Home / Blogs

US-NL Cybercrime Treaty Signed

Wout de Natris

On Wednesday 22 February the United States and The Netherlands signed a "declaration of intent" on the cooperation on fighting cybercrime. This event was reported by the press as a treaty. At least that is what all Dutch postings I read wrote, with exception of the official website of the Dutch government. So what was actually signed? Reading the news reports some thoughts struck me.

A good thing

Of course up front I declare that the fact that two countries signing a treaty to cooperate, share knowledge and best practices concerning cybercrime, is news of progress in dealing with the cross border difficulties countries and agencies run into on a daily basis.

Cybercrime or security treaty or declaration of intent?

All headlines I've read claim that a cybercrime "treaty" was signed. First I focus on the cybercrime, then the treaty. Even the official communication of the Dutch government mentions cooperation on cybercrime. However looking at the statements of Secretary of Homeland Security Napolitano and Minister Opstelten of Security & Justice I get a different impression. They are quoted that the two countries will focus on cooperation on protecting vital infrastructure, so e.g. in making scada (supervisory control and data acquisition) systems more secure. If this is the case, we are talking cyber security and not cybercrime.

Hacking is mentioned as an example of instances in which forensic investigative best practices can be exchanged, but in relation to vital infrastructure. So, is the reference in the press wrong? Did the minister(y) mix up the two concepts? It does not appear that there is more, as in secret, in the text, as it is only an intent to cooperate.

Next to that hacks of these kind, i.e. on vital infrastructure, are often discussed as potential acts of cyber war. That would make that the topic also surpasses security and moves into the realm of cyber defence. This form of cooperation does not seem intended here.

It also becomes clear that no treaty was signed, but a declaration of intent, so an intention to cooperate. Nothing legally binding. So we will just have to wait what comes from it. The everyday priorities and cross border cybercrime? This combination does not always mix well, I know from experience.

Bilateral versus multilateral treaty

The other comment that I want to make, is that it is a shame that in a cross border environment as cybercrime and cyber security it apparently is still impossible or (too) hard to negotiate a cyber treaty, well declaration of intent, for 27 member states of the EU with the US. The bilateral nature of the declaration means that as soon as there is third country involved in the attack, hack, etc., cooperation ends as the limit of the treaty/intention is reached and it is no longer effective.


This declaration of intent is a not more than a good first step, but the challenges for countries and their national jurisdictions are still stretched beyond what a national jurisdiction can achieve on the Internet as to the topics discussed here. A breakthrough is needed in updating cross border relations. Technological innovation matched by political and diplomatic innovation? It may be a solution.

By Wout de Natris, Consultant international cooperation cyber crime + trainer spam enforcement. More blog posts from Wout de Natris can also be read here.

Related topics: Cyberattack, Cybercrime, Internet Governance, Policy & Regulation, Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:


It certainly would not surprise me that Phil Howard  –  Feb 26, 2012 1:25 PM PDT

It certainly would not surprise me that a "treaty" to pursue (in the law enforcement sense) and prosecute "hackers" (presumably of the bad type) is perceived by politicians as a form of security.  That may be revealing about them, and explain why governments accomplish so little in terms of actual security.

So which country should do what to improve actual security?  US exports Microsoft Windows.  NL exports NSD.  Which country has more work to do?

Hint, I use only NSD from the above list.

This is not to say that law enforcement and prosecution should not be part of the cooperation between these countries.  There are indeed many issues they need to work together on, exchange information about.  But holding it up as a cyber security solution is entirely misleading.

I am not sure if wout sees this as a solution Suresh Ramasubramanian  –  Mar 05, 2012 5:49 AM PDT

This is essential to prosecute criminals who might have their operation spread across multiple countries.  And I am glad to see this agreement.

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Industry Updates – Sponsored Posts

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year

Is Your TLD Threat Mitigation Strategy up to Scratch?

i2Coalition to Host First Ever Smarter Internet Forum

Encrypting Inbound and Outbound Email Connections with PowerMTA

Resilient Cybersecurity: Dealing with On-Premise, Cloud-Based and Hybrid Security Complexities

Verisign Releases Q4 2015 DDoS Trends - DDoS Attack Activity Increasing by 85% Year Over Year

Best Practices from Verizon - Proactively Mitigating Emerging Fraudulent Activities

Neustar Data Identifies Most Popular Times of Year for DDoS Attacks in 2015

The Framework for Resilient Cybersecurity (Webinar)

2015 Trends: Multi-channel, Streaming Media and the Growth of Fraud

Dyn Weighs In On Whois

Season's Greetings - 2015 End of Year Message from DotConnectAfrica

Data Volumes and Network Stress to Be Top IoT Concerns

DKIM for ESPs: The Struggle of Living Up to the Ideal

Verisign Mitigates More Attack Activity in Q3 2015 Than Any Other Quarter During Last Two Years

Verisign & Forrester Webinar: Defending Against Cyber Threats in Complex Hybrid-Cloud Environments

"The Market Has No Morality" Sophia Bekele Speaks on Business Ethics and Accountability

Introducing Verisign Public DNS: A Free Recursive DNS Service That Respects Your Privacy

Faster DDoS Mitigation - Introducing Verisign OpenHybrid Customer Activated Mitigation

Dyn Comments on ICG Proposal for IANA Transition

Sponsored Topics



Sponsored by


Sponsored by
Afilias - Mobile & Web Services


Sponsored by
Afilias - Mobile & Web Services

DNS Security

Sponsored by