European IR Project Index Search
APC IR Site African IR Project Latin America IR Project
The APC European Internet Rights Project
The Council of Europe
- Overview of the Council of Europe
- A short description of what the council of Europe is, and how it works
- Key Internet Rights Issues in Relation to the CoE
- There are two areas of the current work of the CoE that have grat significance for
Internet rights in Europe:
- The International Cybercrime Convention
- Council of Europe Draft Declaration on Freedom of Communication on the Internet
Other information relating to The Council of Europe
- Council of Europe
- European Convention on Cybercrime (Final Version)
- U.S. Justice Department's FAQ on the CoE Cybercrime Convention
- Privacy International Cybercrime Page
- European Convention on Cybercrime (Final Version)
Overview of the Council of EuropeFounded in 1949, the Council of Europe is an intergovernmental consultative organisation. It is not an institution of the European Union. Whereas the EU has 15 members, the CoE has 43 (see foot of page). Two other states, Bosnia-Herzegovenia and Federal Republic of Yugoslavia have Special Guest status. In addition, Canada, Israel, Japan, Mexico and the USA have observer status. Other states can sign and participate in some CoE conventions.
Unlike the EU, the CoE has no power to make laws. Instead, it tries to reach consensus between states and embody this in a convention, which is then open for signatures from member states. Probably the best known CoE convention is the 1950 European Convention on Human Rights.
The CoE is situated in Strasbourg. Its three main institutions are:
- Committee of Ministers. Foreign ministers or their deputies from the individual countries.
- Parliamentary Assembly. 263 members and 263 substitutes appointed by the national parliaments. It is divided into political groupings.
- Congress of Local and Regional Authorities.
The European Commission on Human Rights and the Court of Human Rights are organs of the CoE.
The list of CoE members is as follows:
Albania, Andorra, Armenia, Austria, Azerbaijan, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic,
Denmark, Estonia, Finland, France, Georgia, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia,
Liechtenstein, Lithuania, Luxembourg, Malta, Moldova, Netherlands, Norway, Poland, Portugal, Romania,
Russia, San Marino, Slovakia, Slovenia, Spain, Sweden, Switzerland, The Former Yugoslav Republic of
Macedonia, Turkey, Ukraine, and the United Kingdom.
Key Internet Rights Issues in Relation to the CoECurrently the two major issues relating to Internet rights and the work of the CoE are:
- The International Cybercrime
Convention An international treaty, developed by the CoE, that seeks to set
international standards for the policing of electronic networks, including the
retention of traffic data
- Council of Europe Draft Declaration
on Freedom of Communication on the Internet A proposed treaty that seeks to
establish minimal rights of access to communicate via the Internet
The International Cybercrime Convention
OriginsBoth the Group of Eight (G8) meetings (heads of state of Britain, Canada, France, Germany, Italy, Japan, Russia and the United States) and the Council of Europe (CoE) have in recent years expressed their concerns about tackling "cybercrime". G8 developments on the issue were initiated by the UK government. At the G8 meeting in Birmingham in May 1998, the G8 leaders were shown a video presentation on cybercrime and the British Prime Minister, Tony Blair, declared that the fight against it must be placed high on the political agenda. The British Home Secretary, Jack Straw, backed Blair up with a speech about how the Internet now allowed people to commit crimes in a number of different countries without having to move from their armchairs.
One thing Blair and Straw did not mention publicly was their conviction, now incorporated into the UK government's Regulation of Investigatory Powers (RIP) Act, that one "serious crime" they felt had to be dealt with by cybercrime legislation was that of "large numbers of people acting to a common purpose", a description that undoubtedly fitted the massive demonstration calling for the cancelling of world debt taking place around the G8 meeting at the time.
The G8 heads of state came away from the Birmingham meeting having agreed to include appropriate punishments against "cybercriminals" in their national legislation, to develop better techniques against "hackers" and to look at the issue of data retention to prevent the destruction of "electronic evidence".
These efforts now came together with and drove forward already existing moves being made by the CoE, which had first adopted a recommendation on combating cybercrime in 1995. In 1997, the CoE had set up the "Committee of Experts on crime in cyberspace" (PC-CY). According to Scott Charney, President of the G-8 working group on Hi-Tech Crime, the G8 working group always met prior to the working group of the CoE and the results of the G8 meetings were introduced into the CoE meetings by those who were present at both. The CoE was seen as the best place to produce a binding agreement Convention.
Work continued at the CoE on producing a Convention and involved close collaboration between the CoE and the US Department of Justice. Besides the 43 CoE countries, other "partners" (United States, Canada, Japan and South Africa) were involved in the drafting and have signed the final Convention.
The first draft of the Convention made publicly available was Draft 19 in April 2000. Other drafts were then released at intervals. Draft 26 was submitted to the CoE's Parliamentary Assembly on April 24, 2001. It was approved by a large majority, but with the reservation that "individual freedoms should be guaranteed more substantially". Draft 27 was released on May 25, 2001, supposedly addressing the concerns of the Parliamentary Assembly by making references to individual rights under the 1950 European Convention on Human Rights and 1966 United Nations International Covenant on Civil and Political Rights and including vague references to "proportionality" being maintained between civil liberties and law enforcement.
Draft 27 was approved by the CoE's European Committee on Crime Problems (CDPC) on June 22, 2001 and by the Committee of Ministers shortly afterwards. On November 11th, 2001, it was opened for signing in Budapest. So far 33 states have signed the Convention. None have yet ratified it, but as soon as 5 ratifications have taken place including 3 CoE member states, it will come into force. It will then be open to other non-member states to also become parties to the Convention through a process known as accession.
Civil society responsesThe Convention has raised widespread concerns amongst civil liberties organisations. A major issue has been that the Convention has been largely drafted behind closed doors. Whilst law enforcement bodies have actively participated in the drafting process, there has been no direct input from civil liberties bodies or NGOs.
On October 18, 2000, a wide range of civil society organisations from around the world (more than 20) signed a letter drafted by the Global Internet Liberty Campaign to the CoE expressing their concerns over the cybercrime Convention.
On December 12, 2000 the same group of organisations wrote again complaining that despite some changes "the Convention continues to be a document that threatens the rights of the individual while extending the powers of the police authorities, creates a low-barrier protection of rights uniformly across borders, and ignores highly-regarded data protection principles."
On June 7, 2001 the American Civil Liberties Union, the Electronic Privacy Information Center and and Privacy International wrote a letter expressing "continuing concerns" with the final draft.
Areas for concernMajor areas of the final Convention which should be of concern to social NGOs are:
- The Convention includes the possibility of "mutual assistance treaties" between
states on criminal matters, including "collection of evidence in electronic form of a
criminal offence" without requiring dual criminality. Police could assist with
investigations into "crimes" in one state which are not crimes in their own state.
This aspect has already begun to be implemented in the British RIP Act, directly referring to
the CoE processes. The Act includes provision for dealing with a situation in which all that
would be required is proof that a request for assistance comes from the "competent
authorities" and does not concern itself with the nature of the crime involved.
The CoE Convention says it is "permitted" to make mutual assistance agreements "conditional upon the existence of dual criminality". This appears to mean that mutual assistance agreements normally would not require dual criminality, but that it would be a permitted part of an agreement if one of the parties wanted to insist on it. But even if such dual criminality was agreed, the Convention goes on to restrict its possible scope by stating that under such circumstances "that condition (dual criminality) shall be deemed fulfilled, irrespective of whether its laws place the offence within the same category of offence". In other words, a distinction could not be made between something being a minor offence in one country and a serious one in another.
Although the Convention includes a clause that says "the requested Party may...refuse assistance if the request concerns an offence which the requested Party considers a political offence or an offence connected with a political offence", this would seem to leave a decision to refuse assistance on these grounds in the hands of law enforcement bodies and the foreign office departments of government. No procedure is layed down for any Parliamentary body to examine requests to consider whether they are political or not and, if the British RIP act is anything to go by, governments are free to frame legislation which specifically ignores the nature of an offence and simply checks that the "competent authorities" of another state have made it.
The implications of this for social movement NGOs and human rights organisations are clearly enormous. In many parts of the world, fighting for justice and human rights are themselves considered criminal acts. What in some countries are minor acts of civil disobedience carry draconian penalties in others, although technically they break the law in both countries.
The Convention can create a situation where activists in other parts of the world assisting such "criminals" via the Internet would be open to investigation and interception of their communications by police authorities in their own country, even though they were acting completely lawfully and the "crime" being investigated was not a crime in that country. Refusal to assist the police could result in severe penalties, although helping them could place the "criminal" in the other country in serious danger, even of losing their life under some circumstances.
- Issue 1 above, when coupled with the Convention's call for new law enforcement powers
over Internet Service Providers, will particularly affects ISP members of APC. The
Convention calls for other states to implement legislation similar to the British RIP Act,
requiring ISPs to cooperate in both the collection of traffic data and the content of
communications. It also calls for measures to empower law enforcement authorities to have
the ability to collect or record traffic data and content themselves without the
participation of the service provider.
In addition, the Convention endorses a UK RIP Act policy that has been widely condemned by lawyers as in breach of the ECHR by calling for countries to adopt laws forcing users to provide their encryption keys and plain text of encrypted files. As was argued over the RIP Act, this breaks the well established legal principle against an person being forced to incriminate himself.
- The vague references to "proportionality" and the European Convention on
Human Rights introduced into the Convention to satisfy the Parliamentary Assembly's
reservations concerning lack of guarantees of individual freedoms and privacy are
completely inadequate. It shows the one-sided way the document has been produced, with
law enforcement bodies completely dominating the process. As the letter from ACLU, EPIC
and PI, referred to above says,
"as a Council of Europe Convention drafted in consultation with other democratic
nations, this document missed an important opportunity to ensure that minimum standards
consistent with the European Convention on Human Rights and other international human
rights accords were actually implemented. This failure is, in part, a result of the
non-transparancy of the process."
A delegate to the Parliamentary Assembly from the Former Yugoslav Republic of Macedonia went a step further in pinpointing lost opportunities. During the debate on the Convention he raised the need for the ECHR itself to be extended to define new Internet Rights.
"The Council of Europe was the first international organisation to raise the question of fundamental human rights, and drafted the European Convention on Human Rights, which is the cornerstone of our organisation. Now, fifty years after the adoption of that Convention, we face a new information era and information society. It is now time to raise the question of updating the Convention, including one new basic human right - covering the rights of people in cyber space. They include the right to Internet access, the right to a unique identity in cyber space and the right freely to receive information from it. I shall raise the matter in my political group, but I hope that it will be discussed in other political groups and even in other international organisations.
Many articles have been written about who will be rich and poor in future. The poor will be those who do not have the right information or access to it in cyber space. That is one reason why I suggest updating the European Convention on Human Rights to cover developments in technology and society."
The Internet has become a powerful organising weapon for social movements challenging the domination of some increasingly isolated and discredited political leaders. These same political leaders have been the driving force for bringing about the Convention. It is hardly surprising that increasing and building upon the enormous democratic potential of the Internet was not the first thing on their minds!
For further information on the Cybercrime Convention see:
- The Birth and Rise of International Conventions on Cybercrime
- A report by Gus Hosein, of
for the APC
- The Argument over Data Retention in the European Union
- An overview of the current moves within the EU to block the blanket data retention
required by the Cybercrime Convention
Council of Europe Draft Declaration on Freedom of Communication on the InternetThe Council of Europe Draft Declaration on Freedom of Communication on the Internet (RTF format) is a draft treaty on creating minimum standards of access to electronic networks. It contains six principles that CoE members are required to apply as part of their national policies affecting Internet access by the public.
The six principles are:
- Principle 1: Absence of prior control
- Public authorities should not through general measures, including technical measures
such as filtering, deny access by the public to information and other communications on
the Internet, regardless of frontiers. Neither should intermediaries, such as service
providers, exercise or be obliged to excercise prior control of content which does not
emanate from them.
- Principle 2: Removal of barriers to participation of individuals in the information society
- Member States should foster and encourage access for all to Internet communications
and information services on a non-discriminatory basis at an affordable price, as well as
an active participation of the public, such as in the form of setting up and running
individual web sites, which should not be subject to any licensing or other requirements
having a similar effect.
- Principle 3: Freedom of providing services via the Internet
- The provision of services via the Internet should not be made subject to specific
authorisation schemes on the sole grounds of the means of transmission used. Member States
should seek to prevent monopolistic offerings of services via the Internet and seek measures
to enhance a pluralistic offer which caters for different needs of users and social
- Principle 4: Liability for content of communications
- When deciding which rules shall govern liability for content of Internet communications,
member States should take into due account the situation of intermediaries in the
communication chain, who should not be held liable for providing access, transmitting or
hosting in good faith.
- Principle 5: Anonymity
- Member States should respect the right of users of the Internet not to disclose their
identity. This does not prevent member States from co-operating and taking measures to
enable the tracing of authors of criminal deeds, in accordance with the safeguards
provided under national law and the European Convention on Human Rights.
- Principle 6: Independence of regulatory bodies
- Any regulatory bodies in the field of Internet should be independent, in particular
as regards their transparency and independence from political and economic powers.
The draft declaration goes some way to meeting the requirements of the APC's Charter for Internet Rights. However, it falls short in a number of significant areas:
- It Primarily Binds Public Authorities
The Internet is largely owned an operated by private corporations - predominantly
telecommunications corporations. The computers and computer software which people use
are primarily developed and marketed by private companies. Whereas the Internet
services provided by the state, for example through the education system, are covered,
the wider range of Internet services offered today are not. In particular, there is no
guarantee of service from a private Internet Service Provider to a customer. And whilst
Internet Service Providers need not apply filtering or blocking systems required by the
state, do these same measures prevent corporations from developing their own private
controls over content rating, filtering or control?
- Proprietary Controls
A significant problem within the Internet, but more broadly with the use of computers in
general, is the use of intellectual property rights to dominate the market. While the
declaration deals with issues of affordability and accessibility, it does not deal with
the role of intellectual propriety right sin controlling access. In particular the use of
proprietary standards to force the use of a certain manufacturer's software, rather than
the development of open standards which allow any developer to provide alternative means
of accessing the same service or information.
Whilst the declaration deals with anonymity, it does not deal with the issue of privacy.
On the Internet, anonymity is not synonymous with privacy. Anonymity is the ability not to
disclose identity. But privacy is the ability to supply information in confidence, with
the certainty it will not be used for other purposes. There are many services on the
Internet where the use of addresses or personal information is essential to receive
information, or to verify access. It is important that this information be securely
guarded, and where used, only be used for the purposes for which it was supplied by the
- The Promotion of Rights
The draft text does not seek to require state to promote the rights enabled by the
declaration. This is important because to exercise a right the public must first
understand the terms of that right.
- Internet Government
One significant 'grey area' in the text is the role of the bodies that effectively
govern how the Internet operates. For example ICANN, the national domain name
registering authorities, and standards bodies such as the Internet Engineering Task
Force. These are non-governmental bodies, often incorporated as private companies.
Therefore what role has the declaration to play in guiding the action of the
organisations who govern the Internet?