Cybercrime and Law Enforcement: Conceiving Jurisdiction in a Borderless Space

Dr. Albert Antwi-Boasiako

The issue of jurisdiction and sovereignty in cyberspace poses significant challenges. With the advent of the digital transformation, traditional concepts of jurisdiction in physical spaces clash with the borderless nature of the internet. This creates difficulties in defining jurisdiction in cyberspace. The lack of clear boundaries makes it challenging to attribute cybercrimes to specific individuals or entities. The growing use of IP spoofing and AI-enabled systems in cybercrime further complicates attribution. As a result, identifying and holding cybercriminals accountable becomes increasingly difficult.

To effectively combat cybercrime, there is a need for international cooperation and legal harmonisation. Ghana’s membership in conventions and treaties, such as the Budapest Convention and the African Union Convention, highlights the importance of global collaboration. By joining these international efforts, Ghana recognises the necessity of unified action against cybercrime. Moreover, the mention of an international treaty to counter the use of information and communication technologies (ICT) in cybercrime underscores the significance of a coordinated global response.

Unfortunately, bureaucratic responses to cybercrime often lag behind the speed of hackers. The slow pace of decision-making and lack of urgency from world leaders hinder the effective addressing of cybercrime challenges. Ransomware attacks and organised criminal networks continue to thrive due to the insufficient urgency exhibited by policymakers and officials. There is a clear call for faster action and a more proactive approach from world leaders to tackle the ever-evolving cyber threats.

Addressing cybersecurity requires concerted efforts at multiple levels. Countries need to establish strong national legislation to combat cyber threats effectively. However, aligning this legislation with sub-regional and global instruments is crucial for comprehensive cybersecurity measures. Ghana’s recent passage of a cybersecurity act in 2020 demonstrates its commitment to addressing cyber risks at the national level. To further strengthen cybersecurity, collaboration and coordination are needed at sub-regional and international levels.

The difficulties in accessing data from big tech firms also raise concerns about data governance and sovereignty. Domestic laws may be enacted to compel these companies to keep data within the country, asserting data sovereignty. Balancing the need for cooperation with big tech firms and the desire for self-reliance in managing data poses a complex challenge for governments worldwide.

The private sector’s cooperation with states is essential for progress in tackling cyber threats. Recognising that the private sector possesses valuable expertise and resources, collaborating with them can enhance cybersecurity measures. This cooperation can pave the way for more effective cybersecurity strategies and the identification of emerging threats.

Ghana’s hosting of the Global Conference on Cyber Capacity highlights its ambition to lead cybersecurity efforts on the African continent. The conference, organised by the World Bank in collaboration with the World Economic Forum, GFC, and Cyber Peace Institute, brings together international delegates to explore and promote cyber capacity building. Ghana’s hosting of this significant event aligns closely with its vision to play a leading role in strengthening cybersecurity in Africa.

In conclusion, the challenges of jurisdiction, attribution, and legal harmonisation in cyberspace demand international cooperation and proactive measures. Efforts at multiple levels, from national to international, are required to effectively combat cybercrime. Collaboration between states and the private sector is vital for developing robust cybersecurity strategies. Ghana’s involvement in international conventions and its hosting of the Global Conference on Cyber Capacity underpin its ambition to lead cyber capacity building on the African continent. Overall, it is clear that addressing cyber threats and safeguarding cyberspace is a complex and multifaceted task that demands a unified and coordinated global response.

Prof. Marco Gercke

Jurisdiction is a crucial aspect of cybersecurity, allowing for the fight against cybercrime and ensuring overall security. However, the jurisdictional limits of enforcement agencies are often defined by national borders, which can create limitations in cooperation between countries. This is especially true when countries have different classifications of crimes, leading to limited cooperation in criminal matters.

Cooperation plays a significant role in addressing cyber threats, extending beyond the criminal field. It can take various forms, such as information exchange and collaboration in cybersecurity. Fostering collaboration across sectors and disciplines is key to effectively addressing these threats.

Jurisdictional limitations also serve a purpose by allowing different criminal systems worldwide. Different countries can criminalize activities that may not be criminalized elsewhere, addressing issues based on their societal needs and values.

Both regional and global cooperation are seen as potential solutions to tackle cyber threats. Regional cooperation has already shown positive results, with successful collaborations between governments in different parts of the world. Prof. Marco Gercke advocates for private sector involvement, highlighting the benefits of multinational companies assisting law enforcement agencies in accessing crucial data.

The advent of cloud services has brought both opportunities and risks to cybersecurity. Initially, there were concerns about restricting access to suspects’ data. However, law enforcement agencies soon realized they could approach cloud service providers directly for necessary information, opening new possibilities in data sharing and investigation.

Solutions for cybersecurity challenges can be pursued at national or international levels. Some propose addressing issues through national legislation, while others suggest involving larger international organizations such as the United Nations. Combining different approaches may be the way forward.

Cooperation at various levels, sectors, and regions is vital in addressing cyber threats. Ghana’s Cyber Security Act of 2020 demonstrates the importance of national-level legislation in bridging gaps in cybersecurity. Sub-regional instruments, like those implemented by ECOWAS, contribute to enhanced cooperation. While global expectations should be realistic, basic cooperation frameworks remain essential.

Efforts to establish effective cooperation frameworks require exploration and evaluation. Existing frameworks and avenues for cooperation can be assessed to develop more robust mechanisms. If negotiations for cooperation fail, it may be necessary to reassess and develop new strategies.

It is important to note that cybersecurity is linked to various areas of concern, from attacks on critical infrastructure to child sexual exploitation. Each area presents different levels of cooperation required and unique challenges.

While regional cooperation has yielded positive results in cybersecurity, a comprehensive global approach is still needed. Many emphasize the need for broader international cooperation to effectively address cyber threats.

In conclusion, jurisdiction is a critical aspect of cybersecurity, enabling the fight against cybercrime and ensuring overall security. However, jurisdictional limits at national borders can limit cooperation. Cooperation plays a significant role in addressing cyber threats and can extend beyond the criminal field. Jurisdictional limitations allow for different criminal systems worldwide. Regional and global cooperation, along with private sector involvement, are potential solutions. The advent of cloud services brings both opportunities and risks. Solutions can be pursued at national and international levels. Cooperation at various levels, sectors, and regions is vital. Efforts to establish effective cooperation frameworks require exploration. Cybersecurity is linked to various areas of concern. While regional cooperation has shown promise, a comprehensive global approach is still needed.

Sheikh Salman bin Mohammed Al Khalifa

The analysis examines different perspectives on the importance of cooperation and legal protections in tackling cybercrime. It cites an example of cooperation between the Kingdom of Bahrain and the UK to address online child abuse, highlighting the positive sentiment towards cross-border collaboration in combating cybercrime.

Effective cybercrime cooperation is believed to be achieved through inter-regional, international, and cross-regional agreements. The GCC agreement in Bahrain is presented as an example that supports the investigation and resolution of online crimes, reinforcing the argument for effective cross-border collaboration.

Some argue that there is no need to wait for the UN to address cybercrime, suggesting that regional bodies and cross-regional cooperation can take the lead. This neutral stance indicates confidence in the effectiveness of regional collaboration without relying solely on international organizations like the UN.

The significance of legal protection for companies sharing information in cybercrime cases is emphasized. It is noted that private sector companies may face legal consequences, such as being sued under the General Data Protection Regulation (GDPR), if they share information without proper authorization. This underscores the need for proper authorization and legal safeguards when combatting cybercrime.

Furthermore, there is support for establishing global or regional mechanisms to minimize the legal risks faced by companies in cybercrime cases. It is seen as a positive step towards SDG 16 (Peace, Justice, and Strong Institutions) and SDG 17 (Partnerships for the Goals). However, no specific evidence or supporting facts are provided in this regard.

The importance of international cooperation in combating ransomware attacks is also highlighted, with 40 countries signing up for collaboration to stop paying ransomware and share critical information. The ability to respond quickly to attacks through inter-regional cooperation is also emphasized.

There is a negative sentiment towards cybercrime due to its impact on individuals and companies globally. The need to extend laws and regulations to protect organizations and individuals from cybercrime, particularly ransomware, is emphasized. It is mentioned that laws supporting cybercrimes related to children are already in place.

In conclusion, the analysis emphasizes the significance of cooperation between countries and regions in addressing cybercrime. It highlights the importance of legal protections, agreements, and regional collaboration as effective strategies in combatting cybercrime. The negative impact of cybercrime on individuals and organizations necessitates the extension of laws and regulations to safeguard against these attacks. Overall, the analysis offers valuable insights into various perspectives on cybercrime cooperation and legal protections.

Bernardo Pillot

In this discussion on cybercrime, the speakers raise concerns regarding jurisdiction and the challenge it poses in addressing cybercriminal activities. They highlight the complex nature of cybercrime, with perpetrators operating in one country, using infrastructure located in another country, and victims scattered across multiple countries. This leads to difficulties in the law enforcement community in navigating and effectively addressing such crimes. The argument is made that jurisdiction is a significant problem in cybercrime.

However, Interpol is recognized as playing a vital role in facilitating collaboration and the exchange of information across jurisdictions. As an international organisation, Interpol has 195 member countries, each with a national central bureau for communication. They emphasise that Interpol’s role is to establish programmes and provide training to law enforcement agencies worldwide to enhance their capacity and knowledge in fighting cybercrime.

Cultural differences are also acknowledged as affecting international cooperation on cybercrime. The speakers note that the handling of this issue varies due to differing legal frameworks and regional challenges. Interpol adopts a regional model that provides tailored support addressing specific challenges and threats in each region.

The speakers express support for Interpol’s role on the UN Ad Hoc Committee as the global law enforcement voice, giving a voice to the law enforcement community. They highlight Interpol’s active involvement in the UN Ad Hoc Committee process. However, they also acknowledge that in such negotiations, many countries are represented by diplomats rather than the people directly involved in using the mechanisms being discussed.

The potential of public-private partnerships is explored as a means to aid in cybercrime investigations in the absence of a global legal framework. The speakers mention Project Gateway, which involves collaboration between Interpol and 13 companies. These companies possess the intelligence necessary for law enforcement agencies to push forward with investigations. The evidence presented supports the argument that private sector involvement can be beneficial in addressing cybercrime.

The speakers place an emphasis on immediate cooperation in cases related to child sexual abuse, which is considered a top priority. They mention that child sexual exploitation material is handled with utmost priority by Interpol.

On the other hand, challenges related to information exchange during ransomware attacks are highlighted. Law enforcement agencies often face limitations when it comes to sharing essential information, indicating the complexity surrounding such incidents.

In conclusion, there is a consensus among the speakers on the need for improved trust and cooperation among international organisations to effectively combat cybercrime. They believe that addressing the challenges of jurisdiction, cultural differences, and information exchange will require collaborative efforts and the active involvement of organisations like Interpol. The speakers’ insights shed light on the complexities of cybercrime and the importance of international cooperation in effectively combating this global threat.

Prof. Marco Gercke:
Good, welcome to the audience and to this session. I have excellent experts here with me to answer questions that we’d like to discuss with you. I’m gonna be just making some brief statements. Jurisdiction is the holy grail of cybersecurity, to be very honest. If we four would be able to solve the issue of jurisdiction or we all together in this room today, we’d made a major step forward. I don’t think this is gonna be possible. And I think what we need to do is we need to distinguish between two topics. There is the topic of jurisdiction, which is usually related to crime, to criminal investigations, to cybercrime. And there is the more broader topic of cooperation. Cooperation can take place outside of any criminal field. It can be cooperation in cybersecurity, exchange of information. So we’d like to address both topics. They’re intertwined, but I’d like to separate them for a moment. And I’d like, as a criminal law professor, to maybe make one comment. There are a lot of people who say jurisdiction is one of the key problems, one of the obstacles to successful fight against crime, against cybercrime, and ensuring our security. I’d like to caution you a little bit. Jurisdiction is what we understand when we’re saying there are limitations to the authority of an enforcement agency within a country. So the enforcement agencies in Saudi Arabia will find their limits in general at the border. That means if a crime is happening outside the country, they will not be able to enforce it unless there is certain agreement of cooperation in the criminal field. There are very few cases where you wanna claim jurisdiction outside your borders. These are very, very rare cases. And in general, jurisdiction and the limitation to jurisdiction serves an important purpose. It allows us to have different criminal law systems in the world. It allows you to criminalize things which are not criminalized in other parts of the world. And cooperation in general finds its limit if countries have to work together and they realize we are not talking about a criminal offense in both countries. If one country criminalizes something, the other country does not criminalize it, the possibilities for cooperation in criminal matters is very much limited. Therefore, if we had jurisdiction or one of the conditions for closer cooperation in criminal matters is actually that we would align our criminal law systems as well, we would criminalize the same things. Okay, that as a general remark. We have excellent experts here and I’d like to pass on the question to Bernardo maybe from Interpol as you are one of the organizations that is closest associated with the first part, fighting crime. What’s your view? What is hindering effective fight against cybercrime? Is it the problem of jurisdiction? Lack of cooperation in general? Is it missing criminalization? What’s the issue?

Bernardo Pillot:
Sure. Thank you first of all for having me here. I’m honored to be here representing Interpol. This is our third year participating in the Global Cybersecurity Forum so I’m thankful to be here on behalf of Interpol. That’s an excellent question. I think it hits different points. Jurisdiction is a big problem. Cyber is not your traditional crime area where you have law enforcement responding to a crime, initiating evidence collection, interviews. The jurisdiction is in the country and an example of traditional crime. In cybercrime, it’s global. It transcends borders. You could have a cybercriminal operating in one country, you could have infrastructure in another country and then you could have victims in a third country so it’s very complicated navigating that environment in the law enforcement community and that’s where Interpol comes in. We have 195 member countries around the world. Each member country has a national central bureau which is the way that Interpol member countries communicate so our role is basically to collaborate and bring countries together to look at cybercrime in particular how to exchange information across jurisdictions and then when we see there’s a lack of perhaps capacity or knowledge in cybercrime, then we do capacity building where we set up programs to train the law enforcement around the globe on fighting cybercrime.

Prof. Marco Gercke:
Can I just follow up with a brief issue? As you are working with so many different countries, do you believe that culture is an issue that we have a lack of cooperation in certain areas because of a lack of culture or is it just that we’re lacking an international instrument that we have in other areas for example organized crime where we have a UN convention? What’s the difficulty?

Bernardo Pillot:
Well, the difficulty can be cultural. For our cybercrime program, we recognize that we can’t treat every country the same. We have 195 member countries. Cybercrime is unique. There’s some similarities but as was mentioned, there’s different legal frameworks in different areas so we look at a regional model where we break the country up, the world into different regions and focus on providing our support for that particular region looking at the challenges that they face and the threats that are important to them and I think that’s the unique way that we have been handling this issue as far as collaboration. You know, the Budapest Convention I believe is 22 years old next month. Obviously, a lot has changed in 22 years. We have a lot of advancement in technology. Interpol has been heavily involved in the UN Ad Hoc Committee process. We’re there to serve as the global law enforcement voice. Obviously, this is negotiations between countries to establish a new way of working which can be challenging obviously based on a lot of geopolitical conflicts but we’re hopeful that by us being part of this forum that we can give a voice to the law enforcement community which are the ones that actually have to do the work. A lot of countries are represented by diplomats and maybe not the people that are actually gonna be using the mechanisms that are being negotiated at this point.

Prof. Marco Gercke:
Perfect, thank you so much. Albert, before I come to you, one issue. It was last year’s forum here where we discussed the UN approach towards cybercrime, the discussion negotiation about a convention. I think we were all hoping that at this stage we would be at a different place. The negotiations were not as successful as we were hoping here last year with a lot of encouraging comments for this. Let’s see where this is heading. The process is not over but it’s definitely at a difficult stage. Albert, with your experience taking this beyond just jurisdiction, the question of jurisdiction going into corporation, where do you see the key challenges at the moment and where do you see the solution for the discussion in cybersecurity field?

Dr. Albert Antwi-Boasiako:
Prof. Marko, thank you for the question. First of all, on behalf of my country, the Republic of Ghana, our appreciation to the kingdom, to the National Cybersecurity Authority in particular for extending an invitation to us. This is the second time participating, this is the last time I was with my minister and I think it’s been a sight. We appreciate the hospitality of the kingdom. I think the issue of jurisdiction, sovereignty, cooperation is an important one whenever the subject of cybercrime comes into the picture. Prof., I think you alluded to the issue earlier. Traditionally, not just law student, but once you came across jurisdiction, then understand there’s a physical space, isn’t it, with a certain boundary. But in the cyber sphere, how do you then define the jurisdiction? When somebody could be in Saudi Arabia and still be able to commission an act targeting IT infrastructure, certainly in Ghana. These are some of the challenges that we’ve seen in this particular area. So, digital transformation is now interrogating the concept of jurisdiction as the law applies. Of course, if you’re talking of cybercrime, then the law is also very important here. But, Prof., one area of difficulties, also attribution, is another huge area. Beyond the techniques of IP spoofing and others, even the advent of artificial intelligence, I think we are interrogating how do we establish attribution when AI-enabled systems are actually behind certain crimes. So, it’s a kind of important discussion. From our perspective, Ghana as a developing country, I think we are heavily dependent on consuming technologies which are hosted elsewhere. Those days of data localization, that also raises its own question. Data governance, data protection, and how to lawfully assess data to support criminal investigation. But, of course, I think at the end of the day, the question you raise is also the variability of domestic legislation. Because if you have the concept of jurisdiction implicates a law governing that particular space. And that has been a challenge in terms of legal harmonization that a particular cyber act will be designated as a crime in Ghana. And that same act will also be seen as a crime in another jurisdiction. I think the world is moving towards that angle. Ghana is a member of the Budapest Convention, which Bernardo mentioned about. It’s among a few African countries, about six or seven, which is a signatory to this. And we’ve also signed up to the African Union Convention just to address those sort of gaps. But Budapest Convention membership is just about 60. But it has been a good foundational international cooperation instrument. And I think I also wanted to add up to the UN resolution that has necessitated negotiations on international treaty to counter the use of ICTs in cyber crime, which Ghana has been participating. So I think, I do believe the world is moving towards that direction. But we are not moving quicker. You know, hackers move with the speed of light. But the bureaucrats, whether the EU, African Union, UN, you know, the pace by which we are, and as a technical person, after such negotiations, I’m like, you get annoyed. You know, we need to move because you see the issues happening. You see the ransomware. You see the organized criminal network acting. And you expect the world leaders to also act in a manner that is equally giving that sense of urgency to address the issue. But unfortunately, it doesn’t work like that. But I do believe, I’m quite optimistic that recent developments at the regional level, at the sub-regional level, but international level is moving us because we do not have a choice. I think it’s an imperative that we find international cooperation arrangement. Of course, we can agree on everything, but the baseline, understand them, and mature mechanisms of cooperation is required to be able to address cybercrime as a transnational crime in this particular manner.

Prof. Marco Gercke:
Prof, thank you for the opportunity. Oh, absolutely. So you see, again, there is great unity in the call for some kind of closer cooperation and having those frameworks in place.Sheikh, it’s a pleasure having you here with your experience. So we would like to benefit from this. When you’re looking at cybersecurity, and again, going beyond only the issue of jurisdiction, which is a more legal thing, but cooperation, if you’re looking at the region, if you’re looking at it globally, what’s the path forward? How can we get to a closer cooperation that we’re not standing there and just looking at crimes and attacks happening, but that we can respond in due time?

Sheikh Salman bin Mohammed Al Khalifa:
So I do see cooperation on the ground. So we cannot just say it’s negative all the time, but there is real examples of successes. For example, we had a case where there was child abuse, online child abuse stemming from Bahrain to the UK. And the cooperation between Kingdom of Bahrain and United Kingdom enabled us to cooperate, track, monitor, and collect the evidence necessary to prosecute the criminal in the Kingdom of Bahrain. Collaboration is a tool and allows us to resolve our problems, even if we don’t have jurisdiction. We can make it as difficult as we would like it to be, and we can simplify it if we choose to simplify it. But I think there is the intent between countries to resolve certainly certain crimes that are common to all of us. And I think as human beings, seeing people being abused is something that we all reject. Seeing crimes committed across the border is something that we all strive to stop. And I think establishing one-on-one relationship is one way of solving that problem, but also we have international cooperation and regional cooperation. For example, the GCC has the GCC agreement that we can, any crime that happens in one country, we will support another country in investigating and resolving it in all online crimes. And that’s the kind of collaboration you want. You want inter-regional, international, and maybe cross-regional agreements. So if we can’t, we do not need to wait for the international community to agree so the GCC can work with the African Union as well, so that we can harmonize our cooperation and utilize each one’s jurisdiction to resolve that cybercrime. So we don’t need to wait for the UN to solve our problem. I think we can have it happen at a regional level and cross-regions, and then eventually maybe the UN will catch up.

Prof. Marco Gercke:
That’s a very good point. I think it’s important to highlight that I had the pleasure of working with a lot of governments in different parts of the world. I’ve been in Africa. I’ve done a lot of work with countries here in the region with the GCC. There are those instruments in place already. We see it. We had the former president of the European Commission here. So in the EU there is regional cooperation. The Council of Europe Member States, there is regional cooperation. We have it in Africa. We see that there is a great degree of cooperation in GCC. We see it also in Southern Africa, sorry, Southern America and the OAS. There is a cooperation. So we see those regional instruments. What is currently still lacking is the global dimension that is adding something to it as cyber threats are truly global. Bernardo, I would like to ask you again on one of the issues. How about the private sector, the public- private partnership? Can that add to it? Can that, even if there is no legal framework, no global legal framework in place, can the fact that we have those large international, multinational companies that are based in the United States, for example, help law enforcement agencies around the world to get access to data that they need, even if there is no legal framework in place?

Bernardo Pillot:
Sure, absolutely. We at Interpol have a project called Project Gateway where we connect with the private industry, public-private sector. We have 13 companies that have signed on to this agreement and the idea is to exchange intelligence. Obviously these big companies are protecting their clients but they hold a lot of the intelligence that law enforcement needs to move forward an investigation, to identify different threats. So this collaboration that’s been ongoing with Interpol and these companies have allowed us to provide that intelligence to countries to act on it. The idea is to have actionable intelligence where countries can actually take action on cyber threat actors that have been identified. So we recognized early on that as law enforcement, especially in cybercrime, companies, big industry hold that data that we need. They have the expertise, the tools and what we need to do is leverage on that and it would be not just for the benefit of the companies but obviously for the benefit of our member countries around the globe.

Prof. Marco Gercke:
So did you want to add to it? Okay but I’d like to have your view on this on this issue as well because there is an opportunity certainly with global companies supporting the work of law enforcement or the fight against against cyber attacks. Is this something that we need to enforce where we need a forum like this one where we need to involve the industry and ensure that there are maybe global standards, a protocol, something even if it is not legislation in place that there is some some kind of mechanism in place that we can improve this cooperation with nation states? For example if you need to access data in the United States do you have the right tools or do you believe this needs to or

Sheikh Salman bin Mohammed Al Khalifa:
should be improved? I think that is a difficult ask because there are legal ramifications to that. If for example private sector companies took action or shared information they were not supposed to. For example take Europe, that’s part of GDPR and by sharing information without the consent of the companies or the information owner they can be sued. So and I think there needs to be some kind of protectionism given at the global level or at least at the regional level should the information shared in cases of cyber crime and we can focus on just that aspect of it and minimize the risk that they have to bear from a legal perspective so that they cannot be sued from the information owner or from the governments in the region.

Prof. Marco Gercke:
Okay that’s a that’s a very interesting point. I still remember discussions with law enforcement agencies at the time when cloud services started to pop up and they were really afraid that they said we will not be able to go to the premise of the suspect anymore and seize material there because they’re all stored in the cloud and that makes it significantly more difficult for us to get access to the material. However after a short period of time they realized okay but there is a centralized cloud provider and instead of having to search at the suspects premise I can simply call the cloud provider and say give me the data and I don’t even need to enter the suspects premise. So there are certainly two sides to each of the issues. There are opportunities and risks. I’d like to discuss a little bit the way forward. We only have nine minutes left. I’d like to to try to look out where do we need to to put the focus. Do we need to do it on the national level? Do we need to solve the issue there? Where do you see where we should take action? Where the focus should be? It can be again as we did last year call for the United Nations to take action. It can however also be to say okay let’s clean up our house first and make sure that we have the instruments.

Dr. Albert Antwi-Boasiako:
Prof, I think there is interrelationships around us. You can’t address this issue. It is only at international level, at a sub-regional level, without looking at domestic level. So I think at each level we need to make some tangible progress. Certainly the minimum is at a national level you need a legislation that is fit for purpose. So for example, Ghana in 2020 passed a cyber security act that tried to address some of this gap. You need to. I think as a rule of law country that is a baseline that you need to. Of course the alignment with a sub-regional instrument is also key and I think from my region ECOWAS has got instruments on cyber crime to facilitate collaboration. It is needed. At the African Union level working with Malabo Convention, the African Union Convention on Cyber Security and of course at a global level. I don’t think we should be overly ambitious with expectation of what to achieve at a global level. But I think at a domestic level, at the sub-regional level, there is that opportunity to agree on basic cooperation framework that we can address this issue. And I think it’s an evolving situation, there’s no doubt. And my last example, what’s the refusal or the difficulty for countries like Ghana to access lawful access to data from the big tech firms is leading to what we call, you know, data governance and what? And sovereignty. You are likely to do a domestic law that will compare service providers, institutions to rather invest in keeping their data within the country instead of keeping them out. So I think the environment is opening up and I think, you know, linking to the private sector issue, I think the private sector needs to be aware of what is happening and cooperate with the states so that we can make progress in this particular area.

Prof. Marco Gercke:
I mean, you heard during the opening presentation and those of you who are following the discussion already knew before that there is now a GCF Institute and maybe that would be something that the GCF Institute could look into and have a look at different frameworks that are already there, different ways of cooperation and maybe to see if it is possible to build upon this. Maybe we have to go get back to the drawing board when the negotiations in the room don’t work. Bernardo, there are different areas that we are associating with cyber security and cyber crime. From a perspective that was discussed here very frequently of critical infrastructure, there are attacks against critical infrastructure, but that’s not the only problem. We can go all the way down to, for example, child sexual exploitation material, which was mentioned here by Mr. Sheikh Salman before. So, what are the areas where cooperation works, where you see that’s something where it’s happening frequently and it’s happening routinely at a high speed, and where are areas where we’re finding it more challenging? Because I think this is really important. If you’re a provider of critical infrastructure and you’re realizing chances for cooperation are limited, that’s where the pressure starts to build up.

Bernardo Pillot:
From an Interpol perspective, the cooperation that we see that happens pretty quickly is anything having to do with children. Obviously, that’s important. Anything related to child sexual abuse material is almost immediate. Everyone collaborates, everyone works together, including private companies, obviously giving access of their information to law enforcement to take action. I don’t see that as an issue. I think the issue that we’re seeing is when you look at a ransomware attack, how are countries working together and exchanging information? A lot of times what we’re seeing, and it’s a tendency in law enforcement, is keeping things to themselves and not sharing with other jurisdictions that potentially can help mitigate the attack or find a way to attribute that attack to an actual person. So I think we need to work together in a better way, a more organized way. I think this is where Interpol plays a big role. We’re a neutral organization. We have 195 member countries, like I mentioned, around the globe. We’re not taking sides with one country or another. Our idea is to facilitate that exchange of information, but it has to come from a place of trust. I think it’s inherent in law enforcement that we don’t trust each other, so we need just to do a better job at that.

Prof. Marco Gercke:
That’s a good word, almost a good final word. We met here twice. This is the second time we’re meeting. When we’re meeting again, if we’re meeting inshallah next year, what will have changed? What are you hoping for as a realistic target? What could we have achieved over the next year when it comes to cooperation? Do you think there is anything where you see there is going to be a breakthrough, or do you believe it’s the small things that you do not necessarily see on a daily basis where agencies are working together, which will make most of the difference in this year?

Sheikh Salman bin Mohammed Al Khalifa:
I see two things. With regards to ransomware, we’ve seen 40 countries sign up for cooperation in order to not only stop paying ransomware, but actually sharing critical information about decrypting certain information. Now, if the whole countries started sharing how to decrypt that ransomware and sharing those keys, we would have less crime. That trend I can see happening. I see greater regional cooperation, so inter-regional cooperation between, say, the GCC and the African Union or South American countries. This inter-cooperation will also enable us to better respond in probably sometimes with the support, obviously, of Interpol, allows us to move faster, and I think that’s what we should see, more inter-organizational established relationship to rapidly respond to these attacks. Yes, you know, cybercrime related to children is an emotion that everybody supports and the laws support it, but we need to extend that as well to ransomware that can destroy organization and the livelihoods of individuals and companies globally.

Prof. Marco Gercke:
Thank you so much, Albert. If I can ask you, if you can make a 30-second wish, you only have… Here we go.

Dr. Albert Antwi-Boasiako:
I was going to ask you, Prof, thank you. Ghana is hosting an international event later November, the Global Conference on Cyber Capacity, being organized by the World Bank in collaboration with the World Economic Forum, GFC, also Cyber Peace Institute. We are expecting close to a thousand international delegates in Accra, and the team is capacity with Ghana’s vision to lead cyber security on the African continent, and we look forward to see some of you, if you receive your invitations already. Other than that, we’ll also be happy to engage on this going forward.

Prof. Marco Gercke:
Thank you so much for basically inviting the people in the room over to the next conference, which would be definitely a pleasure. The only thing I can do is I can carefully close this session, this panel, by thanking the panelists, thanking the audience. I think we have seen that there is already progress, that maybe we do not necessarily focus on when we’re only looking at the big global developments with the discussion about the UN Convention being stuck. We heard various examples of successful regional corporations that we can maybe learn from. We’ve heard that there are areas where cooperation works, because everybody’s interested, like the protection of children, where we’ve heard from successful examples where this cooperation takes place. Do I personally wish for more? Do you think we should wish for more, that we get this broad approach? Yes, I think it’s realistic, but maybe on the way there we need some more research, getting back to the drawing board, and maybe the GCF Institute can play a role there. With this, I would like to thank you all, and please enjoy the rest of the conference, and maybe see you all in Africa.