[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Subject: IP: An International Treaty on Cybercrime Sounds Like A Great Idea, Until You Read The Fine Print
>Date: Wed, 21 Mar 2001 16:18:23 -0500 >To: eff-priv@eff.org >From: Lauren Gelman <gelman@eff.org> > >WATCH OUT > >An International Treaty on Cybercrime Sounds Like A Great Idea, Until >You Read The Fine Print > > > >By Mike Godwin > >IP Worldwide, April 2001 > > > >Maybe you're a civil libertarian, and maybe you're not. Maybe you >worry about how the United States exercises its vast investigative >and prosecutorial powers, and maybe you don't. > >But if you counsel U.S. corporations on computer-related issues, you >should be concerned about a new proposed treaty known as the >"Convention on Cybercrime." The Council of Europe, a 43-nation public >body created to promote democracy and the rule of law, is nominally >drafting the treaty. Curiously, however, the primary architect is the >United States Department of Justice. > >The Department of Justice and Federal Bureau of Investigation are >using a foreign forum to create an international law-enforcement >regime that favors the interests of the feds over those of ordinary >citizens and businesses. Their goal is to make it easier to get >evidence from abroad and to extradite and prosecute foreign nationals >for certain kinds of crimes. > >Maybe you trust the law-enforcement chiefs in D.C. to do the right >thing. But here's the catch. The same new powers given to the United >States will also handed over to Bulgaria, Romania, Azerbaijan, and >other Council of Europe nations that-although officially democratic >now-don't have a strong traditions of checks and balances on police >power. > >Do you want investigators rummaging around your clients' computer >systems on warrants issued by former Soviet bloc nations? > >That's the prospect that has pushed AT&T Corporation and other >high-technology companies into feverishly trying to stop or at least >soften the treaty. The U.S. Chamber of Commerce and Information >Technology Association of America also oppose it. > >Stewart Baker is one of the chief lobbyists for the treaty opponents. >As a former general counsel of the National Security Agency and >recipient of the Department of Defense Medal for Meritorious Civilian >Service, he's got street cred on these issues in corporate America. > >What worries Baker and his colleagues? Consider the following >hypothetical: A Los Angeles screenwriter corresponds by e-mail with a >neo-Nazi in Germany while researching a script. Shortly after, he >finds federal agents examining the files on his home computer. The >agents also visit America Online Inc. to retrieve records of the >screenwriter's AOL usage. > >The agents are fulfilling a warrant issued by German authorities >allowing them to search for Nazi propaganda. Such material is >unlawful in Germany but not in the U.S. They framed their warrant in >terms of "suspected terrorist activity." > >Maybe the screenwriter should have anticipated this scenario, given >the vigor with which German and other European authorities pursue >hate crime on the Internet. Maybe he's willing to run that risk and >bear the burden of this kind of search. But what about AOL? > >AOL already handles dozens of search warrants and subpoenas every >month. What would change under this treaty is that, in addition to >getting those submitted by U.S. law-enforcement officials, they'd >also have to respond warrants and court orders from 43 additional >nations. All Internet service providers and phone companies-and >perhaps other businesses besides-would have to cooperate with these >types of investigations. They worry they would also have to foot the >bill for complying with them. > >Maybe AOL and AT&T should expect this sort of intrusion as a cost of >doing business in the Internet era. But what about the rest of us? >The treaty would likely apply to any business or individual operating >a computer connected to a network, according to Marilyn Cade, AT&T's >director of Internet and e-commerce policy. If you cable together two >computers, you could be forced to comply with investigations that >originated in Sofia or Riga. > >Even foes say that there might a need for a limited treaty >harmonizing laws globally. Last year, for example, the Philippines >was unable to prosecute the creator of the love bug virus. Its laws >did not fit his deeds. > >Déjà Vu > >The treaty has supporters, of course. The Motion Picture Association >of America, the Recording Industry of America Association, and the >Business Software Alliance all favor the treaty's requirement that >certain copyright infringements be handled under criminal law. "Our >members, of course, constantly face problems connected to the >unauthorized transmission of their copyrighted materials," the three >organizations stated in a joint letter regarding Draft 25. "Thus, we >believe that ensuring that a greater number of countries make such >attacks illegal and actionable under national law is a high >priority." In general, such "attacks" are now handled under civil law >in most countries. The copyright industry hopes the treaty will >extend the United States's increasing use of criminal sanctions to >deter infringement to the Council of Europe's member states, and >ultimately to the rest of the world. > >Critics sometimes compare the cybercrime treaty to the intellectual >property treaty promulgated by the World Intellectual Property >Organization in 1996. That treaty was designed to update laws for the >Internet era. It was largely the handiwork of the Clinton >Administration's Bruce Lehman, the head of the Patent and Trade >Office. > >After the United States and other nations signed and ratified the >WIPO treaty, Congress crafted the Digital Millennium Copyright Act to >implement the treaty. Congress did not seriously debate the most >controversial in part because of the perceived need to implement the >treaty. One of those made it unlawful to tamper with anticopying >devices and software. > >For these critics, the analogy between the WIPO treaty and the >Convention on Cybercrime is clear. "The [cybercrime] treaty was >written by government bureaucrats for government bureaucrats," says >Baker, a partner at Washington, D.C.'s Steptoe & Johnson. "The >process was entirely dominated by one viewpoint-criminal enforcement." > >What It Does > >If the treaty is so bad, why has it gotten so little attention-a wire >service report here, a trade publication article there? The answer, >it seems, is that it is not easy to explain. But let's try. > >The treaty has three primary sets of provisions. All three are aimed >at setting basic computer-related criminal-law standards for >signatory nations. > >First, it would require nations to outlaw such things as unauthorized >computer intrusion; the release of viruses; and the use of a computer >to commit acts that are already crimes, such as fraud and >distribution of child pornography. > >This part is relatively uncontroversial. The exceptions are the move >to bring copyright under criminal law and the expansion of >child-pornography statutes to so-called "virtual child porn." A >similar U.S. law is now under constitutional challenge in the United >States. > >Second, it requires nations to develop standard procedures to capture >and retrieve online and other information. Nations would have to be >able to issue "retention orders" that would "freeze" data on any >computer. Governments would also need the ability to capture in real >time the time and origin of all traffic on a networks, including >telephone networks. For serious crimes, they would be required to >intercept the actual content of the communications. > >Third, nations would have to cooperate with other nations in sharing >electronic evidence across borders. And this cooperation requirement >would apply to all crimes. They don't have to be the cybercrimes laid >out in the first section of the treaty or even actions unlawful under >U.S. law. > >Bones of Contention. > >The second and third parts of the treaty-individually and >together-are the hot buttons. Phone companies and Internet providers >are worried that they will spend their days meeting the demands of >foreign investigative authorities. They won't get reimbursed for >compliance with foreign evidence orders in their non-U.S. branches >and subsidiaries. And they worry that coping with unlimited >compliance orders will disrupt their businesses, or those of their >clients, according to James Halpert, a partner in the Washington, >D.C., office of Piper, Marbury, Rudnick & Wolfe. > >One moment, an Internet provider might be turning over all Bulgarian >folk songs to an investigator. The next moment, it might be searching >for e-mail traffic between customers in Latvia and the Ukraine. > >All companies will have to pay closer attention to their employees' >computer habits. The treaty imposes criminal liability on businesses >if they fail to supervise users who commit bad acts. If the treaty is >taken to its extreme, "companies will have to surveil every single >thing that users are doing on their computers," says Halpert, who >represents a coalition of Internet portal companies. > >How radically will the treaty affect U.S. law? The Justice Department >says hardly at all. It may be possible to sign the treaty without >adopting implementing legislation. Other nations, however, will have >to strengthen and extend their criminal laws substantially. > >Lawyers get paid to worry about what-if scenarios. There's a huge one >lurking here. What if signatory nations pass laws that creates crimes >broader than those described in the treaty? Normally, this would not >be a huge cause for concern. But in this context, it might mean that >U.S. law-enforcement agents would be enforcing criminal process >against American citizens for acts that are not crimes in the United >States. > >The Internet sometimes makes strange bedfellows. As when they >coalesced to oppose the Communications Decency Act regulating >indecency on the net, industry and civil liberties groups are >rallying to oppose the treaty. "Industry and civil liberties groups >are remarkably aligned" in their opposition to the treaty, especially >in the areas of due process protection, says partner Jeffrey Pryce of >Steptoe & Johnson. > >In the eyes of the critics, the treaty is an open invitation to >regulatory mischief. For example, newly democratic nations without >traditional due process and other safeguards could require providers >to build in monitoring technologies or could outlaw anonymous or >untraceable Internet use. Those battles have been fought in the U.S., >but they might play out differently, and worse, in other nations. > >In one likely scenario, the treaty could emerge as the Internet >version of the Communications Assistance for Law Enforcement Act, >known colloquially as CALEA. That 1994 law, highly controversial at >the time, required U.S. telephone companies to make sure that >authorities could both trace and tap calls carried over their >networks. > >Internet services are not currently included under that law, but the >Federal Bureau of Investigation and the Department of Justice have >long sought to expand CALEA to reach computer-based communications. >"It's as if the FBI, having failed to expand CALEA to computer >networks here in the U.S., are trying to do so abroad, and import >that expansion home as a treaty provision," says one industry >representative. > >That last concept is what is known as "policy laundering." Dave >Banisar of Privacy International, a privacy-rights watchdog group, >says that the Justice Department and FBI are pursuing their >law-enforcement agendas overseas with the goal of bringing the >resulting treaty back to Congress. They will then say, Banisar >contends, "Well, other nations are doing it, so we should too." > >Justice and FBI officials decline to comment on this contention. In >private meetings with industry/public policy groups, however, Justice >officials have sought to mollify the treaty's critics. So has the >Council of Europe. In a memo released in February, the Council of >Europe suggested ways that countries could limit their implementing >laws. But while this memo may be a kind of legislative history, it >isn't binding. > >The Treaty Process > >The treaty has been developed under the aegis of the Council of >Europe, an organization created after World War II. Although the U.S. >is not a member, the Department of Justice is what Baker calls a >"leading force" in the process. > >The drafting process was secret until draft 19 was publicly released >in April 2000. Even now Justice officials won't comment publicly on >their role in drafting the terms of the treaty. > >American don't like that the treaty was kept under wraps until it was >well along the way to final form. "A lot of the provisions were >largely locked in" by the time the treaty was publicly released, >Baker says. > >The Justice Department responds by noting that, since last April, it >has made numerous presentations and met repeatedly with business and >other private-sector interests. It is "about as open a process as I >can think of," says Betty Shave of Justice's Computer Crime and >Intellectual Property Section, who has represented DOJ in the treaty >negotiations. > >Stop It Or Fix It? > >Industry groups believe that the best strategy is to try to improve >the treaty rather than kill it. Even if it switched position, the >United States alone "couldn't stand downhill in front of the snowball >and expect to stop it," Baker adds. > >There are no indications that the Bush Administration will stop this >initiative begun during the Clinton era. But even if the United >States doesn't sign the treaty, it will likely affect U.S. companies >doing business internationally, their business partners, and clients. >"Just backing away from it is not the right answer," Cade says. > >U.S. businesses are now starting to appeal to their counterparts >overseas, including the International Chamber of Commerce, in hopes >of turning sentiment against the treaty. Perhaps, if the United >States's role in shaping the treaty becomes better known, European >policymakers will turn away from it. Even many Europeans familiar >with the treaty don't know what it says precisely -- only English and >French translations are available. (English and French are the >official languages of the Council of Europe.) > >"Neither the U.S. Department of Justice nor the U.S. alone will be >able to achieve the kinds of changes that the coalition is seeking in >the treaty without help from the other countries who are their >trading partners and allies," Cade says. > >Short of an international backlash against it, treaty watchers are >uncertain how the U.S. Congress will respond to the treaty if the >United States signs it. Whether senators decide that the need to >combat cybercrimes trumps concerns about submitting U.S. citizens and >companies to foreign criminal process remains an open question. > > > > > >________________________________________________ > Lauren Gelman Phone: 202/487-0420 > Director of Public Policy email: gelman@eff.org > Electronic Frontier Foundation > > > > > > For archives see: http://www.interesting-people.org/
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Powered by eList eXpress LLC