RAPPORTEUR GROUP

Legal co-operation

GR-J(2019)13

31 October 2019[1]

Convention on Cybercrime (ETS No. 185) –

Request by Brazil to be invited to accede

 

Item to be considered by the GR-J at its meeting on 26 November 2019

 

 

1.         By a Note Verbale dated 13 August 2019, received and registered at the Secretariat General on 16 August 2019, the Embassy of the Federative Republic of Brazil in Paris, expressed to the Secretary General of the Council of Europe the interest of the Government of Brazil to be invited to accede to the Convention on Cybercrime (ETS No. 185) (see Appendix 1).

2.         According to Article 37, paragraph 1, of the Convention and in line with the practice of the Council of Europe, the Secretariat proceeded to a consultation of member States of the Council of Europe and non-member States which are Contracting States to the Convention, requesting them to communicate to the Secretariat whether their authorities would object to the accession of Brazil to the Convention on Cybercrime if the request to be invited to accede was formally submitted to the Committee of Ministers. The deadline for replying was 18 October 2019. No objection was communicated to the Secretariat.

3.         An information note of the Secretariat of the Cybercrime Convention Committee (T-CY) on co-operation with Brazil appears in Appendix 2.

4.         The relevant provisions of the Convention on Cybercrime can be summarised as follows.

a.         Summary of the Convention

5.         The Convention on Cybercrime (ETS No. 185) was opened for signature by the member States of the Council of Europe and by non-member States having participated in its elaboration, in Budapest, on 23 November 2001. It entered into force on 1 July 2004. The chart of signatures and ratifications appears in Appendix 3.

6.         The Convention is the first international treaty on crimes committed via the Internet and other computer networks, dealing particularly with infringements of copyright, computer-related fraud, child pornography and violations of network security. It also provides a series of procedural powers, such as the search for computer networks and the interception of data. Its main objective, set out in the preamble, is “to pursue a common criminal policy aimed at the protection of society against cybercrime, inter alia by adopting appropriate legislation and fostering international co-operation”.

7.         The Convention has been complemented by an Additional Protocol concerning the criminalisation of acts of a racist and xenophobic nature committed through computer systems (ETS No. 189), which was opened for signature on 28 January 2003 and entered into force on 1 March 2006. States having acceded to the Convention are entitled to accede to the Protocol thereto.


b.         Procedure for accession

8.         Article 37, paragraph 1, of the Convention on Cybercrime provides that:

"After the entry into force of this Convention, the Committee of Ministers of the Council of Europe, after consulting with and obtaining the unanimous consent of the Contracting States to the Convention, may invite any State which is not a member of the Council and which has not participated in its elaboration to accede to this Convention.  The decision shall be taken by the majority provided for in Article 20.d. of the Statute of the Council of Europe and by the unanimous vote of the representatives of the Contracting States entitled to sit on the Committee of Ministers.”

9.         Given the above, the Deputies may wish to invite Brazil to accede to the Convention on Cybercrime.


Appendix 1


Appendix 2

www.coe.int/cybercrime

Strasbourg, 25 August 2019

T-CY (2019)25

Restricted

Cybercrime Convention Committee (T-CY)

Co-operation with Brazil

Note by the Secretariat

 


1.            Introduction

The Government of Brazil, by Note Verbale of the Embassy of the Federal Republic of Brazil in Paris dated 13 August 2019, submitted a request for accession to the Budapest Convention on Cybercrime (ETS 185).

The purpose of the present note is to provide supplementary information on the state of co-operation with Brazil in cybercrime matters, including an overview of implementation of the principles of the Budapest Convention.

2.            Co-operation with Brazil

Cybercrime is a major challenge in Brazil and the country is ranking globally as one of the main sources of online financial fraud and related use of malware, phishing, spam and botnets affecting victims and financial institutions not only in Brazil but worldwide.

For this reason, criminal justice authorities of Brazil have been co-operating with Parties to the Budapest Convention and the Council of Europe for many years. For example:

-        Training workshops for prosecutors and for computer forensic experts supported by the Council of Europe in 2007;

-        Workshop on cybercrime legislation at the House of Representatives in 2008;

-        Training workshops for prosecutors and lawyers in 2008;

-        Participation by Brazilian experts in regional events in Mexico (2010) and Costa Rica (2012);

-        Joint participation in workshops or panels in Internet Governance Fora in 2007, 2016 and 2017, and foreseen also in 2019 in Berlin;

-        Participation in Octopus Conferences by prosecutors, investigators or members of Parliament in 2007, 2008, 2009, 2010, 2012, 2013, 2015 and 2018;

-        Regional Conference for Specialized Prosecution Services, Buenos Aires, Argentina, June 2017;

-        Participation in activities under the project on Global Action on Cybercrime Extended (GLACY+):

-        Hemispheric Forum on International Cooperation Against Cybercrime, Santo Domingo, Dominican Republic, 5-7 December 2017;

-        1st CyberRed Annual Meeting, International Conference and Cybercrime Forum, Lisbon, PORTUGAL, 5-7 February 2018;

-        EUROJUST Conference, The Hague, Netherlands, 7-8 March 2018;

-        DESK STUDY- Analysis report of the draft Cybercrime bill in Brazil, May – June 2018;

-        Brazilian law enforcement expertise for assessment missions to Chile (April 2018) and Cabo Verde (October 2019);

-        Participation in the 4th Americas Working Group Meeting on Cybercrime for Heads of Units, Rio de Janeiro, BRAZIL, 4-6 September 2018;

-        International Conference Fight against Cybercrime – the Public Prosecution Services of the CPLP (Lusophone countries) in the global context and 2nd Meeting of the Cybercrime Forum, Praia, Cabo Verde, 11-12 April 2019;

-        2nd Meeting of the Ibero American Network of Cyber Prosecutors (CiberRed/CiberRede), Santiago, Chile, 25-26 June 2019;

-        EUROJUST Conference, The Hague, Netherlands, 30 September – 1 October 2019 (forthcoming).

Brazilian criminal justice authorities have shown a particular interest in the questions to be addressed by the Second Additional Protocol to the Budapest Convention.

Brazil is co-operating with a number of Parties to the Budapest Convention in criminal cases related to cybercrime and electronic evidence. The Brazilian Federal Police (Cyber Crime Division) is a member of the G7 Network of 24/7 points of contact. In 2017, Brazil and EUROPOL signed an agreement on strategic co-operation, covering also cybercrime matters.

With specialised prosecution and police services on cybercrime and computer forensics at Federal and State levels, Brazil seems to have the necessary capacity to co-operate with Parties to the Budapest Convention.


3.            Cybercrime legislation

3.1       Substantive and procedural laws

Brazilian legislation in force criminalises many of the offences of the Budapest Convention, albeit in a somewhat fragmented manner.

This is the case for elements of illegal access, illegal interception, data interference, system interference, misuse of devices, computer-related forgery and fraud.

Law 12737 of November 2012 modified some provisions of the Penal Code to this effect, that is, Articles 154-A, 154-B, 266 and 313-A.

The Child and Adolescent Statute (Estatuto da Criança e Adolescente), Law 8069 of 13 July 1990, criminalises conduct related to child pornography.

Law 9609 of 19 February 1998 covers the protection of intellectual property rights related to software.

As in many other countries of Latin America, general police powers are used by analogy to secure electronic evidence.

Several efforts are underway to reform legislation in view of a comprehensive framework on cybercrime.

A new Penal Code, including also a set of provisions on cybercrime in line with the Budapest Convention, has been pending in the Senate since 2012. Given the complexity of adopting a comprehensive new Penal Code, attempts are now being made to adopt a special law on cybercrime. A draft Bill, prepared by the Federal Prosecution Service (Ministério Público Federal), is available. It takes up the relevant provision of the draft Penal Code with the expectation that as a separate law, it may be adopted sooner. This draft was discussed with Council of Europe experts in 2018 to ensure compliance with the Budapest Convention.

In short, basic legislation is in place that permits the investigation and prosecution of cybercrime as well as international legislation, but further reforms are necessary. An invitation to accede may help accelerate such reforms.

3.2       Safeguards and conditions

 

Article 15 of the Budapest Convention requires Parties to:

“… ensure that the establishment, implementation and application of the powers and procedures provided for in this Section are subject to conditions and safeguards provided for under its domestic law, which shall provide for the adequate protection of human rights and liberties, including rights arising pursuant to obligations it has undertaken under the 1950 Council of Europe Convention for the Protection of Human Rights and Fundamental Freedoms, the 1966 United Nations International Covenant on Civil and Political Rights, and other applicable international human rights instruments, and which shall incorporate the principle of proportionality.”

Brazil is Party to a number of international human rights treaties, including inter alia:

-        American Convention of Human Rights (Pact of San José);

-        UN Convention against Torture and Other Cruel Inhuman or Degrading Treatment or punishment;

-        International Covenant on Civil and Political Rights;

-        International Covenant on Economic, Social and Cultural Rights;

-        Convention on the Rights of the Child.

The death penalty has been abolished for common crimes for more than 120 years and not been applied for some 140 years, although it is theoretically possible to be applied for certain military offences in wartime.


Privacy and the protection of personal data are treated as fundamental rights under the Federal Constitution. According to the “Marco Civil da Internet” (Civil Framework of the Internet – Law 12.965 of 23 April 2014), obtaining information on traffic data and subscribers of communication networks requires respect for privacy and the rights of the user (Articles 22 and 23) and thus court orders. The general procedural law (for example, Article 157 of the Code of Penal Procedure) also requires respect for fundamental rights and procedural rights of citizens.

These safeguards are derived from Article 5 of the Federal Constitution which contains an extensive number of fundamental rights, including regarding the protection of the citizen within a criminal investigation or prosecution.

Brazil recently adopted personal data protection legislation (Law 13.709 of 14 August 2018, amended by Law 13.853 of 8 July 2019). Brazil participates as observer in the Consultative Committee of Data Protection Convention 108 (T-PD) since November 2018.

4.            Conclusion

The authorities of Brazil - in particular prosecution and police services – have been co-operating on cybercrime matters with the Council of Europe since 2007, and these services have consistently expressed the importance of Brazil’s accession to the Budapest Convention.

Given the prevalence of cybercrime in Brazil and its impact on other Parties to the Budapest Convention, it should be in the interest of Parties to be able to co-operate with Brazil within the framework of the Budapest Convention.

Such an invitation would permit more focused capacity building and policy dialogue with Brazil, including in view of further reforms of legislation.

5.            Contact

In case of need for additional information please contact:

Alexander Seger

Executive Secretary Cybercrime Convention Committee

Directorate General of Human Rights and Rule of Law

Council of Europe, Strasbourg, France

Tel        +33-3-9021-4506         

Fax       +33-3-9021-5650

Email    alexander.seger@coe.int


Appendix 3 – Chart of signatures and ratifications of Convention ETS No.185

CHART OF SIGNATURES AND RATIFICATIONS OF TREATY 185

Convention on Cybercrime

Status as of 17/10/2019

Title

Convention on Cybercrime

Reference

ETS No.185

Opening of the treaty

Budapest, 23/11/2001 - Treaty open for signature by the member States and the non-member States which have participated in its elaboration and for accession by other non-member States

Entry into Force

01/07/2004 - 5 Ratifications including at least 3 member States of the Council of Europe

Members of Council of Europe

Signature

Ratification

Entry into Force

Notes

R.

D.

A.

T.

C.

O.

Albania

23/11/2001

20/06/2002 

01/07/2004

A.

Andorra

23/04/2013

16/11/2016 

01/03/2017

R.

D.

A.

Armenia

23/11/2001

12/10/2006 

01/02/2007

A.

Austria

23/11/2001

13/06/2012 

01/10/2012

R.

D.

A.

Azerbaijan

30/06/2008

15/03/2010 

01/07/2010

R.

D.

A.

T.

Belgium

23/11/2001

20/08/2012 

01/12/2012

R.

D.

A.

Bosnia and Herzegovina

09/02/2005

19/05/2006 

01/09/2006

A.

Bulgaria

23/11/2001

07/04/2005 

01/08/2005

R.

D.

A.

Croatia

23/11/2001

17/10/2002 

01/07/2004

A.

Cyprus

23/11/2001

19/01/2005 

01/05/2005

A.

Czech Republic

09/02/2005

22/08/2013 

01/12/2013

R.

D.

A.

Denmark

22/04/2003

21/06/2005 

01/10/2005

R.

A.

T.

Estonia

23/11/2001

12/05/2003 

01/07/2004

A.

Finland

23/11/2001

24/05/2007 

01/09/2007

R.

D.

A.

France

23/11/2001

10/01/2006 

01/05/2006

R.

D.

A.

Georgia

01/04/2008

06/06/2012 

01/10/2012

D.

Germany

23/11/2001

09/03/2009 

01/07/2009

R.

D.

A.

Greece

23/11/2001

25/01/2017 

01/05/2017

R.

D.

A.

Hungary

23/11/2001

04/12/2003 

01/07/2004

R.

D.

A.

Iceland

30/11/2001

29/01/2007 

01/05/2007

R.

A.

Ireland

28/02/2002

Italy

23/11/2001

05/06/2008 

01/10/2008

A.

Latvia

05/05/2004

14/02/2007 

01/06/2007

R.

A.

Liechtenstein

17/11/2008

27/01/2016 

01/05/2016

R.

D.

A.

Lithuania

23/06/2003

18/03/2004 

01/07/2004

R.

D.

A.

Luxembourg

28/01/2003

16/10/2014 

01/02/2015

A.

Malta

17/01/2002

12/04/2012 

01/08/2012

D.

Monaco

02/05/2013

17/03/2017 

01/07/2017

A.

Montenegro

07/04/2005

03/03/2010 

01/07/2010

55

R.

A.

Netherlands

23/11/2001

16/11/2006 

01/03/2007

A.

T.

North Macedonia

23/11/2001

15/09/2004 

01/01/2005

A.

Norway

23/11/2001

30/06/2006 

01/10/2006

R.

D.

A.

Poland

23/11/2001

20/02/2015 

01/06/2015

R.

A.

Portugal

23/11/2001

24/03/2010 

01/07/2010

D.

A.

Republic of Moldova

23/11/2001

12/05/2009 

01/09/2009

D.

A.

T.

Romania

23/11/2001

12/05/2004 

01/09/2004

A.

Russian Federation

San Marino

17/03/2017

 08/03/2019

01/07/2019 

A.

Serbia

07/04/2005

14/04/2009 

01/08/2009

55

A.

Slovak Republic

04/02/2005

08/01/2008 

01/05/2008

R.

D.

A.

Slovenia

24/07/2002

08/09/2004 

01/01/2005

A.

Spain

23/11/2001

03/06/2010 

01/10/2010

D.

A.

Sweden

23/11/2001

Switzerland

23/11/2001

21/09/2011 

01/01/2012

R.

D.

A.

Turkey

10/11/2010

29/09/2014 

01/01/2015

Ukraine

23/11/2001

10/03/2006 

01/07/2006

R.

D.

A.

United Kingdom

23/11/2001

25/05/2011 

01/09/2011

R.

A.

Non-Members of Council of Europe

Signature

Ratification

Entry into Force

Notes

R.

D.

A.

T.

C.

O.

Argentina

 05/06/2018 a

01/10/2018 

R.

A.

Australia

30/11/2012 a

01/03/2013

R.

A.

Benin

4

Cabo Verde

 19/06/2018 a

01/10/2018 

A.

Canada

23/11/2001

08/07/2015 

01/11/2015

R.

D.

A.

Chile

20/04/2017 a

01/08/2017

R.

D.

A.

Colombia

4

Costa Rica

22/09/2017 a

01/01/2018

D.

A.

Dominican Republic

07/02/2013 a

01/06/2013

D.

A.

Ghana

 03/12/2018 a

01/04/2019 

A.

Israel

09/05/2016 a

01/09/2016

R.

A.

Japan

23/11/2001

03/07/2012 

01/11/2012

R.

D.

A.

Mauritius

15/11/2013 a

01/03/2014

A.

Mexico

Morocco

 29/06/2018 a

01/10/2018 

A

Nigeria

4

Panama

05/03/2014 a

01/07/2014

A.

Paraguay

30/07/2018 a

 01/11/2018

A

Peru

 26/08/2019 a

01/12/2019 

R.

D.

A.

Philippines

 28/03/2018 a

01/07/2018 

A

Senegal

16/12/2016 a

01/04/2017

A.

South Africa

23/11/2001

Sri Lanka

29/05/2015 a

01/09/2015

R.

D.

A.

Tonga

09/05/2017 a

01/09/2017

A.

Tunisia

4

United States of America

23/11/2001

29/09/2006 

01/01/2007

R.

D.

A.

Total number of signatures not followed by ratifications

3

Total number of ratifications/accessions

64

Notes

(55) Date of signature by the State union of Serbia and Montenegro.

(4) Since 2013 the decision to invite a non-member State to accede to the treaty is valid five years as from its adoption. See the following Chart.

a: Accession s: Signature without reservation as to ratification su: Succession r: Signature "ad referendum".
R.: Reservations D.: Declarations, Denunciations, Derogations A.: Authorities T.: Territorial Application C.: Communication O.: Objection.

Source : Treaty Office on http://conventions.coe.int - * Disclaimer.



[1] This document has been classified restricted at the date of issue; it will be declassified in accordance with Resolution Res(2001)6 on access to Council of Europe documents.