Analysis of the Budapest Cybercrime Convention in the Paraguayan criminal system

The Cybercrime Convention created in the year 2001; was ratified by the Paraguayan state at the end of 2017. This international convention addresses criminal behaviors that are committed through the internet and in turn the cross-border criminal prosecution of them and thus reduce the incidence of “safe shelters” for cybercrime.

Based on these advances in the Paraguayan criminal system, an investigation is conducted led by attorney Maricarmen Sequera and attorney Marlene Samaniego, both of the TEDIC Organization of Paraguay. It proposes a critical analysis of the Convention and its harmonization in the Paraguayan criminal system, based on a legal analysis and interviews with those responsible for the application of the criminal code and procedure in Paraguay. The authors present the Convention as a legal instrument that regulates the international efforts in the prosecution of criminal conduct by digital means, but in turn contains failures of form and substance, although at first sight it is observed as a proposal that guarantees the protection of human rights.

That is, the investigation states that the Convention generates significant conflicts of proportionality in relation to the protection of the right to privacy. Therefore, for the harmonization of this international instrument to the internal criminal system, precautions should be taken in the design of research to access electronic evidence, seizure of evidence through computer systems, traffic data retention among others because many of these procedural actions entail the violation of the Paraguayan National Constitution and human rights.

Among others points of interest, the main findings that should be taken into account for the harmonization of the Convention are:

  • The judges interviewed by the Judiciary of the nation acknowledge that they do not have technical criteria to evaluate the process of seizing digital evidence requested by the Public Ministry. This situation is serious because to grant judicial authorization, the judge must analyze whether the use of technology is excessive or not for criminal investigation, without this process there is no safeguard of the guarantees established in the National Constitution.
  • The Public Prosecutor’s Office contains protocols for treatment and access to evidence; however, it does not have specific protocols for digital evidence. On the other hand, there is the lack of knowledge that officials of the Ordinary Crime Units of the Public Prosecutor have about the role and crimes pursued by the specialized Unit for cybercrime. Since the creation of this Unit, to date they receive ordinary cases that have as evidence the use of technology. This type of derived cases generates delays in the effective prosecution of the crime; since it is not determined which Unit will be responsible for the fiscal investigation.
  • There is also ignorance on part of the general public about the instances of criminal prosecution. The Public Prosecutor’s Office is used to report crimes made through the Internet, however, most of these complaints are of private criminal action such as cyberbullying, bullying, defamation and slander among others. This also generates administrative burden to a unit that currently has two prosecutors to deal with all computer crimes nationwide.
  • The National Police receives complaints that are labeled “computer crimes” in their system. However, it is not possible to distinguish whether these crimes are consistent with those described in the criminal code as computer crimes or are simply ordinary crimes that have as evidence the use of technology, such as cases of cellular phones theft. The lack of unified categorization of quantitative data on cybercrime in Paraguay creates risks when developing public policies for the mitigation and criminal prosecution of them.
  • Paraguay does not have a personal data protection law, this legal instrument would provide guarantees and control of personal information stored in digital storage systems, ensuring that people who profit from personal data without consent of the owner are brought to justice. Nor can a Data Retention project be discussed without first having a Personal Data Protection Law.

And finally the authors conclude that the Convention should be taken as a model standard to follow, not as something to apply: on one hand because it does not take into account the cultural, political and economic diversity of countries, and on the other hand because it decreases National security barriers, conflicts with the public interest and human rights. It is necessary to make exemptions to not give up jurisdiction and privacy disproportionately. In addition, knowledge about its content and scope should be prioritized. There should be a calm and serene debate between all sectors of society with full citizen participation at national and regional levels, to jointly develop an effective harmonization that respects human rights.

It will also be necessary to strengthen criminal institutions for a better interpretation of national and international communications surveillance laws, given the progress of surveillance techniques and technologies. For Judges of the Judiciary to perform an analysis of proportionality of law or the use of malicious software such as FinFisher or any form of interpretation of communications including metadata, they must be trained to know and justify its use, and thus avoid negligence or abuse by part of the other institutions of the criminal system such as SENAD, National Police or Public Ministry.

And above all to develop areas that allow counting means of academic research and training to offer answers to crimes with and in ICT. Likewise, the promotion of technical meetings that allow different actors to interact and exchange experiences and opinions. This is also a necessity for the design of public policies in this area, due to the technical requirements that it implies.

More info: https://www.tedic.org/wp-content/uploads/2018/10/minuta_TEDIC.pdf