The information infrastructure is increasingly under attack by cyber criminals. The number, cost, and sophistication of attacks are increasing at alarming rates. Worldwide aggregate annual damage from attacks is now measured in billions of U.S. dollars. Attacks threaten the substantial and growing reliance of commerce, governments, and the public upon the information infrastructure to conduct business, carry messages, and process information. Most significant attacks are transnational by design, with victims throughout the world.
Measures thus far adopted by the private and public sectors have not provided an adequate level of security. While new methods of attack have been accurately predicted
by experts and some large attacks have been detected in early stages, efforts to prevent or deter them have been largely unsuccessful, with increasingly damaging consequences. Information necessary to combat attacks has not been timely shared. Investigations have been slow and difficult to coordinate. Some attacks are from States that lack adequate laws governing deliberate destructive conduct. Such international cooperation as occurs is voluntary and inadequate. Some significant enhancement of defensive capabilities seems essential. Cyber crime is quintessentially transnational, and will often involve jurisdictional assertions of multiple States. Agreements on jurisdiction and enforcement must be developed to avoid conflicting claims.
The need and methods for effecting international cooperation in dealing with cyber crime and terrorism were the subject of a conference sponsored by the Hoover Institution, the Consortium for Research on Information Security and Policy (CRISP) and the Center for International Security and Cooperation (CISAC) at Stanford University on December 6-7, 1999 (the "Stanford Conference"). Members of government, industry, NGOs, and academia from many nations met at Stanford to discuss the growing problem. A clear consensus emerged that greater international cooperation is required, and considerable agreement that a multilateral treaty focused on criminal abuse of cyber systems would help build the necessary cooperative framework. (A synthesis of the Stanford Conference papers and discussion will be published by the Hoover Press.) This monograph summarizes and presents the Stanford Draft International Convention to Enhance Security from Cyber Crime and Terrorism (the "Stanford Draft" or the "Draft") and commentary on the Draft. The Draft acknowledges and builds upon the draft Convention on Cyber Crime proposed by the Council of Europe (the "COE Draft").