Int'l cybercrime treaty remains horrid

CoE listens to law enforcement, but few others

  • alert
  • submit to reddit

Security for virtualized datacentres


This week, the Council of Europe (CoE) Experts Group on Crime in Cyberspace is meeting in Strasbourg, France to finalize the international Cybercrime Convention. The experts should be proud of themselves. They have managed during the past eight months to resist the pernicious influence of hundreds if not thousands of individual computer users, security experts, civil liberties groups, ISPs, computer companies and others outside of their select circle of law enforcement representatives who wrote, faxed and e-mailed their concerns about the treaty.

Last month, the CoE released a new draft of their long-standing effort, which includes a few minor changes and some lip service to human rights, but remains substantially unchanged from previous drafts.

The main gap is a lack of limits on cyber crimes, surveillance powers, and assistance that are created in the convention. The sections on searches still force individuals to disclose encryption keys and other data at the direction of law enforcement officials, in violation of protections against self-incrimination guaranteed by US, Canadian and European laws; wiretap powers remain broadly defined and cover all computer devices down to the smallest local area network (and perhaps even smaller); provisions on real-time data collection remain Carnivore-friendly; and local authorities will still be required to assist law enforcement agencies from other countries, even when investigating actions that are not crimes under local law.

There are a few improvements. The section on illegal devices, which in previous drafts threatened to outright criminalize common security tools, now includes a new paragraph stating that it should not impose criminal liability when the program in question was not created or transferred "for the purpose of committing an offence, such as for testing or the protection of a computer system."

Does that solve all the problems with regulating hacking tools? I don't know, because it all depends on how the law will be implemented by each country.

Human rights gets mentioned once or twice and national governments can resist some requests for assistance when they think the case is political (not to say that could ever happen, but Germany announced this week that anyone anywhere in the world who promotes Holocaust denial is liable under German law, and the Malaysian government announced that anyone who insults Islam online will be punished).

In contrast to these modest changes, the opposition to the entire treaty has been overwhelming. Every cyber-rights group in the world with a pulse has come out against it. On the industry side, it's being opposed by the US Chamber of Commerce, the International Chamber of Commerce, all the ISP associations and a ton of other companies, security groups and so on. About the only one left who isn't calling the draft convention the sign of the devil is the Pope, and he probably would if consulted.

We've not seen this kind of united public interest and industry opposition to a dumb government proposal since the good old days of the Clipper chip. And not coincidentally, the meetings on the subject are filled with the same people.

This is not so say that the CoE committee has not heard or read these complaints.

Last week, Henrik Kaspersen, a Dutch government representative who chairs the committee, and Peter Csonka, the head of Economic Crimes division for the CoE, visited Washington -- reportedly to meet with US Attorney General Janet Reno. At a public meeting on Thursday, Kaspersen acknowledged receiving a flood of complaints on the draft conventions, but dismissed them as coming either from American lawyers who did not understand European law, or, worse, "from the Internet," which his tone suggested could only mean the clueless and uninformed.

None of the kinds of outrageous cases like the French holding Yahoo liable or the Germans arresting a high CompuServe official, could even be conceived by Kaspersen, much less ever happen as a result of the treaty he travelled to America to peddle.

When asked publicly why the treaty did not include any procedural safeguards for limiting surveillance powers, Kaspersen said that determining privacy standards was too hard and controversial for the committee, and had to be left to the national governments of the CoE and signatory countries. I'm sure that those highly democratic countries in the CoE like Russia, Ukraine, and Romania will do a fine job of implementing those rights.

There is a small chance that the committee will finally make real changes to the treaty before the new draft comes out sometime next week. But don't count on it. After three years, it seems they made up their minds a long time ago -- and free speech, privacy, real security on the Net, and all of us be dammed. The next hope is lobbying the national governments to refuse to sign the treaty, or to make changes before it is approved. Perhaps they will not think your comments are just "from the Internet."

© 2000 SecurityFocus.com. All rights reserved.

David Banisar is an attorney and writer in the Washington, DC area. He is co-author of "The Electronic Privacy Papers" (Wiley, 1997) and several other books on privacy, and is deputy director of Privacy International.

Choosing a cloud hosting partner with confidence

More from The Register

next story
The 'fun-nification' of computer education – good idea?
Compulsory code schools, luvvies love it, but what about Maths and Physics?
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
'Missy' Cummings on UAVs, smartcars and dying from boredom
Lords take revenge on REVENGE PORN publishers
Jilted Johns and Jennies with busy fingers face two years inside
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
YARR! Pirates walk the plank: DMCA magnets sink in Google results
Spaffing copyrighted stuff over the web? No search ranking for you
prev story


Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.