Table Of ContentInformal Meeting of the Justice
and Home Affairs Ministers,
Amsterdam 25-26 January 2016
Discussion Paper on tackling cybercrime
Meeting of Ministers of Justice,
26 January 2016
The criminal use of cyberspace borders to retrieve information, making it
Cyberspace is borderless. Information flows possible to violate laws in one country simply by
freely between countries providing citizens and complying in another.
organisations almost unlimited access to
information and digital services. Information is Criminals know law enforcement and judicial
everywhere; the physical location of the servers authorities struggles to cope with these issues
on which it is stored is often not known and and they exploit these. They use technical means
deemed irrelevant to users. Information can be to hide their identity and move their criminal
stored, changed and deleted, and internet activity between countries, using the snail’s pace
services can be used from anywhere in the world. of existing procedures to their advantage. They
Cyberspace has grown into an essential element also often know which countries do not have the
of modern life. necessary legal framework, capability or legal
assistance processes in place to fight them
The protection of cyberspace from incidents, effectively. They can use these countries as safe
malicious activities and misuse has become havens for their criminal activities. By effectively
crucial for the functioning of our societies and evading the rule of law they enjoy an impunity
economies. The borderless nature of cyberspace that is unacceptable.
poses special challenges and opportunities for
law enforcement and judicial authorities. European action
Important information for law enforcement and The EU has recognized the challenge cyber
judicial authorities, such as electronic evidence, criminality poses and has acted accordingly.
can also be stored, changed and deleted in Almost all Member States are party to the
seconds. It can be stored in one country by Budapest Convention on Cybercrime, providing
criminals located in another country, and moved a baseline for tackling cybercrime and for
when they suspect law enforcement is catching enhanced cooperation across borders. Europol
up to them. The current procedures for mutual and Eurojust have stepped up to the challenge of
legal assistance (MLA) are complex, time enhancing international cooperation both
consuming, and not adapted to the requirements between Member States and with third countries.
of cyber investigations leaving law enforcement The European Cyber Crime Centre (EC3) has
and juridical authorities far behind technically evolved into a vital hub for international
capable criminals. When criminals hide the cybercrime investigations. Several Joint
location of their activities and identities with Investigation Teams were successful and the
technical methods these MLA procedures efficiency of legal assistance procedures has
become inadequate. In those cases it is not even increased. The implementation of the European
known which country to request assistance from. Directive regarding the European Investigation
Law enforcement agencies often rely on internet Order Directive in criminal matters will further
service providers to provide e-evidence. improve cooperation between member states
However, the laws for obtaining e-evidence are also for cyber investigations.
not identical in all countries. Internet service
providers themselves, who are mostly willing to Remaining challenges
cooperate with law enforcement and judicial Unfortunately, some challenges remain
authorities if legally required, often have to cross unaddressed. Criminals who are technically
capable or hide in countries with limited law countries either regularly or when they
enforcement capabilities against cybercrime are suspect they are being investigated by law
well able to evade prosecution. Cyberspace still enforcement and judicial authorities, staying
gives criminals the opportunity to make large ahead of these agencies due to slow MLA
gains with little risk and technically advanced procedures. These examples often involve
criminals can find a safe have in cyberspace. countries outside the EU.
Two types of situations remain especially
challenging: 2. Conflicting regulations hamper cooperation
1. Mutual legal assistance is not possible with private parties. Internet service
because the location of information or the providers, especially those providing cloud
origin of a cyber-attack is not known. Various computing services, often do not store
effective ways to hide information about the information about clients and their activities
location of information and activities have in the countries where those clients are.
been developed and some hosting providers Those private companies may even be
offer hosting in countries of choice, allowing established in one country while also
criminals to choose countries with limited providing their services in other countries.
law enforcement capabilities. This is called Suspects of criminal investigations can be
“bullet proof hosting”. These hosters promise located in one country while information
their clients not to log their activities and to about them is in another. It can be necessary
inform them when law enforcement and for law enforcement and judicial authorities
judicial agencies are requesting their data. to request information physically stored in
Criminals use these hosters to store stolen another country. For internet service
data, including credit card information, data providers, differences in regulations can
for botnet herding or child abuse images in become an obstacle for cooperation.
those countries. Dedicated communication Complying with a request for data in one
servers are another example. Criminals can country could imply breaking the law in the
use their own enterprise server to direct their other.
communications while applying strong
encryption techniques. Eavesdropping is not In situations as described in the above, the
effective because of the encryption, and data investigation and any further action taken
from the server cannot be obtained, because against cybercrime comes to a halt. These
it is located in the criminal’s country of challenges cannot be resolved by further
choice. There seems to be a lively trade in improving cooperation. The European
these kind of servers. TOR and I2P techniques Agenda on Security1 recognises that this state
are a third example. Although these techni- of affairs is unacceptable and prioritises
ques of course also allow for legal use most “reviewing the obstacles to criminal investigations
TOR and I2P traffic is of a criminal nature, in on cybercrime, notably on issues of competent
particular the trade in drugs and weapons jurisdiction and rules on access to evidence and
and the spread of child abuse images. information”.
Identifying criminals, both buyers and sellers,
is often not possible and many criminals are Common interest: the security of cyberspace
untouchable. The security of cyberspace is of common interest
to law enforcement and judicial authorities,
In these situations mutual legal assistance is citizens, private organisations and other parts of
not possible, no matter how efficient government. Solutions for these challenges
procedures are. In these circumstances, should therefore take into account interests of all
stopping a cyber-attack or acquiring these parties.
e-evidence could violate the sovereignty of
another country. In most cases this is not Law enforcement and judicial authorities are
allowed under international law. MLA can charged with upholding the rule of law within the
also be impossible for other reasons. For appropriate legal framework, also in cyberspace.
example, the countries involved could have People and businesses should be protected
only limited relations or be involved in against crime. A secure internet is vital to society.
diplomatic issues. Second, legal differences Law enforcement and judicial authorities should
could limit the possibilities for assistance. be given the ability to improve that security for
Investigative powers can differ, or the dual social and economic activities and to counter
criminality requirement might not be met. crime. The legal framework should provide law
Third, the country could lack effective enforcement and judicial authorities with the
capabilities for handling cybercrime and
mutual legal assistance requests. Fourth,
criminals move their activities to other 1 Doc. 8293/15
powers necessary to perform their duties 3. Do we need alternative approaches (e.g. legal
effectively. At the same time, the investigative or other instruments) for situations when
powers they hold can intrude into private lives mutual legal assistance is not possible?
and business processes. Everyone should be 4. Which alternatives would you propose?
confident that law enforcement and judicial 5. Conflicting national and international
authorities will only use their investigative regulations regarding e-evidence hamper
powers under strict conditions, their use being cooperation with private parties. Should we
lawful, necessary and proportionate and subject develop a common approach to tackle this
to proper procedural safeguards. Proper issue?
regulation and transparency about the use of 6. Which elements should be part of such a
investigative powers are essential for people and common approach?
businesses to trust the law enforcement and
judicial authorities and for their trust in
cyberspace being safe and secure.
Private enterprises are often valuable partners in
the fight against cybercrime. The private sector
not only has the information necessary to solve
individual cases because of their control of
applications on the internet but also has valuable
knowledge about cyberspace and the possibilities
it provides for effective investigation. So as to
ensure that the cooperation with private partners
remains constructive, clear regulations and
points of contact are required. Moreover, the
issue of conflicting regulations should be
addressed.
EU process
Following the adoption of the EU Agenda on
Security, valuable contributions were made to the
debate on jurisdiction in cyberspace during
Luxembourg’s EU presidency term. The current
paper serves as a basis for an informal discussion
at the ministerial level during their EU presidency
term. Current practices in joint cybercrime
operations are set to be evaluated through
EMPACT. This is to be followed up on by an
expert-level conference to build on the insights
gained thus far. The results will thereafter be
discussed by COSI and CATS, possibly leading to
the development of a further programme of
action.
In the light of the above, ministers are invited to discuss
the following questions2:
1. Do you support the development of a
common view on jurisdiction in cyberspace in
addition to improving operational
cooperation?
2. Which issues do you think could be addressed
in that respect and what is your view on those
issues?
² As mentioned in the cover note, you are kindly invited to
share (an outline of) your Minister’s response with the
Presidency in advance, which will support us in focusing the
discussion in the meeting on those points which require the
most attention.
