North America Summit Statement on Global Cyber Issues… and why we may need to ditch aspects of HIPCAR


In keeping with the effects of the Monroe doctrine and the Caribbean Basin Initiative, when the USA sneezes, we catch a cold in the Caribbean. At least, so goes the standard narrative of regional geo-politics, If we accept that there is any truth to this, then paying attention to every huff coming from our neighbors to the north is, therefore, a necessary aspect of predicting our likely short-to medium term (reactionary) trajectories.

In the sphere of cyber laws and policy, therefore, it is also important to consider the position of the U.S.A on matters of international consequence. In this context, the recent joint statement of Canada, Mexico and the United States, at the recent 2016 North America Leaders Summit, on global cyber issues is noteworthy:

Global Cyber Issues

Canada, Mexico, and the United States affirm the importance of an open, interoperable, resilient, and secure Internet, underpinned by the multi-stakeholder model of Internet governance for collective prosperity, security, and commitment to democracy and human rights. The leaders emphasized that everyone should enjoy the same human rights online as well as offline. All three countries commit to continuing our foreign ministry-led Trilateral Cyber Experts Group to strengthen online cooperation, and look forward to the Internet Governance Forum and the Meridian Conference on Critical Information Infrastructure Protection, which Mexico will be hosting in 2016.

Canada and the United States support the Budapest Convention on Cybercrime as the best instrument to fight cybercrime at the international level. The two countries, along with Mexico, commit to enhancing cyber collaboration through capacity building efforts. In this regard, the three have partnered on an initiative to strengthen regional participation in the G7 24/7 Network, which connects national law enforcement points of contact in the battle against high-tech crime. Canada, the United States and Mexico will work together to promote cyber security awareness globally by coordinating our national activities, including Canada’s Get Cyber Safe campaign, the Stop. Think. Connect. Coalition, and the Global Forum on Cyber Expertise.

All three countries commit to promoting stability in cyberspace based on the applicability of international law, voluntary norms of responsible state behaviour during peacetime, and practical confidence-building measures between states. The leaders affirmed that no country conduct or knowingly support online activity that intentionally damages critical infrastructure or otherwise impairs the use of it to provide services to the public; that no country should conduct or knowingly support activity intended to prevent national computer security incident response teams from responding to cyber incidents, or use its own teams to enable online activity that is intended to do harm; that every country should cooperate, consistent with its domestic laws and international obligations, with requests for assistance from other states in mitigating malicious cyber activity emanating from its territory; and that no country should conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to its companies or commercial sectors. Canada, Mexico and the United States will work together in the 2016/2017 UN Group of Governmental Experts, the G20, and the Organization of American States in support of these objectives.

Firstly, it is comforting that the three North American states have confirmed a commitment to the open internet. The notion that anyone can access any content they wish at any point, without interference is the underpinning of the net neutrality principle. At the very least then, this latest statement can be read as implicit endorsement of the efforts of regional governments in the Caribbean (especially Guyana and throughout the Eastern Caribbean) to enshrine net neutrality via legislation.

On another note, it is also noteworthy that Canada and the United States have affirmed their support for the Budapest Convention. The Budapest Convention is typically considered to be the high water mark for internationally accepted best practices in respect of crimes committed via computer networks such as the internet. Both the U.S.A. and Canada are signatories to the convention.

No Caribbean state has, at the time of writing, signed on to the Budapest Convention. This is not to say that no work has been done in the Caribbean in the cybercrime law space. Indeed, the Computer Misuse Act, 2005-4 in effect in Barbados, was based on the Commonwealth Model Law of 2002 which was in large part, based on the Budapest Convention.

Also, via a project known as Harmonization of ICT Policies, Legislation and Regulatory Procedures in the Caribbean (HIPCAR), model legislation on, among other things, cybercrime has been produced which is (loosely) based on the Commonwealth Model Law. That said, besides St Kitts which enacted the Electronic Crimes act in 2009, it is unclear how many other countries in the region have actually implemented this model legislation.

This brings us to the greater point: the dearth of actual implementation of cybercrime legislation is hindering the ability of Caribbean governments to effectively and efficiently participate in cross-border crime-fighting. Taken another way, the lack of actually implemented legislation in the region means, in theory, that where elements of international crimes are committed within our borders, we may, unwittingly be providing a judicial safe haven to criminal elements.

Beyond this, even if we were to implement HIPCAR model legislation on cybercrime in its current state, there are glaring inefficiencies. There are n o provisions in the HIPCAR cybercrime legislation that cover international cooperation. In other words, even if the only ready-made option available to us was utilised, regional governments would, largely, still be behind the curve on the one aspect of the cybercrime legislation which is critical to addressing the inherent nature of cybercrime: its often international scope.

While the intent is not to criticise HIPCAR, it would seem that its widespread adoption would foster harmonisation in the region but not international cooperation. This very fact runs counter to the border-less, international nature of preventing and prosecuting cybercrime.

It seems, therefore, that the lag in implementation of any cybercrime legislation may be to our collective advantage. Various Caribbean countries may bypass the legislative uncertainties inherent in the HIPCAR model text by directly acceding to the Budapest Convention. Lest we forget, all these years later, the Budapest Convention has withstood the criticisms which have been leveled at HIPCAR and remains the gold standard.

By their recent pronouncement, our neighbors to the north are in sync with international best practices on cybercrime. We can be too. Just, perhaps not with HIPCAR.