, the UN Convention against Transnational Organized Crime of 2000 defined the main directions of interstate cooperation in this area. The purpose of the creation of this convention directly addresses the problem of cooperation in the field of combating crime. It seems that – at least indirectly – this convention could also address the problem of cybercrime as one of the types of criminal activity (which, moreover, is not at all alien to the phenomenon of organization). Russia ratified this Convention and the first two Protocols to it by Federal Law of April 26, 2004 [11].

However, at the same time, the phenomenon of digital technologies required the improvement of the activities and structure of the UN. An important and key role in deterring cybercrime is played by such a specialized international UN agency as the International Telecommunication Union (ITU), within which global telecommunication networks and services are coordinated by governments and the private sector.

ITU's activities cover the following issues:

1) "in the technical field: promoting the development and productive operation of telecommunication facilities (telecommunications) in order to improve the efficiency of telecommunication services and their accessibility to the public; 2) in the field of politics: promoting a broader approach to telecommunication problems in the global information economy and society; 3) in the field of development: assistance and provision of technical assistance to developing countries in the field of telecommunications; assistance in mobilizing the human and financial resources necessary for the development of telecommunications; assistance in expanding access to the benefits of new technologies for the population of the whole globe" [13].

 

In addition, this organization has played a role in the process of creating additional structures for international legal regulation of the fight against cross-border cybercrime. For example, specialized committees have been formed, which have become platforms within which the practice of "different countries on combating cybercrime" is summarized and relevant documents are being developed [3, p. 40].

Among regional international organizations, the European Union and the Council of Europe, the CIS and the SCO (Shanghai Commonwealth Organization) should be noted as actually carrying out legal and procedural actions to combat cybercrime.  Since the mid-1990s of the last century, the member States of these organizations have begun to develop a legal system for countering crimes using information technology. They have signed relevant international agreements and conventions:

1)                Convention of the Shanghai Cooperation Organization on Countering Extremism of 2017; 2) Treaty on Cooperation of the Member States of the Commonwealth of Independent States in Combating Terrorism of 1999; 3) Treaty of the Member States of the Commonwealth of Independent States on Countering the Legalization (Laundering) of Criminal Proceeds and Financing of Terrorism of 2007;4) International Convention on Combating Terrorist Bombings onethousandninehundredninetyseven

The European states and the international organizations created by them - the European Union and the Council of Europe - have taken care of the creation of a legal system to counter the use of information technologies for criminal purposes. As a result of the development, which began at the end of the 20th century, the Council of Europe created the Convention on Crime in the Field of Computer Information of November 23, 2001 (also known as the Budapest Convention). This international legal act initially claimed to be a universal format, and was also signed by a number of non-European states. At the same time, the Convention was developed by European experts and was guided, accordingly, by the established practice of international cooperation in the European Union. It was the Budapest Convention that became the first attempt to create an international legal document on countering cybercrime. To date, the Convention has been signed by 67 States that are guided by its provisions in their law enforcement activities and international cooperation. This international legal act has a number of significant drawbacks, but this is beyond the scope of this article, and yet it should be noted that the Council of Europe, as a regional international organization, has taken the first step in the history of creating international legal instruments to counter cybercrime.

In turn, the policy of the European Union in developing a legal system to deter crimes committed using information technology was carried out in parallel with the Council of Europe. For example, a number of measures have been developed to prevent cyber attacks, as well as to integrate the state and society around the problem of preventing crimes using high technologies. In particular, in 2004, the Agency for Network and Information Security under the European Commission was established in order to coordinate actions to ensure security in the field of computer communications [14, p. 90].

At the level of the European Union, the Directive of the European Parliament and of the Council of the European Union 2013/40/EC of August 12, 2013 on attacks on information systems and on the replacement of the Framework Decision 2005/222/LDPE of the Council of the EU ("Directive 2013/40/EU of the European Parliament and of the Council of August 12, 2013 on attacks against information systems and replacing Council Framework Decision 2005/222/JHA") to protect business and government from cyber attacks. The European Cybercrime Centre (EC3), established in January 2013 on the basis of Europol in The Hague, is playing an increasingly important role in countering cross-border crimes. EU3's activities are aimed at providing operational and analytical support to the fight against cybercrime for law enforcement agencies of EU countries.

At the end of 2020, the European Commission presented the developed new Cybersecurity Strategy of the European Union. We are talking about cyber attacks that pose an external threat to the European Union or its member states, including cyber attacks on third states or international organizations. The EU has gained the right and the opportunity to apply sanctions against persons or organizations responsible for cyber attacks or attempted cyber attacks, as well as those who assist in their conduct. In general, the Strategy is aimed at preventing current and future online and offline risks - from cyber attacks or cybercrime to natural disasters.

In parallel with the development of the Budapest Convention by the Council of Europe, similar developments were carried out by the CIS and the SCO.  Within the framework of the Commonwealth of Independent States, there is an Agreement on cooperation of the CIS member States in combating crimes in the field of computer information. The objectives of cooperation under this Agreement are the joint fight against crimes in the field of computer information and the creation of a legal framework for cooperation between law enforcement and judicial authorities of the CIS countries [19]. In particular, the Inter-Parliamentary Assembly was established as an advisory body for the preparation of draft legislative documents of mutual interest, including in the field of countering cybercrime. In accordance with the Regulation on the Development of Model Legislative Acts and Recommendations of the Interparliamentary Assembly of the Commonwealth of Independent States of April 14, 2005, the activities of the Interparliamentary Assembly are aimed at the development, adoption and publication of model legislative acts that meet the objectives of convergence (unification) of the legislation of the member States of the Interparliamentary Assembly, and the objectives of the integration development of the Commonwealth of Independent States.

In accordance with this Agreement and in furtherance of cooperation, in September 2018 in Dushanbe, within the framework of a meeting of the CIS Council of Heads of State, it was planned to create modern legal mechanisms for practical interaction between Russian authorities and colleagues from other CIS countries for the effective prevention, detection, suppression, investigation and disclosure of crimes in the field of information technology.

The agreement should also ensure cooperation in the exchange of information about crimes being prepared or committed and persons involved in them, the execution of requests for assistance in providing information that can help in the investigation, as well as the conduct of coordinated operations.

A special area of cooperation between the CIS states is security, including information. For this purpose, the Collective Security Treaty Organization (CSTO) was created. Among the main directions of convergence of the legislations of the CSTO member states in the recommendations are ::

1) general issues of information security organization; 2) protection of the unified information space; 3) protection of information resources; 4) countering crimes in the information sphere (including information terrorism); 5) ensuring the security of information and communication infrastructure (including critical facilities) [9].

The SCO Development Strategy until 2025 emphasizes the need to strengthen cooperation in the field of Internet control, preventing its use in activities that undermine security and stability in the region [21]. Thus, the SCO in its work focuses on the development of cooperation in the field of countering international cyberterrorism and cybercrime. Moreover, the SCO Regional Anti-Terrorist Structure is directly engaged in operational activities.

Moreover, SCO representatives participate in the work of a Group of Experts on the study of cybercrime problems. In 2019, at the 10th International Conference "Trust and Security in the Information Society" in China, the Shanghai Cooperation Organization stated that it considers it necessary to create a UN working mechanism to develop rules and principles of responsible behavior of states in the information space.

A significant place in international cooperation in countering cybercrime is occupied by the BRICS international association, one of the main goals of which is to create a common information space of the BRICS member states using ICT and to combat cybercrime. It is important to note that the participants of this organization are, along with Russia, such states as Brazil, China, India and the Republic of South Africa, who are in solidarity with each other on key issues of information security and cooperation in the fight against cybercrime. The position of each of these countries is a guideline for the formation of a global strategy in the field of countering cybercrime.   

In accordance with the Ufa Declaration adopted at the VII BRICS Summit on July 9, 2015, the cooperation of the member states in the field of ICT is developing in such areas as:

1) exchange of information and best practices; 2) interaction on responding to computer incidents in the field of computer security; 3) joint projects in the field of research and development; 4) development of international norms, principles and standards.

The BRICS members, speaking for an open, holistic and secure Internet, believe that states should participate on an equal basis in its development and functioning. The increase in crimes using ICT poses a threat to international peace and security. In response to such threats, the BRICS member States advocate strengthening international cooperation in combating the use of ICT for criminal, terrorist and other illegal purposes that run counter to the objectives of ensuring international peace, stability and security.

Cybersecurity and the fight against cybercrime are increasingly on the agenda of Latin American countries and regional international organizations such as the Organization of American States (OAS), the Community of Latin American and Caribbean Countries (LACB), the South American Common Market (MERCOSUR) and others. For example, in 2012, the OAS member States adopted the Declaration on Strengthening Information Security in the Americas [25]. The declaration reaffirmed their commitment to the implementation of the Comprehensive Inter-American Strategy of the OAS to Combat Cybersecurity Threats. Among other things, the OAS member countries recognized the need to create national response teams to computer security incidents, as well as the importance of improving the security and resilience of critical information infrastructure to cyber threats. At the same time, as the researchers note, the multidirectional strategies of Latin American international organizations prevented the creation of an effective security system against the threats of cybercrime and the challenges of transnational information monopolies [20]. Basically, countering cybercrime was carried out through states and large businesses. Thus, according to Reuters, the Brazilian asset management company Patria Investments, supported by the Blackstone investment group, bought cybersecurity service providers Neosecure and Proteus to create the largest information security platform in Latin America [26].

The African Union coordinates the actions of African States in the field of information security and countering cybercrime [23]. In 2014, this organization, with the help of the European Union and following its example, developed and adopted the African Union Convention on Cybersecurity and Personal Data Protection. This document was intended to become the basis for legal counteraction to information crime in African countries. On the other hand, most countries passively implemented the calls of this Convention.

The International Telecommunication Union has played a special role in organizing cooperation to ensure information security and counter cybercrime within the framework of the League of Arab States. Although the first attempts were unsuccessful due to the existing contradictions between the Arab countries in the understanding of cybersecurity and at the same time due to their traditional distrust of Western states [12]. Nevertheless, in 2012, the Arab Regional Cybersecurity Center was established – under the leadership of the Union and with the support of the League of Arab States. Thus, the process of international cooperation within this region was initiated. Since 2017, the Arab Security Conference has been regularly convened. It is noteworthy that programmers and representatives of specialized structures of the Arab states take part in the Conference, including with the aim of attracting relevant specialists to work.

Among other international organizations, such a military-political organization as NATO should be singled out. It should be noted that this organization has extensive experience in international cooperation. And in the post-bipolar period, it went beyond Western Europe and significantly expanded the scope of its activities. In the new millennium, the Alliance is turning its attention to issues of information security and countering cyber threats. Moreover, according to Laura Brent, an employee of the NATO Office of New Security Challenges, it is impossible to achieve security only by relying "on the civil public sector or the private industrial sector, whether in the context of communications infrastructure, logistics, equipment (machinery) or critical infrastructure facilities" of NATO member states [18]. But it is the civilian sector of the Alliance countries that is massively exposed to external threats such as cyber attacks. Moreover, it is extremely difficult to monitor their preparation and prevent such acts, especially when such offenses are committed by an organized group. In the case of their commission, it is important both to assess the scale of the consequences of such an action and to choose the level of the appropriate decision within the framework of international law.

Responding to such cyber threats, the Civil Communications Planning Committee was established in NATO, dealing with non-military cybersecurity issues. This Committee is designed to protect information, prevent, detect and counteract increasingly frequent cyber attacks. Accordingly, in 2016, NATO member states committed themselves "to strengthen the cyber defense of their national networks and infrastructure as a matter of priority" [18] in order to ensure security for all civilian spheres of activity, in particular transport communications, the financial sector, personal data of citizens, etc.

NATO also has at its disposal a structure called "Computer Incident Response Capability", the purpose of which is to analyze cyber incidents and their logistics. As a result, criminal acts of a wide range were revealed: "from the damage of Internet resources to industrial cyber espionage and very serious network infiltrations" [16].

Cooperation with the European Union has become an important area of NATO's counteraction to cybercrime. EU—NATO cooperation on cybersecurity issues began in 2010 with high-level consultations between information security specialists and informal meetings, which are currently held annually. The NATO Computer Incident Response Capability —NCIRC) and the European response Team CERT-EU (Computer Emergency Response Team — European Union) have been cooperating since the establishment of CERT-EU in 2011 [17].

In 2016, the NATO Secretary General, the President of the European Council and the President of the European Commission issued a joint statement on NATO-EU cooperation. In accordance with this statement, as well as the technical agreement concluded between the NATO and EU incident response teams, cooperation between the organizations has expanded, in particular in such areas as information exchange, joint fight against cyber attacks, training, research work in the field of international law.

In 2018, senior officials of NATO and the European Union held a meeting at which they analyzed the joint work done and outlined areas for further cooperation in the field of cyber defense. At the same time, it should be noted that the activities of NATO and the European Union to counter cyber threats were carried out, first of all, precisely in accordance with the interests of these organizations, and the cooperation was aimed at consolidating the states of the Western community. On the other hand, the instrumental experience of these two organizations deserves its attention.

Recognizing the important contribution of various international organizations in the field of information security and legal counteraction to cybercrime, it should be noted that the very process of forming an information security system and legal deterrence of cybercrime is complex and discrete, both due to its specifics and the influence of the general international situation. Not to mention the fact that solving problems in the field of combating cybercrime and ensuring cybersecurity, even at the level of the most advanced regional international organizations, is not only impossible without global actions under the auspices of the UN, but also in some cases faces various contradictions related to economic, political and national-legal features.

Thus, with great difficulties and after protracted discussions in the UN-created Group of Governmental Experts on the Use of Information Technologies in the Context of International Security and the Open-ended Working Group, it was possible to achieve recognition of the possibility of applying international law to cyberspace, as well as the need for responsible behavior of states in this space [15].

At the same time, the formation of a universal international legal system for countering cross-border cybercrime has not been completed. In particular, the Russian draft of the United Nations Convention on Countering the Use of Information and Communication Technologies for Criminal Purposes in 2021 remains a draft, awaiting discussion at the next UN General Assembly. Although, even one such convention is not enough and it is necessary to create not only a number of relevant documents, but also a comprehensive comprehensive universal international legal document.

Thus, as a result of a comprehensive review of the problem of the participation of international organizations in the formation of the international legal system for countering cybercrime, it can be concluded that both universal (UN) and regional (Council of Europe, League of Arab States, CIS, etc.) in their activities have a very pronounced tendency to strive to form effective international legal mechanisms fight against cybercrime. International organizations play a special role in this process through the formation of special expert groups, the development of recommendations, conducting comprehensive analyses and research, as well as the creation of international legal acts directly affecting the problem of cybercrime.

It is important to understand that such work not only contributes to the formation of regional international legal systems in the relevant field, but can also be taken as a basis by other organizations in order to improve their own legal developments. It can be concluded that at the present stage of the formation of the global international legal system for countering cybercrime, various international organizations play the role of a kind of "testers" who form regional international legal systems for countering, relying on various legal doctrines and ideas about cybercrime as a phenomenon. Although such work does not allow us to talk about the successful formation of a global system for combating cybercrime, nevertheless, its results can significantly contribute to the creation of such. Thus, analyzing the experience of law-making and law enforcement of individual international organizations, the UN could systematize such experience and come to conclusions about the possible contours of the first universal convention in the field of countering cybercrime.

References
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.

Peer Review

Peer reviewers' evaluations remain confidential and are not disclosed to the public. Only external reviews, authorized for publication by the article's author(s), are made public. Typically, these final reviews are conducted after the manuscript's revision. Adhering to our double-blind review policy, the reviewer's identity is kept confidential.
The list of publisher reviewers can be found here.

The subject of the study is the regulation of the activities of international organizations whose activities cover aspects of cyberspace. The research methodology consists of theoretical components and an analysis of practice. During the preparation, general theoretical methods were used, in particular methods of analysis, synthesis, comparative law, the modern stage of globalization is inextricably linked with the implementation of communications using digital technologies. The new self-developing reality required an appropriate legal organization due to the fact that digital communications began to be used for the purpose of committing cross-border crimes. It is precisely the technological peculiarity of this new type of crime that has required the intensification of interstate cooperation. The above explains the relevance of the presented research. The scientific novelty is due to the elements of the author's developments and research in terms of the declared topic. The article is prepared in a scientific style and contains elements of a journalistic review. According to the structure, there is an introductory part, the main and the final. Cyberspace is developing intensively and is becoming one of the environments where various social networks and relations between states are being built with the help of digital technologies that transmit information in real time. It is obvious that the management of processes taking place in cyberspace, including countering cybercrime, requires a special legal methodology and adequate reflection in international law. In this regard, in the introductory part, the author reviews the works of scientists and researchers in the field of cyberspace. The author pays special attention to the legal regulation of the activities of international organizations. The main part of the work is devoted to these aspects. The author touches upon the organizations of Europe, Asia, interstate and intergovernmental importance. The author proceeds from the fact that in the context of international legal regulation of cyberspace and international cooperation in the field of countering cross-border cybercrime, the lack of a universal international legal act that could regulate such processes is particularly difficult, which creates certain difficulties in coordinating the procedural actions of law enforcement agencies and the interaction of relevant international organizations. The author pays special attention to the analysis of the activities of a specialized international UN agency, such as the International Telecommunication Union (ITU), within which governments and the private sector coordinate global telecommunication networks and services. The author analyzes the positions of the European Union and the Council of Europe, the CIS and the SCO (Shanghai Commonwealth Organization) as actually carrying out legal and procedural actions to combat cybercrime. Since the mid-1990s of the last century, the member States of these organizations have begun to develop a legal system for countering crimes using information technology. In particular, the author notes that the SCO Development Strategy until 2025 emphasizes the need to strengthen cooperation in the field of Internet control, preventing its use in activities that undermine security and stability. At the same time, there are other positions. In particular, the author analyzes that the BRICS members, advocating for an open, holistic and secure Internet, believe that states should participate on an equal basis in its development and functioning. The increase in crimes using ICT poses a threat to international peace and security. In response to such threats, the BRICS member States advocate strengthening international cooperation in combating the use of ICT for criminal, terrorist and other illegal purposes that run counter to the objectives of ensuring international peace, stability and security. The author notes that issues of cybersecurity and combating cybercrime are increasingly on the agenda of Latin American countries and regional international organizations such as the Organization of American States (OAS), the Community of Latin American and Caribbean Countries (LACB), the South American Common Market (MERCOSUR) and others. The author concludes that, as a result of a comprehensive consideration of the problem of the participation of international organizations in the formation of an international legal system for countering cybercrime, it can be concluded that both universal (UN) and regional (Council of Europe, League of Arab States, CIS, etc.) in their activities have a very pronounced tendency to strive to form effective international- legal mechanisms for combating cybercrime. Of course, it is necessary to develop comprehensive legal measures. The bibliography covers a list of 27 sources relevant to the current date. The article may be of interest to readers and is recommended for publication.