European IR Project Index       Search
      APC IR Site       African IR Project       Latin America IR Project




The APC European Internet Rights Project

The Council of Europe




Contents:

Overview of the Council of Europe
A short description of what the council of Europe is, and how it works

Key Internet Rights Issues in Relation to the CoE
There are two areas of the current work of the CoE that have grat significance for Internet rights in Europe:



Other information relating to The Council of Europe

Council of Europe website

European Convention on Cybercrime (Final Version)

U.S. Justice Department's FAQ on the CoE Cybercrime Convention

Privacy International Cybercrime Page








Overview of the Council of Europe

Founded in 1949, the Council of Europe is an intergovernmental consultative organisation. It is not an institution of the European Union. Whereas the EU has 15 members, the CoE has 43 (see foot of page). Two other states, Bosnia-Herzegovenia and Federal Republic of Yugoslavia have Special Guest status. In addition, Canada, Israel, Japan, Mexico and the USA have observer status. Other states can sign and participate in some CoE conventions.

Unlike the EU, the CoE has no power to make laws. Instead, it tries to reach consensus between states and embody this in a convention, which is then open for signatures from member states. Probably the best known CoE convention is the 1950 European Convention on Human Rights.

The CoE is situated in Strasbourg. Its three main institutions are:
  • Committee of Ministers. Foreign ministers or their deputies from the individual countries.


  • Parliamentary Assembly. 263 members and 263 substitutes appointed by the national parliaments. It is divided into political groupings.


  • Congress of Local and Regional Authorities.


The European Commission on Human Rights and the Court of Human Rights are organs of the CoE.

The list of CoE members is as follows:
    Albania, Andorra, Armenia, Austria, Azerbaijan, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Georgia, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Moldova, Netherlands, Norway, Poland, Portugal, Romania, Russia, San Marino, Slovakia, Slovenia, Spain, Sweden, Switzerland, The Former Yugoslav Republic of Macedonia, Turkey, Ukraine, and the United Kingdom.



Key Internet Rights Issues in Relation to the CoE

Currently the two major issues relating to Internet rights and the work of the CoE are:

The International Cybercrime Convention

Origins

Both the Group of Eight (G8) meetings (heads of state of Britain, Canada, France, Germany, Italy, Japan, Russia and the United States) and the Council of Europe (CoE) have in recent years expressed their concerns about tackling "cybercrime". G8 developments on the issue were initiated by the UK government. At the G8 meeting in Birmingham in May 1998, the G8 leaders were shown a video presentation on cybercrime and the British Prime Minister, Tony Blair, declared that the fight against it must be placed high on the political agenda. The British Home Secretary, Jack Straw, backed Blair up with a speech about how the Internet now allowed people to commit crimes in a number of different countries without having to move from their armchairs.

One thing Blair and Straw did not mention publicly was their conviction, now incorporated into the UK government's Regulation of Investigatory Powers (RIP) Act, that one "serious crime" they felt had to be dealt with by cybercrime legislation was that of "large numbers of people acting to a common purpose", a description that undoubtedly fitted the massive demonstration calling for the cancelling of world debt taking place around the G8 meeting at the time.

The G8 heads of state came away from the Birmingham meeting having agreed to include appropriate punishments against "cybercriminals" in their national legislation, to develop better techniques against "hackers" and to look at the issue of data retention to prevent the destruction of "electronic evidence".

These efforts now came together with and drove forward already existing moves being made by the CoE, which had first adopted a recommendation on combating cybercrime in 1995. In 1997, the CoE had set up the "Committee of Experts on crime in cyberspace" (PC-CY). According to Scott Charney, President of the G-8 working group on Hi-Tech Crime, the G8 working group always met prior to the working group of the CoE and the results of the G8 meetings were introduced into the CoE meetings by those who were present at both. The CoE was seen as the best place to produce a binding agreement Convention.

Work continued at the CoE on producing a Convention and involved close collaboration between the CoE and the US Department of Justice. Besides the 43 CoE countries, other "partners" (United States, Canada, Japan and South Africa) were involved in the drafting and have signed the final Convention.

The first draft of the Convention made publicly available was Draft 19 in April 2000. Other drafts were then released at intervals. Draft 26 was submitted to the CoE's Parliamentary Assembly on April 24, 2001. It was approved by a large majority, but with the reservation that "individual freedoms should be guaranteed more substantially". Draft 27 was released on May 25, 2001, supposedly addressing the concerns of the Parliamentary Assembly by making references to individual rights under the 1950 European Convention on Human Rights and 1966 United Nations International Covenant on Civil and Political Rights and including vague references to "proportionality" being maintained between civil liberties and law enforcement.

Draft 27 was approved by the CoE's European Committee on Crime Problems (CDPC) on June 22, 2001 and by the Committee of Ministers shortly afterwards. On November 11th, 2001, it was opened for signing in Budapest. So far 33 states have signed the Convention. None have yet ratified it, but as soon as 5 ratifications have taken place including 3 CoE member states, it will come into force. It will then be open to other non-member states to also become parties to the Convention through a process known as accession.



Civil society responses

The Convention has raised widespread concerns amongst civil liberties organisations. A major issue has been that the Convention has been largely drafted behind closed doors. Whilst law enforcement bodies have actively participated in the drafting process, there has been no direct input from civil liberties bodies or NGOs.

On October 18, 2000, a wide range of civil society organisations from around the world (more than 20) signed a letter drafted by the Global Internet Liberty Campaign to the CoE expressing their concerns over the cybercrime Convention.

On December 12, 2000 the same group of organisations wrote again complaining that despite some changes "the Convention continues to be a document that threatens the rights of the individual while extending the powers of the police authorities, creates a low-barrier protection of rights uniformly across borders, and ignores highly-regarded data protection principles."

On June 7, 2001 the American Civil Liberties Union, the Electronic Privacy Information Center and and Privacy International wrote a letter expressing "continuing concerns" with the final draft.



Areas for concern

Major areas of the final Convention which should be of concern to social NGOs are:
  1. The Convention includes the possibility of "mutual assistance treaties" between states on criminal matters, including "collection of evidence in electronic form of a criminal offence" without requiring dual criminality. Police could assist with investigations into "crimes" in one state which are not crimes in their own state. This aspect has already begun to be implemented in the British RIP Act, directly referring to the CoE processes. The Act includes provision for dealing with a situation in which all that would be required is proof that a request for assistance comes from the "competent authorities" and does not concern itself with the nature of the crime involved.

    The CoE Convention says it is "permitted" to make mutual assistance agreements "conditional upon the existence of dual criminality". This appears to mean that mutual assistance agreements normally would not require dual criminality, but that it would be a permitted part of an agreement if one of the parties wanted to insist on it. But even if such dual criminality was agreed, the Convention goes on to restrict its possible scope by stating that under such circumstances "that condition (dual criminality) shall be deemed fulfilled, irrespective of whether its laws place the offence within the same category of offence". In other words, a distinction could not be made between something being a minor offence in one country and a serious one in another.

    Although the Convention includes a clause that says "the requested Party may...refuse assistance if the request concerns an offence which the requested Party considers a political offence or an offence connected with a political offence", this would seem to leave a decision to refuse assistance on these grounds in the hands of law enforcement bodies and the foreign office departments of government. No procedure is layed down for any Parliamentary body to examine requests to consider whether they are political or not and, if the British RIP act is anything to go by, governments are free to frame legislation which specifically ignores the nature of an offence and simply checks that the "competent authorities" of another state have made it.

    The implications of this for social movement NGOs and human rights organisations are clearly enormous. In many parts of the world, fighting for justice and human rights are themselves considered criminal acts. What in some countries are minor acts of civil disobedience carry draconian penalties in others, although technically they break the law in both countries.

    The Convention can create a situation where activists in other parts of the world assisting such "criminals" via the Internet would be open to investigation and interception of their communications by police authorities in their own country, even though they were acting completely lawfully and the "crime" being investigated was not a crime in that country. Refusal to assist the police could result in severe penalties, although helping them could place the "criminal" in the other country in serious danger, even of losing their life under some circumstances.


  2. Issue 1 above, when coupled with the Convention's call for new law enforcement powers over Internet Service Providers, will particularly affects ISP members of APC. The Convention calls for other states to implement legislation similar to the British RIP Act, requiring ISPs to cooperate in both the collection of traffic data and the content of communications. It also calls for measures to empower law enforcement authorities to have the ability to collect or record traffic data and content themselves without the participation of the service provider.

    In addition, the Convention endorses a UK RIP Act policy that has been widely condemned by lawyers as in breach of the ECHR by calling for countries to adopt laws forcing users to provide their encryption keys and plain text of encrypted files. As was argued over the RIP Act, this breaks the well established legal principle against an person being forced to incriminate himself.


  3. The vague references to "proportionality" and the European Convention on Human Rights introduced into the Convention to satisfy the Parliamentary Assembly's reservations concerning lack of guarantees of individual freedoms and privacy are completely inadequate. It shows the one-sided way the document has been produced, with law enforcement bodies completely dominating the process. As the letter from ACLU, EPIC and PI, referred to above says,
      "as a Council of Europe Convention drafted in consultation with other democratic nations, this document missed an important opportunity to ensure that minimum standards consistent with the European Convention on Human Rights and other international human rights accords were actually implemented. This failure is, in part, a result of the non-transparancy of the process."

      A delegate to the Parliamentary Assembly from the Former Yugoslav Republic of Macedonia went a step further in pinpointing lost opportunities. During the debate on the Convention he raised the need for the ECHR itself to be extended to define new Internet Rights.

      "The Council of Europe was the first international organisation to raise the question of fundamental human rights, and drafted the European Convention on Human Rights, which is the cornerstone of our organisation. Now, fifty years after the adoption of that Convention, we face a new information era and information society. It is now time to raise the question of updating the Convention, including one new basic human right - covering the rights of people in cyber space. They include the right to Internet access, the right to a unique identity in cyber space and the right freely to receive information from it. I shall raise the matter in my political group, but I hope that it will be discussed in other political groups and even in other international organisations.

      Many articles have been written about who will be rich and poor in future. The poor will be those who do not have the right information or access to it in cyber space. That is one reason why I suggest updating the European Convention on Human Rights to cover developments in technology and society."

Essentially, this Convention is a thinly disguised attempt to impose the interception wishes of law enforcement bodies onto the Internet. Whilst it is couched in terms of dealing with serious new crimes it claims arise from the Internet, there is little doubt that another issue, whilst remaining mostly unspoken, dominated much of the thinking that produced the Convention.

The Internet has become a powerful organising weapon for social movements challenging the domination of some increasingly isolated and discredited political leaders. These same political leaders have been the driving force for bringing about the Convention. It is hardly surprising that increasing and building upon the enormous democratic potential of the Internet was not the first thing on their minds!



For further information on the Cybercrime Convention see:

The Birth and Rise of International Conventions on Cybercrime
A report by Gus Hosein, of Privacy International, for the APC

The Argument over Data Retention in the European Union
An overview of the current moves within the EU to block the blanket data retention required by the Cybercrime Convention





Council of Europe Draft Declaration on Freedom of Communication on the Internet

The Council of Europe Draft Declaration on Freedom of Communication on the Internet (RTF format) is a draft treaty on creating minimum standards of access to electronic networks. It contains six principles that CoE members are required to apply as part of their national policies affecting Internet access by the public.

The six principles are:

Principle 1: Absence of prior control
Public authorities should not through general measures, including technical measures such as filtering, deny access by the public to information and other communications on the Internet, regardless of frontiers. Neither should intermediaries, such as service providers, exercise or be obliged to excercise prior control of content which does not emanate from them.

Principle 2: Removal of barriers to participation of individuals in the information society
Member States should foster and encourage access for all to Internet communications and information services on a non-discriminatory basis at an affordable price, as well as an active participation of the public, such as in the form of setting up and running individual web sites, which should not be subject to any licensing or other requirements having a similar effect.

Principle 3: Freedom of providing services via the Internet
The provision of services via the Internet should not be made subject to specific authorisation schemes on the sole grounds of the means of transmission used. Member States should seek to prevent monopolistic offerings of services via the Internet and seek measures to enhance a pluralistic offer which caters for different needs of users and social groups.

Principle 4: Liability for content of communications
When deciding which rules shall govern liability for content of Internet communications, member States should take into due account the situation of intermediaries in the communication chain, who should not be held liable for providing access, transmitting or hosting in good faith.

Principle 5: Anonymity
Member States should respect the right of users of the Internet not to disclose their identity. This does not prevent member States from co-operating and taking measures to enable the tracing of authors of criminal deeds, in accordance with the safeguards provided under national law and the European Convention on Human Rights.

Principle 6: Independence of regulatory bodies
Any regulatory bodies in the field of Internet should be independent, in particular as regards their transparency and independence from political and economic powers.

The consultation on the draft declaration closed 1st May 2002. It is therefore too early to see if the draft declaration will be improved, or weakened, before it moves towards being finalised as a treaty of the CoE.

The draft declaration goes some way to meeting the requirements of the APC's Charter for Internet Rights. However, it falls short in a number of significant areas:
  • It Primarily Binds Public Authorities The Internet is largely owned an operated by private corporations - predominantly telecommunications corporations. The computers and computer software which people use are primarily developed and marketed by private companies. Whereas the Internet services provided by the state, for example through the education system, are covered, the wider range of Internet services offered today are not. In particular, there is no guarantee of service from a private Internet Service Provider to a customer. And whilst Internet Service Providers need not apply filtering or blocking systems required by the state, do these same measures prevent corporations from developing their own private controls over content rating, filtering or control?

  • Proprietary Controls A significant problem within the Internet, but more broadly with the use of computers in general, is the use of intellectual property rights to dominate the market. While the declaration deals with issues of affordability and accessibility, it does not deal with the role of intellectual propriety right sin controlling access. In particular the use of proprietary standards to force the use of a certain manufacturer's software, rather than the development of open standards which allow any developer to provide alternative means of accessing the same service or information.

  • Privacy Whilst the declaration deals with anonymity, it does not deal with the issue of privacy. On the Internet, anonymity is not synonymous with privacy. Anonymity is the ability not to disclose identity. But privacy is the ability to supply information in confidence, with the certainty it will not be used for other purposes. There are many services on the Internet where the use of addresses or personal information is essential to receive information, or to verify access. It is important that this information be securely guarded, and where used, only be used for the purposes for which it was supplied by the user.

  • The Promotion of Rights The draft text does not seek to require state to promote the rights enabled by the declaration. This is important because to exercise a right the public must first understand the terms of that right.

  • Internet Government One significant 'grey area' in the text is the role of the bodies that effectively govern how the Internet operates. For example ICANN, the national domain name registering authorities, and standards bodies such as the Internet Engineering Task Force. These are non-governmental bodies, often incorporated as private companies. Therefore what role has the declaration to play in guiding the action of the organisations who govern the Internet?

Under a more critical analysis, the Council of Europe's Draft Declaration on Freedom of Communication on the Internet is not a charter to guarantee Internet rights. Instead it is a declaration that seeks to make up the democratic deficit within the CoE's Cybercrime Convention. But in no way can this declaration put right the significant diminution of civil rights enacted by the Cybercrime Convention. For example, this charter in no way balances the impacts of the blanket retention of traffic data across the states of the CoE.




This page was last updated 8th May 2002