Federal Internet Law & Policy
An Educational Project
CyberCrime:  International Treaty Dont be a FOOL; The Law is Not DIY

"On November 23, 2001, the United States and 29 other countries signed the Council of Europe’s Convention on Cybercrime as a multilateral instrument to address the problems posed by criminal activity on computer networks. Nations supporting this convention agree to have criminal laws within their own nation to address cybercrime, such as hacking, spreading viruses or worms, and similar unauthorized access to, interference with, or damage to computer systems. It also enables international cooperation in combating crimes such as child sexual exploitation, organized crime, and terrorism through provisions to obtain and share electronic evidence. The U.S. Senate ratified this convention in August 2006. As the 16th of 43 countries to support the agreement, the United States agrees to cooperate in international cybercrime investigations. The governments of European countries such as Denmark, France, and Romania have ratified the convention. Other countries including Germany, Italy, and the United Kingdom have signed the convention although it has not been ratified by their governments. Non-European countries including Canada, Japan, and South Africa have also signed but not yet ratified the convention." -- Public and Private Entities Face Challenges in Addressing Cyber Threats, GAO-07-705, p. 14-15 (June 2007)

Derived From: Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal InvestigationsPDF Computer Crime and Intellectual Property Section, Criminal Division, DOJ (2009) (Remember: This is a rendition of the state of the law from law enforcement and reflects their views)

[See Fourth Amendment] Increasingly, electronic evidence necessary to prevent, investigate, or prosecute a crime may be located outside the borders of the United States. This can occur for several reasons. Criminals can use the Internet to commit or facilitate crimes remotely, e.g., when Russian hackers steal money from a bank in New York, or when the kidnappers of an American citizen deliver demands by email for release of their captive. Communications also can be "laundered" through third countries, such as when a criminal in Brooklyn uses the Internet to pass a communication through Tokyo, Tel Aviv, and Johannesburg before it reaches its intended recipient in Manhattan-much the way money can be laundered through banks in different countries in order to hide its source. In addition, provider architecture may route or store communications in the country where the provider is based, regardless of the location of its users.

When United States authorities investigating a crime believe electronic evidence is stored by an Internet service provider on a computer located abroad (in "Country A"), U.S. law enforcement usually must seek assistance from law enforcement authorities in Country A. Because, in general, law enforcement officers exercise their functions in the territory of another country only with the consent of that country, U.S. law enforcement should only make direct contact with an ISP located in Country A with (1) prior permission of the foreign government; (2) approval of DOJ's Office of International Affairs ("OIA") (which would know of particular sensitivities and accepted practices); or (3) other clear indicia that such practice would not be objectionable in Country A. The U.S. view (and that of some other countries) is that prior consultation is not required to (1) access publicly available materials in Country A, such as those posted to a public website, and (2) access materials in Country A with the voluntary consent of a person who has lawful authority to disclose the materials. For advice regarding what constitutes voluntary consent or lawful authority for such disclosures, contact CCIPS.

Under certain circumstances, such as where the matter under consideration constitutes a violation of the foreign country's criminal law, foreign law enforcement authorities may be able to share evidence informally with U.S. counterparts. However, finding the appropriate official in Country A with which to explore such cooperation is an inexact science, at best. Possible avenues for entree to foreign law enforcement are: (1) the designated expert who participates in the G8's network of international high-tech crime points of contact (discussed below); (2) CCIPS's high-tech law enforcement contacts in many countries that are not a part of that network; (3) law enforcement contacts maintained by OIA; (4) representatives of U.S. law enforcement agencies who are stationed at the relevant American embassy (e.g., FBI Legal Attaches, or "LegAtts," and agents from the U.S. Secret Service and U.S. Immigration and Customs Enforcement); and (5) the Regional Security Officer (from the Diplomatic Security Service) at the American embassy (who may have good incountry law enforcement contacts). CCIPS can be reached at 202-514-1026; OIA can be reached at 202-514-0000.

Where Country A cannot otherwise provide informal assistance, requests for evidence usually will be made under existing Mutual Legal Assistance Treaties (MLATs) or Mutual Legal Assistance Agreements, or through the Letters Rogatory process. See 28 U.S.C. §§ 1781-1782. These official requests for assistance are made by OIA to the designated "Central Authority" of Country A or, in the absence of an MLAT, to other appropriate authorities. (Central Authorities are usually located within the Justice Ministry, or another Ministry or office in Country A that has law enforcement authority.) OIA has attorneys responsible for every country and region of the world. Since official requests of this nature require specified documents and procedures and can take some time to produce results, law enforcement should contact OIA as soon as a request for international legal assistance becomes a possibility.

When U.S. law enforcement has reason to believe that electronic evidence exists on a computer or computer network located abroad, a request to foreign law enforcement for preservation of the evidence should be made as soon as possible. Such a request, similar to a request under 18 U.S.C. § 2703(f ) to a U.S. provider (see Chapter 3.G.1), will have varying degrees of success based on several factors, most notably whether Country A has a data preservation law and whether the U.S. has sufficient law enforcement contacts in Country A to ensure prompt execution of the request. The International Convention on Cybercrime, completed in 2001, obligates all Parties to have the ability to effect cross-border preservation requests, and the availability of this critical form of assistance therefore is expected to increase greatly in the near future. Significantly, many countries do not have preservation and, if they receive a preservation request, will instead do a search. Such a search may not be appropriate for some cases; for example, it may risk tipping off the target of the investigation. Investigators may consult with CCIPS regarding the likely outcome of such a preservation request.

To secure preservation, or in emergencies when immediate international assistance is required, the international Network of 24-hour Points of Contact established by the High-tech Crime Subgroup of the G8 countries can provide assistance. This network, created in 1997, is comprised of approximately fifty member countries and continues to grow every year. Participating countries have a dedicated computer crime expert and a means to contact that office or person twenty-four hours a day. CCIPS is the point of contact for the United States []. The Council of Europe's Cybercrime Convention obligates all Parties to have a 24-hour point of contact for cybercrime cases, and international 24- hour response capabilities are therefore expected to continue to increase. The G8 and Council of Europe lists will be consolidated.

In the event that United States law enforcement inadvertently accesses a computer located in another country, CCIPS, OIA, or another appropriate authority should be consulted immediately, as issues such as sovereignty and comity may be implicated. Likewise, if exigencies such as terrorist threats indicate that direct access by United States law enforcement to a computer located abroad is crucial, appropriate U.S. authorities should be consulted immediately.

Searching, seizing, or otherwise obtaining electronic evidence located outside of the United States can raise difficult questions of both law and policy. For example, the Fourth Amendment may apply under certain circumstances, but not under others. See generally United States v. Verdugo-Urquidez, 494 U.S. 259 (1990) (considering the extent to which the Fourth Amendment applies to searches outside of the United States). This manual does not attempt to provide detailed guidance on how to resolve difficult international issues that may arise in cases involving electronic evidence located beyond our borders. Investigators and prosecutors should contact CCIPS or OIA for assistance in particular cases.