Security Incidents mailing list archives
Re: Comments on Draft Convention on Cyber-crime - Article 3
From: "Crooks, James" <james.crooks () CA PWCGLOBAL COM>
Date: Tue, 31 Oct 2000 16:19:42 -0500
the key phrase here is "interception without right" - to me that means a corporation or person can still intercept / record / sniff / run NIDS against any communications to or from it's own servers / networks / workstations / etc. - this kind of leaves the carriers and ISP's in the lurch... what right in law do they have to monitor any deeper than to make sure the packets are still flying past. One loophole that's left is the interception of optical transmissions (fiber optic, IR links, long-lens screen prints, etc.) - IMHO optical is not included in electromagnetic... /jc "Brooke, O'neil (EXP)" <o'neil.brooke () LMCO COM> on 10/31/2000 06:20:34 AM Please respond to "Brooke, O'neil (EXP)" <o'neil.brooke () LMCO COM> To: INCIDENTS () SECURITYFOCUS COM cc: Subject: [INCIDENTS] Comments on Draft Convention on Cyber-crime Hello I am concerned about this particular article. If a computer system under my authority (whether a personal computer or corporate computer that I am responsible for) is generating unknown or unidentified traffic, would I still have the right to intercept these transmissions? Firewalls and Intrusion Detection Systems will intercept transmissions and evaluate them, would I still have the right to deploy these tools? Article 3 - Illegal Interception Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law when committed intentionally the interception without right, made by technical means, of non-public (7) transmissions of computer data to, from or within a computer system, as well as electromagnetic emissions from a computer system carrying such computer data. (7) The Drafting Group agreed, at its 9th meeting (January 2000) on the principle that the terms "non-public" relate to the transmission (communication) process and not necessarily to the data transmitted. It agreed to keep the term in the text temporarily and to try to find some alternative language. ---------------------------------------------------------------- The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer.
Current thread:
- Re: Comments on Draft Convention on Cyber-crime - Article 3 Crooks, James (Nov 02)