Cybercrime is not just malware or hackers that infiltrate high-security servers in defence departments to exfiltrate classified information. It can range from cloning citizens’ credit cards for financial gain or stealing users’ identities on social media to heinous crimes such as child pornography online. Regardless of the specific definition of cybercrime that one may adopt, criminal activities that involve computers and information systems are less a technical matter than a policy issue: one that requires appropriate laws, expertise and international cooperation.
Cybercrime undermines the economic growth of our economies and the well-being of our citizens. For small and medium enterprises as well as for large multinationals, criminal activities in cyberspace can have significant impacts. Up from US$3 trillion in 2015, cybercrime will cost the world US$6 trillion annually by 2021. According to forecasts, from 2019 to 2023 approximately US$5.2 trillion in global value will be at risk from cyberattacks, meaning that cybercrime will transfer huge resources away from communities, development policies or projects and into the pockets of cybercriminals.
Several countries have taken up the challenge and adopted substantive criminal law provisions, enhanced the ability of their law enforcement agencies to investigate cyber offences, and increased the level of public awareness of the threats. Many have also benefited from accession to the Budapest Convention on Cybercrime, the first international treaty on crimes committed via the Internet and computer networks, notably regarding breaches in information networks, copyright infringements, computer-related fraud and child pornography.
Unfortunately, not all countries possess the tools needed to fight cybercrime. While cybercriminals know no borders, they can mask their identity online or can take advantage of gaps in national legislation to attack where information systems are more vulnerable. National law enforcement agencies and courts may find it extremely difficult to investigate and prosecute those crimes.
Fortunately, countries are not alone in this fight. GLACY+ (Global Project on Cybercrime Extended) is a joint project of the European Union and the Council of Europe that aims to strengthen effective international cooperation by supporting countries with national legislation on cybercrime and electronic evidence.
GLACY+ aims to strengthen the capacities of states worldwide to apply legislation on cybercrime and electronic evidence and enhance their abilities for effective international cooperation in this area. Its approach is:
– To promote consistent cybercrime legislation, policies and strategies
– To strengthen the capacity of police authorities to investigate cybercrime and engage in effective cooperation with each other as well as with cybercrime units in Europe and other regions
– To enable criminal justice authorities to apply legislation, prosecute and adjudicate cases of cybercrime and electronic evidence, and engage in international cooperation.
GLACY+ is intended to extend the experience of the GLACY project (2013–2016) and supports 15 priority and hub countries in Africa, Asia-Pacific, and Latin America and the Caribbean region – Benin, Burkina Faso, Cabo Verde, Chile, Costa Rica, Dominican Republic, Ghana, Mauritius, Morocco, Nigeria, Paraguay, Philippines, Senegal, Sri Lanka and Tonga. These countries may serve as hubs to share their experience within their respective regions.
You can learn more about this project here.
Thanks to the project, 40 per cent of UN member states are now either party or signatory to the Budapest Convention or await accession to it. The number of countries undertaking cybercrime law reforms has skyrocketed, doubling in Africa in just seven years. Moreover, even when they are not party to the Convention, most states use it anyway as a guideline or a source for domestic legislation. Thanks to these efforts, the Budapest Convention has become a truly global legal instrument. More importantly, the project has contributed to creating a genuine community and support system in the fight against cybercrime.
But GLACY+ is not all about laws. Over four years, almost 3,000 criminal justice professionals received cyber-related training. Furthermore, the beneficiaries of that training have become trainers themselves. For example, Sri Lanka was a priority country for GLACY until 2016. Recently, 325 Sri Lankan judges received courses from local Sri Lankan professionals, showing how capacity-building activities can lead to projects that then stand on their own feet.
- Each of the project’s objectives translates into concrete expected results, such as:
- Reinforcement of policies and strategies in up to 20 countries, including relevant aspects of cybersecurity and partnerships with the private sector, as well as experience sharing in further countries
- Enhancement of policy dialogue and cooperation on cybercrime between priority countries and their regions, and international and regional organisations, and synergies maximised with EU-funded projects developed in project areas
- Harmonisation of cybercrime electronic evidence and related data protection provisions with the Budapest Convention and its Protocols, with full respect for the rule of law and human rights standards
- Training of at least 1,000 law enforcement officers in basic cybercrime investigations and computer forensics as well as related rule-of-law requirements
- Effective international police-to-police cooperation on cybercrime and electronic evidence
- Strengthening of interagency cooperation among cybercrime units, financial investigators and financial intelligence units in the search for, seizure of and confiscation of online crime proceeds
- Strengthening of institutions and procedures for international judicial cooperation related to cybercrime and electronic evidence
- Reinforcement of training centres, academic institutions and other entities providing criminal justice capacity-building programmes with a regional scope, as well as streamlining of training on cybercrime and electronic evidence.
Which aspects of this project have contributed to its success? And which, according to the implementing organisations, might play an important role in launching similar initiatives in other parts of the world? The project DNA profiling on the basis of the Good Cyber Stories framework highlighted the importance of three success genes in particular:
R – Resources
A project on such a scale would not be possible without a constant and reliable source of funding as well as an experienced implementing team. The funding from the European Union allows the implementing organisation to focus on delivering the results and offer innovative solutions and activities instead of engaging in fundraising.
A – Awareness
The success of GLACY+ is also due to rapidly growing awareness on the part of policymakers and citizens of the negative impact that cybercrime has on societal development and economic growth. This, in turn, has pushed the participating countries to engage in international cooperation on cybercrime and seek support in strengthening the capacities of law enforcement and criminal justice officials.
D – Diversity
The countries taking part in GLACY+ are diverse from geographical, cultural, legal, economic and linguistic perspectives. GLACY+ has already reached around 30 countries worldwide in Africa, Asia-Pacific, Latin America and the Caribbean region. Diversity is also reflected in multiple target groups participating in the project activities, including law enforcement officials, prosecutors and judges.
Diversity among the participating countries is one of GLACY+’s biggest strengths and has contributed to its success. While specific criteria are taken into account when selecting priority countries, positive spill-overs spread quickly from a county to its neighbours, thus amplifying the project’s impact. Diverse profiles of the target audiences have also allowed the project to connect different communities and share good practices and lessons.
Replicating a project of this magnitude will probably be very difficult given the progress achieved globally under the GLACY+ umbrella. However, the project is open to activities and engagement with countries around the world. In addition, countries interested in supporting the cybercrime-related activities of the Council of Europe can do so, for instance, by supporting the Octopus Conference series.