Feeds

US defends cybercrime treaty

Your secrets are safe with us

  • alert
  • submit to reddit

Website security in corporate America

Critics took aim this week at a controversial international treaty intended to facilitate cross-boarder computer crime probes, arguing that it would oblige the US and other signatories to cooperate with repressive regimes - a charge that the Justice Department denied.

The US is one of 38 nations that have signed onto the Council of Europe's "Convention on Cybercrime," but the US Senate has not yet ratified the measure. In a letter to the Senate last November, President Bush called the pact "the only multilateral treaty to address the problems of computer-related crime and electronic evidence gathering." The treaty, "would remove or minimize legal obstacles to international cooperation that delay or endanger U.S. investigations and prosecutions of computer-related crime," he said.

Drafted under strong US influence, the treaty aims to harmonize computer crime laws around the world by obliging participating countries to outlaw computer intrusion, child pornography, commercial copyright infringement, and online fraud.

Another portion of the treaty requires each country to pass laws that permit the government to search and seize email and computer records, perform Internet surveillance, and to order ISPs to preserve logs in connection with an investigation. A "mutual assistance" provision then obligates the county to use those tools to help out other signatory countries in cross-border investigations: France, for example, could request from the US the traffic logs for an anonymous Hushmail user suspected of violating French law.

Dual criminality. Not

That worries civil libertarians. The treaty is open to any country, with the approval of those that have already ratified it, and some fear that it could put the United States' surveillance capabilities at the disposal of foreign governments with poor human rights records, who may be investigating actions that are not considered crimes elsewhere.

"There is no requirement that the act that is being investigated be a crime both in a nation that is asking for assistance, and the nation that is providing assistance," said the ACLU's Barry Steinhardt, speaking at the Computers Freedom and Privacy Conference in Berkeley, California on Thursday. The US and other countries will be asked to use the electronic snooping powers mandated by the treaty to track political dissidents, he said.

Betty Shave, who heads the Justice Department's international computer crime division, admitted that the treaty mostly lacks so-called "duel criminality" provisions, but she countered that other language in the pact would prevent abuses. One clause in the treaty allows a country to refuse to cooperate in an investigation if its "essential interests" are threatened by the request: Shave says that would allow the US to bow out of a probe targeting free speech or other actions protected by the U.S. Constitution. Moreover, political offenses are specifically excluded from some types of mutual assistance requests available under the treaty.

The treaty is necessary because "crime and terrorism, like everything else, are moving onto the Net and are increasingly difficult to investigate, and a lot of crime is international," said Shave. "Many crimes are deliberately staged through various countries just to make it difficult to investigate."

Privacy International's Gus Hosein argued the international community should have produced model legislation to harmonize computer crime laws, instead of a treaty with mutual obligations. "You create a treaty, suddenly you have all these interests come in."

Thirty-four European nations, plus Canada, Japan, South Africa and the United States have signed onto the treaty, but only five have thus-far ratified it: Albania, Croatia, Estonia, Hungary and Lithuania.

If ratified, no new domestic laws would be have to be passed to bring the US into line with the treaty, according to the Justice Department. Steinhardt was skeptical. "The treaty is already being used as a pretext in some developing nation to pass some pretty draconian laws," he said. "I wouldn't be surprised to see it used in the US that way."

Copyright © 2004, SecurityFocus logo

Related stories

MPs hold inquiry into UK computer crime law
US cybercrime push imperils personal security of Americans
Security fears over UK 'snooper's charter'
US assumes global cyber-police authority
Int'l cybercrime treaty remains horrid

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
More alleged private, nude celeb pics appear online
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Freenode IRC users told to change passwords after securo-breach
Miscreants probably got in, you guys know the drill by now
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
BitTorrent's peer-to-peer chat app Bleep goes live as public alpha
A good day for privacy as invisble.im also reveals its approach to untraceable chats
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.