Home / Blogs

US-NL Cybercrime Treaty Signed

On Wednesday 22 February the United States and The Netherlands signed a “declaration of intent” on the cooperation on fighting cybercrime. This event was reported by the press as a treaty. At least that is what all Dutch postings I read wrote, with exception of the official website of the Dutch government. So what was actually signed? Reading the news reports some thoughts struck me.

A good thing

Of course up front I declare that the fact that two countries signing a treaty to cooperate, share knowledge and best practices concerning cybercrime, is news of progress in dealing with the cross border difficulties countries and agencies run into on a daily basis.

Cybercrime or security treaty or declaration of intent?

All headlines I’ve read claim that a cybercrime “treaty” was signed. First I focus on the cybercrime, then the treaty. Even the official communication of the Dutch government mentions cooperation on cybercrime. However looking at the statements of Secretary of Homeland Security Napolitano and Minister Opstelten of Security & Justice I get a different impression. They are quoted that the two countries will focus on cooperation on protecting vital infrastructure, so e.g. in making scada (supervisory control and data acquisition) systems more secure. If this is the case, we are talking cyber security and not cybercrime.

Hacking is mentioned as an example of instances in which forensic investigative best practices can be exchanged, but in relation to vital infrastructure. So, is the reference in the press wrong? Did the minister(y) mix up the two concepts? It does not appear that there is more, as in secret, in the text, as it is only an intent to cooperate.

Next to that hacks of these kind, i.e. on vital infrastructure, are often discussed as potential acts of cyber war. That would make that the topic also surpasses security and moves into the realm of cyber defence. This form of cooperation does not seem intended here.

It also becomes clear that no treaty was signed, but a declaration of intent, so an intention to cooperate. Nothing legally binding. So we will just have to wait what comes from it. The everyday priorities and cross border cybercrime? This combination does not always mix well, I know from experience.

Bilateral versus multilateral treaty

The other comment that I want to make, is that it is a shame that in a cross border environment as cybercrime and cyber security it apparently is still impossible or (too) hard to negotiate a cyber treaty, well declaration of intent, for 27 member states of the EU with the US. The bilateral nature of the declaration means that as soon as there is third country involved in the attack, hack, etc., cooperation ends as the limit of the treaty/intention is reached and it is no longer effective.


This declaration of intent is a not more than a good first step, but the challenges for countries and their national jurisdictions are still stretched beyond what a national jurisdiction can achieve on the Internet as to the topics discussed here. A breakthrough is needed in updating cross border relations. Technological innovation matched by political and diplomatic innovation? It may be a solution.

By Wout de Natris, Consultant internet governance

Filed Under


It certainly would not surprise me that Phil Howard  –  Feb 26, 2012 8:25 PM

It certainly would not surprise me that a “treaty” to pursue (in the law enforcement sense) and prosecute “hackers” (presumably of the bad type) is perceived by politicians as a form of security.  That may be revealing about them, and explain why governments accomplish so little in terms of actual security.

So which country should do what to improve actual security?  US exports Microsoft Windows.  NL exports NSD.  Which country has more work to do?

Hint, I use only NSD from the above list.

This is not to say that law enforcement and prosecution should not be part of the cooperation between these countries.  There are indeed many issues they need to work together on, exchange information about.  But holding it up as a cyber security solution is entirely misleading.

I am not sure if wout sees this as a solution Suresh Ramasubramanian  –  Mar 5, 2012 12:49 PM

This is essential to prosecute criminals who might have their operation spread across multiple countries. And I am glad to see this agreement.

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet




Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global


Sponsored byDNIB.com

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byRadix

Brand Protection

Sponsored byCSC

Threat Intelligence

Sponsored byWhoisXML API