European Committee on Crime Problems (CDPC)
Committee of Experts on Crime in Cyber-Space (PC-CY)
Prepared by the Secretariat Directorate General I (Legal Affairs)
The member States of the Council of Europe and the other States signatory hereto,
Considering that the aim of the Council of Europe is to achieve a greater unity between its members;
Recognising the value of fostering co-operation with the other States signatories to this Convention;
Convinced of the need to pursue, as a matter of priority, a common criminal policy aimed at the protection of society against cyber-crime, inter alia by adopting appropriate legislation and fostering international co-operation;
Conscious of the profound changes brought about by the digitalisation, convergence and continuing globalisation of computer networks;
Concerned at the risk that computer networks and electronic information may alsoPage 82 be used for committing criminal offences and that evidence relating to such offences may be stored and transferred by these networks;
Believing that an effective fight against cyber-crime requires increased, rapid and well-functioning international co-operation in criminal matters;
Convinced that the present Convention is necessary to deter actions directed against the confidentiality, integrity and availability of computer systems, networks and computer data, as well as the misuse of such systems, networks and data, by providing for the criminalisation of such conduct, as described in this Convention, and the adoption of powers sufficient for effectively combating such criminal offences, by facilitating the detection, investigation and prosecution of such criminal offences at both the domestic and international level, and by providing arrangements for fast and reliable international co-operation, while ensuring a proper balance between the interests of law enforcement and respect for fundamental human rights;
Taking into account the existing Council of Europe conventions on co-operation in the penal field and stressing that the present Convention is intended to supplement those conventions in order to make criminal investigations and proceedings concerning criminal offences related to computer systems and data more effective and to enable the collection of electronic evidence of a criminal offence;
Welcoming recent developments which further advance international understanding and co-operation in combating cyber-crimes, including actions of the United Nations, the OECD, the European Union and the G8;
Recalling Recommendation N° R 88 (2) on piracy in the field of copyright and neighbouring rights as well as Recommendation N° R (89) 9 on computer-related crime providing guidelines for national legislatures concerning the definition of certain computer crimes and Recommendation N° R (95) 13 concerning problems of criminal procedural law connected with Information Technology, calling for, inter alia, the negotiation of an international agreement to regulate trans-border search and seizure;
Having regard to Resolution No. 1 adopted by the European Ministers of Justice at their 21st Conference (Prague, June 1997), which recommended the Committee of Ministers to support the work carried out by the European Committee on Crime Problems (CDPC) on cyber-crime in order to bring domestic criminal law provisions closer to each other and enable the use of effective means of investigation concerning such offences;Page 83
Having also regard to the Action Plan adopted by the Heads of State and Government of the Council of Europe, on the occasion of their Second Summit (Strasbourg, 10-11 October 1997), to seek common responses to the development of the new information technologies, based on the standards and values of the Council of Europe;
Have agreed as follows:
For1the purposes of this Convention:
a "computer system" means any device or a group of inter-connected or related devices, one or more of which, pursuant to a program, performs automatic processing of data [or any other function];2
b "computer data" means any representation of facts, information or concepts in a form suitable for processing in a computer system, including a program suitable to cause a computer system to perform a function;
c "service provider" means:
i any public or private entity that provides to users of its service the ability to communicate by means of a computer system, and
ii any other entity that processes or stores computer data on behalf of such communication service or users of such service.
d "traffic data" means any computer data relating to a communication by means of a computer system, generated by the computer system that formed part in the chain of communication, indicating its origin, destination, path or route, time, date, size, duration or type of underlying [network] service.
e "subscriber information" means any information, contained in the form ofPage 84 computer data or any other form, that is held by a service provider, relating to subscribers of its service, other than traffic or content data, by which can be established:
i the type [...] of the communication service and equipment used by the subscriber and the technical provisions taken thereto;
ii the subscriber's identity, address, telephone number, or any other information related to [the subscriber or]3the location of his/her communication equipment.
Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law when committed intentionally4the access to the whole or any part of a computer system without right. A Party may require that the offence be committed either by infringing security measures or with the intent of obtaining computer data or other dishonest intent.
Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law when committed intention-Page 85 ally the interception without right, made by technical means, of non-public5transmissions of computer data to, from or within a computer system, as well as electromagnetic emissions from a computer system carrying such computer data.