GLACY Global Action on Cybercrime Action globale sur la cybercriminalité Global Forum on Cyber Expertise, Washington DC, 1-2 June 2016 Capacity building on cybercrime: The example of GLACY and GLACY+ Manuel DE ALMEIDA PEREIRA Project Manager Cybercrime Programme Office of the Council of Europe (C-PROC) Council of Europe Nayia BARMPALIOU Programme Manager, Cybersecurity and Organised Crime DG International Cooperation and Development, European Commission www.coe.int/cybercrime
Action on cybercrime: The approach of the Council of Europe 2 Follow up and assessments: Cybercrime Convention Committee (T-CY) 1 Common standards: Budapest Convention on Cybercrime and relates standards Protecting you and your rights in cyberspace Note: Capacity building is part of a consistent and dynamic approach 3 Capacity building: C-PROC Technical cooperation programmes 2 www.coe.int/cybercrime 2
Reach of the Budapest Convention / reach of capacity building 130+ Indicative Budapest Convention Ratified/acceded: 49 Signed: 6 Invited to accede: 11 = 66 49 6 11 Other States with laws/draft laws largely in line with Budapest Convention = 20 Further States drawing on Budapest Convention for legislation = 45+ map only
About the Budapest Convention on Cybercrime Opened for signature in Budapest, Hungary, in 2001 By 1 June 2016: 49 Parties (European, Australia, Canada, Dominican Republic, Israel, Japan, Mauritius, Panama, Sri Lanka, USA) 6 Signatories (European, South Africa) 11 States invited to accede (Argentina, Chile, Colombia, Costa Rica, Mexico, Morocco, Paraguay, Peru, Philippines, Senegal, Tonga) = 66 States 4 www.coe.int/cybercrime 4
5 www.coe.int/cybercrime 5 Budapest Convention: scope Criminalising conduct Illegal access Illegal interception Data interference System interference Misuse of devices Fraud and forgery Child pornography IPR-offences Procedural tools + + Harmonisation Expedited preservation Search and seizure Interception of computer data International cooperation Extradition MLA Spontaneous information Expedited preservation MLA for accessing computer data MLA for interception 24/7 points of contact
Budapest Convention: The role of the Cybercrime Convention Committee (T-CY) Established under Article 46 Budapest Convention Membership (May 2016): 49 Members (State Parties) 17 Observer States 12 organisations (African Union Commission, Commonwealth Secretariat, ENISA, European Union, Eurojust, Europol, INTERPOL, ITU, OAS, OECD, OSCE, UNODC) (Committee of Parties to the Budapest Convention) Functions: Assessments of the implementation of the Convention by the Parties Guidance Notes Draft legal instruments Two plenaries/year as well as Bureau and working group meetings An effective follow up mechanism The T-CY appears to be the main inter-governmental body on cybercrime matters internationally 6 www.coe.int/cybercrime 6
7 www.coe.int/cybercrime 7 Capacity building: The role of C-PROC 2013: Need to enhance capacities at the Council of Europe for capacity building on cybercrime and electronic evidence Decision by Committee of Ministers (October 2013) to establish a dedicated Programme Office in Bucharest, Romania Operational as from April 2014 Currently 18 staff Task: Support to countries worldwide to strengthen criminal justice capacities on cybercrime and electronic evidence
8 www.coe.int/cybercrime 8 European Union Council of Europe partnership EU CoE partnership on global capacity building against cybercrime Since 2010 in Western Balkans and Turkey Since 2011 in Eastern Partnership countries 2013: External cyber capacity building a strategic block of the EU Cybersecurity Strategy: Scaling up Global 2015: European Agenda on Security: Cybercrime an internal and external priority 2015: Agenda 2030: Linking cyber capacity building to EU s Development commitments
C-PROC Projects (Status May 2016) GLACY EU/COE Joint Project Global Action on Cybercrime GLACY+ EU/COE Joint Project Global Action on Cybercrime Cybercrime@EAP II EU/COE Eastern Partnership Cybercrime@EAP III EU/COE Eastern Partnership iproceeds EU/COE Joint Project: Targeting crime proceeds on the Internet Cybercrime@Octopus (voluntary contribution funded) 9 www.coe.int/cybercrime 9
GLACY Global Action on Cybercrime Action globale sur la cybercriminalité 10 www.coe.int/cybercrime 10 GLACY EU/COE Joint Project on Global Action on Cybercrime To enable criminal justice authorities to engage in international cooperation on cybercrime and electronic evidence on the basis of the Budapest Convention on Cybercrime Duration 36 months (Nov 2013 Oct 2016) Budget Funding EUR 3.35 million European Union (Instrument for Stability, IfS) and Council of Europe Geo scope Countries prepared to implement the Budapest Convention Parties, Signatories or Invitees. GLACY Priority countries Mauritius Senegal Tonga Morocco South Africa Philippines Sri Lanka
GLACY Global Action on Cybercrime Action globale sur la cybercriminalité Strategies and engagement of decision-makers Harmonisation of legislation Components/ Expected Results Judicial training Law enforcement capacities International cooperation Information sharing Assessment of progress
GLACY Global Action on Cybercrime Action globale sur la cybercriminalité Sequencing of activities
GLACY Global Action on Cybercrime Action globale sur la cybercriminalité Examples of recent activities: 21 23 March 2016 MAURITIUS 31 March 1 April 2016 31 March 3 April 2016 SENEGAL SRI LANKA 11-13 April 2016 SOUTH AFRICA 9-11 May 2016 Dakar, SENEGAL Examples of forthcoming activities: International workshop on adaptation and update of the electronic evidence guide through the development of Standard Operating Procedures, with participation of all GLACY countries Advisory mission on cybercrime reporting systems, combined with workshop on reporting systems and interagency cooperation Training of trainers/ Introductory Course on Cybercrime and Electronic Evidence for the judiciary International workshop on judicial training curricula integration, with participation of all GLACY countries International Workshop on "International Cooperation on Cybercrime and Electronic Evidence within ECOWAS/West Africa region" 30 June 1 July 2016 TONGA Advisory mission on cybercrime reporting systems, combined with workshop on reporting systems and interagency cooperation 15 22 June 2016 PHILIPPINES Digital data forensics and live data forensics for LE and CERT 14 15 July 2016 MOROCCO International workshop on effectiveness of legislation on cybercrime and electronic evidence measured through statistics 62 activities in 2015
14 www.coe.int/cybercrime 14 New capacity building programme GLACY+ GLACY+ EU/COE Joint Project on Global Action on Cybercrime Extended GLACY+ is to extend the experience of the GLACY project, which supports seven priority countries in Africa and the Asia-Pacific region. These countries may serve as hubs to share their experience within their respective regions. Moreover, countries of Latin America and the Caribbean as well as others in Africa may now also benefit from project support. Duration 48 months (Mar 2016 Feb 2020) Budget Funding GLACY+ Hub or priority countries EUR 10 million European Union (Instrument contributing to Stability and Peace) and Council of Europe Mauritius Senegal Tonga Dom. Republic Morocco South Africa Ghana Philippines Sri Lanka
GLACY+ Global Action on Cybercrime Extended Action Globale sur la Cybercriminalité Élargie 15 www.coe.int/cybercrime 15 To strengthen the capacities of States worldwide to apply legislation on cybercrime and electronic evidence and enhance their abilities for effective international cooperation in this area. CYBERCRIME AND CYBERSECURITY POLICIES AND STRATEGIES To promote consistent cybercrime and cybersecurity policies and strategies. POLICE AUTHORITIES AND INVESTIGATIONS To strengthen the capacity of police authorities to investigate cybercrime and engage in effective police-to-police cooperation with each other as well as with cybercrime units in Europe and other regions. CRIMINAL JUSTICE AND INTERNATIONAL COOPERATION To enable criminal justice authorities to apply legislation and prosecute and adjudicate cases of cybercrime and electronic evidence and engage in international cooperation.
16 www.coe.int/cybercrime 16 Capacity building on cybercrime: lessons learnt Factors of success: Capacity building backed up by common standards (example: Budapest Convention) and follow up mechanism (example: Cybercrime Convention Committee of the Parties) Political commitment to implement standards (Example: signature or formal request for accession to Budapest Convention) as a prerequisite for full range of support) Rule of law conditions: strengthening legislation, including safeguards for procedural powers, as starting point Sequencing of activities: Initial situation reports committing decision makers and counterpart organisations implementing activities assessing progress made feeding results back into policies Country project teams Example GLACY: cooperation with 7 x 5 institutions Capacities for capacity building C-PROC
Capacity building on cybercrime: lessons learnt A capacity building methodology Structured for institutional development and reform Ownership and bottom-up approach: inter-agency national project teams working towards meeting strategic objectives Sustainability: working with Judicial and Law Enforcement Academies, integrating cybercrime in their curricula Rights-based approach: throughout design and implementation Community of sharing: replicable and scalable material developed: manuals, informing also the broader cyber community (T-CY, Octopus) Trans-regional approach: an outlier - partnerships, crossfertilisation, ripple effect 17 www.coe.int/cybercrime 17
GLACY: Manuals and Studies STUDY REPORTS AND MANUALS All reports will be finalized by end of September 2016 Legal framework on Child Protection 0% Legal framework on Data Protection Cybercrime Statistics 10% 10% Study Report on Cybercrime Reporting Systems 50% Standard Operating Procedures 95% Guide for 24/7 points of contact Manual on International Cooperation 75% 75% Legal Framework on ISP Liability 100% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
GFCE 2016 Annual meeting 01-02 June 2016 THANK YOU Q&A Manuel DE ALMEIDA PEREIRA manuel.pereira@coe.int Phone: +40-799 875 216 www.coe.int/cybercrime