Budapest Convention on cyber security

18-Jan-2018: Home Ministry pitches for Budapest Convention on cyber security

Making a strong pitch to sign the Budapest Convention on cyber-crime, the Ministry of Home Affairs flagged the need for international cooperation to check cyber-crime, radicalisation and boost data security. The Convention has 56 members, including the US and the UK.

India was reconsidering its position on becoming a member of the Budapest Convention because of the surge in cyber-crime, especially after a push for digital India. The move, however, is being opposed by the Intelligence Bureau (IB) on the grounds that sharing data with foreign law enforcement agencies infringes on national sovereignty and may jeopardize the rights of individuals.

The Budapest Convention provides for the criminalization of conduct, ranging from illegal access, data and systems interference to computer-related fraud and child pornography, procedural law tools to make investigation of cybercrime and securing of e-evidence in relation to any crime more effective, and international police and judicial cooperation on cybercrime and e-evidence.

A final decision on signing the Convention will be taken after consulting other stakeholders, such as the Ministry of External Affairs and the Ministry of Communication and Information Technology.

Home ministry also set a deadline of February this year to operationalise the Indian Cyber Crime Coordination Centre (I4C). The Home Minister had announced the setting up of I4C in 2016 to deal with all types of cyber-crime at the national level. I4C will be set up under the newly created Cyber and Information Security (CIS) division of the MHA. CIS will have four wings, namely security clearance, cybercrime prevention, cyber security and information security.

Budapest Convention

The Convention on Cybercrime, also known as the Budapest Convention on Cybercrime or the Budapest Convention, is the first international treaty seeking to address Internet and computer crime(cybercrime) by harmonizing national laws, improving investigative techniques, and increasing cooperation among nations. It was drawn up by the Council of Europe in Strasbourg, France, with the active participation of the Council of Europe's observer states Canada, Japan, Philippines, South Africa and the United States.

The Convention and its Explanatory Report was adopted by the Committee of Ministers of the Council of Europe at its 109th Session on 8 November 2001. It was opened for signature in Budapest, on 23 November 2001 and it entered into force on 1 July 2004. As of September 2019, 64 states have ratified the convention, while a further four states had signed the convention but not ratified it.

Since it entered into force, important countries like Brazil and India have declined to adopt the Convention on the grounds that they did not participate in its drafting. Russia opposes the Convention, stating that adoption would violate Russian sovereignty, and has usually refused to cooperate in law enforcement investigations relating to cybercrime. It is the first multilateral legally binding instrument to regulate cybercrime. Since 2018, India has been reconsidering its stand on the Convention after a surge in cybercrime, though concerns about sharing data with foreign agencies remain.

On 1 March 2006, the Additional Protocol to the Convention on Cybercrime came into force. Those States that have ratified the additional protocol are required to criminalize the dissemination of racist and xenophobic material through computer systems, as well as threats and insults motivated by racism or xenophobia.