Feedback on the Second Additional Protocol to the Convention on Cybercrime Ends Early May

The Council of Europe (CoE), in the context of its proceedings in the preparation of a draft Second Additional Protocol to the Convention on Cybercrime, is considering draft provisions regarding domain name registration information. The latest draft version of the Protocol, which includes the relevant provisions on domain name registration information under consideration, is open for feedback until 2 May 2021.

The Convention on Cybercrime of the CoE, known as the Budapest Convention, is a binding international instrument that serves as a framework for international cooperation between State Parties to this treaty. The CoE has been working on a Second Additional Protocol to the Convention that will address enhanced cooperation and disclosure of electronic evidence. The latest draft versions of the Second Additional Protocol contain provisions related to domain name registration data. These first appeared in the November 2020 version of the Protocol, and were confirmed in the April 2021 version, which the CoE Protocol Drafting Plenary agreed to use in consultations with relevant bodies of the CoE and stakeholders. The relevant provisions are in the Protocol's Article 6, as set out below, and are supplemented by relevant parts in the explanatory memorandum contained in the same version:

Article 6 - Request for domain name registration information

1. Each Party shall adopt such legislative and other measures as may be necessary to empower its competent authorities, for purposes of specific criminal investigations or proceedings, to issue a request to an entity providing domain name services in the territory of another Party for information in the entity's possession or control, for identifying or contacting the registrant of a domain name.
2. Each Party shall adopt such legislative and other measures as may be necessary to permit an entity in its territory to disclose such information in response to a request under paragraph 1, subject to reasonable conditions provided by domestic law.

3. The request under paragraph 1 shall include:

   1. the date issued and the identity and contact details of the competent authority issuing the request;
   2. the domain name about which information is sought and a detailed list of the information sought, including the particular data elements;
   3. a statement that the request is issued pursuant to this Protocol, that the need for the information arises because of its relevance to a specific criminal investigation or proceeding and that the information will only be used for that specific criminal investigation or proceeding; and
   4. the time and the manner in which to disclose the information and any other special procedural instructions.
4. If acceptable to the entity, a Party may submit a request under paragraph 1 in electronic form. Appropriate levels of security and authentication may be required.
5. In the event of non-cooperation by an entity described in paragraph 1, a requesting Party may request that the entity give a reason why it is not disclosing the information sought. The requesting Party may seek consultation with the Party in which the entity is located, with a view to determining available measures to obtain the information.
6. Each Party shall, at the time of signature or when depositing its instrument of ratification, acceptance or approval, or at any other time, communicate to the Secretary General of the Council of Europe the authority designated for the purpose of consultation under paragraph 5.
7. The Secretary General of the Council of Europe shall set up and keep updated a register of authorities designated by the Parties under paragraph 6. Each Party shall ensure that the details that it has provided for the register are correct at all times.

Written comments can be submitted to the Cybercrime Convention Committee (T-CY) Secretariat by 2 May 2021. In the context of consultations on the draft Protocol, the T-CY has also invited stakeholders to participate in an online meeting on 6 May 2021.

ICANN org will submit comments to the T-CY Secretariat, with the goal of ensuring that the CoE is fully aware of the ongoing work within the ICANN community, as well as the specific legal implications that the community is facing in its work as they relate to issues the CoE is looking into. It will also participate in the online meeting.

ICANN org has participated in previous consultations during the drafting process of the Second Additional Protocol within the context of the CoE Octopus Conferences, providing information on the work of ICANN's community.