Feeds

Cyber-crime justifies world government

Intl treaty demands compliant legislation

  • alert
  • submit to reddit

Remote control for virtualized desktops

The Council of Europe, enthused by considerable American guidance and support, has issued a proposed final draft for an international cybercrime treaty to harmonize statutes related to electronic criminal activity, cross-border police cooperation, and judicial policy throughout Europe and North America, more or less along lines preferred by the United States.

Organized gangsters, terrorists and sexually-exploited children loom large in the document, as they always do when the natural rights of innocent adults are to be sacrificed to law-enforcement expedience.

We're accustomed to that much; what's special about this item is the banana-republic-style contempt it exhibits towards accepted standards of political accountability, legislative procedure and state sovereignty.

A number of crimes have got to be made both uniform and reciprocal among all signatory countries for the scheme to work properly; thus national legislatures will have to be made compliant.

Or, as the document puts it, signatories shall cooperate "on the basis of uniform or reciprocal legislation and domestic laws to the widest extent possible."

Legislative Blackmail

Call us naive, but we always imagined that legislative bodies were meant, ideally, anyway, to be independent of national bureaucracies and responsive to the will of the people.

The COE dispels this quaint myth. "Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law...." a shopping list of naughty on-line behavior, the document announces coolly.

Just like that, national and state legislatures will be expected to bring their laws in line with approved 'international' standards; but by what mechanism, the document's authors don't quite say.

Perhaps a combination of back-channel horse trading, political blackmail and PR sound-bite brutality, if not an outright administrative decree, is presumed.

The list of items the COE insists must be made illegal includes unauthorized access to a computer system; the interception of private communications (by players other than by Big Brother, naturally); damaging, deleting or altering computer data; producing, distributing or possessing child pornography; and data forgery.

Signatories will be graciously permitted to require that actual harm be demonstrated in order for sketchy computer activity to be made criminal, or not as they see fit.

As for kiddie porn, signatories have the option of not criminalizing mere possession, and of adjusting the definition of a minor to somewhere between eighteen and sixteen years of age, but no lower.

Of course, the legal age of consent in some jurisdictions is as low as fourteen. We've often wondered how it is that an individual can be old enough to consent to engage in sexual activity but not old enough to consent to be photographed whilst going about it. It's another of life's mysteries, apparently.

Snooping Sanctified

Now for the scary part. The COE decrees that all signatories rig their legislative agenda to empower law-enforcement bodies to monitor, intercept, search and seize computer data and packet traffic pretty much according to their convenience.

When the Feds suspect that a crime may have been committed, or may be imminent, they should be allowed to order the storage and preservation of any data or packet traffic until they make up their minds whether or not they have enough evidence to proceed with a criminal case.

Parties to the new scheme "shall adopt such legislative and other measures as may be necessary to oblige [anyone in control of computer data] to preserve and maintain the integrity of that computer data for a period of time as long as necessary, up to a maximum of 90 days, to enable the competent authorities to seek its disclosure."

And of course the data custodians -- an ISP, say, or a network administrator -- must keep their mouths shut under penalty of criminal liability.

"Each Party shall adopt such legislative or other measures as may be necessary to oblige the custodian or other person who is to preserve the computer data to keep confidential the undertaking of such procedures," we're told.

It appears that the treaty would also do an end-run around the normal practice of obtaining a warrant before snooping.

"Each Party shall adopt such legislative and other measures as may be necessary to empower its competent authorities to order: a person in its territory to submit specified computer data in that person's possession or control, which is stored in a computer system or a computer-data storage medium; and a service provider offering its services in the territory of the Party to submit subscriber information relating to such services in that service provider's possession or control."

'Subscriber information' can involve "the subscriber's identity, postal or geographic address, telephone and other access number, billing and payment information, available on the basis of the service agreement or arrangement," the document says.

A further assault on civil rights comes from granting an automatic extension of search authorizations which encompass systems in some way connected to the target system, even when the secondary system is in another jurisdiction.

And taking a page out of the dreaded UK Regulation of Investigatory Powers (RIP) Act, the COE reckons it would be swell if law enforcement could compel people to cough up their encryption keys on demand when they want to do some in-depth investigating.

"Each Party shall adopt such legislative and other measures as may be necessary to empower its competent authorities to order any person who has knowledge about the functioning of the computer system or measures applied to protect the computer data therein to provide, as is reasonable, the necessary information," the document says.

The treaty even offers guidance to parties where a request for data or access to data is made across jurisdictions but no mutual agreement is in force. The treaty itself, the COE says, can be used in lieu of other arrangements.

"When there is no mutual assistance treaty or arrangement on the basis of uniform or reciprocal legislation in force between the requesting and the requested Parties, the provisions of this article shall apply."

States' Rights

The COE and its American advisors quite cavalierly make a mockery of state sovereignty.

Using the US federal system as an example, the treaty authors observe that "in the United States....federal criminal legislation generally regulates conduct based on its effects on interstate or foreign commerce, while matters of minimal or purely local concern are traditionally regulated by the constituent states."

Fortunately, these piddling state concerns needn't cause the slightest inconvenience to federal overlords.

"This approach to federalism....recognizes that the constituent states would continue to regulate conduct that has only minor impact or is purely local in character," the authors say contemptuously.

For the really important stuff, which means everything the Feds happen to care about, there's a convenient mechanism to exert jurisdiction according to the treaty, "since the use of the Internet provides the effect on interstate or foreign commerce necessary to invoke federal law."

So nuts to your local, provincial or state government. Merely accessing the Internet suddenly opens you up to 'conduct regulation', as the treaty so quaintly puts it, by a distant, multinational body of high-minded overseers far beyond the reach of any known political mechanism of accountability.

The document overall reads like some perverse decree drafted by that mighty triumvirate of paranoid fantasy, the Council on Foreign Relations, the Bilderberg Group and the Trilateral Commission in some world-domination free-for-all.

We've always prided ourselves on our resistance to irrational fears; but after reading the COE's latest offering, we have to wonder if there might be something to those world-government rumors after all. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
BIG FAT Lies: Porky Pies about obesity
What really shortens lives? Reading this sort of crap in the papers
Assange™ slumps back on Ecuador's sofa after detention appeal binned
Swedish court rules there's 'great risk' WikiLeaker will dodge prosecution
You think the CLOUD's insecure? It's BETTER than UK.GOV's DATA CENTRES
We don't even know where some of them ARE – Maude
NSA mass spying reform KILLED by US Senators
Democrats needed just TWO more votes to keep alive bill reining in some surveillance
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?