Octopus Conference 2023

🌐 The Octopus Conference is part of the Octopus Project which is currently funded by voluntary contributions
from Canada, Hungary, Iceland, Italy, Japan, Netherlands, UK and USA.

🔘 Held every 12 to 18 months by the Council of Europe, the Octopus Conference constitutes one of the biggest and finest platforms of exchange in cybercrime gathering experts from more than 100 countries, international organisations, private sector and academia.

🔘 The focus for the 2023 edition will be two-fold:

– Securing and sharing electronic evidence: the tools are here – let’s use them!
– Capacity building on cybercrime and electronic evidence: 10 years of Cybercrime Programme Office (C-PROC) – What impact so far; what’s next?

☑️ Besleaga Liviu, President of the RO-EU CCCR was present at the following workshops and projects:

🔘 Workshops

☑️ Workshop 1: Global state of cybercrime legislation. Legislation is the basis for criminal justice action on cybercrime and electronic evidence. Many governments around the world have undertaken legal reforms, often using the Convention on Cybercrime (Budapest Convention) as a guideline. However, cybercrime legislation also needs to meet human rights and rule of law requirements to prevent misuse. The aim of this workshop is to review progress made worldwide in terms of cybercrime legislation and to identify possible risks and challenges.
☑️ Workshop 2: Spontaneous information sharing. Criminal justice authorities often possess valuable information that it believes may assist the authorities of another country in a criminal investigation but of which these other authorities are not aware of. Parties to the Convention on Cybercrime (Budapest Convention) may share this type of information through Article 26 on “spontaneous information”: “A Party may, within the limits of its domestic law and without prior request, forward to another Party information obtained within the framework of its own investigations when it considers that the disclosure of such information might assist the receiving Party in initiating or carrying out investigations or proceedings concerning criminal offences established in accordance with this Convention or might lead to a request for co-operation by that Party under this chapter….” The relevance of Article 26 has been increasing over time, including within the context of cases related to the dark web or to the sharing of data retrieved from encrypted communications. The aim of the workshop is to identify current practices of using Article 26 of the Convention on Cybercrime.
☑️ Workshop 3: Online child sexual exploitation and abuse. Over the past decade multi-national service providers deployed technology for the automated detection of child sexual abuse materials (CSAM) that was uploaded or disseminated via their services. Tens of millions of CSAM have been identified and reported in this way, and in many cases have helped rescue victims and identify and prosecute offenders worldwide. At the same time, the use of such techniques have raised rule of law and human rights concerns, for example, that they interfere with the privacy of communications or involve the transborder transfer of personal data or violate due process requirements. The aim of the workshop is to continue the search for solutions that permit governments to meet their positive obligation to protect children against online sexual violence and enable service providers to use automated technologies to identify and report CSAM with the necessary privacy, data protection and rule of law safeguards.
☑️ Workshop 4: Synergies between Conventions for a safer cyberspace. The standards of the Conventions maintained by the Council of Europe in the areas of cybercrime, protection of children against sexual abuse, trafficking in human beings and violence against women are not simply complementary, but meant to encourage work between criminal justice authorities, protection officers and policy makers to ensure better criminal justice and related action in these areas. Substantive law offences, use of procedural tools for investigation and preventive/protective work with victims and witnesses are just examples where harmonisation would be key, while concepts such as action on cyberviolence could serve to indicate where and how such synergies should work. The aim of this workshop is to further enhance synergies between four different – but interconnected – Conventions:
– Convention on Cybercrime (ETS No. 185)
– Council of Europe Convention on the Protection of Children against Sexual Exploitation and Sexual Abuse (CETS No. 201)
– Council of Europe Convention on preventing and combating violence against women and domestic violence (CETS No. 210)
– Council of Europe Convention on Action against Trafficking in Human Beings (CETS No. 197)
☑️ Workshop 5: The interplay of cybercrime and financial investigations. Establishing efficient collaboration between criminal justice authorities investigating cybercrime and institutions responsible for financial investigations is vital to safeguard societies from criminal activities. Both financial investigations and actions against cybercrime play a pivotal role in achieving this goal. The workshop will focus on identifying areas of collaboration, fostering domestic and international cooperation, disseminating effective models for interagency teamwork and highlighting the principles governing the exchange of information and evidence among financial and cybercrime experts.
☑️ Workshop 6: Cybercrime and AI. Artificial Intelligence in the criminal justice sector can both represent a serious threat or enhance the fight against cybercrime. Generative AI may provide effective ways to detect crime or provide investigative assistance by analysing vast amount of data but may also be misused for criminal purposes. Falsified data (such as deep fakes) can even be presented as evidence in court. The aim of this workshop is to examine (a) the criminal threats that generative AI may pose for the criminal justice sector, (b) its role in countering cybercrime, and (c) the key issues that need to be taken into account in assessing electronic evidence generated by AI.
☑️ Workshop 7: Regional workshop for Asia. With the growing reliance on information-driven technology and the exponential growth in the amount of data created and exchanged every day by users and organizations, the right to the protection of personal data faces major challenges. This is also true for criminal justice authorities who need to reconcile effective measures to obtain, process and share personal data that are needed in criminal investigations and proceedings with data protection requirements. Where these requirements are met, they facilitate the sharing of personal data also across borders and with service providers and other private sector entities. This is why Article 14 on the protection of personal data was included in the Second Protocol to the Budapest Convention. The aim of this workshop is share experience – and discuss challenges – for countries of Asia on the setting up of data protection frameworks in order to permit a more effective criminal justice response to cybercrime.
☑️ Workshop 8: Regional workshop for Pacific. Robust legal frameworks on cybercrime and electronic evidence are the cornerstone for successful investigations and criminal proceedings. International standards, such as the Budapest Convention, provide a framework for consistent definitions, standardised procedural powers and international cooperation mechanisms. But the absence of transposing such measures into national laws undermines a country’s ability to investigate, prosecute and adjudicate cases involving electronic evidence and to engage in the global efforts to effectively respond to the emerging challenges presented by cybercrime. Small jurisdictions, such as the Pacific Island States, may encounter even bigger struggles in adopting and adapting appropriate laws, considering their specific legal, administrative, and technical contexts. The workshop is aimed at mapping specific challenges and possible solutions based on successful practices in the region.
☑️ Workshop 9: Regional workshop for Africa. While electronic evidence is of increasing significance to criminal investigations and proceedings also in Africa, procedures to obtain such evidence from other jurisdictions are often lengthy and not effective. The Second Protocol to the Budapest Convention (opened for signature in 2022) provides tools for enhanced co-operation and disclosure of electronic evidence – such as direct cooperation with service providers and registrars, effective means to obtain subscriber information and traffic data, immediate co-operation in emergencies or joint investigations, whilst ensuring a strong system of human rights and rule of law safeguards, especially when it comes to protecting personal data. Almost a quarter of African countries are either Parties or have been invited to accede to the Budapest Convention. Making use of the tools of the Second Protocol is thus an option for Africa. Cabo Verde, Ghana, Mauritius and Morocco are among the signatories so far. The workshop is aimed at showcasing the relevance and expediency of the tools for cooperation provided for in the Protocol, as well as at discussing possible challenges to their implementation in the African region.
☑️ Workshop 10: Regional workshop for Latin America and the Caribbean. Many countries in LAC have undertaken efforts in recent years to establish specialized cybercrime units at the level of police and prosecutorial services, as well as units responsible for digital forensics. However, the organizational setup and functions of such units keep evolving and are not always based on international good practices. Further, interagency cooperation between specialized cybercrime units and other services, to ensure that electronic evidence is admissible in courts, remain a challenge. The workshop aims at identifying good practices of setting up forensic units in police/prosecutors’ office and how to ensure the inter-agency co-operation and to avoid overlapping of competencies in the area of digital forensics.
☑️ Workshop 11: Capacity building as a game changer – what makes a difference? The aim of the workshop is to identify examples of capacity building efforts that have made a real difference in terms of enabling sustainable changes in criminal justice systems and of increased effectiveness of tools against cybercrime. Over the past decade, governments, international organizations, private sector as well as civil society organizations have been implementing numerous projects to address cybercrime at national, regional and international level. Some actions were more successful than others. It is important to capitalize on those experiences that had an impact and helped criminal justice authorities and societies to address cybercrime more effectively.
☑️ Workshop 12: Online xenophobia and racism v. freedom of expression. With online hate speech – including racism and xenophobia – on the rise, societies are struggling with an effective response that also respects the fundamental right of the freedom of expression. A broad range of measures may be taken to address hate speech online (see the Council of Europe Recommendation on Hate Speech adopted in 2022). In this spectrum of measures, criminal law is an important last resort. In 2003, the first Protocol to the Convention on Cybercrime was opened for signature, addressing the “criminalisation of acts of a racist and xenophobic nature committed through computer systems” (ETS No. 189). In connection with the twentieth anniversary of this Protocol, a good practice study was undertaken on the experience of this treaty. The workshop aims to present findings of this study, to provide further guidance and to discuss challenges in addressing xenophobia and racism committed online while respecting the right to freedom of expression.
☑️ Workshop 13: Strengthening 24/7 points of contact. The workshop is to further explore modalities for reinforcing the functioning of 24/7 Network of contact points under the Convention on Cybercrime (Budapest Convention): sharing good practices for the efficient processing of requests received; identifying additional ways to increase the operability of the Network; understanding the roles and responsibilities of the Network with regard to the new tools of the Second Additional Protocol to the Budapest Convention.
☑️ Workshop 14: Interplay between cybersecurity and cybercrime. This workshop explores the links between cybersecurity and the prevention and control of cybercrime. It will consider in particular the cooperation between criminal justice authorities and Computer Security Incident Response Teams (CSIRTs). The purpose of this session is to identify ways in which cooperation between criminal justice authorities and cybersecurity actors could improve, including through joint action against common threats, protection of critical infrastructure, and capacity building.

🔘 Projects

☑️ Project event: CyberEast to CyberEast+. This event serves as the closing conference of the CyberEast project and pave the way to the follow up project CyberEast+. It will follow the project themes of legislation and policies, capacity building, and co-operation; it will tell the CyberEast story from the perspectives of the national partners demonstrating the impact and relevance of the project to improve their capacities regarding cybercrime and electronic evidence. The European Commission and the Council of Europe will formally assess and complete the project and launch a new regional action on cybercrime and electronic evidence in the region through the new CyberEast+ project. The workshop will also discuss in view of adoption a new Declaration on Strategic Priorities for the Eastern Partnership region with key project partners, serving as inspiration for policies and capacity building in the region’s countries.
☑️ Project event: iPROCEEDS-2 to CyberSEE. This closing conference of the iPROCEEDS-2 project will assess the project’s main objectives, including legislation and strategic approaches, mechanisms for reporting, capacity enhancement in cybercrime, training for the judiciary and fostering collaboration between public and private sectors, as well as international co-operation. The focus will be on national partners presenting what difference the project has made to improve their agencies’ competence in handling cybercrime and electronic evidence. The event will mark the formal evaluation and closing of the project. It will also prepare the ground for new regional action targeting cybercrime and electronic evidence in South-east Europe and Turkey: the new initiative “CyberSEE” will be jointly undertaken by the European Commission and the Council of Europe from 2024 to 2027.
☑️ Project event: GLACY+ to GLACY-e. This session serves as the closing event of the GLACY+ project. It will provide an opportunity to review the impact of the GLACY+ project, and to share lessons learned. Building on the positive results of GLACY+, a continuation, consolidation and expansion is now commencing with the “Global Action on Cybercrime Enhanced” (GLACY-e), a new EU-CoE joint project. GLACY-e will extend the experience of the GLACY+ project by supporting new selected countries in Africa, Asia-Pacific and Latin America. It will reinforce the leading role of the 8 hub countries in the capacity building agenda in their respective regions.
☑️ Project event: CyberSouth to CyberSouth+. The objective of the final conference is to jointly review and validate the progresses in the fight against cybercrime in the MENA region during the period 2018 – 2023; assess the impact of the CyberSouth project in five main areas related to the project’s results (legislation, work of police, work of judiciary, international co-operation, national strategies) and evaluate together what worked well (best practices) and what can be improved in the next phase.