Part 6 of 6

International Cyber Law Framework

🕑 90-120 minutes 🌎 Cross-Border Cooperation 🔒 MLAT & INTERPOL

Introduction: The Challenge of Cyber Crime Across Borders

Cyber crime is inherently borderless. An attacker in one country can target victims in dozens of others, using infrastructure spread across multiple jurisdictions. This creates unique challenges for investigators who must navigate different legal systems, evidence requirements, and cooperation mechanisms.

📚 Learning Objectives

By the end of this part, you will be able to:

  • Understand the Budapest Convention and its relevance
  • Navigate the MLAT process for cross-border evidence
  • Apply alternative mechanisms for urgent requests
  • Utilize INTERPOL notices and databases effectively
  • Address common jurisdiction challenges in cyber crime cases

The Budapest Convention (Council of Europe Convention on Cybercrime)

The Budapest Convention (2001) is the first and most important international treaty on cyber crime. It provides a framework for national legislation and international cooperation.

Key Provisions

  • Harmonization of offenses: Defines common cyber crime categories that member states must criminalize
  • Procedural powers: Mandates investigative tools like expedited preservation of data, search and seizure, real-time collection
  • International cooperation: Framework for mutual assistance, extradition, and 24/7 points of contact

Offenses Under Budapest Convention

  1. Offenses against confidentiality, integrity, availability: Illegal access, illegal interception, data interference, system interference, misuse of devices
  2. Computer-related offenses: Computer-related forgery, computer-related fraud
  3. Content-related offenses: Child pornography (CSAM)
  4. IP offenses: Copyright infringement (via Additional Protocol)
India and the Budapest Convention

India is NOT a signatory to the Budapest Convention. Key reasons cited:

  • India was not involved in drafting the Convention
  • Concerns about provisions allowing cross-border access without consent
  • Sovereignty concerns over data access provisions

Impact on investigators: India relies on bilateral MLATs and INTERPOL channels rather than Budapest Convention mechanisms. However, understanding the Convention helps in dealing with countries that are signatories (68+ countries including US, UK, EU members).

Second Additional Protocol (2022)

The Second Additional Protocol to the Budapest Convention (opened for signature 2022) enhances international cooperation:

  • Direct cooperation with service providers in other countries
  • Expedited disclosure of subscriber information
  • Emergency mutual assistance
  • Video conferencing for witnesses
  • Joint investigation teams

MLATs are bilateral treaties between countries that facilitate evidence sharing and cooperation in criminal matters. For India, this is the primary formal mechanism for cross-border cyber crime cooperation.

India's MLAT Framework

  • India has MLATs with 40+ countries
  • Key partners: USA, UK, Canada, UAE, Singapore, Australia, etc.
  • Central Authority: Ministry of Home Affairs (MHA)

MLAT Process Flow

1
Investigation Identifies Foreign Evidence
Investigator identifies that evidence (data, witness, suspect) is located in another country.
2
Prepare Letter Rogatory (LR)
Prepare formal request through court (Section 166A CrPC / BNSS equivalent) detailing the evidence needed and relevance to the case.
3
Forward to Central Authority
Request sent through MEA (Ministry of External Affairs) to MHA, then to the foreign country's Central Authority.
4
Execution in Foreign Country
Foreign country's authorities execute the request according to their laws.
5
Return of Evidence
Evidence/information returned through diplomatic channels to India.
🚨 MLAT Challenges
  • Time: Average MLAT request takes 6-24 months - by then, digital evidence may be deleted
  • Complexity: Detailed documentation requirements; must meet both countries' standards
  • Dual criminality: Offense must be criminal in both countries
  • No MLAT: Many countries lack MLAT with India

Alternative and Expedited Mechanisms

Given MLAT delays, several alternative mechanisms exist for faster cross-border cooperation.

1. Direct Requests to Service Providers

Many major tech companies (Google, Meta, Microsoft, etc.) accept direct law enforcement requests from foreign governments in certain circumstances:

  • Emergency requests: For imminent threat to life, child safety, terrorism
  • Basic subscriber information: Some companies provide registration data on legal request
  • Data preservation requests: Request to preserve data while MLAT is processed
💡 Best Practice: Preservation Requests

Always send a preservation request first.

  • Major platforms honor 90-day preservation requests
  • Can be extended for another 90 days
  • Buys time while MLAT is processed
  • Send directly to company's law enforcement portal (Google, Meta, Microsoft all have these)

2. US CLOUD Act (2018)

The US Clarifying Lawful Overseas Use of Data (CLOUD) Act allows:

  • US law enforcement to compel US-based companies to provide data regardless of where stored
  • Executive agreements between US and qualifying foreign governments for direct requests
  • India-US CLOUD Act Agreement: Under negotiation; would allow Indian agencies to request data directly from US companies

3. 24/7 Network Points of Contact

Many countries maintain 24/7 points of contact for urgent cyber crime matters:

  • Budapest Convention requires signatories to maintain 24/7 network
  • India participates through CBI/INTERPOL NCB
  • Used for emergency preservation requests and urgent coordination

4. Police-to-Police Cooperation

For intelligence sharing (not evidence for court):

  • INTERPOL I-24/7 secure network
  • Direct liaison with foreign law enforcement through INTERPOL NCBs
  • Useful for identifying suspects, tracing money flows, coordinating takedowns

INTERPOL and Cyber Crime

INTERPOL (International Criminal Police Organization) is the world's largest police organization with 195 member countries. It plays a crucial role in international cyber crime cooperation.

INTERPOL's Cyber Crime Programme

  • INTERPOL Cyber Fusion Centre: Singapore-based hub for threat intelligence
  • Digital Crime Centre: Operational support for cyber investigations
  • INTERPOL Gateway: Connects police with private sector for threat sharing
  • INTERPOL Innovation Centre: Develops tools for cyber crime investigation

INTERPOL Notice System

INTERPOL issues various color-coded notices that are relevant to cyber crime investigations:

RED

Red Notice

To seek arrest and extradition of a wanted person. The most common notice for cyber criminals wanted internationally. Not an arrest warrant but requests provisional arrest.

YELLOW

Yellow Notice

To locate missing persons, especially minors. Relevant in cases of online child exploitation or trafficking.

BLUE

Blue Notice

To collect information on a person's identity, location, or activities in relation to a crime. Useful for gathering intelligence on cyber criminals.

GREEN

Green Notice

To warn about persons who have committed criminal offenses and are likely to repeat. Alerts other countries about known cyber criminals.

BLACK

Black Notice

To seek information on unidentified bodies. May be relevant in extreme cyber stalking or online harassment cases.

PURPLE

Purple Notice

To provide information on modus operandi, objects, devices, or concealment methods. Highly relevant for sharing information about new cyber crime techniques, malware, or attack patterns.

ORANGE

Orange Notice

To warn of an event, person, object, or process representing an imminent threat. Used for warning about active cyber threats like ransomware campaigns.

Accessing INTERPOL Services from India

All requests go through the National Central Bureau (NCB) India:

  • NCB India: Located in CBI headquarters, New Delhi
  • I-24/7: Secure communication network connecting NCBs worldwide
  • Process: Local police -> State CID -> NCB India -> INTERPOL

Jurisdiction Challenges in Cyber Crime

Determining jurisdiction is one of the most complex issues in cyber crime investigation.

Bases for Jurisdiction

  • Territorial: Crime committed within the territory
  • Nationality: Offender is a national of the country
  • Passive personality: Victim is a national of the country
  • Effects doctrine: Crime has substantial effects in the country
  • Universal jurisdiction: For certain grave offenses (terrorism, CSAM)

India's Jurisdiction Under IT Act

Section 75 IT Act: Extraterritorial Application

The IT Act applies to offenses committed outside India if:

  • The offense involves a computer, computer system, or computer network located in India
  • This includes cloud servers, websites hosted in India, etc.

Common Jurisdiction Scenarios

💡 Scenario 1: Indian Victim, Foreign Attacker

Facts: Victim in India receives phishing email from attacker in Nigeria, loses money.

Jurisdiction: India has jurisdiction (effects doctrine, victim nationality). FIR can be registered in India. For evidence/arrest from Nigeria, need MLAT or INTERPOL cooperation.

💡 Scenario 2: Indian Attacker, Foreign Victim

Facts: Indian citizen runs tech support scam targeting US/UK victims.

Jurisdiction: India has jurisdiction (nationality principle). Foreign country also has jurisdiction (victim/effects). May result in prosecution in India or extradition request.

💡 Scenario 3: Data on Foreign Servers

Facts: Evidence of crime committed in India is stored on servers in the US (e.g., Gmail, Facebook).

Jurisdiction: Crime jurisdiction in India. For accessing data, need MLAT to US or direct request to company for non-content data.

UN Initiatives on Cyber Crime

The United Nations is developing a new international framework for cyber crime cooperation.

UN Ad Hoc Committee on Cybercrime

  • Established 2019 by UN General Assembly
  • Developing a comprehensive international convention on countering the use of ICTs for criminal purposes
  • Expected to be broader than Budapest Convention
  • India is actively participating in negotiations

UNODC and Cyber Crime

The UN Office on Drugs and Crime provides:

  • Technical assistance to countries developing cyber crime legislation
  • Training for law enforcement on cyber crime investigation
  • Global Programme on Cybercrime

Practical Tips for Cross-Border Investigation

Best Practices

  1. Preserve first, request later: Send preservation requests immediately to platforms
  2. Use multiple channels: Combine MLAT with direct requests and INTERPOL channels
  3. Document for both systems: Ensure evidence meets requirements of both countries
  4. Build relationships: Develop contacts with NCBs and foreign agencies
  5. Stay updated: International mechanisms are evolving rapidly

Key Contacts for Indian Investigators

  • NCB India (CBI): For INTERPOL channels
  • Ministry of Home Affairs: Central Authority for MLATs
  • CERT-In: For cyber security incident coordination
  • I4C: For domestic coordination and assistance
📚 Key Takeaways
  • Budapest Convention is the primary international cyber crime treaty (68+ countries) but India is NOT a signatory
  • MLATs are India's primary formal mechanism - but they are slow (6-24 months)
  • Preservation requests should be sent immediately to buy time while MLAT processes
  • INTERPOL provides crucial operational support through Red/Blue/Purple notices and I-24/7 network
  • Section 75 IT Act provides extraterritorial jurisdiction when Indian systems are involved
  • Direct requests to tech companies possible for emergencies and non-content data
  • India-US CLOUD Act agreement would significantly speed up data requests from US companies
  • UN Convention under development may create new global framework with India's participation
Previous: Intermediary Liability Take Module Quiz