The Convention on Cybercrime of the Council of Europe, commonly known as the Budapest Convention, came into force in November 2001. Twenty-three years later, it is the only international treaty on cybercrime. At present, seventy-five countries across the globe are signatories to the Convention and thereby have agreed that certain behaviours are not acceptable in cyberspace. These countries have also incorporated the essence of the treaty in their national laws. In Asia-Armenia, Azerbaijan, Georgia, Israel, Japan, Philippines, Türkiye, Ukraine, and Kazakhstan are among its signatories. Pakistan is not a signatory to this Convention. Though there are many benefits of becoming a party to the Convention, but Pakistan is concerned about various risks related to the Convention. This insight will delve into the benefits and risks and critically analyse whether the benefits outweigh the risks or vice versa.
Today, the world is globally interconnected; any threat emanating from one part of the internet can put the entire internet at risk. The Budapest Convention was primarily created to address this jurisdictional issue posed by the evolution of information technology and the internet. The Convention proposed a solution that entailed harmonising cybercrime laws worldwide while also assuring the existence of procedural mechanisms to assist the successful prosecution of cyber criminals. The Convention brought forward a mechanism in the form of a multilateral agreement drafted to facilitate international cooperation among states party to the Convention to prosecute cybercriminals. The Convention’s preamble outlines its primary objective: to pursue a standard criminal policy for cybercrimes to protect society.
Becoming a party to the Budapest Convention will provide Pakistan with several benefits, the most significant being the facilitation of international cooperation. When Pakistan becomes a party to the Convention, it will gain access to a network of countries committed to combating cybercrimes. Information regarding other Convention parties will be accessible to Pakistan, and it will also be able to conduct joint investigations with other parties. To counter transnational cyber threats, it is crucial to have international cooperation, and the Budapest Convention is a key platform for this.
To join the Budapest Convention, Pakistan will be required to incorporate the essential features of the Convention into its national laws. Presently, the legislation on cybercrime in Pakistan is the Prevention of Electronic Crimes Act (PECA) 2016. PECA is a comprehensive legislation which reflects the essence of the Budapest Convention. However, if Pakistan becomes a Convention party, it will help the country harmonise its laws with international standards. This harmonisation of laws will revitalise the country’s national laws while equipping them to handle the latest cyber threats. Moreover, by becoming a party to the Convention, Pakistan’s law enforcement agencies and judicial bodies will benefit from international expertise and practice, making the country more effective and efficient in prosecuting cybercrimes.
Embracing the Convention allows Pakistan to leverage opportunities for progress and resilience rather than being driven by fears and concerns over sovereignty infringements.
Although becoming a part of the Convention can be beneficial, the State of Pakistan has some concerns regarding the Budapest Convention and thus still has not signed the Convention. One concern the Ministry of Foreign Affairs brought to light during a hearing of the Lahore High Court in 2020 was that the Convention is ‘highly intrusive and would compromise data privacy’. The Ministry did not go into details as to how it would compromise data. Still, it stated that many countries outside Europe, including developed nations like China, Russia, Indonesia, and Singapore, hold the opinion that the Convention severely conceded data sovereignty.
During the same hearing of the Lahore High Court, the Ministry of Interior of Pakistan, in addition to highlighting Israel’s presence as a party, also pointed out its concerns about Article 32 of the Convention. This clause allows any member state to access publicly available data without the state’s authorisation. The source indicated that this provision could enable hostile countries to retrieve such data, potentially undermining Pakistan’s data protection efforts.
The basis for Pakistan’s concerns about joining the Budapest Convention is debatable. The primary concern of compromise of data sovereignty is also questionable as the Convention facilitates international cooperation while ensuring respect for the national sovereignty of the states. Article 15 of the Convention mandates countries to implement the Convention within the framework of their domestic law, ensuring respect for national laws. Mutual assistance between countries is to comply with the national laws of the countries involved, as stated in Article 25 of the Convention. Moreover, the countries can reserve the right to mutual assistance when they believe that the criterion of dual criminality is not fulfilled as provided in Article 29 of the Convention. Most importantly, countries can make reservations regarding specific provisions per Article 42 while signing the Convention. This further includes member states flexibility and allows countries to protect their sovereignty.
Pakistan has also enacted a law in 2020 for mutual legal assistance in criminal matters. While Pakistan’s national legislation embodies principles like the Budapest Convention, it is unlikely that other states will cooperate based solely on national law. However, by joining the Budapest Convention, Pakistan would gain international cooperation to prosecute cybercriminals effectively. Pakistan is already a party to a Convention based on exchanging information and collaboration, the UN Convention against Transnational Organized Crime. Therefore, joining the Budapest Convention would align Pakistan with existing commitments and strengthen its ability to combat cybercrime through enhanced international cooperation.
State policies should not be shaped by fear but by anticipation of opportunities for the country. By joining the Convention, Pakistan can strengthen its international cooperation framework, gain international support, and contribute to global efforts in securing its cyberspace. Embracing the Convention allows Pakistan to leverage opportunities for progress and resilience rather than being driven by fears and concerns over sovereignty infringements.
The article was first shared at https://www.ndu.edu.pk/issra/pub/insight/2024/Budapest-Convention-Risk-and-Benefit-Analysis-for-Pakistan/Budapest-Convention-Risk-and-Benefit-Analysis-for-Pakistan.html#:~:text=However%2C%20Pakistan’s%20reservations%20highlight%20potential,global%20efforts%20to%20combat%20cybercrime.