Second Additional Protocol on Cybercrime

Second Additional Protocol on Cybercrime

Digital technologies are now an integral part of our daily lives, with new developments emerging every day. From running our businesses, accessing government services, to interacting with our friends and families, these technologies connect people across Canada and around the globe.

Unfortunately, these technologies can also be used by criminals and other malicious cyber threat actors, many of whom operate outside of Canada’s borders. They can take advantage of security gaps, low cyber security awareness, and technological developments to try to compromise cyber systems, or use these technologies as tools to commit crimes.

Addressing cybercrime and other technology-enabled crimes is a top priority for the Government of Canada, as it is committed to protecting Canada and its growth in the digital age. The Government of Canada is working to ensure the safety of Canadians online, while at the same time protecting their privacy.

What is Cybercrime?

Cybercrime is a crime committed with the aid of, or directly involving, a data-processing system or computer network. It includes crimes that target technology itself, including, computers, mobile phones, and other electronic devices or computer data (e.g., viruses, malware, modifying, destroying,  making data inaccessible). Computer technology can also be used as an instrument to commit other crimes (e.g., identity theft, denial of service attacks,  holding data hostage for a “ransom” payment, extortion). These crimes can affect personal and financial information, intellectual property, and trade secrets, as well as infrastructure that is critical for essential services to the public.

It also includes crimes where a cyber element (e.g., information technologies such as computers, tablets, smart phones,the internet) has a substantial role in the commission of a criminal offence (e.g., cyber-bullying, child sexual abuse and exploitation material, computer-related fraud). This includes serious crimes such as terrorism, organized crime, corruption, human trafficking, and sexual assault.

The importance of electronic data in the fight against cybercrime and other serious crimes

Law enforcement access to electronic evidence/data is critical to the detection, prevention, and investigation of cybercrime. Law enforcement access to electronic evidence/data is also very important to investigate and prosecute most serious crimes. The reason for this is because almost all crimes, including crimes such as kidnapping and murder, can leave trails of electronic evidence that could be thousands of kilometres from the scene of the crime. That evidence could be under the control of multiple service providers (e.g., internet providers, social media platforms), possibly outside of Canada.

The Protocol

On June 20, 2023, the Government of Canada signed the Council of Europe’s Second Additional Protocol to the Convention on Cybercrime on enhanced co-operation and disclosure of electronic evidence (the Protocol). The Protocol is an agreement aimed at strengthening international cooperation among the countries that join to address the growing challenges faced by law enforcement globally. It intends to address these challenges by efficiently accessing electronic data stored in other jurisdictions, while respecting privacy protections and protecting human rights.

The Protocol provides a legal framework for producing electronic evidence, including domain name registration information, and options for direct cooperation between Parties and service providers. International cooperation will help law enforcement obtain subscriber information and other stored evidence to better fight cybercrime and transnational crime. The Protocol also includes the first comprehensive privacy safeguards in an international criminal justice treaty.

Canada’s signing of the Protocol shows its intent to take part in this important initiative, but does not bind Canada to the Protocol at the moment. Canada would need to ratify the Protocol in order to be bound by it, and such ratification can only be done if it shows that it complies with the Protocol’s obligations. A decision on ratifying the Protocol would be an additional step that could be taken by the Government of Canada in the future.

The Protocol would only be implemented in Canada in a form that is consistent with the Canadian Charter of Rights and Freedoms and the federal-provincial division of powers. Advancing measures to address cybercrime is a shared responsibility, and it would be done in collaboration with provincial and territorial partners. Following Canada’s signature of the Protocol on June 20, 2023, a wide-ranging domestic review of the Protocol, as it relates to Canada’s existing laws, programs, and policies, has been launched.

Information deck on measures and obligations included in the Protocol

Canada’s engagement

Canada has been a Party to the Council of Europe’s Convention on Cybercrime (Budapest Convention) since 2015. The Convention was the first international treaty seeking to address cybercrime by criminalizing certain conduct related to computer systems. It also sought to improve investigative techniques and increase international cooperation (e.g., the sharing of information) related to cyber and cyber-related crimes.

The Department of Justice is currently leading, along with other government departments, a series of domestic consultations with key stakeholders, including provinces and territories to:

  • raise awareness of the enhanced and new tools available in the Protocol;
  • provide information on how the Protocol would help bring perpetrators to justice; and
  • inform the development of any legislative or other measures required to enable Canada to become a part of, and to implement, the Protocol, if desired.

A full domestic review of the Protocol and existing laws is crucial in order to ensure the choices made in relation to the possible ratification of the Protocol will align with Canadian values. This is why the Government of Canada will be consulting with experts and engaging with provinces and territories to inform next steps to determine whether it will ratify the Protocol.

Learn more about cyber security