Int'l cybercrime treaty remains horrid

CoE listens to law enforcement, but few others

  • alert
  • submit to reddit

The essential guide to IT transformation


This week, the Council of Europe (CoE) Experts Group on Crime in Cyberspace is meeting in Strasbourg, France to finalize the international Cybercrime Convention. The experts should be proud of themselves. They have managed during the past eight months to resist the pernicious influence of hundreds if not thousands of individual computer users, security experts, civil liberties groups, ISPs, computer companies and others outside of their select circle of law enforcement representatives who wrote, faxed and e-mailed their concerns about the treaty.

Last month, the CoE released a new draft of their long-standing effort, which includes a few minor changes and some lip service to human rights, but remains substantially unchanged from previous drafts.

The main gap is a lack of limits on cyber crimes, surveillance powers, and assistance that are created in the convention. The sections on searches still force individuals to disclose encryption keys and other data at the direction of law enforcement officials, in violation of protections against self-incrimination guaranteed by US, Canadian and European laws; wiretap powers remain broadly defined and cover all computer devices down to the smallest local area network (and perhaps even smaller); provisions on real-time data collection remain Carnivore-friendly; and local authorities will still be required to assist law enforcement agencies from other countries, even when investigating actions that are not crimes under local law.

There are a few improvements. The section on illegal devices, which in previous drafts threatened to outright criminalize common security tools, now includes a new paragraph stating that it should not impose criminal liability when the program in question was not created or transferred "for the purpose of committing an offence, such as for testing or the protection of a computer system."

Does that solve all the problems with regulating hacking tools? I don't know, because it all depends on how the law will be implemented by each country.

Human rights gets mentioned once or twice and national governments can resist some requests for assistance when they think the case is political (not to say that could ever happen, but Germany announced this week that anyone anywhere in the world who promotes Holocaust denial is liable under German law, and the Malaysian government announced that anyone who insults Islam online will be punished).

In contrast to these modest changes, the opposition to the entire treaty has been overwhelming. Every cyber-rights group in the world with a pulse has come out against it. On the industry side, it's being opposed by the US Chamber of Commerce, the International Chamber of Commerce, all the ISP associations and a ton of other companies, security groups and so on. About the only one left who isn't calling the draft convention the sign of the devil is the Pope, and he probably would if consulted.

We've not seen this kind of united public interest and industry opposition to a dumb government proposal since the good old days of the Clipper chip. And not coincidentally, the meetings on the subject are filled with the same people.

This is not so say that the CoE committee has not heard or read these complaints.

Last week, Henrik Kaspersen, a Dutch government representative who chairs the committee, and Peter Csonka, the head of Economic Crimes division for the CoE, visited Washington -- reportedly to meet with US Attorney General Janet Reno. At a public meeting on Thursday, Kaspersen acknowledged receiving a flood of complaints on the draft conventions, but dismissed them as coming either from American lawyers who did not understand European law, or, worse, "from the Internet," which his tone suggested could only mean the clueless and uninformed.

None of the kinds of outrageous cases like the French holding Yahoo liable or the Germans arresting a high CompuServe official, could even be conceived by Kaspersen, much less ever happen as a result of the treaty he travelled to America to peddle.

When asked publicly why the treaty did not include any procedural safeguards for limiting surveillance powers, Kaspersen said that determining privacy standards was too hard and controversial for the committee, and had to be left to the national governments of the CoE and signatory countries. I'm sure that those highly democratic countries in the CoE like Russia, Ukraine, and Romania will do a fine job of implementing those rights.

There is a small chance that the committee will finally make real changes to the treaty before the new draft comes out sometime next week. But don't count on it. After three years, it seems they made up their minds a long time ago -- and free speech, privacy, real security on the Net, and all of us be dammed. The next hope is lobbying the national governments to refuse to sign the treaty, or to make changes before it is approved. Perhaps they will not think your comments are just "from the Internet."

© 2000 SecurityFocus.com. All rights reserved.

David Banisar is an attorney and writer in the Washington, DC area. He is co-author of "The Electronic Privacy Papers" (Wiley, 1997) and several other books on privacy, and is deputy director of Privacy International.

The essential guide to IT transformation

More from The Register

next story
6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
Clampdown on clickbait ... and El Reg is OK with this
Banking apps: Handy, can grab all your money... and RIDDLED with coding flaws
Yep, that one place you'd hoped you wouldn't find 'em
No, thank you. I will not code for the Caliphate
Some assignments, even the Bongster decline must
Barnes & Noble: Swallow a Samsung Nook tablet, please ... pretty please
Novelslab finally on sale with ($199 - $20) price tag
Ballmer leaves Microsoft board to spend more time with his b-balls
From Clippy to Clippers: Hi, I see you're running an NBA team now ...
Video of US journalist 'beheading' pulled from social media
Yanked footage featured British-accented attacker and US journo James Foley
Primetime precrime? Minority Report TV series 'being developed'
I have to know. I have to find out what happened to my life
Broadband slow and expensive? Blame Telstra says CloudFlare
Won't peer, will gouge for Internet transit
Netflix swallows yet another bitter pill, inks peering deal with TWC
Net neutrality crusader once again pays up for priority access
prev story


Best practices for enterprise data
Discussing how technology providers have innovated in order to solve new challenges, creating a new framework for enterprise data.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?