An Expose On The Concept Of Cyber Diplomacy In The Fight Against Cybercrime -By Oyetola Muyiwa Atoyebi

INTRODUCTION

Cybercrime has skyrocketed over the last decade, perhaps because of the influx of technological invention and innovation in our societies. The Internet, smart devices, and other forms of technology have revolutionized every aspect of human life, including communication models, finance, and entertainment amongst others. These technological advancements have also led to more technical and sophisticated cyberattacks.

Cybercriminals are becoming more agile, leveraging new technology at an alarming speed, customizing their attacks with nouvelle approaches, and collaborating in an unprecedented way across territories and sovereign states. Disruptive technologies powered by machine learning and artificial intelligence pose both risks and opportunities for cyber defences. While attacks are likely to increase in complexity and make attribution ever more problematic, responses and defences may equally become more robust.

As cybercriminals employ new technologies to execute cyberattacks against governments, organizations, and individuals, words, and phrases that did not exist a decade ago have become prevalent. These crimes have no physical or virtual borders, and they do considerable harm and represent very real threats to victims all around the world[1].

INTERNATIONAL AND REGIONAL CONVENTION CONCERNING CYBER DIPLOMACY

Cyber diplomacy is described as the use of diplomatic means and initiatives to advance a state’s national interests in cyberspace, which are often enshrined in national cybersecurity strategies. Establishing communication and conversation between state and non-state actors; preventing the formation of a cyber weapons race; promoting global standards, and promoting national interests in cyberspace through cybersecurity policies and engagement strategies are all forms of cyber diplomacy. It also encourages the reorganization of various departments of foreign affairs, to accommodate the growing importance of cybersecurity in the pursuit of foreign policy, as well as the impact of new technologies in diplomatic processes and structures.

Cyberspace, in contrast to traditional domains such as land, air, and sea, where diplomacy has neatly set the bedrock of the state’s normative relationship, is both complicated and constantly evolving. Despite the widespread belief that Cyberspace is a global commons, cooperation in this area has been fragmented and haphazard. The intangible and ever-changing character of cyberspace, which has attracted a diverse range of actors with differing normative and ideological motivations, underscores the need for innovative, agile, and adaptive multi-stakeholder diplomatic initiatives. As a result, cyber diplomacy has emerged as a new area for developing collaboration and interoperability in such a disputed environment[2].

In the fight against cybercrime, Chapter 10 of Nigeria’s National Cybersecurity Policy and Strategy 2021 underlines the significance of regional and international cooperation. It is supported by a tripod stand and consists of the following: (1) Alignment of local cybersecurity stakeholders’ efforts in Nigeria to improve international participation; (2) Expanding Cybersecurity Influence on a Regional Scale; (3) Assisting international mechanisms that improve cybersecurity. It also emphasizes the importance of promoting cross-border knowledge, and technology transfer because it greatly aids in the development of a legal framework.

The Office of National Security Adviser has taken commendable steps to ensure regional and international cooperation in line with Chapter 10 of Nigeria’s National Cybersecurity Policy and Strategy 2021, by engaging in productive mechanisms that ensure a solid regional and international legal international framework, in the fight against cybercrime.

Some of the regional and international conventions of concern include:

• Council of Europe Convention on Cybercrime.

• African Union Convention on Cyber Security and Personal Data Protection of 2014.

• The Economic Community of West African States (ECOWAS) Directive on Fighting Cybercrime of 2011.

Council of Europe Convention on Cybercrime

The objective of the Council of Europe’s Convention on Cyber-Crime, also known as the Budapest Convention, is to create a treaty to harmonize laws against hacking, fraud, computer viruses, child pornography, and other internet crimes and ensure common methods of securing digital evidence to trace and prosecute criminals.

Chapter III of the Convention addresses the methodology of adopting international cooperation amongst member states to tackle cybercrimes globally. The following are some of the more instructional features:

1. Acceptance of criminal offences within the Convention as extraditable offences, even in the absence of any formal extradition treaties. If the extradition is refused based on nationality or jurisdiction over the offence, the “requested party” should handle the case in the same manner as under the law of the “requesting party”.

1. Adoption of legislation to provide for mutual assistance to the “widest extent possible for investigations or proceedings concerning criminal offences related to computer systems and data, or for the collection of evidence in electronic form of a criminal offence.”

1. In the absence of a mutual assistance treaty, the “requested party” may refuse if the request is considered to be a political offence, or that execution of the request may likely risk its “sovereignty, security or other essential interest.”

1. Under the convention’s requirements, countries are not obligated to consider dual-criminality when providing mutual assistance. In other words, if one country believes that a law under the convention’s guidelines is broken and the perpetrator is in foreign territory, that foreign country, as the “requested nation”, is required to assist the “requesting nation”, regardless of whether the crime was committed in the “requested nation’s” territory. The “requested nation” is allowed to refuse only if it believes the request is political.

African Union Convention on Cyber Security and Personal Data Protection of 2014.

One of the major goals of the African Union Convention on Cyber Security and Cybercrime is to encourage all public and private actors (states, local communities, private sector enterprises, civil society organizations, training and research communities, and so on) to work together to promote cybersecurity.

Among other things, the treaty focuses on addressing potential cybersecurity risks, bedevilling electronic commerce in Africa.

Article 28(2) provides that State parties that do not have mutual assistance in cybercrime, shall undertake to encourage the signing of an agreement on mutual legal assistance, in conformity with the principle of double criminality liability while promoting the exchange of information as well as efficient sharing of data between the Organization of State parties on a bilateral and multilateral basis.

Article 28(4) provides that State parties shall make use of existing means for international cooperation to respond to cyber threats, improve cyber security, and stimulate dialogue between stakeholders. These means may be international, inter-governmental or regional, or based on private and public partnerships.

The Economic Community of West African States (ECOWAS) Directive on Fighting Cybercrime of 2011.

ECOWAS has co-operated with several international or regional organisations on developing its Member States’ capabilities for fighting cybercrime so far. In 2015, ECOWAS signed a Memorandum of Understanding with the International Telecommunication Union (ITU), to facilitate the interaction between the two organizations[3]. In 2017, ECOWAS co-organized the regional conference on harmonization of legislation on cybercrime and electronic evidence with the Council of Europe, and since then it has supported the Council of Europe-led judicial training for judges, and prosecutors of its Member States in this field[4].

Article 33 of the ECOWAS directive on fighting Cybercrime provides that where a Member State is informed by another Member State of the alleged commission of an offence as defined in this Directive, such Member States shall cooperate in the search for and establishment of that offence, as well as in the collection of evidence to that offence. Such cooperation shall be carried out in line with relevant international instruments and mechanisms on international cooperation in criminal matters.

THE NEED FOR CYBER DIPLOMACY

Cyber offences are rarely tried in courts of law. However, a report by the Center for Strategic Studies revealed that cybercrime cost the global economy as much as $600 billion or 0.8% of the global GDP in 2017[5] and is forecasted by the Cybersecurity Ventures to hit $6 trillion by 2021[6]. Thus, this raises the question, why do these cybercriminals always go scot-free? Or perhaps are we not doing enough to secure the effective prevention and prosecution of the cybercriminals in Africa and the World? I believe the answer lies in the subject matter of this paper – cyber diplomacy.  

A classic example of where cyber diplomacy helped in securing the arrest and prosecution of a cybercriminal is seen in the case of United States of America v. Ramon Olorunwa Abbas, where no fewer than 3 governments or States were involved in the investigation, arrest, and prosecution of a cybercriminal.

The United States Attorney’s Office, Southern District of Georgia also reported in September 2021, a case of a Canadian that was in federal prison for cyber-crime conspiracies amounting to a loss of nearly $60 million.  It was stated in the report that the Canadian Defendant served as an integral conduit in a network of cybercriminals, who siphoned tens of millions of dollars from multiple entities and institutions across the globe. The Acting US Attorney stated that the Defendant laundered money for a rogue nation and some of the world’s worst cybercriminals, and he managed a team of coconspirators who helped to line the pockets and digital wallets of thieves.

It is imperative to note that the ability of the relevant enforcement agencies to bring the aforementioned cybercriminals and others around the world to justice, is because of their partnerships and collaborations with public and private actors in other countries.

KEY CHALLENGES FACING CYBER DIPLOMACY

Some of the challenges affecting cyber diplomacy include:

• The averseness of States in adopting cyber diplomacy:  Like other forms of diplomacy, cyber diplomacy can only succeed if states are willing to cooperate. Unfortunately, states do not always view cyber diplomacy and the establishment of clear cyber standards as aligned with their interests. For example, the U.S. government has resisted prioritizing cyber diplomacy. Internally, it has eliminated a key cyber position in the State Department[7]. Internationally, the United States has clashed with other states over its desire to recognize self-defence right in cyberspace, which would justify military retaliation in response to cyber-attacks. These disagreements ended negotiations at the 2017 session of the United Nation’s Group of Governmental Expert(UNGGE)[8]. Thus, successful cyber diplomacy can prove difficult if states do not prioritize the process or view it as beneficial.

It used to be argued that cyberspace was a territorial and borderless environment separate from the physical and territorial demarcations that are subject to sovereign claim. Thus, cyberspace was considered sui generis, without state authority or regulation. However, electronic information needs physical elements such as computers, routers, servers, and cables that are territorially based. Thus, states exercise sovereignty over those aspects of cyberspace that are supported by physical infrastructure based in their territory, encompassing their land area, their internal waters, and their national airspace.

The law enforcement’s pursuit of global cybercrime is hampered by reliance on politically charged treaties governing the extradition of suspected cybercriminals. For Instance, The U.S. lacks such treaties with Russia, China, and other nations from which such attacks have originated, preventing accountability for cybercriminals harboured in their home country. The barriers to extraditing someone and holding them accountable through legal means are momentous. Even when suspected cybercriminals are arrested in countries where such treaties are in place, law enforcement still struggles to bring cybercriminals to justice in another Nation due to years-long delays and legal challenges. Aside from gathering the evidence needed for an indictment, the States must cooperate with law enforcement agencies globally to track down suspected cybercriminals, arrest them, and turn them over to face criminal charges in court[9].

Another issue associated with the extradition of cybercriminals is when multiple States are interested in a particular cybercriminal for prosecution. For instance, this issue may arise in the case to extradite Yaroslav Vasinskyi. The U.S. has asked Poland to extradite Yaroslav Vasinskyi, a Ukrainian national arrested in October for his alleged role in the Russia-linked ransomware group known as REvil[10]. Whether Poland sends Vasinskyi to the United States is contingent on several geopolitical factors. Given their extradition connection with the US and previous cooperation on cyber cases, Polish officials are anticipated to comply. Ukraine is unlikely to object to the US request, though Russia could react with an extradition request of its own.

• The rapid growth of technology space is another obstacle to the adoption and operationalization of cyber diplomacy. Cyber diplomacy is largely evolving in response to new conflicts and threats. Cyber technology is also rapidly evolving, making it harder for governments to address issues before they arise. In addition to the inherent challenges associated with such a rapidly-evolving field, cyber diplomacy’s novelty also exacerbates political tugs-of-war. Any form of diplomacy necessarily deals with political tensions and alliances. However, in cyber diplomacy, laws, and norms underlying the diplomacy are not as established. As a result, states battle not only over cyber resources and rights but also over the ability to construct the very standards that govern cyberspace. This tug-of-war explains, for example, the Russian push for a UN cybersecurity agreement in place of the European-written Budapest Convention[11].

• Another aspect that impedes cyber diplomacy is intersectionality. It’s important to remember that the digitalization of government activities overlaps with many other traditional state interests in cyberspace. Cybersecurity, for example, is increasingly a requirement for defence and national security, and cyber talks can have a significant impact on domestic economic interests. As a result, states must coordinate their cyber diplomacy with conventional modes of diplomacy.

Presently, private actors and nonstate groups, including businesses, political dissidents, and minority groups, may enjoy the freedom of under-regulated cyberspace. This under regulation, to some, means liberty and safety. However, the “diplomacy” in cyber diplomacy makes it interstate by its very nature. Negotiations exclusively among states may result in the over-prioritization of state-based interests like prosecuting cybercrimes—potentially at the expense of other interests like internet freedom.

Cyber diplomacy runs the risk of trampling on the most critical advantages cyberspace poses for nonstate actors, without active collaboration among public and private interests. Nigeria is one state that has begun recognizing this tension. Currently, the Office of the National Security Adviser conducts periodical workshops where experts in various industries in the private sector are invited to speak on solutions affecting local, regional, and international cybersecurity frameworks.

CONCLUSION

In contrast to the global perspective, which is still developing, diplomatic action in Africa has expanded thanks to large contributions from international intergovernmental organizations. As a result, we believe that promoting an international cyberspace strategy encompassing all multi-stakeholders is critical in achieving global social growth, economic, and political progress.

On a global scale, the Budapest Convention is one of the most well-received diplomatic treaties. The characteristics of cyberspace, on the other hand, might lead to debates about the extent to which international cyber security treaties respect human rights and state sovereignty.

We also call attention to the potential for cyber security to become a prominent theme at regional and international summits, given that the field is now mostly addressed in conjunction with transnational crime or terrorism.

AUTHOR: Oyetola Muyiwa Atoyebi, SAN.

Mr. Oyetola Muyiwa Atoyebi, SAN is the Managing Partner of O. M. Atoyebi, S.A.N & Partners (OMAPLEX Law Firm) where he also doubles as the Team Lead of the Firm’s Emerging Areas of Law Practice.

Mr. Atoyebi has expertise in and a vast knowledge of Telecommunications, Media and Technology Law and this has seen him advise and represent his vast clientele in a myriad of high level transactions.  He holds the honour of being the youngest lawyer in Nigeria’s history to be conferred with the rank of a Senior Advocate of Nigeria.

He can be reached at atoyebi@omaplex.com.ng

COUNTRIBUTOR:  Caleb Echoga

Caleb is a member of the Technology Team at Omaplex Law Firm. He is constantly engaged in providing innovative solutions to complex legal issues. He holds a commendable legal expertise in intellectual property law, financial technology, and data protection and privacy law. Beyond his interests in law, he is also a writer, a good-governance enthusiast and a volunteer with a number of Civil Society Organizations.

 He can be reached at caleb.echoga@omaplex.com.ng

[1] Interpol, ‘Cybercrime’, <https://www.interpol.int/en/Crimes/Cybercrime>  accessed: 13 December 2021

[2] Mark Bryan, F. Manantan, ‘Defining Cyber Diplomacy’, <https://www.internationalaffairs.org.au/australianoutlook/defining-cyber-diplomacy/> accessed: 15 December 2021

[3] International Telecommunication Union ‘Economic Community of West African States’,https://www.itu.int/en/ITU-D/Cybersecurity/Pages/Global-Partners/economic-community-west-african-states.aspx> accessed: 18 December 2021

[4] ‘Economic Community of West African States’, <https://ccdcoe.org/organisations/ecowas/>  Date accessed: 18 December 2021

[5] Uche Igwe,‘Nigeria’s Growing Cybercrime Threat Needs Urgent Government Action’,<https://blogs.lse.ac.uk/africaatlse/2021/06/09/nigerias-growing-cybercrime-phishing-threat-needs-urgent-government-action-economy/> accessed: 18 December 2021

[6] Steve Morgan, ‘Cybercrime Damages $6 Trillion By 2021’. <https://cybersecurityventures.com/annual-cybercrime-report-2017/#:~:text=Cybersecurity%20Ventures%20predicts%20cybercrime%20damages,in%20size%2C%20sophistication%20and%20cost.> accessed: 18 December 2021

[7] Nicole Perlroth, David E. Sanger ‘White House Eliminates Cybersecurity Coordinator Role’,<https://www.nytimes.com/2018/05/15/technology/white-house-cybersecurity.html>  accessed: 19 December 2021

[8] Owen Bowcott, ‘Dispute Along Cold War Lines Led To Collapse Of Un Cyberwarfare Talks’ <https://www.theguardian.com/world/2017/aug/23/un-cyberwarfare-negotiations-collapsed-in-june-it-emerges>  accessed: 19 December 2021

[9] Andrea Vittorio,’ U.S. Efforts to Catch Cybercriminals Abroad Hinge on Extradition’,  <https://news.bloomberglaw.com/banking-law/u-s-efforts-to-catch-cybercriminals-abroad-hinge-on-extradition> accessed: 18 December 2021

[10]United States Department of Justice, ‘ Ukrainian Arrested and Charged with Ransomware Attack on Kaseya ’, <https://www.justice.gov/opa/pr/ukrainian-arrested-and-charged-ransomware-attack-kaseya>  accessed: 20 December 2021

[11] Joyce Hakmeh and Alison Peter‘A New UN Cybercrime Treaty? The Way Forward for Supporters of an Open, Free, and Secure Internet ‘,<https://www.cfr.org/blog/new-un-cybercrime-treaty-way-forward-supporters-open-free-and-secure-internet> accessed: 20 December 2021