Home / Blogs

US-NL Cybercrime Treaty Signed

Wout de Natris

On Wednesday 22 February the United States and The Netherlands signed a "declaration of intent" on the cooperation on fighting cybercrime. This event was reported by the press as a treaty. At least that is what all Dutch postings I read wrote, with exception of the official website of the Dutch government. So what was actually signed? Reading the news reports some thoughts struck me.

A good thing

Of course up front I declare that the fact that two countries signing a treaty to cooperate, share knowledge and best practices concerning cybercrime, is news of progress in dealing with the cross border difficulties countries and agencies run into on a daily basis.

Cybercrime or security treaty or declaration of intent?

All headlines I've read claim that a cybercrime "treaty" was signed. First I focus on the cybercrime, then the treaty. Even the official communication of the Dutch government mentions cooperation on cybercrime. However looking at the statements of Secretary of Homeland Security Napolitano and Minister Opstelten of Security & Justice I get a different impression. They are quoted that the two countries will focus on cooperation on protecting vital infrastructure, so e.g. in making scada (supervisory control and data acquisition) systems more secure. If this is the case, we are talking cyber security and not cybercrime.

Hacking is mentioned as an example of instances in which forensic investigative best practices can be exchanged, but in relation to vital infrastructure. So, is the reference in the press wrong? Did the minister(y) mix up the two concepts? It does not appear that there is more, as in secret, in the text, as it is only an intent to cooperate.

Next to that hacks of these kind, i.e. on vital infrastructure, are often discussed as potential acts of cyber war. That would make that the topic also surpasses security and moves into the realm of cyber defence. This form of cooperation does not seem intended here.

It also becomes clear that no treaty was signed, but a declaration of intent, so an intention to cooperate. Nothing legally binding. So we will just have to wait what comes from it. The everyday priorities and cross border cybercrime? This combination does not always mix well, I know from experience.

Bilateral versus multilateral treaty

The other comment that I want to make, is that it is a shame that in a cross border environment as cybercrime and cyber security it apparently is still impossible or (too) hard to negotiate a cyber treaty, well declaration of intent, for 27 member states of the EU with the US. The bilateral nature of the declaration means that as soon as there is third country involved in the attack, hack, etc., cooperation ends as the limit of the treaty/intention is reached and it is no longer effective.


This declaration of intent is a not more than a good first step, but the challenges for countries and their national jurisdictions are still stretched beyond what a national jurisdiction can achieve on the Internet as to the topics discussed here. A breakthrough is needed in updating cross border relations. Technological innovation matched by political and diplomatic innovation? It may be a solution.

By Wout de Natris, Consultant international cooperation cyber crime + trainer spam enforcement. More blog posts from Wout de Natris can also be read here.

Related topics: Cyberattack, Cybercrime, Cybersecurity, Internet Governance, Policy & Regulation


Don't miss a thing – get the Weekly Wrap delivered to your inbox.


It certainly would not surprise me that Phil Howard  –  Feb 26, 2012 1:25 PM PDT

It certainly would not surprise me that a "treaty" to pursue (in the law enforcement sense) and prosecute "hackers" (presumably of the bad type) is perceived by politicians as a form of security.  That may be revealing about them, and explain why governments accomplish so little in terms of actual security.

So which country should do what to improve actual security?  US exports Microsoft Windows.  NL exports NSD.  Which country has more work to do?

Hint, I use only NSD from the above list.

This is not to say that law enforcement and prosecution should not be part of the cooperation between these countries.  There are indeed many issues they need to work together on, exchange information about.  But holding it up as a cyber security solution is entirely misleading.

I am not sure if wout sees this as a solution Suresh Ramasubramanian  –  Mar 05, 2012 5:49 AM PDT

This is essential to prosecute criminals who might have their operation spread across multiple countries.  And I am glad to see this agreement.

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper

Mobile Internet

Sponsored by Afilias Mobile & Web Services


Sponsored by Verisign

DNS Security

Sponsored by Afilias

IP Addressing

Sponsored by Avenue4 LLC

Promoted Posts

Buying or Selling IPv4 Addresses?

Watch this video to discover how ACCELR/8, a transformative trading platform developed by industry veterans Marc Lindsey and Janine Goodman, enables organizations to buy or sell IPv4 blocks as small as /20s. more»

Industry Updates – Sponsored Posts

Join Neustar's Town Hall Meeting and Help Shape the Future Of .US

Verisign Named to the Online Trust Alliance's 2017 Audit and Honor Roll

Attacks Decrease by 23 Precent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

Leading Internet Associations Strengthen Cooperation

i2Coalition to Present Tucows CEO Elliot Noss With Internet Community Leadership Award

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Michele Neylon Appointed Chair Elect of i2Coalition

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

ValiMail Raises $12M for Its Email Authentication Service

MarkMonitor Supports Brand Holders' Efforts Regarding .Feedback Registry

Don't Gamble With Your DNS

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

New TLD? Make Sure It's Secure

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Facilitating a Trusted Web Space for Financial Service Professionals

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks