Re: Comments on Draft Convention on Cyber-crime - Article 3

["Crooks, James" <james.crooks () CA PWCGLOBAL COM>]

the key phrase here is "interception without right"

- to me that means a corporation or person can still intercept / record / sniff
/ run NIDS against any communications to or from it's own servers / networks /
workstations / etc.

- this kind of leaves the carriers and ISP's in the lurch... what right in law
do they have to monitor any deeper than to make sure the packets are still
flying past.

One loophole that's left is the interception of optical transmissions (fiber
optic, IR links, long-lens screen prints, etc.) - IMHO optical is not included
in electromagnetic...

/jc




"Brooke, O'neil (EXP)" <o'neil.brooke () LMCO COM> on 10/31/2000 06:20:34 AM

Please respond to "Brooke, O'neil (EXP)" <o'neil.brooke () LMCO COM>
To:   INCIDENTS () SECURITYFOCUS COM
cc:
Subject:  [INCIDENTS] Comments on Draft Convention on Cyber-crime



Hello

     I am concerned about this particular article. If a computer system under my
authority (whether a personal computer or corporate computer that I am
responsible for) is generating unknown or unidentified traffic, would I still
have the right to intercept these transmissions? Firewalls and Intrusion
Detection Systems will intercept transmissions and evaluate them, would I still
have the right to deploy these tools?

Article 3 - Illegal Interception

Each Party shall adopt such legislative and other measures as may be necessary
to establish as criminal offences under its domestic law when committed
intentionally the interception without right, made by technical means, of
non-public (7)  transmissions of computer data to, from or within a computer
system, as well as electromagnetic emissions from a computer system carrying
such computer data.

(7) The Drafting Group agreed, at its 9th meeting (January 2000) on the
principle that the terms "non-public" relate to the transmission (communication)
process and not necessarily to the data transmitted. It agreed to keep the term
in the text temporarily and to try to find some alternative language.



----------------------------------------------------------------
The information transmitted is intended only for the person or entity to which
it is addressed and may contain confidential and/or privileged material.  Any
review, retransmission, dissemination or other use of, or taking of any action
in reliance upon, this information by persons or entities other than the
intended recipient is prohibited.   If you received this in error, please
contact the sender and delete the material from any computer.