Home / Blogs

US-NL Cybercrime Treaty Signed

Wout de Natris

On Wednesday 22 February the United States and The Netherlands signed a "declaration of intent" on the cooperation on fighting cybercrime. This event was reported by the press as a treaty. At least that is what all Dutch postings I read wrote, with exception of the official website of the Dutch government. So what was actually signed? Reading the news reports some thoughts struck me.

A good thing

Of course up front I declare that the fact that two countries signing a treaty to cooperate, share knowledge and best practices concerning cybercrime, is news of progress in dealing with the cross border difficulties countries and agencies run into on a daily basis.

Cybercrime or security treaty or declaration of intent?

All headlines I've read claim that a cybercrime "treaty" was signed. First I focus on the cybercrime, then the treaty. Even the official communication of the Dutch government mentions cooperation on cybercrime. However looking at the statements of Secretary of Homeland Security Napolitano and Minister Opstelten of Security & Justice I get a different impression. They are quoted that the two countries will focus on cooperation on protecting vital infrastructure, so e.g. in making scada (supervisory control and data acquisition) systems more secure. If this is the case, we are talking cyber security and not cybercrime.

Hacking is mentioned as an example of instances in which forensic investigative best practices can be exchanged, but in relation to vital infrastructure. So, is the reference in the press wrong? Did the minister(y) mix up the two concepts? It does not appear that there is more, as in secret, in the text, as it is only an intent to cooperate.

Next to that hacks of these kind, i.e. on vital infrastructure, are often discussed as potential acts of cyber war. That would make that the topic also surpasses security and moves into the realm of cyber defence. This form of cooperation does not seem intended here.

It also becomes clear that no treaty was signed, but a declaration of intent, so an intention to cooperate. Nothing legally binding. So we will just have to wait what comes from it. The everyday priorities and cross border cybercrime? This combination does not always mix well, I know from experience.

Bilateral versus multilateral treaty

The other comment that I want to make, is that it is a shame that in a cross border environment as cybercrime and cyber security it apparently is still impossible or (too) hard to negotiate a cyber treaty, well declaration of intent, for 27 member states of the EU with the US. The bilateral nature of the declaration means that as soon as there is third country involved in the attack, hack, etc., cooperation ends as the limit of the treaty/intention is reached and it is no longer effective.

Conclusion

This declaration of intent is a not more than a good first step, but the challenges for countries and their national jurisdictions are still stretched beyond what a national jurisdiction can achieve on the Internet as to the topics discussed here. A breakthrough is needed in updating cross border relations. Technological innovation matched by political and diplomatic innovation? It may be a solution.

By Wout de Natris, Consultant international cooperation cyber crime + trainer spam enforcement. More blog posts from Wout de Natris can also be read here.

Related topics: Cyberattack, Cybercrime, Internet Governance, Policy & Regulation, Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

It certainly would not surprise me that Phil Howard  –  Feb 26, 2012 1:25 PM PDT

It certainly would not surprise me that a "treaty" to pursue (in the law enforcement sense) and prosecute "hackers" (presumably of the bad type) is perceived by politicians as a form of security.  That may be revealing about them, and explain why governments accomplish so little in terms of actual security.

So which country should do what to improve actual security?  US exports Microsoft Windows.  NL exports NSD.  Which country has more work to do?

Hint, I use only NSD from the above list.

This is not to say that law enforcement and prosecution should not be part of the cooperation between these countries.  There are indeed many issues they need to work together on, exchange information about.  But holding it up as a cyber security solution is entirely misleading.

I am not sure if wout sees this as a solution Suresh Ramasubramanian  –  Mar 05, 2012 5:49 AM PDT

This is essential to prosecute criminals who might have their operation spread across multiple countries.  And I am glad to see this agreement.

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

3 Questions to Ask Your DNS Host About DDoS

Afilias Director Wins ICANN's 2014 Leadership Award

Afilias Partners With Internet Society to Sponsor Deploy360 ION Conference Series Through 2016

Neustar to Build Multiple Tbps DDoS Mitigation Platform

The Latest Internet Plague: Random Subdomain Attacks

Digging Deep Into DNS Data Discloses Damaging Domains

DotConnectAfrica Contributes at the 9th IGF in Istanbul, Turkey

New gTLDs and Best Practices for Domain Management Policies (Video)

Nominum Announces Future Ready DNS

New from Verisign Labs - Measuring Privacy Disclosures in URL Query Strings

ICANN London Recap Webinar

DotConnectAfrica Delegates Attend the Kenya Internet Governance Forum

Neustar to Launch usTLD Stakeholder Council

3 Questions to Ask Your DNS Host about Lowering DDoS Risks

Continuing to Work in the Public Interest

Verisign Named to the OTA's 2014 Online Trust Honor Roll

Sophia Bekele Weighs in on Obama's August US-Africa Leader Summit at the NYF Africa

4 Minutes Vs. 4 Hours: A Responder Explains Emergency DDoS Mitigation

Dyn Acquires Internet Intelligence Company, Renesys

Tips to Address New FFIEC DDoS Requirements

Sponsored Topics

dotMobi

Mobile

Sponsored by
dotMobi
Verisign

Security

Sponsored by
Verisign
Minds + Machines

Top-Level Domains

Sponsored by
Minds + Machines
Afilias

DNS Security

Sponsored by
Afilias