Politech mailing list archives
FC: US-Europe cybercrime treaty happening in secret --M.Wessling
From: Declan McCullagh <declan () well com>
Date: Thu, 13 Jan 2000 09:52:24 -0500
************[The following note says a draft treaty would outlaw distributing (think: posting on your web site) hacking and eavesdropping tools, including presumably ones that are currently readily available like crack and tcpdump. I wonder if there will be a grandfather clause for the version of crack I compiled in 1992? If not, does this mean I'll be a criminal if I lend a CDROM with my hard drive archive to a friend? Hmmm. --Declan]
*********** To: declan () well com Subject: Bogus cybercrime treaty happening in secret Date: Thu, 13 Jan 2000 06:37:49 -0800 From: John Gilmore <gnu () toad com> Date: Thu, 13 Jan 2000 15:23:17 +0100 (CET) From: Maurice Wessling <maurice () xs4all nl> Subject: cybercrime treaty I've just submitted this to slashdot. Many people on this list will have to worry about it. It will make your job a lot more difficult. maurice The Council of Europe is preparing a so-called "Cybercrime" treaty. European countries, the USA, Canada, Japan and South Africa are involved in the talks. There is no draft made public but a letter of the Dutch minister of Justice to the Dutch parliament is mentioning some of the details of what is discussed during the negotiations about the treaty. The draft is prepared by an ad-hoc group of experts (PC-CY) who will have to finish their work by the end of 2000. There is only a Dutch language version of the letter (if you can read Dutch, I've put it on http://www.bof.nl/cybercrime_treaty.pdf One part of the treaty is of particular interest to Slashdot readers. The treaty will outlaw hacking tools. A summary (not a word-by-word translation): <treaty> Protection against so-called CIA-crimes (confidentiality, integrity and availability) of public and closed networks and systems: computer hacking, unauthorized eavesdropping, unauthorized changing or destroying of data (either stored or in transport). In discussion are also denial of service attacks to public and private networks and systems. This will probably not cover spam. The treaty will outlaw the production, making available or distribution of hardware and software tools to do the above-mentioned (hacking, denial of service, eavesdropping, etc.). The letter does not mention the possession of these tools. The treaty will also outlaw sites with lists of passwords or codes that give unauthorized access to computer systems (this is not about copyright related serials and cracks). The letter explicitly points out that as a result of this treaty countries that wish to implement digital wiretapping or the use of hacking tools by law enforcement need to implement that in their national legislation. </treaty> This definitely sounds like a bad idea. The public will get a false sense of safety, security experts can not do their work and software producers and system administrators will loose an important stimulation to improve the quality of their work. Other points in the treaty: <treaty> illegal content There is only agreement upon child pornography. The countries involved could not agree upon racist speech and pornography in general. European countries wanted to include racist speech but the USA blocked this. On the other hand, European countries did not want to include pornography in general as some others wanted to (the letter doesn't mention who). Child pornography is defined here as "the realistic depiction of a child involved in sexual behavior". It does not matter if children were actually involved in the fabrication of the material. It explicitly includes material with adult actors impersonating as children or computer animations. Cartoons with a non-realistic character are not included in the definition. The letter states a broad international consensus about this definition. email The treaty defines the procedures of investigating the content of email. The treaty tries to follow regimes for search warrants when email is stored and warrants for tapping of telecommunication when email is in transport. Under circumstances (not further explained in the letter) the person subject of a search warrant which involves stored email can be ordered to keep the search secret to prevent damage to the further investigation. border crossing aspects of computer and network search warrants Law enforcement can not cross borders during the search of a computer network. The draft outlines a procedure in which an official request is necessary to the other country to complete the search. All members of treaty will establish a national contact point where such request can be handled fast. In most cases this will be the Interpol contact point. Discussions are ongoing about accessing a computer in another country to which the person that gets the warrant already has authorized access. Is that a border crossing of law enforcement competence? Do the authorities in the other country need to be informed? There is no agreement yet about the status of information that was accidentally gathered from systems in other countries during a network search. One possibility is that that country gets a veto right on the use of that information. preservation order to admins of public or private networks The treaty will define a preservation order that can be given to the admin of the public or private network. Such an order is intended to log traffic data (not content) that would normally be lost immediately or as soon as that data is not important anymore for the maintenance of the network (according to privacy rules). tapping The treaty will force countries to implement digital wiretapping into their national laws. Both of public and private networks. As the Netherlands already have digital wiretapping laws this section is not discussed extensively in the letter. </treaty> -------------------------------------------------------------------------- POLITECH -- the moderated mailing list of politics and technology To subscribe: send a message to majordomo () vorlon mit edu with this text: subscribe politech More information is at http://www.well.com/~declan/politech/ --------------------------------------------------------------------------
Current thread:
- FC: US-Europe cybercrime treaty happening in secret --M.Wessling Declan McCullagh (Jan 13)