57. In addition to the universal counter-terrorism instruments, several regional and subregional instruments offer valuable substantive and procedural standards for crimi- nalizing acts of terrorism that may be perpetrated by means of the Internet. These instruments, which complement the universal counter-terrorism instruments, may vary in scope and in their degree of enforceability.
1. Council of Europe
58. In 2001, the Council of Europe elaborated the Council of Europe Convention on Cybercrime,48 which is currently the only multilateral, legally binding instrument
addressing criminal activity conducted via the Internet. The Council of Europe Con- vention on Cybercrime seeks to harmonize national laws relating to cybercrime, to improve domestic procedures for detecting, investigating, and prosecuting such crimes and to provide arrangements for fast and reliable international cooperation on these matters.49 The Convention establishes a common minimum standard for domestic
computer-related offences50 and provides for the criminalization of nine such offences,
including offences relating to unauthorized access to and illicit tampering with computer systems, programs or data; computer-related fraud and forgery; and attempting, aiding or abetting the commission of such acts.51
59. The Council of Europe Convention on Cybercrime also includes important pro- cedural provisions which may facilitate investigations and evidence-gathering in con- nection with acts of terrorism involving use of the Internet. These provisions apply to any criminal offence committed by means of a computer and the collection of evidence in electronic form and are subject to applicable safeguards provided for under domestic law.52
60. For example, the Council of Europe Convention on Cybercrime requires parties to adopt legislation requiring Internet service providers (ISPs) to preserve specified data stored on their servers for up to 90 days53 (renewable), if requested to do so by law
enforcement officials during the course of a criminal investigation or proceeding, until the appropriate legal steps may be taken to compel disclosure of such data.54 This
expedited procedure for the preservation of stored data is crucial given the transient
48 Council of Europe, European Treaty Series, No. 185 (also available from www.coe.int/cybercrime). 49 Ibid., preamble.
50 Explanatory report to the Council of Europe Convention on Cybercrime, para. 33. Available from http://conven- tions.coe.int/Treaty/en/Reports/Html/185.htm.
51 Ibid., arts. 2-8 and 11.
52 Ibid., art. 14, para. 2 (b) and (c), and art. 15. Such conditions shall include protection of human rights and liberties, including rights arising pursuant to obligations undertaken under the European Convention for the Protection of Human Rights and Fundamental Freedoms, the International Covenant on Civil and Political Rights, other applicable international human rights instruments, and judicial or other independent supervision.
53 A minimum of 60 days is imposed with respect to preservation effected in response to a request for mutual legal assistance (Council of Europe Convention on Cybercrime, art. 29).
CHAPTER II. THE INTERNATIONAl CONTExT
21
nature of electronic data and the often time-consuming traditional mutual legal assis- tance procedures in transnational cases.55 The issuance of a preservation order, or similar
measure, also has several benefits compared with traditional search and seizure proce- dures, as the ISP may be better placed to rapidly secure the evidence in question. Additionally, a preservation measure may be less disruptive to the legitimate business of the ISP, with lower potential for reputational harm to the business,56 which may
facilitate ongoing cooperation. The search and seizure procedure with respect to stored data, established pursuant to article 19 of the Council of Europe Convention on Cyber- crime, provides protections regarding stored data that are similar to those generally afforded to tangible evidence57 under the relevant domestic legislation.58
61. The Council of Europe Convention on Cybercrime also requires parties to imple- ment legislation relating to the production of stored subscriber data.59 Such information
may be crucial during the investigative stage to establish the identity of a perpetrator of a terrorist act involving use of the Internet, and may include the physical location of such person, as well as other related communication services employed in the com- mission of the act. The Convention also requires signatory States to establish minimum standards to enable real-time collection of traffic data60 associated with specified com-
munications and the interception of content data in relation to specified serious offences under domestic law.61
62. The Council of Europe Convention on Cybercrime may be applied in conjunction with counter-terrorism instruments, such as the Council of Europe Convention on the Prevention of Terrorism,62 to provide a legal basis for cooperation against the use of
the Internet for terrorist purposes. The Council of Europe Convention on the Preven- tion of Terrorism requires parties to criminalize certain acts under domestic law that may lead to the commission of terrorist offences, such as public provocation, recruit- ment and training, all of which may be committed through the Internet. The Conven- tion also mandates national and international cooperation measures aimed at preventing terrorism, including investigative measures. For example, article 22 of the Convention provides for the sharing with another party of unsolicited information relating to inves- tigations or proceedings, within the limits imposed by domestic law, in the common interest of responding to criminal acts (spontaneous information).
55 Explanatory report to the Council of Europe Convention on Cybercrime, para. 157. 56 Ibid., para. 155.
57 Such as the data medium upon which the data is stored.
58 Explanatory report to the Council of Europe Convention on Cybercrime, para. 184.
59 See Council of Europe Convention on Cybercrime, art. 18. “Subscriber data” is defined to include any informa- tion, other than traffic data or content data, relating to the user’s identity, postal or geographic address, telephone and other access number, billing and payment information or any other information concerning the site or location where the communication equipment is installed that is available on the basis of the service agreement with the Internet service provider.
60 Pursuant to article 1 (d) of the Council of Europe Convention on Cybercrime, “traffic data” includes informa- tion that indicates a communication’s origin, destination, route, time, date, size, duration or type of underlying service.
61 Pursuant to articles 20 and 21, respectively, of the Council of Europe Convention on Cybercrime.
62 Council of Europe, Treaty Series, No. 196. Also available from http://conventions.coe.int/Treaty/en/treaties/ html/196.htm.
THE USE OF THE INTERNET FOR TERRORIST PURPOSES
22
63. The Council of Europe Convention on Cybercrime and the Council of Europe Convention on the Prevention of Terrorism are open to ratification or accession by all member States of the Council of Europe,63 non-member States that participated in the
elaboration of those Conventions and other non-member States by invitation, with agreement from all of the States then parties to the relevant Convention.64 It is worth
noting that several countries that have not formally acceded to the Council of Europe Convention on Cybercrime have nonetheless used its provisions as guidelines in the drafting of their own national cybercrime legislation. (See also section F below on model legislation.)
64. The Council of Europe has also elaborated the Additional Protocol to the Con- vention on Cybercrime, concerning the Criminalisation of Acts of a Racist and Xeno- phobic Nature Committed through Computer Systems.65 This Additional Protocol may
also facilitate the prosecution of terrorist acts committed via the Internet with the intention of inciting violence on the basis of race, colour, descent, national or ethnic origin, or religion.66 The Additional Protocol is open to all contracting States of the
Council of Europe Convention on Cybercrime.67
2. European Union
65. In 2002, the Council of the European Union adopted framework decision 2002/475/JHA of 13 June 2002 on combating terrorism, which harmonizes the defini- tion of terrorist offences in all European Union member States68 by introducing a
specific and common definition of the concept of “terrorism”, setting forth jurisdictional rules to guarantee that terrorist offences may be effectively prosecuted, and outlining specific measures with regard to victims of terrorist offences. In response to the grow- ing terrorist threat, including the use of new technologies such as the Internet, frame- work decision 2002/475/JHA was amended in 200869 to specifically include provisions
on public provocation to commit a terrorist offence, recruitment for terrorism and training for terrorism. In that decision, the Council of the European Union also took note of Security Council resolution 1624 (2005), in which the Council called upon States to take measures to prohibit by law incitement to commit a terrorist act or acts and to prevent such conduct.
63 As at the date of the present publication, the 47 member States of the Council of Europe are the following: Albania, Andorra, Armenia, Austria, Azerbaijan, Belgium, Bosnia and Herzegovina, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Georgia, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Republic of Moldova, Monaco, Montenegro, Netherlands, Norway, Poland, Portugal, Romania, Russian Federation, San Marino, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, the former Yugoslav Republic of Macedonia, Turkey, Ukraine and United Kingdom.
64 See Council of Europe Convention on Cybercrime, art. 36, and Council of Europe Convention on the Preven- tion of Terrorism, arts. 23-24.
65 Council of Europe, European Treaty Series, No. 189. 66 Ibid., art. 2.
67 Ibid., art. 11.
68 As at the date of the present publication, the 27 member States of the European Union are: Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and United Kingdom.
69 Council of the European Union Framework Decision 2008/919/JHA of 28 November 2008 amending Framework Decision 2002/475/JHA on combating terrorism.
CHAPTER II. THE INTERNATIONAl CONTExT
23
66. Framework decision 2008/919/JHA provides a basis for prosecuting the dissemina- tion of terrorist propaganda and bomb-making expertise also through the Internet, to the extent that such dissemination is committed intentionally and meets the require- ments of the named offences. The amendments to framework decision 2002/475/JHA relating to the offences of public provocation, recruitment and training were based on similar provisions of the Council of Europe Convention on the Prevention of Terror- ism.70 Framework decision 2008/919/JHA introduced new offences regarding conduct
that may lead to acts of terrorism, irrespective of the means or technological tools through which these offences are committed. As with the Council of Europe Conven- tion on the Prevention of Terrorism, while the provisions of framework decision 2008/919/JHA are not Internet-specific, they also cover activities conducted by means of the Internet.
3. Additional legal instruments
67. Additional binding legal instruments adopted by regional or subregional organiza- tions which may contain provisions relevant to countering terrorist use of the Internet include the following:
• South Asian Association for Regional Cooperation Regional Convention on Suppression of Terrorism (1987)
• Arab Convention on the Suppression of Terrorism (1998)
• Treaty on Cooperation among States Members of the Commonwealth of Inde- pendent States in Combating Terrorism (1999)
• Convention of the Organization of the Islamic Conference on Combating Inter- national Terrorism (1999)
• Organization of African Unity Convention on the Prevention and Combating of Terrorism (1999)
• Inter-American Convention against Terrorism (2002)
• Association of Southeast Asian Nations Convention on Counter Terrorism (2007)
• Economic Community of West African States directive on fighting cybercrime (2009).