Modelo de Interfaz Web al Cliente

The manner in which international or regional instruments are implemented in national law, as well as the effectiveness of the application and enforcement of new rules, can be decisive factors in the success, or otherwise, of harmonization.99 _{States may interpret or implement the provisions of}

international instruments in different ways, leading to further divergence across countries. This, in itself, is not a problem: countries will not always implement international frameworks in exactly the same way, due to different legal traditions and limitations that exist at the national level.100 _{At the}

same time, however, the goal of implementation is to provide a certain degree of compliance of national legislation with international frameworks.

Vertical (direct) implementation

‘Direct’ implementation of a multilateral treaty follows signature and ratification of, or accession to, a treaty. For most international rules to become operative, they must be applied by State officials or individuals within domestic legal systems. States may achieve this either through ‘standing incorporation’ of international rules into domestic law (often associated with so-called ‘monist’ systems) or by ‘legislative incorporation’       

98 _{See Council of Europe Cybercrime Convention, Art. 35 and League of Arab States Convention, Art. 43.}

99 _{Miquelon-Weismann, M. F., 2005. The Convention on Cybercrime: A Harmonized Implementation of International Penal Law:}

What Prospects for Procedural Due Process? John Marshall Journal of Computer & Information Law, 23(2):329-61.

100 _{See Klip, A., Nelken, D., 2002. Changing Legal Cultures. In: Likosky, M. (ed.) Transnational Legal Processes. London: Butterworths;}

Graziadei, M., 2009. Legal Transplants and the Frontiers of Legal Knowledge. Theoretical Inquiries in Law, 10(2): 723-743. Key results:

 In addition to formal membership and implementation, multilateral cybercrime instruments have influenced national laws indirectly, through use as a model by non- States parties, or via the influence of legislation of States parties on other countries  Membership of a multilateral cybercrime instrument corresponds with the perception of

increased sufficiency of national criminal and procedural law, indicating that current multilateral provisions in these areas are generally considered effective

 Fragmentation at the international level, and diversity of national laws, in terms of cybercrime acts criminalized, jurisdictional bases, and mechanisms of cooperation, may correlate with the existence of multiple cybercrime instruments with different thematic and geographic scope

Implementation of the EU Decision on Attacks against Information Systems

A report on the implementation of the EU Framework Decision on Attacks against Information Systems (2005) reveals significant divergence in the use of the option not to criminalize ‘minor cases.’ Member states, for example:

 Criminalized access only with the intent to perpetrate data espionage;

 Criminalized illegal access only in cases where the data was subsequently misused or damaged;

 Established a condition of endangering the data accessed as a requirement for criminal responsibility.

The report on implementation pointed out that, in general, ‘such a divergence of interpretation and application of the option not to criminalize certain acts poses a serious risk to the objective to approximate Member State rules on criminal law in the area of attacks against information systems.’

CHAPTER THREE:LEGISLATION AND FRAMEWORKS

(in ‘dualist’ systems), whereby international rules become applicable within the national legal system only if and once the relevant national legislation is passed.101

The incorporation of cybercrime instrument provisions into national law will often involve amendment of legislation such as the criminal code and criminal procedure code in order either to introduce new specific offences, or to amend existing ones.

The result in national law may be significantly different from State party to State party. A specific effect that the implementation of an international instrument has on the national legal system of one state, for example, may never occur in another.102 _{An assessment}

of the implementation of the EU Decision on Attacks against Information Systems103 _{illustrates well}

the challenges faced in harmonization of cybercrime legislation – even in the context of a binding framework and countries accustomed to implementation of supra-national law.104 _{As illustrated in}

the box, assessment of implementation showed significant divergences in national legal provisions designed to implement the Decision. The assessment also highlights a further point – that review of implementation of any instrument is a technical and challenging process, requiring time, resources and full information on both legislative provisions, and their application in practice.105 _{It is beyond}

the scope and mandate of this Study to carry out any form of assessment of implementation of the different international and regional cybercrime instruments referred to in this Chapter.

Nonetheless, analysis of responses to the Study questionnaire alone shows that membership of a multilateral instrument correlates with a perception of increased sufficiency of national cybercrime criminal and procedural law. Figure 3.9 demonstrates that responding countries that were not party to a multilateral cybercrime instrument more frequently reported that national cybercrime criminalization and procedural laws were ‘not sufficient.’106

101 _{Cassese, A., 2005. International Law. Oxford: Oxford University Press, p.220-221.}

102 _{Klip, A., 2006. European Integration and Harmonisation and Criminal Law. In: Curtin, D.M. et al. European integration and law:}

four contributions on the interplay between European integration and European and national law to celebrate the 25th anniversary of Maastricht University’s Faculty of Law. For general discussion, see Legrand, P., 1997. The Impossibility of ‘Legal Transplants, Maastricht Journal of European and Comparative Law, (4):111-124.

103 _{European Commission. 2008. Report from the Commission to the Council based on Article 12 of the Council Framework Decision of 24 February}

2005 on attacks against information systems. COM (2008) 448 final, Brussels, 14 July 2008. It should be noted that the implementation analysis was carried out only for 20 out of 27 Member States of the European Union, and was based only on formal analysis of the information submitted by Member States.

104 _{Calderoni, F., 2010. The European legal framework on cybercrime: striving for an effective implementation. Crime, Law and Social}

Change, 54(5):339-357.

105 _{The Mechanism for the Review of Implementation of the United Nations Convention against Corruption, for example, involves a}

detailed terms of reference for the review process, as well as guidelines for governmental experts and the secretariat in the conduct of country reviews. See http://www.unodc.org/documents/treaties/UNCAC/Publications/ReviewMechanism-

BasicDocuments/Mechanism_for_the_Review_of_Implementation_-_Basic_Documents_-_E.pdf

106 _{Study cybercrime questionnaire. Q19. Figure 3.9 is calculated for the following signed or ratified instruments: Council of Europe}

Cybercrime Convention, League of Arab States Convention, Commonwealth of Independent States Agreement, and Shanghai Cooperation Organization Agreement.

Implementation of the ECOWAS Draft Directive

In 2008, a country in Western Africa adopted a law concerning regulations provided at the regional level by ECOWAS on cybercrime. The specific amendments included:

 Creation of IT-specific offences in the fields of criminal protection of IT systems and electronic data, illegal content, computer fraud, technical assistance services, and digital advertising;

 Updating of legislation on existing offences to make it relevant to the new IT/telecommunications environment (in the fields of criminal protection against theft, physical damage to property, etc.);

 Amendments to the law on criminal procedure to implement the IT-specific instruments;

 Creation of new guidelines on cyber-related cooperation with regard to ECOWAS states, the Council of Europe, and cooperation between the state and ECOWAS/Council of Europe/G8 Network.

Source: Mouhamadou, L.O. 2011. Cybercrime, Civil Liberties, and Privacy in the Economic Community of West African States . 21st

74   

While a relationship between ‘sufficiency’ of legislation and ‘instrument membership’ can be demonstrated, responses to the study did not reveal a clear pattern between ‘perceived harmonization’ and ‘instrument membership.’ As noted above, while countries in Europe, for example, perceive high levels of harmonization ‘with multilateral instruments,’ this does not always translate into perceived high levels of harmonization of national legislation within the region.107

Similarly, calculations based on the two respondent groups above (‘instrument’ and ‘no instrument’) do not reveal significant differences in perceived levels of harmonization with other countries, or within respective regions.108 _{Nonetheless, multilateral instruments are usually inherently}

intended to play a role in harmonization and it is possible that responses to the questionnaire also reflect differences in perceptions as to what constitutes ‘harmonization’ in the first place. In this respect, a number of countries reported positive experiences of implementation of multilateral instruments. In reporting on harmonization successes, for example, many responding countries noted a positive experience in incorporating provisions from instruments such as the Council of Europe Cybercrime Convention into national law.109

Indirect influence

In addition to formal instrument membership and implementation, multilateral cybercrime instruments have also influenced national laws indirectly. This includes through use as a model by non-States parties, or via the influence of legislation of States parties on other countries. Countries may use more than one instrument to draft national legislation and a number of countries reported that this was the case.110 _{One country in Western Africa, for example, noted use of the Commonwealth}

Model Law, the Council of Europe Cybercrime Convention, and the ECOWAS Draft Directive. Another country in Western Asia reported use of both the League of Arab States Model Law, and national legislative provisions from other countries in the region.111 _{In addition, as noted previously,}

multilateral instruments themselves include a significant amount of cross-fertilization between the texts. The Commonwealth Model Law and the EU Decision on Attacks against Information Systems, for example, were drafted closely in line with the Council of Europe Cybercrime Convention.

107 _{See above, Section 3.2 Divergence and harmonization of laws, Harmonization of laws.} 108 _{Study cybercrime questionnaire. Q17.}

109 _{Study cybercrime questionnaire. Q16.} 110 _{Study cybercrime questionnaire. Q12 and Q14.} 111 _Ibid. 0% 20% 40% 60% 80% 100% Criminalization Procedural powers Criminalization Procedural Powers Pa rt y  to  a  m u lt ila te ra l  ins tr u m e n t No t  pa rt y  to  a  m u lt ila te ra l  in st ru m e n t Figure 3.9: Impact of multilateral instruments on perceived sufficiency  of legislation Not sufficient Partly sufficient Sufficient Source: Study  cybercrime questionnaire. Q19. (n=42)

CHAPTER THREE:LEGISLATION AND FRAMEWORKS

The complexity of direct implementation of instruments, indirect influence, and their combination, is reflected in aggregate results from the Study questionnaire. During information gathering for the Study, countries were asked which international or regional instruments were used to draft or develop existing and new or planned legislation.112 _{A comparatively low number of}

countries responded to the question.113 _{Figure 3.10 shows, however, that the Council of Europe}

Convention, its Protocol, and instruments closely based on the Council of Europe Convention, such as European Union instruments, were most widely used for the development of cybercrime legislation. Altogether, multilateral instruments from other international or regional ‘clusters’114 _–

such as the League of Arab States and African instruments – or other national legislation, were used in around half as many countries.

It should be noted that this assessment is based on country responses and not on an examination of the content of national laws.115 _{This is appropriate insofar as, in general, it is nearly}

impossible to identify – merely by analysis of legislative provisions – exactly which instruments were used to draft legislation. Only when the approach to the criminalisation of a particular offence suggested by a specific international framework shows some recognisable differences to all of the other instruments, is it possible to ‘trace’ any influence. For example, the Commonwealth of Independent States Agreement116 _{attaches additional elements to illegal access (effects on data) and}

criminalizes the distribution of computer viruses in a specific way. Provisions following this

112 _Ibid.

113 _{The regional distribution was as follows: regarding existing legislation: Europe 13; Asia & Oceania 7; Americas 5; Africa 5;}

regarding new or planned legislation: Europe 7; Asia & Oceania 10; Americas 5; Africa 6.

114 _{See above, Section 3.3 Overview of international and regional instruments.}

115 _{Note that in Chapters Four (Criminalization) and Five (Law enforcement and investigations) of this Study, some results are}

presented based on primary source legislation analysis.

116 _{Commonwealth of Independent States Agreement, Art. 3(1)(a): The illegal accessing of computer information protected by the law,}

where such act results in the destruction, blocking, modification or copying of information or in the disruption of the functioning of the computer, the computer system or related networks.

4% 8% 12% 12% 12% 12% 12% 16% 52% 60% 15% 8% 8% 12% 15% 15% 4% 46% 73% CIS Cooperation  Agreement (2001) National legislative models ECOWAS Draft Directive on Cybercrime  (2009) Arab League Model  Law (2004) or Arab Convention  (2010) Commonwealth Model Law Computer  Crime/Electronic Evidence  (2002) Other Legislation Additional Protocol  to Council  of Europe  Convention  on Cybercrime  (2003) Council of Europe  Convention  on the Protection  of Children  (2007) European Union instruments Council of Europe  Convention  on Cybercrime  (2001)

Figure 3.10: Cross‐national instruments used to draft or develop planned or existing national  cybercrime legislation

Existing legislation New or planned  legislation

76   

approach can be found by analysing the content of legal provisions in several countries in Eastern Europe and Western Asia.117

The overall potential for success of harmonization and implementation of international law into national legislation is determined, to a large extent, by the degree to which countries are able to translate international standards into national systems. This needs to occur, not only from the legal perspective, but also in a socio-political environment in which there is a high degree of support for, and commitment to, the necessary legislative reforms. This is most likely when countries are able to maintain legal traditions while still meeting the international obligations they have chosen to assume.

One responding country in Western Asia, for example highlighted the necessity of taking into account ‘society, in terms of customs and traditions.’118 _{One country in Western Africa and a country}

in the Americas also pointed out the good practice of using ‘stakeholder consultations’ to ensure the maintaining of national legal traditions. In other cases, countries may not yet perceive a need for strengthening cybercrime law. One country in Southern Africa, for instance, noted that since ‘the

development of ICT infrastructure is still poor, cybercrime legislation was not considered a pressing need.’119

Ultimately, however, the use of both binding and non-binding international and regional instruments has significant potential for positive progress towards greater sufficiency and harmonization of national laws – and, in the long run, enhanced international cooperation against a global challenge. Chapters Four (Criminalization), Five (Law enforcement and investigations) and Eight (Prevention) examine further both convergences and divergences in these individual areas.

117 _{See Chapter Four (Criminalization).} 118 _{Study cybercrime questionnaire. Q16.} 119 _Ibid.

CHAPTER FOUR:CRIMINALIZATION

CHAPTER FOUR: CRIMINALIZATION