FC: U.S. wants to be the world's cyber police, from SecurityFocus

[Declan McCullagh <declan () well com>]

---

From: "Kevin L. Poulsen" <klp () securityfocus com>
To: "Declan McCullagh" <declan () well com>
Subject: U.S as the world's cyber police
Date: Mon, 26 Nov 2001 12:23:46 -0500


http://www.securityfocus.com/columnists/39

Ashcroft's Global Internet Power-Grab

A little-noticed provision in the new anti-terrorism act imposes U.S. cyber
crime laws on other nations, whether they like it or not

By Mark Rasch

Much has been written about the new anti-terrorism legislation passed by
Congress and signed by President Bush, particularly as it respects the
ability of the government to conduct surveillance on email, voice-mail, and
other electronic communications. However, too little attention has been paid
to other provisions of the legislation, particularly a significant change to
the definition of the types of computers protected under federal law.

An amendment to the definition of a "protected computer" for the first time
explicitly enables U.S. law enforcement to prosecute computer hackers
outside the United States in cases where neither the hackers nor their
victims are in the U.S., provided only that packets related to that activity
traveled through U.S. computers or routers.

[...]

The new statute requires no threshold of damage or even effect on U.S.
computers to trigger U.S. sovereignty. The vast majority of Internet traffic
travels through the United States, with more than half of the traffic
traveling through Northern Virginia alone. The mere fact that packets
relating to the criminal activity travel through the United States should
not be enough to trigger U.S. jurisdiction, even though such traffic would
"affect" international commerce, albeit infinitesimally.

The expanded statute, and the DOJ policy guidance, would permit the U.S. to
impose its law on the Internet generally, without the need to show damage or
trespass to a U.S. computer, merely on the basis of packets being
inadvertently routed through U.S. computers. This represents and unwarranted
and dangerous expansion of U.S. sovereignty, and will invariably result in
more turf battles with foreign law enforcement agencies, rather than fewer.

Under the Department of Justice's interpretation of this legislation, a
computer hacker in Frankfurt Germany who hacks into a computer in Cologne
Germany could be prosecuted in the Eastern District of Virginia in
Alexandria if the packet of related to the attack traveled through America
Online's computers. Moreover, the United States would reserve the right to
demand that the extradition of the hacker even if the conduct would not have
violated German law, or to, as it has in other kinds of cases, simply remove
the offender forcibly for trial.

<snip>




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
Declan McCullagh's photographs are at http://www.mccullagh.org/
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------