Cyber-crime justifies world government

Intl treaty demands compliant legislation

  • alert
  • submit to reddit

Build a business case: developing custom apps

The Council of Europe, enthused by considerable American guidance and support, has issued a proposed final draft for an international cybercrime treaty to harmonize statutes related to electronic criminal activity, cross-border police cooperation, and judicial policy throughout Europe and North America, more or less along lines preferred by the United States.

Organized gangsters, terrorists and sexually-exploited children loom large in the document, as they always do when the natural rights of innocent adults are to be sacrificed to law-enforcement expedience.

We're accustomed to that much; what's special about this item is the banana-republic-style contempt it exhibits towards accepted standards of political accountability, legislative procedure and state sovereignty.

A number of crimes have got to be made both uniform and reciprocal among all signatory countries for the scheme to work properly; thus national legislatures will have to be made compliant.

Or, as the document puts it, signatories shall cooperate "on the basis of uniform or reciprocal legislation and domestic laws to the widest extent possible."

Legislative Blackmail

Call us naive, but we always imagined that legislative bodies were meant, ideally, anyway, to be independent of national bureaucracies and responsive to the will of the people.

The COE dispels this quaint myth. "Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law...." a shopping list of naughty on-line behavior, the document announces coolly.

Just like that, national and state legislatures will be expected to bring their laws in line with approved 'international' standards; but by what mechanism, the document's authors don't quite say.

Perhaps a combination of back-channel horse trading, political blackmail and PR sound-bite brutality, if not an outright administrative decree, is presumed.

The list of items the COE insists must be made illegal includes unauthorized access to a computer system; the interception of private communications (by players other than by Big Brother, naturally); damaging, deleting or altering computer data; producing, distributing or possessing child pornography; and data forgery.

Signatories will be graciously permitted to require that actual harm be demonstrated in order for sketchy computer activity to be made criminal, or not as they see fit.

As for kiddie porn, signatories have the option of not criminalizing mere possession, and of adjusting the definition of a minor to somewhere between eighteen and sixteen years of age, but no lower.

Of course, the legal age of consent in some jurisdictions is as low as fourteen. We've often wondered how it is that an individual can be old enough to consent to engage in sexual activity but not old enough to consent to be photographed whilst going about it. It's another of life's mysteries, apparently.

Snooping Sanctified

Now for the scary part. The COE decrees that all signatories rig their legislative agenda to empower law-enforcement bodies to monitor, intercept, search and seize computer data and packet traffic pretty much according to their convenience.

When the Feds suspect that a crime may have been committed, or may be imminent, they should be allowed to order the storage and preservation of any data or packet traffic until they make up their minds whether or not they have enough evidence to proceed with a criminal case.

Parties to the new scheme "shall adopt such legislative and other measures as may be necessary to oblige [anyone in control of computer data] to preserve and maintain the integrity of that computer data for a period of time as long as necessary, up to a maximum of 90 days, to enable the competent authorities to seek its disclosure."

And of course the data custodians -- an ISP, say, or a network administrator -- must keep their mouths shut under penalty of criminal liability.

"Each Party shall adopt such legislative or other measures as may be necessary to oblige the custodian or other person who is to preserve the computer data to keep confidential the undertaking of such procedures," we're told.

It appears that the treaty would also do an end-run around the normal practice of obtaining a warrant before snooping.

"Each Party shall adopt such legislative and other measures as may be necessary to empower its competent authorities to order: a person in its territory to submit specified computer data in that person's possession or control, which is stored in a computer system or a computer-data storage medium; and a service provider offering its services in the territory of the Party to submit subscriber information relating to such services in that service provider's possession or control."

'Subscriber information' can involve "the subscriber's identity, postal or geographic address, telephone and other access number, billing and payment information, available on the basis of the service agreement or arrangement," the document says.

A further assault on civil rights comes from granting an automatic extension of search authorizations which encompass systems in some way connected to the target system, even when the secondary system is in another jurisdiction.

And taking a page out of the dreaded UK Regulation of Investigatory Powers (RIP) Act, the COE reckons it would be swell if law enforcement could compel people to cough up their encryption keys on demand when they want to do some in-depth investigating.

"Each Party shall adopt such legislative and other measures as may be necessary to empower its competent authorities to order any person who has knowledge about the functioning of the computer system or measures applied to protect the computer data therein to provide, as is reasonable, the necessary information," the document says.

The treaty even offers guidance to parties where a request for data or access to data is made across jurisdictions but no mutual agreement is in force. The treaty itself, the COE says, can be used in lieu of other arrangements.

"When there is no mutual assistance treaty or arrangement on the basis of uniform or reciprocal legislation in force between the requesting and the requested Parties, the provisions of this article shall apply."

States' Rights

The COE and its American advisors quite cavalierly make a mockery of state sovereignty.

Using the US federal system as an example, the treaty authors observe that "in the United States....federal criminal legislation generally regulates conduct based on its effects on interstate or foreign commerce, while matters of minimal or purely local concern are traditionally regulated by the constituent states."

Fortunately, these piddling state concerns needn't cause the slightest inconvenience to federal overlords.

"This approach to federalism....recognizes that the constituent states would continue to regulate conduct that has only minor impact or is purely local in character," the authors say contemptuously.

For the really important stuff, which means everything the Feds happen to care about, there's a convenient mechanism to exert jurisdiction according to the treaty, "since the use of the Internet provides the effect on interstate or foreign commerce necessary to invoke federal law."

So nuts to your local, provincial or state government. Merely accessing the Internet suddenly opens you up to 'conduct regulation', as the treaty so quaintly puts it, by a distant, multinational body of high-minded overseers far beyond the reach of any known political mechanism of accountability.

The document overall reads like some perverse decree drafted by that mighty triumvirate of paranoid fantasy, the Council on Foreign Relations, the Bilderberg Group and the Trilateral Commission in some world-domination free-for-all.

We've always prided ourselves on our resistance to irrational fears; but after reading the COE's latest offering, we have to wonder if there might be something to those world-government rumors after all. ®

A new approach to endpoint data protection

More from The Register

next story
Amazon says Hachette should lower ebook prices, pay authors more
Oh yeah ... and a 30% cut for Amazon to seal the deal
Philip K Dick 'Nazi alternate reality' story to be made into TV series
Amazon Studios, Ridley Scott firm to produce The Man in the High Castle
Nintend-OH NO! Sorry, Mario – your profits are in another castle
Red-hatted mascot, red-colored logo, red-stained finance books
Sonos AXES support for Apple's iOS4 and 5
Want to use your iThing? You can't - it's too old
Joe Average isn't worth $10 a year to Mark Zuckerberg
The Social Network deflates the PC resurgence with mobile-only usage prediction
Feel free to BONK on the TUBE, says Transport for London
Plus: Almost NOBODY uses pay-by-bonk on buses - Visa
Twitch rich as Google flicks $1bn hitch switch, claims snitch
Gameplay streaming biz and search king refuse to deny fresh gobble rumors
Stick a 4K in them: Super high-res TVs are DONE
4,000 pixels is niche now... Don't say we didn't warn you
prev story


7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?