The Centre for Internet and Society
http://editors.cis-india.org
These are the search results for the query, showing results 1 to 3.
International Cooperation in Cybercrime: The Budapest Convention
http://editors.cis-india.org/internet-governance/blog/vipul-kharbanda-april-29-2019-international-cooperation-in-cybercrime-the-budapest-convention
<b>In today’s increasingly digitized world where an increasing volume of information is being stored in the digital format, access to data generated by digital technologies and on digital platforms is important in solving crimes online and offline.</b>
<p><a class="external-link" href="http://cis-india.org/internet-governance/files/budapest-convention-paper.pdf"><b>Click to download the file here </b></a></p>
<hr />
<p style="text-align: justify; "><span>However, the global nature of the internet challenges traditional methods of law enforcement by forcing states to cooperate with each other for a greater variety and number of cases than ever before in the past. The challenges associated with accessing data across borders in order to be able to fully investigate crimes which may otherwise have no international connection forces states to think of easier and more efficient ways of international cooperation in criminal investigations. One such mechanism for international cooperation is the Convention on Cybercrime adopted in Budapest (“</span><strong>Budapest</strong><span> </span><strong>Convention</strong><span>”). Drafted by the Council of Europe along with Canada, Japan, South Africa and the United States of America it is the first and one of the most important multilateral treaties addressing the issue of cybercrime and international cooperation.</span><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn1"><sup><sup>[1]</sup></sup></a></p>
<p style="text-align: justify; "><strong>Extradition</strong></p>
<p style="text-align: justify; ">Article 24 of the Budapest Convention deals with the issue of extradition of individuals for offences specified in Articles 2 to 11 of the Convention. Since the Convention allows Parties to prescribe different penalties for the contraventions contained in Articles 2-11, it specifies that extradition cannot be asked for unless the crime committed by the individual carries a maximum punishment of deprivation of liberty for atleast one year.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn2"><sup><sup>[2]</sup></sup></a> In order to not complicate issues for Parties which may already have extradition treaties in place, the Convention clearly mentions that in cases where such treaties exist, extradition will be subject to the conditions provided for in such extradition treaties.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn3"><sup><sup>[3]</sup></sup></a> Although extradition is also subject to the laws of the requested Party, if the laws provide for the existence of an extradition treaty, such a requirement shall be deemed to be satisfied by considering the Convention as the legal basis for the extradition.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn4"><sup><sup>[4]</sup></sup></a> The Convention also specifies that the offences mentioned in Articles 2 to 11 shall be deemed to be included in existing extradition treaties and Parties shall include them in future extradition treaties to be executed.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn5"><sup><sup>[5]</sup></sup></a></p>
<p style="text-align: justify; ">The Convention also recognises the principle of "<em>aut dedere aut judicare</em>" (extradite or prosecute) and provides that if a Party refuses to extradite an offender solely on the basis that it shall not extradite their own citizens,<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn6"><sup><sup>[6]</sup></sup></a> then, if so requested, such Party shall prosecute the offender for the offences alleged in the same manner as if the person had committed a similar offence in the requested Party itself.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn7"><sup><sup>[7]</sup></sup></a> The Convention also requires the Secretary General of the Council of Europe to maintain an updated register containing the authorities designated by each of the Parties for making or receiving requests for extradition or provisional arrest in the absence of a treaty.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn8"><sup><sup>[8]</sup></sup></a></p>
<p style="text-align: justify; "><strong>Mutual Assistance Requests</strong></p>
<p style="text-align: justify; ">The Convention imposes an obligation upon the Parties to provide mutual assistance “to the widest extent possible” for investigations or proceedings of criminal offences related to computer systems and data.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn9"><sup><sup>[9]</sup></sup></a> Just as in the case of extradition, the mutual assistance to be provided is also subject to the conditions prescribed by the domestic law of the Parties as well as mutual assistance treaties between the Parties.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn10"><sup><sup>[10]</sup></sup></a> However, it is in cases where no mutual assistance treaties exist between the Parties that the Convention tries to fill the lacuna and provide for a mechanism for mutual assistance.</p>
<p style="text-align: justify; ">The Convention requires each Party to designate an authority for the purpose of sending and answering mutual assistance requests from other Parties as well as transmitting the same to the relevant authority in their home country. Similar to the case of authorities for extradition, the Secretary General is required to maintain an updated register of the central authorities designated by each Party.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn11"><sup><sup>[11]</sup></sup></a> Recognising the fact that admissibility of the evidence obtained through mutual assistance in the domestic courts of the requesting Party is a major concern, the Convention provides that the mutual assistance requests are to be executed in accordance with the procedures prescribed by the requesting Party unless such procedures are incompatible with the laws of the requested Party.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn12"><sup><sup>[12]</sup></sup></a></p>
<p style="text-align: justify; ">Parties are allowed to refuse a request for mutual assistance on the grounds that (i) the domestic laws of the requested party do not allow it to carry out the request;<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn13"><sup><sup>[13]</sup></sup></a> (ii) the request concerns an offence considered as a political offence by the requested Party;<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn14"><sup><sup>[14]</sup></sup></a> or (iii) in the opinion of the requested Party such a request is likely to prejudice its sovereignty, security, <em>ordre public </em>or other essential interests.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn15"><sup><sup>[15]</sup></sup></a> The requested Party is also allowed to postpone any action on the request if it thinks that acting on the request would prejudice criminal investigations or proceedings by its own authorities.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn16"><sup><sup>[16]</sup></sup></a> In cases where assistance would be refused or postponed, the requested Party may consult with the other Party and consider whether partial or conditional assistance may be provided.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn17"><sup><sup>[17]</sup></sup></a></p>
<p style="text-align: justify; ">In practice it has been found that though States refuse requests on a number of grounds,<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn18"><sup><sup>[18]</sup></sup></a> some states even refuse cooperation in the event that the case is minor but requires an excessive burden on the requested state.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn19"><sup><sup>[19]</sup></sup></a> A case study of a true instance recounted below gives an idea of the effort and resources it may take for a requested state to carry out a mutual assistance request:</p>
<p style="text-align: justify; ">“In the beginning of 2005, a Norwegian citizen (let’s call him A.T.) attacked a bank in Oslo. He intended to steal money and he did so effectively. During his action, a police officer was killed. A.T. ran away and could not be found in Norway. Some days later, police found and searched his home and computer and discovered that A.T. was the owner of an email account from a provider in the United Kingdom. International co-operation was required from British authorities which asked the provider to put his email account under surveillance. One day, A.T. used his email account to send an email message. In the United Kingdom, police asked the ISP information about the IP address where the communication came from and it was found that it came from Spain.</p>
<p style="text-align: justify; ">British and Spanish authorities installed an alert system whose objective was to know, each time that A.T. used his email account, where he was. Thus, each time A.T. used his account, British police obtained the IP address of the computer in the origin of the communication and provided it immediately to Spanish police. Then, Spanish police asked the Spanish ISPs about the owner or user of the IP address. All the connexions were made from cybercafés in Madrid. Even proceeding to that area very quickly, during a long period of time it was not possible to arrive at those places before A.T. was gone.</p>
<p style="text-align: justify; ">Later, A.T. began to use his email account from a cybercafé in Malaga. This is a smaller town than Madrid and there it was possible to put all the cybercafés from a certain area permanently under physical surveillance. After some days of surveillance, British police announced that A.T. was online, using his email account, and provided the IP address. Very rapidly, the Spanish ISP informed Spanish police from the concrete location of the cybercafé what allowed the officers in the street to identify and arrest A.T. in place.</p>
<p style="text-align: justify; ">A.T. was extradited to Norway and prosecuted.”<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn20"><sup><sup>[20]</sup></sup></a></p>
<p style="text-align: justify; ">It is clear from the above that although the crime occurred in Norway, a lot of work was actually done by the authorities in the United Kingdom and Spain. In a serious case such as this where there was a bank robbery as well as a murder involved, the amount of effort expended by authorities from other states may be appropriate but it is unlikely that the authorities in Britain and Spain would have allocated such resources for a petty crime.</p>
<p style="text-align: justify; ">In sensitive cases where the requests have to be kept secret or confidential for any reason, the requesting Party has to specify that the request should be kept confidential except to the extent required to execute the request (such as disclosure in front of appropriate authorities to obtain the necessary permissions). In case confidentiality cannot be maintained the requested Party shall inform the requesting Party of this fact, which shall then take a decision regarding whether to withdraw the request or not.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn21"><sup><sup>[21]</sup></sup></a> On the other hand the requested Party may also make its supply of information conditional to it being kept confidential and that it not be used in proceedings or investigations other than those stated in the request.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn22"><sup><sup>[22]</sup></sup></a> If the requesting Party cannot comply with these conditions it shall inform the requested Party which will then decide whether to supply the information or not.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn23"><sup><sup>[23]</sup></sup></a></p>
<p style="text-align: justify; ">In the normal course the Convention envisages requests being made and executed through the respective designated central authorities, however it also makes a provision, in urgent cases, for requests being made directly by the judicial authorities or even the Interpol.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn24"><sup><sup>[24]</sup></sup></a> Even in non urgent cases, if the authority of the requested Party is able to comply with the request without making use of coercive action, requests may be transmitted directly to the competent authority without the intervention of the central authority.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn25"><sup><sup>[25]</sup></sup></a></p>
<p style="text-align: justify; ">The Convention clarifies that through these mutual assistance requests a Party may ask another to (i) either search, seize or disclose computer data within its territory,<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn26"><sup><sup>[26]</sup></sup></a> (ii) provide real time collection of traffic data with specified communications in its territory;<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn27"><sup><sup>[27]</sup></sup></a> and (iii) provide real time collection or recording of content data of specified communications.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn28"><sup><sup>[28]</sup></sup></a> The provision of mutual assistance specified above has to be in accordance with the domestic laws of the requested Party.</p>
<p style="text-align: justify; ">The procedure for sending mutual assistance requests under the Convention is usually the following:</p>
<ol style="text-align: justify; ">
<li>Preparation of a request for mutual assistance by the prosecutor or enforcement agency which is responsible for an investigation.</li>
<li>Sending the request by the prosecutor or enforcement agency to the Central Authority for verification (and translation, if necessary).</li>
<li>The Central Authority then submits the request either, (i) to the foreign central authority, or (ii) directly to the requested judicial authority.</li>
</ol>
<p style="text-align: justify; "><span>The following procedure is then followed in the corresponding receiving Party:</span></p>
<ol style="text-align: justify; ">
<li>Receipt of the request by the Central Authority.</li>
<li>Central Authority then examines the request against formal and legal requirements (and translates it, if necessary).</li>
<li>Central Authority then transmits the request to the competent prosecutor or enforcement agency to obtain court order (if needed).</li>
<li>Issuance of a court order (if needed).</li>
<li>Prosecutor orders law enforcement (e.g. cybercrime unit) to obtain the requested data.</li>
<li>Data obtained is examined against the MLA request, which may entail translation or</li>
</ol>
<p style="text-align: justify; ">using a specialist in the language.</p>
<ol style="text-align: justify; ">
<li>The information is then transmitted to requesting State via MLA channels.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn29"><sup><sup>[29]</sup></sup></a></li>
</ol>
<p style="text-align: justify; "><span>In practice, the MLA process has generally been found to be inefficient and this inefficiency is even more pronounced with respect to electronic evidence. The general response times range from six months to two years and many requests (and consequently) investigations are often abandoned.</span><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn30"><sup><sup>[30]</sup></sup></a><span> Further, the lack of awareness regarding procedure and applicable legislation of the requested State lead to formal requirements not being met. Requests are often incomplete or too broad; do not meet legal thresholds or the dual criminality requirement.</span><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn31"><sup><sup>[31]</sup></sup></a></p>
<p style="text-align: justify; "><span>Preservation Requests</span></p>
<p style="text-align: justify; ">The Budapest Convention recognises the fact that computer data is highly volatile and may be deleted, altered or moved, rendering it impossible to trace a crime to its perpetrator or destroying critical proof of guilt. The Convention therefore envisioned the concept of preservation orders which is a limited, provisional measure intended to take place much more rapidly than the execution of a traditional mutual assistance. Thus the Convention gives the Parties the legal ability to obtain the expeditious preservation of data stored in the territory of another (requested) Party, so that the data is not altered, removed or deleted during the time taken to prepare, transmit and execute a request for mutual assistance to obtain the data.</p>
<p style="text-align: justify; ">The Convention therefore provides that a Party may request another Party to obtain the expeditious preservation of specified computer data in respect of which such Party intends to submit a mutual assistance request. Once such a request is received the other Party has to take all appropriate measures to ensure compliance with such a request. The Convention also specifies that dual criminality is not a condition to comply with such requests for preservation of data since these are considered to be less intrusive than other measures such as seizure, etc.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn32"><sup><sup>[32]</sup></sup></a> However in cases where parties have a dual criminality requirement for providing mutual assistance they may refuse a preservation request on the ground that at the time of providing the data the dual criminality condition would not be met, although in regard to the offences covered under Articles 2 to 11 of the Convention, the requirement of dual criminality will be deemed to have been satisfied.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn33"><sup><sup>[33]</sup></sup></a> In addition to dual criminality a preservation request may also be refused on the grounds that (i) the offence alleged is a political offence; and (ii) execution of the request would likely to prejudice the sovereignty, security, <em>ordre public </em>or other essential interests of the requested Party.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn34"><sup><sup>[34]</sup></sup></a></p>
<p style="text-align: justify; ">In case the requested Party feels that preservation will not ensure the future availability of the data or will otherwise prejudice the investigation, it shall promptly inform the requesting Party which shall then take a decision as to whether to ask for the preservation irrespective.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn35"><sup><sup>[35]</sup></sup></a> Preservation of the data pursuant to a request will be for a minimum period of 60 days and upon receipt of a mutual assistance request will continue to be preserved till a decision is taken on the mutual assistance request.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn36"><sup><sup>[36]</sup></sup></a> If the requested Party finds out in the course of executing the preservation request that the data has been transmitted through a third state or the requesting Party itself, it has a duty to inform the requesting Party of such facts as well as provide it with sufficient traffic data in order for it to be able to identify the service provider in the other state.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn37"><sup><sup>[37]</sup></sup></a></p>
<p style="text-align: justify; "><strong>Jurisdiction and Access to Stored Data </strong></p>
<p style="text-align: justify; ">The problem of accessing data across international borders stems from the international law principle which provides that the authority to enforce (an action) on the territory of another State is permitted only if the latter provides consent for such behaviour. States that do not acquire such consent may therefore be acting contrary to the principle of non-intervention and may be in violation of the sovereignty of the other State.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn38"><sup><sup>[38]</sup></sup></a> The Convention specifies two situations in which a Party may access computer data stored in another Party’s jurisdiction; (i) when such data is publicly available; and (ii) when the Party has accessed such data located in another state through a computer system located in its own territory provided it has obtained the “lawful and voluntary consent of the person who has the lawful authority to disclose the data to the Party through that computer system”.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn39"><sup><sup>[39]</sup></sup></a> These are two fairly obvious situations where a state should be allowed to use the computer data without asking another state, infact if a state was required to take the permission of the state in the territory of which the data was physically located even in these situations, then it would likely delay a large number of regular investigations where the data would otherwise be available but could not be legally used unless the other country provided it under the terms of the Convention or some other legal instrument. At the time of drafting the Convention it appears that Parties could not agree upon any other situations where it would be universally acceptable for a state to unilaterally access data located in another state, however it must be noted that other situations for unilaterally accessing data are neither authorized, nor precluded.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn40"><sup><sup>[40]</sup></sup></a></p>
<p style="text-align: justify; ">Since the language of the Budapest Convention stopped shy of addressing other situations law enforcement agencies had been engaged in unilateral access to data stored in other jurisdictions on an uncertain legal basis risking the privacy rights of individuals raising concerns regarding national sovereignty.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn41"><sup><sup>[41]</sup></sup></a> It was to address this problem that the Cybercrime Committee established the “ad-hoc sub-group of the T-CY on jurisdiction and transborder access to data and data flows” (the “Transborder Group”) in November 2011 which came out with a Guidance Note clarigying the legal position under Article 32.</p>
<p style="text-align: justify; ">The Guidance Note # 3 on Article 32 by the Cybercrime Committee specifies that Article 32(b) would not cover situations where the data is not stored in another Party or where it is uncertain where the data is located. A Party is also not allowed to use Article 32(b) to obtain disclosure of data that is stored domestically. Since the Convention neither authorizes nor precludes other situations, therefore if it is unknown or uncertain that data is stored in another Party, Parties may need to evaluate themselves the legitimacy of a search or other type of access in the light of domestic law, relevant international law principles or considerations of international relations.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn42"><sup><sup>[42]</sup></sup></a> The Budapest Convention does not require notification to the other Party but parties are free to notify the other Party if they deem it appropriate.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn43"><sup><sup>[43]</sup></sup></a> The “voluntary and lawful consent” of the person means that the consent must be obtained without force or deception. Giving consent in order to avoid or reduce criminal charges would also constitute lawful and voluntary consent. If cooperation in a criminal investigation requires explicit consent in a Party, this requirement would not be fulfilled by agreeing to the general terms and conditions of an online service, even if the terms and conditions indicate that data would be shared with criminal justice authorities.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn44"><sup><sup>[44]</sup></sup></a></p>
<p style="text-align: justify; ">The person who is lawfully authorized to give consent is unlikely to include service providers with respect to their users’ data. This is because normally service providers would only be holders of the data, they would not own or control the data and therefore cannot give valid consent to share the data.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn45"><sup><sup>[45]</sup></sup></a> The Guidance Note also specifies that with respect to the location of the person providing access or consent, while the standard assumption is that the person would be physically located in the requesting Party however there may be other situations, “It is conceivable that the physical or legal person is located in the territory of the requesting law enforcement authority when agreeing to disclose or actually providing access, or only when agreeing to disclose but not when providing access, or the person is located in the country where the data is stored when agreeing to disclose and/or providing access. The person may also be physically located in a third country when agreeing to cooperate or when actually providing access. If the person is a legal person (such as a private sector entity), this person may be represented in the territory of the requesting law enforcement authority, the territory hosting the data or even a third country at the same time.” Parties are also required to take into account the fact that third Parties may object (and some even consider it a criminal offence) if a person physically located in their territory is directly approached by a foreign law enforcement authority to seek his or her cooperation.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn46"><sup><sup>[46]</sup></sup></a></p>
<p style="text-align: justify; "><strong>Production Order</strong></p>
<p style="text-align: justify; ">A similar problem arises in case of Article 18 of the Convention which requires Parties to put in place procedural provisions to compel a person in their territory to provide specified stored computer data, or a service provider offering services in their territory to submit subscriber information.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn47"><sup><sup>[47]</sup></sup></a> It must be noted here, that the data in question must be already stored or existing data, which implies that this provision does not cover data that has not yet come into existence such as traffic data or content data related to future communications.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn48"><sup><sup>[48]</sup></sup></a> Since the term used in this provision is that the data must be within the “possession or control” of the person or the service provider, therefore this provision is also capable of being used to access data stored in the territory of a third party as long as the data is within the possession and control of the person on whom the Production Order has been served. In this regard it must be noted that the Article makes a distinction between computer data and subscriber information and specifies that computer data can only be asked for from a person (including a service provider) located within the territory of the ordering Party even if the data is stored in the territory of a third Party.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn49"><sup><sup>[49]</sup></sup></a> However subscriber information<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn50"><sup><sup>[50]</sup></sup></a> can be ordered only from a service provider even if the service provider is not located within the territory of the ordering Party as long as it is offering its services in the territory of that Party and the subscriber information relates to the service offered in the ordering Party’s territory.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn51"><sup><sup>[51]</sup></sup></a></p>
<p style="text-align: justify; ">Since the power under Article 18 is a domestic power which potentially can be used to access subscriber data located in another State, the use of this Article may raise complicated jurisdictional issues. This combined with the growth of cloud computing and remote data storage also raises concerns regarding privacy and data protection, the jurisdictional basis pertaining to services offered without the service provider being established in that territory, as well as access to data stored in foreign jurisdictions or in unknown or multiple locations “within the cloud”.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn52"><sup><sup>[52]</sup></sup></a> Even though some of these issues require further discussions and a more nuanced treatment, the Cybercrime Committee felt the need to issue a Guidance Note to Article 18 in order to avoid some of the confusion regarding the implementation of this provision.</p>
<p style="text-align: justify; ">Article 18(1)(b) may include a situation where a service provider is located in one jurisdiction, but stores the data in another jurisdiction. Data may also be mirrored in several jurisdictions or move between jurisdictions without the knowledge or control of the subscriber. In this regard the Guidance Note points out that legal regimes increasingly recognize that, both in the criminal justice sphere and in the privacy and data protection sphere, the location of the data is not the determining factor for establishing jurisdiction.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn53"><sup><sup>[53]</sup></sup></a></p>
<p style="text-align: justify; ">The Guidance Note further tries to clarify the term “offering services in its territory” by saying that Parties may consider that a service provider is offering services if: (i) the service provider enables people in the territory of the Party to subscribe to its services (and does not, for example, block access to such services); and (ii) the service provider has established a real and substantial connection that Party. Relevant factors to determine whether such a connection has been established include “the extent to which a service provider orients its activities toward such subscribers (for example, by providing local advertising or advertising in the language of the territory of the Party), makes use of the subscriber information (or associated traffic data) in the course of its activities, interacts with subscribers in the Party, and may otherwise be considered established in the territory of a Party”.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn54"><sup><sup>[54]</sup></sup></a> A service provider will not be presumed to be offering services within the territory of a Party just because it uses a domain name or email address connected to that country.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn55"><sup><sup>[55]</sup></sup></a> The Guidance Note provides a very elegant tabular illustration of its requirements to serve a valid Production Order on a service provider:<sup><sup><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn56">[56]</a></sup></sup></p>
<table style="text-align: justify; ">
<tbody>
<tr>
<td colspan="3">
<p align="center"><strong>PRODUCTION ORDER CAN BE SERVED</strong></p>
</td>
</tr>
<tr>
<td colspan="3">
<p align="center">IF</p>
<p>The criminal justice authority has jurisdiction over the offence</p>
</td>
</tr>
<tr>
<td colspan="3">
<p align="center">AND</p>
<p>The service provider is in possession or control of the subscriber information</p>
</td>
</tr>
<tr>
<td colspan="3">
<p align="center">AND</p>
</td>
</tr>
<tr>
<td>
<p>The service provider is in the territory of the Party</p>
<p>(<em>Article 18(1)(a)</em>)</p>
</td>
<td>
<p>Or</p>
</td>
<td>
<p>A Party considers that a service provider is “offering its services in the territory of the Party” when, for example:</p>
<p>- the service provider enables persons in the territory of the Party to subscribe to its services (and does not, for example, block access to such services);</p>
<p>and</p>
<p>- the service provider has established a real and substantial connection to a Party. Relevant factors include the extent to which a service provider orients its activities toward such subscribers (for example, by providing local advertising or advertising in the language of the territory of the Party), makes use of the subscriber information (or associated traffic data) in the course of its activities, interacts with subscribers in the Party, and may otherwise be considered established in the territory of a Party.</p>
<p>(<em>Article 18(1)(b)</em>)</p>
</td>
</tr>
<tr>
<td colspan="3">
<p align="center">AND</p>
</td>
</tr>
<tr>
<td colspan="2">
<p> </p>
</td>
<td>
<p>the subscriber information to be submitted is relating to services of a provider offered in the territory of the Party.</p>
</td>
</tr>
</tbody>
</table>
<p style="text-align: justify; "><span>The existing processes for accessing data across international borders, whether through MLATs or through the mechanism established under the Budapest Convention are clearly too slow to be a satisfactory long term solution. It is precisely for that reason that the Cybercrime Committee has suggested alternatives to the existing mechanism such as granting access to data without consent in certain specific emergency situations;</span><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn57"><sup><sup>[57]</sup></sup></a><span> or access to data stored in another country through a computer in its own territory provided the credentials for such access are obtained through lawful investigative activities.</span><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn58"><sup><sup>[58]</sup></sup></a><span> Another option suggested by the Cybercrime Committee is to look beyond the principle of territoriality, specially in light of the recent developments in cloud computing where the location of the data may not be certain or data may be located in multiple locations,</span><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn59"><sup><sup>[59]</sup></sup></a><span> and look at a connecting legal factor as an alternative such as the “power of disposal”. This option implies that even if the location of the data cannot be determined it can be connected to the person having the power to “alter, delete, suppress or render unusable as well as the right to exclude other from access and any usage whatsoever”.</span><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn60"><sup><sup>[60]</sup></sup></a><span> </span></p>
<p style="text-align: justify; "><strong>Language of Requests</strong></p>
<p style="text-align: justify; ">It was found from practice that the question of the language in which the mutual assistance requests were made was a big issue in most States since it created problems such as delays due to translations, costly translations, quality of translations, etc. The Cybercrime Committee therefore suggested that an additional protocol be added to the Budapest Convention to stipulate that requests sent by Parties should be accepted in English atleast in urgent cases since most States accepted a request in English.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn61"><sup><sup>[61]</sup></sup></a> Due to these problems associated with the language of assistance requests, the Cybercrime Convention Committee has already released a provisional draft Additional Protocol to address the issue of language of mutual assistance requests for public comments.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn62"><sup><sup>[62]</sup></sup></a></p>
<p style="text-align: justify; "><strong>24/7 Network</strong></p>
<p style="text-align: justify; ">Parties are required to designate a point of contact available on a twenty-four hour, seven-day-a week basis, in order to ensure the provision of immediate assistance for the purpose of investigations or proceedings concerning criminal offences related to computer systems and data, or for the collection of evidence, in electronic form, of a criminal offence. The point of contact for each Party is required to have the capacity to carry out communications with the points of contact for any other Party on an expedited basis. It is the duty of the Parties to ensure that trained and properly equipped personnel are available in order to facilitate the operation of the network.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn63"><sup><sup>[63]</sup></sup></a> The Parties recognized that establishment of this network is among the most important means provided by the Convention of ensuring that Parties can respond effectively to the law enforcement challenges posed by computer-or computer-related crimes.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn64"><sup><sup>[64]</sup></sup></a> In practice however it has been found that in a number of Parties there seems to be a disconnect between the 24/7 point of contact and the MLA request authorities leading to situations where the contact points may not be informed about whether preservation requests are followed up by MLA authorities or not.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn65"><sup><sup>[65]</sup></sup></a></p>
<p style="text-align: justify; "><strong>Drawbacks and Improvements</strong></p>
<p style="text-align: justify; ">The Budapest Convention, whilst being the most comprehensive and widely accepted document on international cooperation in the field of cybercrime, has its own share of limitations and drawbacks. Some of the major limitations which can be gleaned from the discussion above (and potential recommendations for the same) are listed below:</p>
<p style="text-align: justify; "><em><span>Weakness and Delays in Mutual Assistance:</span></em> In practice it has been found that though States refuse requests on a number of grounds,<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn66"><sup><sup>[66]</sup></sup></a> some states even refuse cooperation in the event that the case is minor but requires an excessive burden on the requested state. Further, the delays associated with the mutual assistance process are another major hurdle, and are perhaps the reason by police-to-police cooperation for the sharing of data related to cybercrime and e-evidence is much more frequent than mutual legal assistance.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn67"><sup><sup>[67]</sup></sup></a> The lack of regulatory and legal awareness often leads to procedural lapses due to which requests do not meet legal thresholds. More training, more information on requirements to be met and standardised and multilingual templates for requests may be a useful tool to address this concern.</p>
<p style="text-align: justify; "><em><span>Access to data stored outside the territory:</span></em> Access to data located in another country without consent of the authorities in that country poses another challenge. The age of cloud computing with processes of data duplication and delocalisation of data have added a new dimension to this problem.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn68"><sup><sup>[68]</sup></sup></a> It is precisely for that reason that the Cybercrime Committee has suggested alternatives to the existing mechanism such as granting access to data without consent in certain specific emergency situations;<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn69"><sup><sup>[69]</sup></sup></a> or access to data stored in another country through a computer in its own territory provided the credentials for such access are obtained through lawful investigative activities.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn70"><sup><sup>[70]</sup></sup></a> Another option suggested by the Cybercrime Committee is to look beyond the principle of territoriality and look at a connecting legal factor as an alternative such as the “power of disposal”.</p>
<p style="text-align: justify; "><em><span>Language of requests:</span></em> Language of requests create a number of problems such as delays due to translations, cost of translations, quality of translations, etc. Due to these problems, the Cybercrime Convention Committee has already released for public comment, a provisional draft Additional Protocol to address the issue.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn71"><sup><sup>[71]</sup></sup></a></p>
<p style="text-align: justify; "><em><span>Bypassing of 24/7 points of contact:</span></em> Although 24/7 points have been set up in most States, it has been found that there is often a disconnect between the 24/7 point of contact and the MLA request authorities leading to situations where the contact points may not be informed about whether preservation requests are followed up by MLA authorities or not.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn72"><sup><sup>[72]</sup></sup></a></p>
<p style="text-align: justify; "><strong>India and the Budapest Convention </strong></p>
<p style="text-align: justify; ">Although countries outside the European Union have the option on signing the Budapest Convention and getting onboard the international cooperation mechanism envisaged therein, India has so far refrained from signing the Budapest Convention. The reasons for this refusal appear to be as follows:</p>
<ul>
<li>India did not participate in the drafting of the treaty and therefore should not sign. This concern, while valid is not a consistent foreign policy stand that India has taken for all treaties, since India has signed other treaties, where it had no hand in the initial drafting and negotiations.<sup><sup><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn73">[73]</a></sup></sup></li>
<li>Article 32(b) of the Budapest Convention involves tricky issues of national sovereignty since it allows for cross border access to data without the consent of the other party. Although, as discussed above, the Guidance Note on Article 32 clarified this issue to an extent, it appears that arguments have been raised in some quarters of the government that the options provided by Article 32 are too limited and additional means may be needed to deal with cross border data access.<sup><sup><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn74" style="text-align: justify; ">[74]</a></sup></sup></li>
<li>The mutual legal assistance framework under the Convention is not effective enough and the promise of cooperation is not firm enough since States can refuse to cooperate on a number of grounds.<sup><sup><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn75" style="text-align: justify; ">[75]</a></sup></sup></li>
<li>It is a criminal justice treaty and does not cover state actors; further the states from which most attacks affecting India are likely to emanate are not signatories to the Convention either.<sup><sup><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn76" style="text-align: justify; ">[76]</a></sup></sup></li>
<li>Instead of joining the Budapest Convention, India should work for and promote a treaty at the UN level.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn77" style="text-align: justify; "><sup><sup>[77]</sup></sup></a></li>
</ul>
<p style="text-align: justify; ">Although in January 2018 there were a number of news reports indicating that India is seriously considering signing the Budapest Convention and joining the international cooperation mechanism under it, there have been no updates on the status of this proposal.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn78"><sup><sup>[78]</sup></sup></a></p>
<p style="text-align: justify; "><strong>Conclusion</strong></p>
<p style="text-align: justify; ">The Budapest Convention has faced a number of challenges over the years as far as provisions regarding international cooperation are concerned. These include delays in getting responses from other states, requests not being responded to due to various reasons (language, costs, etc.), requests being overridden by mutual agreements, etc. The only other alternative which is the MLAT system is no better due to delays in providing access to requested data.<a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftn79"><sup><sup>[79]</sup></sup></a> This however does not mean that international cooperation through the Budapest Convention is always late and inefficient, as was evident from the example of the Norwegian bank robber-murderer given above. There is no doubt that the current mechanisms are woefully inadequate to deal with the challenges of cyber crime and even regular crimes (specially in the financial sector) which may involve examination of electronic evidence. However that does not mean the end of the road for the Budapest Convention, one has to recognize the fact that it is the pre-eminent document on international cooperation on electronic evidence with 62 State Parties as well as another 10 Observer States. Any mechanism which offers a solution to the thorny issues of international cooperation in the field of cyber crime would require most of the nations of the world to sign up to it; till such time that happens, expanding the scope of the Budapest Convention to address atleast some of the issues discussed above by leveraging the work already done by the Cybercrime Committee through various reports and Guidance Notes (some of which have been referenced in this paper itself) may be a good option as this could be an incentive for non signatories to become parties to a better and more efficient Budapest Convention providing a more robust international cooperation regime.</p>
<div style="text-align: justify; "><br clear="all" />
<hr />
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref1"><sup><sup>[1]</sup></sup></a> Council of Europe, Explanatory Report to the Convention on Cybercrime, <a href="https://rm.coe.int/16800cce5b">https://rm.coe.int/16800cce5b</a>, para 304.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref2"><sup><sup>[2]</sup></sup></a> Council of Europe, <em>Convention on Cybercrime</em>, 23 November 2001, Article 24(1)(a). Except in cases where a different minimum threshold has been provided by a mutual arrangement, in which case such other minimum threshold shall be applied.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref3"><sup><sup>[3]</sup></sup></a> Council of Europe, <em>Convention on Cybercrime</em>, 23 November 2001, Article 24(5).</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref4"><sup><sup>[4]</sup></sup></a> Council of Europe, <em>Convention on Cybercrime</em>, 23 November 2001, Article 24(3).</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref5"><sup><sup>[5]</sup></sup></a> Council of Europe, <em>Convention on Cybercrime</em>, 23 November 2001, Article 24(2).</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref6"><sup><sup>[6]</sup></sup></a> Council of Europe, Explanatory Report to the Convention on Cybercrime, Para 304, <a href="https://rm.coe.int/16800cce5b">https://rm.coe.int/16800cce5b</a>, para 251.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref7"><sup><sup>[7]</sup></sup></a> Council of Europe, <em>Convention on Cybercrime</em>, 23 November 2001, Article 24(6).</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref8"><sup><sup>[8]</sup></sup></a> Council of Europe, <em>Convention on Cybercrime</em>, 23 November 2001, Article 24(7).</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref9"><sup><sup>[9]</sup></sup></a> Council of Europe, <em>Convention on Cybercrime</em>, 23 November 2001, Article 25(1).</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref10"><sup><sup>[10]</sup></sup></a> Council of Europe, <em>Convention on Cybercrime</em>, 23 November 2001, Article 25(4).</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref11"><sup><sup>[11]</sup></sup></a> Council of Europe, <em>Convention on Cybercrime</em>, 23 November 2001, Article 27(2).</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref12"><sup><sup>[12]</sup></sup></a> Council of Europe, <em>Convention on Cybercrime</em>, 23 November 2001, Article 27(3) read with para 267 of the Explanatory Note to the Budapest Convention.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref13"><sup><sup>[13]</sup></sup></a> Council of Europe, <em>Convention on Cybercrime</em>, 23 November 2001, Article 25(4).</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref14"><sup><sup>[14]</sup></sup></a> Council of Europe, <em>Convention on Cybercrime</em>, 23 November 2001, Article 27(4)(a).</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref15"><sup><sup>[15]</sup></sup></a> Council of Europe, <em>Convention on Cybercrime</em>, 23 November 2001, Article 27(4)(b).</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref16"><sup><sup>[16]</sup></sup></a> Council of Europe, <em>Convention on Cybercrime</em>, 23 November 2001, Article 27(5).</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref17"><sup><sup>[17]</sup></sup></a> Council of Europe, <em>Convention on Cybercrime</em>, 23 November 2001, Article 27(6).</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref18"><sup><sup>[18]</sup></sup></a> Some of the grounds listed by Parties for refusal are: (i) grounds listed in Article 27 of the Convention, (ii) the request does not meet formal or other requirements, (iii) the request is motivated by race, religion, sexual orientation, political opinion or similar, (iv) the request concerns a political or military offence, (v) Cooperation may lead to torture or death penalty, (vi) Granting the request would prejudice sovereignty, security, public order or national interest or other essential interests, (vii) the person has already been punished or acquitted or pardoned for the same offence “<em>Ne bis in idem</em>”, (viii) the investigation would impose an excessive burden on the requested State or create practical difficulties, (ix) Granting the request would interfere in an ongoing investigation (in which case the execution of the request may be postponed). Council of Europe, <em>Cybercrime Convention</em> <em>Committee assessment</em> <em>report: The mutual legal assistance provisions of the Budapest Convention on Cybercrime</em>, December 2014, pg. 34.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref19"><sup><sup>[19]</sup></sup></a> Council of Europe, <em>Cybercrime Convention</em> <em>Committee assessment</em> <em>report: The mutual legal assistance provisions of the Budapest Convention on Cybercrime</em>, December 2014, pg. 34.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref20"><sup><sup>[20]</sup></sup></a> Pedro Verdelho, <em>Discussion Paper: The effectiveness of international cooperation against cybercrime: examples of good practice</em>, 2008, pg. 5, <a href="https://www.coe.int/t/dg1/legalcooperation/economiccrime/cybercrime/T-CY/DOC-567study4-Version7_en.PDF">https://www.coe.int/t/dg1/legalcooperation/economiccrime/cybercrime/T-CY/DOC-567study4-Version7_en.PDF</a>, accessed on March 28, 2019.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref21"><sup><sup>[21]</sup></sup></a> Council of Europe, <em>Convention on Cybercrime</em>, 23 November 2001, Article 27(8).</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref22"><sup><sup>[22]</sup></sup></a> However, disclosure of the material to the defence and the judicial authorities is an implicit exception to this rule. Further the ability to use the material in a trial (which is generally a public proceeding) is also a recognised exception to the right to limit usage of the material. <em>See</em> para 278 of the the Explanatory Note to the Budapest Convention.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref23"><sup><sup>[23]</sup></sup></a> Council of Europe, <em>Convention on Cybercrime</em>, 23 November 2001, Article 28.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref24"><sup><sup>[24]</sup></sup></a> Council of Europe, <em>Convention on Cybercrime</em>, 23 November 2001, Article 27(9)(a) and (b).</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref25"><sup><sup>[25]</sup></sup></a> Council of Europe, <em>Convention on Cybercrime</em>, 23 November 2001, Article 27(9)(d) read with para 274 of the Explanatory Note to the Budapest Convention.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref26"><sup><sup>[26]</sup></sup></a> Council of Europe, <em>Convention on Cybercrime</em>, 23 November 2001, Article 31.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref27"><sup><sup>[27]</sup></sup></a> Council of Europe, <em>Convention on Cybercrime</em>, 23 November 2001, Article 33.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref28"><sup><sup>[28]</sup></sup></a> Council of Europe, <em>Convention on Cybercrime</em>, 23 November 2001, Article 34.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref29"><sup><sup>[29]</sup></sup></a> Council of Europe, <em>Cybercrime Convention</em> <em>Committee assessment</em> <em>report: The mutual legal assistance provisions of the Budapest Convention on Cybercrime</em>, December 2014, pg. 37.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref30"><sup><sup>[30]</sup></sup></a> Council of Europe, <em>Cybercrime Convention</em> <em>Committee assessment</em> <em>report: The mutual legal assistance provisions of the Budapest Convention on Cybercrime</em>, December 2014, pg. 123.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref31"><sup><sup>[31]</sup></sup></a> <em>Ibid</em> at 124.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref32"><sup><sup>[32]</sup></sup></a> Council of Europe, <em>Convention on Cybercrime</em>, 23 November 2001, Article 29(3) read with para 285 of the Explanatory Note to the Budapest Convention.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref33"><sup><sup>[33]</sup></sup></a> Council of Europe, <em>Convention on Cybercrime</em>, 23 November 2001, Article 29(4).</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref34"><sup><sup>[34]</sup></sup></a> Council of Europe, <em>Convention on Cybercrime</em>, 23 November 2001, Article 29(5).</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref35"><sup><sup>[35]</sup></sup></a> Council of Europe, <em>Convention on Cybercrime</em>, 23 November 2001, Article 29(6).</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref36"><sup><sup>[36]</sup></sup></a> Council of Europe, <em>Convention on Cybercrime</em>, 23 November 2001, Article 29(7).</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref37"><sup><sup>[37]</sup></sup></a> Council of Europe, <em>Convention on Cybercrime</em>, 23 November 2001, Article 30.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref38"><sup><sup>[38]</sup></sup></a> Anna-Maria Osula, <em>Accessing Extraterritorially Located Data: Options for States</em>, <a href="http://ccdcoe.eu/uploads/2018/10/Accessing-extraterritorially-located-data-options-for-States_Anna-Maria_Osula.pdf">http://ccdcoe.eu/uploads/2018/10/Accessing-extraterritorially-located-data-options-for-States_Anna-Maria_Osula.pdf</a>, accessed on March 28, 2019.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref39"><sup><sup>[39]</sup></sup></a> Council of Europe, <em>Convention on Cybercrime</em>, 23 November 2001, Article 32.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref40"><sup><sup>[40]</sup></sup></a> Council of Europe, Explanatory Report to the Convention on Cybercrime, Para 304, <a href="https://rm.coe.int/16800cce5b">https://rm.coe.int/16800cce5b</a>, para 293.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref41"><sup><sup>[41]</sup></sup></a> Council of Europe, Cybercrime Convention Committee, Report of the Transborder Group, <em>Transborder access and jurisdiction: What are the options?</em>, December 2012, para 310.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref42"><sup><sup>[42]</sup></sup></a> Council of Europe, Cybercrime Convention Committee Guidance Note # 3, Transborder access to data (Article 32), para 3.2.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref43"><sup><sup>[43]</sup></sup></a> Council of Europe, Cybercrime Convention Committee Guidance Note # 3, Transborder access to data (Article 32), para 3.3.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref44"><sup><sup>[44]</sup></sup></a> Council of Europe, Cybercrime Convention Committee Guidance Note # 3, Transborder access to data (Article 32), para 3.4.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref45"><sup><sup>[45]</sup></sup></a> Council of Europe, Cybercrime Convention Committee Guidance Note # 3, Transborder access to data (Article 32), para 3.6.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref46"><sup><sup>[46]</sup></sup></a> Council of Europe, Cybercrime Convention Committee Guidance Note # 3, Transborder access to data (Article 32), para 3.8.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref47"><sup><sup>[47]</sup></sup></a> Council of Europe, <em>Convention on Cybercrime</em>, 23 November 2001, Article 18.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref48"><sup><sup>[48]</sup></sup></a> Council of Europe, Explanatory Report to the Convention on Cybercrime, Para 304, <a href="https://rm.coe.int/16800cce5b">https://rm.coe.int/16800cce5b</a>, para 170.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref49"><sup><sup>[49]</sup></sup></a> Council of Europe, Explanatory Report to the Convention on Cybercrime, Para 304, <a href="https://rm.coe.int/16800cce5b">https://rm.coe.int/16800cce5b</a>, para 173.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref50"><sup><sup>[50]</sup></sup></a> Defined in Article 18(3) as “any information contained in the form of computer data or any other form that is held by a service provider, relating to subscribers of its services other than traffic or content data and by which can be established:</p>
<p>a. the type of communication service used, the technical provisions taken thereto and the period of service;</p>
<p>b. the subscriber’s identity, postal or geographic address, telephone and other access number, billing and payment information, available on the basis of the service agreement or arrangement;</p>
<p>c. any other information on the site of the installation of communication equipment, available on the basis of the service agreement or arrangement.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref51"><sup><sup>[51]</sup></sup></a> Council of Europe, Explanatory Report to the Convention on Cybercrime, Para 304, <a href="https://rm.coe.int/16800cce5b">https://rm.coe.int/16800cce5b</a>, para 173.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref52"><sup><sup>[52]</sup></sup></a> Council of Europe, Cybercrime Convention Committee Guidance Note #10, Production orders for subscriber information (Article 18 Budapest Convention), at pg.3.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref53"><sup><sup>[53]</sup></sup></a> Council of Europe, Cybercrime Convention Committee Guidance Note #10, Production orders for subscriber information (Article 18 Budapest Convention), para 3.5 at pg. 7.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref54"><sup><sup>[54]</sup></sup></a> Council of Europe, Cybercrime Convention Committee Guidance Note #10, Production orders for subscriber information (Article 18 Budapest Convention), para 3.6 at pg. 8.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref55"><sup><sup>[55]</sup></sup></a> <em>Id.</em></p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref56"><sup><sup>[56]</sup></sup></a> Council of Europe, Cybercrime Convention Committee Guidance Note #10, Production orders for subscriber information (Article 18 Budapest Convention), para 3.8 at pg. 9.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref57"><sup><sup>[57]</sup></sup></a> Situations such as preventions of imminent danger, physical harm, the escape of a suspect or similar situations including risk of destruction of relevant evidence.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref58"><sup><sup>[58]</sup></sup></a> Council of Europe, Cybercrime Convention Committee, Subgroup on Transborder Access, (Draft) Elements of an Additional Protocol to the Budapest Convention on Cybercrime Regarding Transborder Access to Data, April 2013, pg. 49.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref59"><sup><sup>[59]</sup></sup></a> Council of Europe, Cybercrime Convention Committee Cloud Evidence Group, <em>Criminal justice access to data in the cloud: challenges (Discussion paper)</em>, May 2015, pgs 10-14.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref60"><sup><sup>[60]</sup></sup></a> Council of Europe, Cybercrime Convention Committee, Subgroup on Transborder Access, (Draft) Elements of an Additional Protocol to the Budapest Convention on Cybercrime Regarding Transborder Access to Data, April 9, 2013, pg. 50.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref61"><sup><sup>[61]</sup></sup></a> Council of Europe, <em>Cybercrime Convention</em> <em>Committee assessment</em> <em>report: The mutual legal assistance provisions of the Budapest Convention on Cybercrime</em>, December 2014, pg. 35.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref62"><sup><sup>[62]</sup></sup></a> <a href="https://www.coe.int/en/web/cybercrime/-/towards-a-protocol-to-the-budapest-convention-further-consultatio-1">https://www.coe.int/en/web/cybercrime/-/towards-a-protocol-to-the-budapest-convention-further-consultatio-1</a></p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref63"><sup><sup>[63]</sup></sup></a> Council of Europe, <em>Convention on Cybercrime</em>, 23 November 2001, Article 35.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref64"><sup><sup>[64]</sup></sup></a> Council of Europe, Explanatory Report to the Convention on Cybercrime, Para 304, <a href="https://rm.coe.int/16800cce5b">https://rm.coe.int/16800cce5b</a>, para 298.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref65"><sup><sup>[65]</sup></sup></a> Council of Europe, <em>Cybercrime Convention</em> <em>Committee assessment</em> <em>report: The mutual legal assistance provisions of the Budapest Convention on Cybercrime</em>, December 2014, pg. 86.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref66"><sup><sup>[66]</sup></sup></a> Some of the grounds listed by Parties for refusal are: (i) grounds listed in Article 27 of the Convention, (ii) the request does not meet formal or other requirements, (iii) the request is motivated by race, religion, sexual orientation, political opinion or similar, (iv) the request concerns a political or military offence, (v) Cooperation may lead to torture or death penalty, (vi) Granting the request would prejudice sovereignty, security, public order or national interest or other essential interests, (vii) the person has already been punished or acquitted or pardoned for the same offence “<em>Ne bis in idem</em>”, (viii) the investigation would impose an excessive burden on the requested State or create practical difficulties, (ix) Granting the request would interfere in an ongoing investigation (in which case the execution of the request may be postponed). Council of Europe, <em>Cybercrime Convention</em> <em>Committee assessment</em> <em>report: The mutual legal assistance provisions of the Budapest Convention on Cybercrime</em>, December 2014, pg. 34.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref67"><sup><sup>[67]</sup></sup></a> Council of Europe, <em>Cybercrime Convention</em> <em>Committee assessment</em> <em>report: The mutual legal assistance provisions of the Budapest Convention on Cybercrime</em>, December 2014, pg. 7.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref68"><sup><sup>[68]</sup></sup></a> Giovanni Buttarelli, <em>Fundamental Legal Principles for a Balanced Approach</em>, Selected papers and contributions from the International Conference on “Cybercrime: Global Phenomenon and its Challenges”, Courmayeur Mont Blanc, Italy available at <a href="http://ispac.cnpds.org/download.php?fld=pub_files&f=ispacottobre2012bassa.pdf">ispac.cnpds.org/download.php?fld=pub_files&f=ispacottobre2012bassa.pdf</a></p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref69"><sup><sup>[69]</sup></sup></a> Situations such as preventions of imminent danger, physical harm, the escape of a suspect or similar situations including risk of destruction of relevant evidence.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref70"><sup><sup>[70]</sup></sup></a> Council of Europe, Cybercrime Convention Committee, Subgroup on Transborder Access, (Draft) Elements of an Additional Protocol to the Budapest Convention on Cybercrime Regarding Transborder Access to Data, April 2013, pg. 49.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref71"><sup><sup>[71]</sup></sup></a> <a href="https://www.coe.int/en/web/cybercrime/-/towards-a-protocol-to-the-budapest-convention-further-consultatio-1">https://www.coe.int/en/web/cybercrime/-/towards-a-protocol-to-the-budapest-convention-further-consultatio-1</a></p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref72"><sup><sup>[72]</sup></sup></a> Council of Europe, <em>Cybercrime Convention</em> <em>Committee assessment</em> <em>report: The mutual legal assistance provisions of the Budapest Convention on Cybercrime</em>, December 2014, pg. 86.</p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref73"><sup><sup>[73]</sup></sup></a> Dr. Anja Kovaks, <em>India and the Budapest Convention - To Sign or not? Considerations for Indian Stakeholders</em>, available at <a href="https://internetdemocracy.in/reports/india-and-the-budapest-convention-to-sign-or-not-considerations-for-indian-stakeholders/">https://internetdemocracy.in/reports/india-and-the-budapest-convention-to-sign-or-not-considerations-for-indian-stakeholders/</a></p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref74"><sup><sup>[74]</sup></sup></a> Alexander Seger, <em>India and the Budapest Convention: Why not?</em>, Digital Debates: The CyFy Journal, Vol III, available at <a href="https://www.orfonline.org/expert-speak/india-and-the-budapest-convention-why-not/">https://www.orfonline.org/expert-speak/india-and-the-budapest-convention-why-not/</a></p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref75"><sup><sup>[75]</sup></sup></a> <em>Id</em><em>.</em></p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref76"><sup><sup>[76]</sup></sup></a> <em>Id.</em></p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref77"><sup><sup>[77]</sup></sup></a> <em>Id.</em></p>
</div>
<div>
<p><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref78"><sup><sup>[78]</sup></sup></a> <a href="https://indianexpress.com/article/india/home-ministry-pitches-for-budapest-convention-on-cyber-security-rajnath-singh-5029314/">https://indianexpress.com/article/india/home-ministry-pitches-for-budapest-convention-on-cyber-security-rajnath-singh-5029314/</a></p>
</div>
<div>
<p style="text-align: justify; "><a href="file:///E:/Editorial/2019/Website/Budapest%20Convention%20paper.docx#_ftnref79"><sup><sup>[79]</sup></sup></a> Elonnai Hickok and Vipul Kharbanda, <em>Cross Border Cooperation on Criminal Matters - A perspective from India</em>, available at <a href="https://cis-india.org/internet-governance/blog/cross-border-cooperation-on-criminal-matters">https://cis-india.org/internet-governance/blog/cross-border-cooperation-on-criminal-matters</a></p>
</div>
</div>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/vipul-kharbanda-april-29-2019-international-cooperation-in-cybercrime-the-budapest-convention'>http://editors.cis-india.org/internet-governance/blog/vipul-kharbanda-april-29-2019-international-cooperation-in-cybercrime-the-budapest-convention</a>
</p>
No publishervipulInternational CooperationBudapest ConventionInternet GovernanceMLATCyber SecurityCyber Crime2019-04-29T22:35:37ZBlog EntryMapping of Sections in India’s MLAT Agreements
http://editors.cis-india.org/internet-governance/blog/india-mlat-agreements-sections-map-dec-2016
<b>This set of infographics by Leilah Elmokadem and Saumyaa Naidu maps out and compares the various sections that exist in the 39 MLATs (mutual legal assistance treaty) between India and other countries. An MLAT is an agreement between two or more countries, drafted for the purpose of gathering and exchanging information in an effort to enforce public or criminal laws.
</b>
<p> </p>
<h4>Download: <a href="https://github.com/cis-india/website/raw/master/docs/CIS_IndiaMLATAgreementsSectionsMap_Dec2016.pdf">Infographic</a> (PDF) and <a href="https://github.com/cis-india/website/raw/master/docs/CIS_IndiaMLATAgreementsSectionsMap_Dec2016.xlsx">data</a> (XLSX)</h4>
<hr />
<p>We have found that India’s 39 MLAT documents are worded, formatted and sectioned differently. At the same time, many of the same sections exist across several MLATs. This diagram lists the sections found in the MLAT documents and
indicates the treaties in which they were included or not included. To keep the list of sections concise and to more easily pinpoint the key differences between the agreements, we have merged sections that are synonymous in meaning but
were worded slightly differently. For example: we would combine “Entry into force and termination” with “Ratification and termination” or “Expenses” with “Costs”.</p>
<p>At the same time, some sections that seemed quite similar and possible to merge were kept separate due to potential key differences that could be overlooked as a result. For example: “Limitation on use” vs. “Limitation on compliance” or “Serving of documents” vs. “Provision of (publicly available) documents/records/objects” remained separate for further analysis and comparison.</p>
<p>These differences in sectioning can be analysed to facilitate a thorough comparison between the effectiveness, efficiency, applicability and enforceability of the various provisions across the MLATs. The purpose of this initial mapping is to provide an overall picture of which sections exist in which MLAT documents. There will be further analysis of these sections to produce a more holistic content-based comparison of the MLATs.</p>
<p> </p>
<h2>Aggregated Analysis of Sections of MLAT Agreements</h2>
<img src="https://github.com/cis-india/website/raw/master/img/CIS_IndiaMLATAgreementsSectionsMap_Dec2016_Aggregate_01.png" alt="Aggregated analysis of sections of MLAT agreements by India" />
<img src="https://github.com/cis-india/website/raw/master/img/CIS_IndiaMLATAgreementsSectionsMap_Dec2016_Aggregate_02.png" alt="Aggregated analysis of sections of MLAT agreements by India" />
<p> </p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/india-mlat-agreements-sections-map-dec-2016'>http://editors.cis-india.org/internet-governance/blog/india-mlat-agreements-sections-map-dec-2016</a>
</p>
No publisherLeilah Elmokadem and Saumyaa NaiduInternational RelationsCybersecurityBilateral AgreementInternet GovernanceMLATCyber Security2016-12-31T06:52:46ZBlog EntryMapping of India’s Cyber Security-Related Bilateral Agreements
http://editors.cis-india.org/internet-governance/blog/india-cyber-security-bilateral-agreements-map-dec-2016
<b>With the rapid spread of cloud computing and the growth of cyber spaces, large masses of information are now easily transmittable transnationally, necessitating the ratification of new agreements and cooperation efforts amongst states in order to secure cyber spaces and regulate exchanges of information. In an attempt to understand the nature and extent of current international collaborative efforts in cyber security, we have compiled the following data regarding India’s cyber security-related bilateral agreements. The intention of this exercise is to offer a dynamic visualization that demonstrates which countries India has collaborated with on cyber security efforts and initiatives. This is an ongoing map that we will be updating as our research continues.</b>
<h4 style="text-align: justify; ">Download: <a class="external-link" href="http://cis-india.org/internet-governance/files/CyberSecurityAgreements_Infographic_04.pdf">Infographic</a> (PDF) and <a href="https://github.com/cis-india/website/raw/master/docs/CIS_IndiaCyberSecBilateralAgreementMap_Dec2016.xlsx">data</a> (XLSX)</h4>
<hr style="text-align: justify; " />
<p style="text-align: justify; "><br /> The data used for the info-graphic consists of India’s MLATs, cyber security-related MoUs and Joint Statements, and Cyber Frameworks. An MLAT is an agreement between two or more countries, drafted for the purpose of gathering and exchanging information in an effort to enforce public or criminal laws. A MoU (Memorandum of Understanding) is a nonbinding agreement between two or more states outlining the terms and details of an understanding, including each party’s requirements and responsibility; it is often the first stage in the formation of a formal contract. For the purpose of this research, we have grouped Joint Statements with MoUs, as they both generally entail the informal agreement between two states to strengthen cooperation on certain issues. Lastly, a Cyber Framework consists of standards, guidelines and practices to promote protection of critical infrastructure. The data accounts for agreements centered on cyber security as well as any agreements mentioning cooperation efforts in Cyber Security, information security or cybercrime.</p>
<p style="text-align: center; "><img src="http://editors.cis-india.org/home-images/MLATAgreement.png/@@images/169c25c6-57a4-48c8-a33e-71aa36ea97ea.png" alt="MLAT Agreement" class="image-inline" title="MLAT Agreement" /></p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">The Mapping of India’s Cybersecurity-related bilateral agreement has been updated on April 12, 2017 with the following changes:</p>
<ol style="text-align: justify; ">
<li>A new MoU was signed between Australia and India in April 2017, focusing on combating terrorism and civil aviation security. Cybersecurity cooperation is mentioned in the MoU<a href="#_ftn1" name="_ftnref1">[1]</a>.</li>
<li>A new MoU was signed between Bangladesh and India in April 2017. The Indian Computer Emergency Response Team (CERT-In), Indian Ministry of Electronics and Information Technology and the ICT Division of Bangladesh are the signing parties of the MoU. The agreement focuses on Cooperation in the area of Cyber Security<a href="#_ftn2" name="_ftnref2">[2]</a>.</li>
<li>A preexisting MoU between France and India was added to the mapping, signed in January of 2016. Officials of both countries agreed to intensify cooperation between the Indian and French security forces in the fields of homeland security, cyber security, Special Forces and intelligence sharing to fight against criminal networks and tackle the common threat of terrorism<a href="#_ftn3" name="_ftnref3">[3]</a>.</li>
<li>A new MoU was signed between Indonesia and India in March 2017. It focuses on enhancing cooperation in cyber security and intelligence sharing<a href="#_ftn4" name="_ftnref4">[4]</a>.</li>
<li>A new MoU was signed between Kenya and India in January 2017, with “cyber security” mentioned as one of the key areas of cooperation<a href="#_ftn5" name="_ftnref5">[5]</a>.</li>
<li>A preexisting MoU between Malaysia and India was added to the mapping, signed in November of 2015. Both sides agreed to promote cooperation and the exchange of information regarding cyber security incident management, technology cooperation and cyber attacks, prevalent policies and best practices and mutual response to cyber security incidents<a href="#_ftn6" name="_ftnref6">[6]</a>.</li>
<li>A preexisting MoU between Mauritius and India, signed July 2016, was added to the mapping. This is a non-governmental MoU. Leading bourse BSE signed an agreement with Stock Exchange of Mauritius (SEM) for collaboration in areas including cyber security<a href="#_ftn7" name="_ftnref7">[7]</a>.</li>
<li>A new joint statement between India and Portugal was signed in March 2017. The two countries agreed to set up an institutional mechanism to collaborate in the areas of electronic manufacturing, ITeS, startups, cyber security and e-governance.<a href="#_ftn8" name="_ftnref8">[8]</a></li>
<li>A preexisting MoU, signed between Qatar and India in December of 2016, was added to the mapping. The agreement was regarding a protocol on technical cooperation in cyberspace and combatting cybercrime<a href="#_ftn9" name="_ftnref9">[9]</a>.</li>
<li>A new MoU was signed between Serbia and India in January 2017, focusing on cooperation in the field of IT, Electronics. The MoU itself does not explicitly mention cybersecurity. However, the MoU calls for cooperation and exchanges in capacity building institutions, which should entail cyber security strengthening<a href="#_ftn10" name="_ftnref10">[10]</a>.</li>
<li>A preexisting MoU between Singapore and India was added to the mapping. The MoU was signed in January 2016, focusing on the establishment of a formal framework for professional dialogue, CERT-CERT related cooperation for operational readiness and response, collaboration on cyber security technology and research related to smart technologies, exchange of best practices, and professional exchanges of human resource development<a href="#_ftn11" name="_ftnref11">[11]</a>.</li>
<li>A new joint statement was signed between UAE and India in January 2017, following up on their previous Technical Cooperation MoU signed in February 2016. To further deepen cooperation in this area, they agreed to set up joint Research & Development Centres of Excellence<a href="#_ftn12" name="_ftnref12">[12]</a>.</li>
<li>A preexisting MoU has been included in the mapping, signed in May of 2016. CERT-In agreed with the UK Ministry of Cabinet Office to promote close cooperation between both countries in the exchange in knowledge and experience in detection, resolution and prevention of security related incidents<a href="#_ftn13" name="_ftnref13">[13]</a>.</li>
<li>A new MoU between India and the US was signed in March 2017. CERT-In and CERT-US signed a MoU agreeing to promote closer co-operation and exchange of information pertaining to cyber security in accordance with relevant laws, rules and regulations and on the basis of equality, reciprocity and mutual benefit<a href="#_ftn14" name="_ftnref14">[14]</a>.</li>
<li>A new MoU was signed between Vietnam and India in January 2017, agreeing to promote closer cooperation for exchange of knowledge and experience in detection, resolution and prevention of cyber security incidents between both countries<a href="#_ftn15" name="_ftnref15">[15]</a>.</li>
</ol>
<p style="text-align: justify; ">NOTE: Some preexisting MoUs were added as we were initially only including the most recent agreements in the mapping. Upon adding newly signed MoUs, we decided to also keep the preexisting ones and revisit the other entries to include any preexisting MoUs that were initially excluded due to not being the most-recent. In this respect, the visualization will be adjusted to indicate the number of MoUs per country.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; "><a href="#_ftnref1" name="_ftn1">[1]</a><a href="http://www.dnaindia.com/india/report-india-australia-sign-mous-on-combating-terrorism-civil-aviation-security-2393843">http://www.dnaindia.com/india/report-india-australia-sign-mous-on-combating-terrorism-civil-aviation-security-2393843</a></p>
<p style="text-align: justify; "><a href="#_ftnref2" name="_ftn2">[2]</a><a href="http://www.theindependentbd.com/arcprint/details/89237/2017-04-09">http://www.theindependentbd.com/arcprint/details/89237/2017-04-09</a></p>
<p style="text-align: justify; "><a href="#_ftnref3" name="_ftn3">[3]</a><a href="http://www.thehindu.com/news/resources/Full-text-of-Joint-Statement-issued-by-India-France/article14019524.ece">http://www.thehindu.com/news/resources/Full-text-of-Joint-Statement-issued-by-India-France/article14019524.ece</a></p>
<p style="text-align: justify; "><a href="#_ftnref4" name="_ftn4">[4]</a><a href="http://indianexpress.com/article/india/indianhome-ministry-indonesian-ministry-of-security-and-coordination/">http://indianexpress.com/article/india/indianhome-ministry-indonesian-ministry-of-security-and-coordination/</a></p>
<p style="text-align: justify; "><a href="#_ftnref5" name="_ftn5">[5]</a><a href="https://telanganatoday.news/india-kenya-focus-defence-security-cooperation-pm">https://telanganatoday.news/india-kenya-focus-defence-security-cooperation-pm</a></p>
<p style="text-align: justify; "><a href="#_ftnref6" name="_ftn6">[6]</a><a href="http://economictimes.indiatimes.com/news/economy/foreign-trade/india-and-malaysia-sign-3-mous-including-cyber-security/articleshow/49891897.cms">http://economictimes.indiatimes.com/news/economy/foreign-trade/india-and-malaysia-sign-3-mous-including-cyber-security/articleshow/49891897.cms</a></p>
<p style="text-align: justify; "><a href="#_ftnref7" name="_ftn7">[7]</a><a href="http://indiatoday.intoday.in/story/bse-mauritius-stock-exchange-tie-up-to-promote-financial-mkts/1/723635.html">http://indiatoday.intoday.in/story/bse-mauritius-stock-exchange-tie-up-to-promote-financial-mkts/1/723635.html</a></p>
<p style="text-align: justify; "><a href="#_ftnref8" name="_ftn8">[8]</a><a href="http://www.tribuneindia.com/news/business/india-portugal-to-collaborate-in-ites-cyber-security/373666.html">http://www.tribuneindia.com/news/business/india-portugal-to-collaborate-in-ites-cyber-security/373666.html</a></p>
<p style="text-align: justify; "><a href="#_ftnref9" name="_ftn9">[9]</a><a href="http://naradanews.com/2016/12/india-qatar-sign-agreements-on-visa-cybersecurity-investments/">http://naradanews.com/2016/12/india-qatar-sign-agreements-on-visa-cybersecurity-investments/</a></p>
<p style="text-align: justify; "><a href="#_ftnref10" name="_ftn10">[10]</a><a href="http://ehub.newsforce.in/cabinet-approves-mou-india-serbia-cooperation-field-electronics/">http://ehub.newsforce.in/cabinet-approves-mou-india-serbia-cooperation-field-electronics/</a></p>
<p style="text-align: justify; "><a href="#_ftnref11" name="_ftn11">[11]</a><a href="http://www.businesstimes.com.sg/government-economy/singapore-and-india-strengthen-cooperation-on-cyber-security">http://www.businesstimes.com.sg/government-economy/singapore-and-india-strengthen-cooperation-on-cyber-security</a></p>
<p style="text-align: justify; "><a href="#_ftnref12" name="_ftn12">[12]</a><a href="http://mea.gov.in/bilateral-documents.htm?dtl/27969/India++UAE+Joint+Statement+during+State+visit+of+Crown+Prince+of+Abu+Dhabi+to+India+January+2426+2017">http://mea.gov.in/bilateral-documents.htm?dtl/27969/India++UAE+Joint+Statement+during+State+visit+of+Crown+Prince+of+Abu+Dhabi+to+India+January+2426+2017</a></p>
<p style="text-align: justify; "><a href="#_ftnref13" name="_ftn13">[13]</a><a href="http://www.bestcurrentaffairs.com/india-uk-mou-cyber-security/">http://www.bestcurrentaffairs.com/india-uk-mou-cyber-security/</a></p>
<p style="text-align: justify; "><a href="#_ftnref14" name="_ftn14">[14]</a><a href="http://www.dqindia.com/india-cert-signs-an-mou-with-us-cert/">http://www.dqindia.com/india-cert-signs-an-mou-with-us-cert/</a></p>
<p style="text-align: justify; "><a href="#_ftnref15" name="_ftn15">[15]</a><a href="http://pib.nic.in/newsite/PrintRelease.aspx?relid=157458">http://pib.nic.in/newsite/PrintRelease.aspx?relid=157458</a></p>
<hr style="text-align: justify; " />
<p style="text-align: justify; "> </p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/india-cyber-security-bilateral-agreements-map-dec-2016'>http://editors.cis-india.org/internet-governance/blog/india-cyber-security-bilateral-agreements-map-dec-2016</a>
</p>
No publisherLeilah Elmokadem and Saumyaa NaiduInternational RelationsCybersecurityBilateral AgreementInternet GovernanceMLAT2017-04-27T15:14:55ZBlog Entry