At a glance.
- Data sharing and the Budapest Convention.
- NSA says new encryption standard won't have backdoors.
- New York enacts measures to protect power grid.
Data sharing agreement to be added to the Budapest Convention.
The Council of Europe has announced that the Second Additional Protocol to the Convention on Cybercrime (also known as the Budapest Convention) was opened for signature at a conference of the Council’s Committee of Ministers.. The protocol’s goal is to encourage the sharing of electronic evidence like subscriber info and traffic data among council member states through direct cooperation with service providers and registrars. Representatives from member states including Austria, Finland, Italy, Spain, and Sweden were present at the signing, as well as non-member states including the US and Japan. Secretary General Marija Pejčinović Burić explained, “The Second Protocol brings the Budapest Convention up to date with current, technological challenges, so that it remains the most relevant and effective international framework for combating cybercrime in the years ahead.” Justice Minister of Italy, Marta Cartabia, added, “The use of ICT (Information and Communication Technologies) by organised crime in all ‘sectors’ (sexual exploitation, drug trafficking, smuggling, terrorism) represents a further challenge for our judicial authorities and for our institutions…The Second Additional Protocol, therefore, responds to the need for greater and more efficient co-operation between States and between the States and the private sector, clarifying the cases in which the ‘service providers’ will be able to provide the data in their possession directly to the competent authorities of other countries.” The Protocol is open for signature by Parties to the Convention and will be implemented once ratified by five States.
Ilia Kolochenko, Founder of ImmuniWeb, a member of Europol Data Protection Experts Network and EU CyberNet Member, commented on the importance of the Protocol:
“As of today, The Budapest Convention remains the most comprehensive and the most important international treaty designed to combat cybercrime. The Convention, among other things, harmonizes the criminalization of computer offences, accelerates collaboration between law enforcement agencies and facilitates the preservation and seizure of digital evidence stored in a foreign country.
"The 20-year old Convention, however, certainly requires some updates to stay ahead of the rapidly evolving technology landscape and novel tactics deployed by sophisticated threat actors. Despite reasonable concerns expressed by the EU EDPB in relation to possible privacy risks created by the long-awaited Second Protocol, the Protocol brings several major improvements.
"Enhanced mutual assistance in emergency situations is probably the most crucial development. While procedurally it’s not yet crystal clear how the emergency assistance provisions will be implemented by signatory countries, the provisions definitely bring a sound legal framework to remove some bureaucratic barriers that have been hindering mutual legal assistance in cross-border investigations when time was of the essence.
"Other provisions, such as disclosure of domain name owners and subscriber information, will probably have a less palpable impact, as many countries have already established tenable processes and procedures related thereto. Novel provisions on joint investigation teams will undoubtedly boost multiagency and multijurisdictional cooperation, however, the recent success of numerous joint operations, conducted by national authorities led by Europol and Interpol, convincingly demonstrates that joint investigations work pretty well today.
"That being said, in 2022, the challenges remain pretty similar to 2001. First, countries like Russia, China, India and most African countries are not signatories of the Convention. It is impossible to effectively investigate and prosecute cybercriminals without frictionless cooperation with those states, representing over 3 billion Internet users. Second, the Convention does not create specific duties binding upon national law enforcement agencies, but rather encourages governments to adopt necessary legislation and implement the requisite infrastructure. Third, most law enforcement agencies are already overwhelmed with an avalanche of domestic cases and will unlikely prioritize external requests even if the law provides so. Thus, we will probably observe more countries passing national laws to authorized legal hacking by police to obtain digital evidence in a rapid, licit and straightforward manner.”
NSA chief says quantum encryption will not allow backdoor snooping.
The US National Institute of Standards and Technology (NIST) is working on establishing quantum encryption standards for the nation, and some might be concerned the advanced technology might be used by another agency, NSA, for surveillance. NSA’s director of cybersecurity Rob Joyce attempted to put such worries to rest by promising there will be no backdoors that could allow for spying. Joyce told Dark Reading, “Those candidate algorithms that NIST is running the competitions on all appear strong, secure, and what we need for quantum resistance. We’ve worked against all of them to make sure they are solid.”
New York Assembly approves bill to protect energy infrastructure.
The Assembly of the US state of New York on Wednesday passed legislation aimed at securing the state’s energy grid against cyberattack. The bill was introduced by Assemblyman and chair of his chamber's Energy Committee Mike Cusick, who explained, "New York's energy grid is a prime target for hackers and cyber criminals across the globe...The passage of this legislation is a crucial step in our fight against cyber crime and our efforts to bolster the resiliency of our grid.” GovTech notes that the bill will also provide a path for future legislation protecting infrastructure, and gives the state's Division of Homeland Security and Emergency Services the power to collaborate with state and federal agencies. Once passed by the Senate, the bill will be reviewed by Governor Kathy Hochul, who in February launched the "Joint Security Operations Center,” a collaboration of federal and local partners offering a statewide view of the cyberactivity.