The Senate finally ratified the Council of Europe Cybercrime Convention last Thursday. The convention was held up in the Senate for years, mostly because of unfounded fears that there must be something sneaky hidden inside it. In truth, ratification by the U.S. was entirely symbolic: the convention is a basic outline of existing United States computer crime law, and doesn’t require any changes to domestic law. Still, it was a little embarrassing that the U.S. hadn’t ratified the convention until now: It’s a little tricky to convince other countries to adopt the basic contours of U.S. law when you can’t get the U.S. Senate to ratify the same.
Thanks to Deven Desai for the link.
Orin, what about the claim that the treaty “lacks a dual criminality requirement, so Americans may be investigated in the United States for things that are not crimes here.” Under the treaty, may United States citizens be prosecuted for conduct that violates the laws of foreign states but does not violate U.S. law? If so, is that a good thing? (I’m not being snarky. You’re the expert here, so I’m curious what you think.)
Mike,
My understanding is that dual criminality is traditionally a requirement of extradition, but not international evidence collection. So the traditional approach in the past has been that the U.S. will help a foreign country investigate foreign offenses even if the same conduct is not a crime in the U.S. so long as cooperation does not raise any constitutional difficulties (such as 1st Amendment issues). The cybercrime treaty maintains this traditional approach.
The tradeoff is, of course, enlisting the cooperation of other countries in investigating U.S. crimes, even if the conduct is not a crime in the other country. Given the potential impact of cybercrime on our economy, it seems like the potential gains from this sort of comity outweigh the losses.
Also, this is not a self-executing treaty. Meaning, that in and of itself, nothing in the treaty proscribes anything as an offense, nor does anything in the treaty prescribe any course of action (i.e. remedy, investigation technique, etc.); rather, the treaty is an agreement that the ratifying states will codify domestic law effecting the goals of the treaty.
Thus, if the U.S. Congress creates a law, that for example, bans hate speech (a 1st amendment violation), it is not the treaty that has caused the abridging of rights, it is the Congress. Similarly, dual criminality is, as Prof. Kerr suggests, meant to assist law enforecement in other countries investigate their crimes, and them, ours.
Many of the issues of the Treaty were already part of domestic law, much of the importance of ratifying the treaty was symbolic in nature. As to the investigation part, we have assisted law enforcement in other countries investigate cybercrimes and many countries have assisted us in similar situations.
As the treaty is not self-executing, there is no way that signing the treaty can be said to infringe on our Constitutional protections.
[OK Comments: One slight edit: I would I say that all of the issues of the Treaty were already part of domestic law or practice, not just most.]
Pingback: Cybercrime Law