International assault on cybercrime closer

Ensuring that hackers don't escape prosecution became more likely last week when an international approach to legislating against cyber-crime was approved.

The measures will come into force on Friday, 23 November, at a meeting in Budapest, so long as foreign ministers from five countries, including at least three Council of Europe (CoE) member states, ratify it and sign the Convention.

Rupert Battcock, IT law specialist at legal firm Nabarro Nathanson, believes the Convention will raise the standard of international cooperation on cyber-crime.

"There had been concerns that countries such as the Philippines lacked adequate laws when it comes to the prosecution of hackers," he said.

Earlier this year, Reonel Ramones, the suspected author of the Love Bug virus, escaped prosecution due to lack of evidence, and the fact that laws in the Philippines were not framed to deal with computer crime.

Key to the success of the Convention will be persuading countries to sign up. The involvement of countries which are not members of the CoE in developing the content of the agreement, such as Japan and the US, significantly increased the chances of adoption, said Battcock.

However, the UK would be under no obligation to sign up to the agreement if the government perceived it not to be in the national interest, he added.

Industry has welcomed the Convention. The involvement of the IT industry had helped the CoE to produce a reasonable approach to tackling crime on the internet, said Tim Conway, director of industry affairs at trade body the CSSA.

"This is far more acceptable than the [European Commission] proposals," said Conway. "The EC has been working on a directive that would allow police to insist data logs would be kept for up to seven years."

The CoE Convention proposes that records of data traffic be restricted to a period of 60 days, and internet service providers (ISP) will only be required to do so having following a court order.

"This wouldn't prevent the UK from introducing more draconian measures," warned Battcock.

The British government has recently come under fire from ISPs concerned about proposals to use anti-terrorist legislation to make it easier for law enforcement agencies to force ISPs into storing data in less serious criminal investigations.