The objective of the EastWest Institute’s Cyber Crime Working Group is to propose a new set of harmonized legal frameworks to effectively combat cyber crime by means of increased international cooperation.
The group is made up of experts from Australia, Belgium, India, Italy, France, Russia, South Africa, Switzerland, Sri Lanka, the United Kingdom and the United States. In a meeting held March 15-16 in Brussels, the group expanded on their discussions about proposals for legislation on cybersecurity, including the need for a global tribunal on cyberspace.
Judge Stein Schjolberg, a co-chair of the working group, is a retired Court of Appeal Judge in Norway and an expert on cyber crime. He previously worked with INTERPOL and ITU on cybersecurity issues. Following the group’s most recent meeting, Judge Schjolberg spoke with EWI’s Thomas Lynch on international means of prosecuting cyber crime.
What’s the purpose of the Cyber Crime Working Group? What does it aim to accomplish?
The Cyber Crime Working Group was established in July 2010 by EastWest Institute President John Edwin Mroz. We have since been working for a year and a half on a project on the issue of cyber crime and global cyber attacks. We are dividing the issue of cyber crime into five pillars, ultimately developing a proposal for a potential treaty or several treaties on the United Nations level.
The first issue, or pillar, is international criminal law for cyberspace. The second is a global virtual task force for the investigation and prosecution of cyber crimes/attacks. The third pillar is the establishment of an international criminal tribunal (not a court) for cyberspace. The fourth is a broader look at cybersecurity issues as a whole, and the fifth focuses on blocking child pornography or other online child abuse.
What is “cyber crime” as opposed to “cyber espionage,” “cyber war,” or other similar buzzwords being used today?
I have been involved in this field for many years. I began by making a definition, but I very shortly quit that. In my opinion, cyber crime must be defined by each country independently, so we do not have any global definition of the term. Some countries use the term “cyber warfare,” some use “espionage” and so on; we leave it to each country.
How do you propose to overcome the political deadlock on international cyber crime cooperation?
I am not willing to accept deadlock. From a layman’s perspective, you read newspapers, gather information, and understand that dialogues are always occurring. A dialogue may include the hope that it develops into further projects. Since I am concerned about cyberspace, I know these dialogues have been taking place. I attended the United Nations twelfth criminal congress in Salvadore, Brazil, which had dialogue among the United States, the European Union and the so-called BRIC countries (Brazil, Russia, India and China). This dialogue developed into the establishment of working groups through the U.N. Office on Drugs and Crime in Vienna. This office is studying these issues and will come forward with proposals and recommendations; we will take it from there.
What progress has been made in internationally in bringing these issues to the U.N. level?
There has not yet been any kind of legal agreement on cyber crime developed at the U.N. level, nor treaties, protocols or a convention. There is of course the European Convention, the Budapest Convention, a convention now developing in the Caribbean countries, and developments in Asia under the APEC and ASEAN countries. We have several developments for regional agreements but not yet anything on the U.N. level on cyber crime, cybersecurity or global cyber attacks.
Everyone I speak to agrees that something is missing at the global level. That’s why we have four working groups now studying this issue; the UNODC, the European Union and United States working group, the EastWest Institute, and the Commonwealth working group. With four groups working on this issue now, I am sure that in the next two to four years we will have a full proposal prepared.
With respect to the Budapest Convention on Cybercrime, many consider it to be outdated; do you agree with that assessment?
I would not describe the Budapest Convention as outdated, I would maybe describe it as “old fashioned.” Of course, it was established, produced and written in 1990s using older terminology. Now that we are in the 2010s, we have seen a lot of development, new kinds of criminal conduct and new ways of describing systems and behaviors.
What would be the role of an International Criminal Tribunal for Cyberspace?
There is criminal conduct in cyberspace that no one is investigating, no one is prosecuted for. No one is sentenced for all this damage that is created as a result of international attacks. The only thing we are doing is repairing damage, but a lot of economic losses have occurred, so something must be done. On other issues there have been global courts or tribunals. Since the United States, Russia and China have not signed on to the International Criminal Court, we are left to establish potential tribunals. There have been tribunals for Rwanda, for the former Yugoslavia, Lebanon and so on; this is why I’m moving forward with a proposal for a potential international criminal tribunal for cyberspace.
It is a pleasure to work together with EWI. I think that EWI has a very unique position to bring forward global dialogues, global proposals and maybe global solutions.