Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
News Your Rights Online

Cybercrime Treaty to Be Signed 318

Posted by michael from the world-government dept.
texchanchan writes: "Yahoo reports that "Interior ministers and law enforcement officials from Europe, South Africa, Canada, the United States and Japan will sign the milestone cyber-crime convention.... [because] computer criminals... have moved on from ``innocent'' hacking to fraud, embezzlement and life-threatening felonies."" Feel the spin in that article, from the anonymous "official". We've posted about this treaty before; read the final draft and note it well, particularly the extradition provisions, mutual assistance (some other country gets your country to tap your phones, and send them the data) and the requirements to disclose passwords.
This discussion has been archived. No new comments can be posted.

Cybercrime Treaty to Be Signed More

Cybercrime Treaty to Be Signed

Comments Filter:

  • The irony (Score:2, Funny)

    by Lemmy Caution ( 8378 )
    South America is becoming a bastion of freedom.
  • they've just figured out that hackers have moved on to embezzlement? wasn's this so commonplace even a decade ago that several popular movies had a go at it? hello?

  • Passwords are not all (Score:2, Insightful)

    by Rob Kaper ( 5960 )
    There are plenty of methods to hide data in plain sight with images and such. If I had real secrets, they wouldn't go unencrypted on a filesystem where only the kernel prevents access through a password. Or even store it in encrypted files or filesystems for which the password could be lost.

    If I really had to hide data, I'd make sure noone would even see I was hiding something.

  • Autoimmune Disease (Score:5, Insightful)

    by sickman ( 212256 ) on Wednesday November 21, 2001 @03:40PM (#2597431)
    Here's another one.
    Honestly, are we more afraid of terrorists, or
    our own governments?
    George II says that Terrorists hate freedom, and want to take my freedom away. That isn't true.
    Terrorists can only take my life. Only my government can take my freedom.
    • Our own governments, of course. What self-respecting government, ruling from fear and intimidation, can tolerate the development of an increasingly open world where national boundaries become less and less important every day? It only makes sense that the traditional governments of the world would take off the glove and start smashing about with the iron fast, rather than willingly give up one iota of power.

      The only thing government understands, when it comes to power, is force. Time to start smashing back.

      Max

    • Re:Autoimmune Disease (Score:2, Interesting)

      by Bobzibub ( 20561 )
      I fear governments more hands down.
      Governments kill waaaaaaaay more people than terrorists could ever dream of.
      I'm not even a gun toting small town boy from Wisconson either.
  • Does this mean I can finally drag US spammers in front of a euro court ?

    • Maybe, but what worries me more is that now, apparently I can be lookt at/spied uppon for something that is illegal in the states, while living in the Netherlands.... Hmm, this does have some familiar ring to it. Hasn't something like this happend before? But then with somebody actually going to the states?

  • Landing Lights (Score:4, Insightful)

    by sketerpot ( 454020 ) <sketerpot&gmail,com> on Wednesday November 21, 2001 @03:41PM (#2597437)
    Someone switches off the landing lights via the computer systems. What does this tell them? Improve security? Maybe seperate the landing lights from the computers? No! They think that they can just scare people in to harmlessness. There have been laws like this for a long time, and there are still lots of poeple who R173 L1K3 7hI5!!!

    Improve security. Seperate important systems like landing lights from the internet. Don't just sue people.

    • NO WAY! (Score:2, Funny)

      by czardonic ( 526710 )
      Don't you see? If we allow the threat of cybercrime to force us to change the way we manage our landing lights, THE CYBERCRIMINALS HAVE WON!

      Improving security is an admission that our resolve to enforce security as it is has weakened. We must continue to live our lives, connect everything possible to the public network regardless of how vital or sensitive, and protect our assets with poorly concieved security mechanisms. To do anything else would show that the hackers and the rest of the terrorists have won!

    • Re:Landing Lights (Score:4, Funny)

      by AndroidCat ( 229562 ) on Wednesday November 21, 2001 @04:20PM (#2597679) Homepage
      The whole airport local net was probably accessable from the Internet. *shudder* Landing lights were probably the least damaging thing that could have been done to it!

      It'll get worse with the net-capable appliances of the future -- Shutdown all fridges in Boston every Friday the 13th, Code Red for toasters, etc. (Just kidding, I hope!)

      Star Wars (EpIV for you damned kids) should have warned them: An unauthorized R2 unit at a docking bay data port shut down all the garbage mashers on the Detention Level... Bad network security on something the size of a small moon!

      I guess I'd better not ever try out my prank of taking a highish power IR laser, modulating it with the on/full volume/play codes for most TVs, stereos, VCRs, DVDs -- and then painting a few nearby apartment buildings with it at 3am...

    • Pilots can easilly turn them back on (Score:5, Informative)

      by FreeUser ( 11483 ) on Wednesday November 21, 2001 @05:56PM (#2598179)
      Someone switches off the landing lights via the computer systems.

      As a pilot who has experienced this sort of thing (through other causes) I can say with certainty that any competent pilot can either switch the runway lights back on or go missed (or both if their not comfortable with the situation). Most airports, even the large ones, have pilot controlled lighting (key the mike n times on the CTAF/Tower Frequency). If the pilot is already in the flair then s/he can already see the runway with the plane's landing/taxi lights, and unless visibility is really, really bad (in which case they can go missed) they can land at that point without the runway lights being on at all.

      If there really aren't options (like a blackout due to thunderstorm, terrorist bomb, or luser system cracker), then the pilot can do a missed approach and enter a holding pattern (if on instruments) until the situation is resolved or s/he is diverted to another airport, or if flying VFR simply go around and either try the approach again or find an alternate airport. Even in the worst case scenerio turning off the runway lights, even on short final, is hardly life threatening. Hell, its happened to me simply because the lights had been turned on 15 minutes earlier by another landing pilot and the timer shut the lights off with the threshold about fifty feet away from my descending aircraft. Seven quick clicks on the mike and I completed the landing without even a raise in pulse. This sort of thing happens all the time in non-computerized systems, and I will repeat again, it is not life threatening. Adding a computer to the situation doesn't change that, in the least.

  • Funny... (Score:5, Insightful)

    by Anonymous Coward on Wednesday November 21, 2001 @03:42PM (#2597440)
    I thought fraud, embezzlement, and life-threatening felonies were already against the law on these countries!

  • Excellent (Score:3, Funny)

    by rnb ( 471088 ) on Wednesday November 21, 2001 @03:42PM (#2597442)
    Soon, the Internet will reach its originally intended purpose of allowing people to shop online as quickly and efficiently as possible, and everything else will be outlawed.

  • Don't worry... (Score:3, Funny)

    by Anonymous Coward on Wednesday November 21, 2001 @03:44PM (#2597447)
    once Bush hears that this is an "international treaty", he'll back out of it because of US interests.
  • I'm moving to Sealand, last bastion of the real free world. Nice knowing y'all.

  • Next July (Score:2, Funny)

    by sketerpot ( 454020 )
    Wait for next July, when a treaty on banning racial hatred from the internet will be drafted.

    I think that racists are cretins, but they have a right to hate whomever they please. They also have a right to express themselves, and the internet isn't immune to free speech. Now if only everyone else would agree....

    • Reciprocal indignities. (Score:4, Insightful)

      by Lemmy Caution ( 8378 ) on Wednesday November 21, 2001 @03:58PM (#2597540) Homepage
      Of course, we feel it's all great to battle "child pornography" while we defend race-hatred, while non-Americans (who often have very different ages of consent) consider that an infringement of their free speech. So are we implicitly trading the right to different types of censorship?

  • life threatening (Score:4, Redundant)

    by mlong ( 160620 ) on Wednesday November 21, 2001 @03:46PM (#2597456)
    If there is something life threatening about a computer being hacked, then perhaps the computer shouldn't be hooked up to the Internet.
    • Not all hacking comes in over the internet. At the hospital when my kids were born, they have data jacks on the wall and devices plugged into them. What if I was to unplug the monitor, plug a notebook in and start causing havok on their internal network?
  • Oh shit, there goes the [Internet].

  • This is a little scary (Score:3, Funny)

    by ReidMaynard ( 161608 ) on Wednesday November 21, 2001 @03:49PM (#2597482) Homepage
    2. For the purpose of paragraph 1 above "child pornography" shall include pornographic material that visually depicts: ... b. a person appearing to be a minor engaged in sexually explicit conduct;

    So...all young looking porno models are out of work now....I's a sad, sad, day.

  • I am not happy (Score:3, Insightful)

    by the_2nd_coming ( 444906 ) on Wednesday November 21, 2001 @03:52PM (#2597498) Homepage
    I don't think a computer crime should go unpunished, but I certainly do not want some other government to have to power to spy on me, let alone my own. all europe needs to do is what, say to the FBI...we want you to tape this man's wire so we can continue an investigation.....where is the oversight? there is none. a wire tape can be started by another country by way of just saying this person is a suspect in an investigation.....Im sorry, but I would perfer that i have my constitutional right protected while I am living in my country of origin. this makes every citizen suseptable to other countries legislation.....I trust my government more than I trust a forgien government, and I do not trust my government a whole lot.
  • Exhibit 1:
    "[We will make illegal...]the production, sale, procurement for use, import, distribution or otherwise making available of [...]a device, including a computer program, designed or adapted primarily for the purpose of committing any of the offences established in accordance with Article 2 - 5"

    Exhibit 2:
    "Article 5 - System interference

    [C]ommitted intentionally, the serious hindering without right of the functioning of a computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data."

    So now Windows is illegal in Europe...

  • Nuts (Score:2)

    by zpengo ( 99887 )
    I wonder if that was the same "official" that e-mailed me last week asking me to surrender my passwords and credit-card numbers in the name of national security.

    Can you imagine if this was all just an elaborate project dreamed up by some guy who just sits at his house all day long dreaming up ways to get access to people's information so he can sell it? It's a brilliant idea. By the time everyone realizes this whole thing is a put-on, the culprits will have made off with everything they need.

    Unless, of course, it's not a put-on. But by the time we realize that, the government will have made off with everything they need too...

  • I have to say that %50 of the spam I get on a daily basis is probably some kind of rip-off scam made up by some guy sitting in his room running on a free hosting service with a domain used to gather CC info.

    Does this mean that spammers will be considered terrorists? Will we have laws that will finally put these criminals in jail?

    I hope this is the case. Since the last article I read about spammers, Ive been sending letters charging them for bandwidth ($50 a pop) if they continue to spam. Hopefully now I will be able to just send a little email to the FBI and say, hey, here is a terrorist for you to give hell to. :)
    • Ive been sending letters charging them for bandwidth ($50 a pop) if they continue to spam.

      How's that working out for you? I've been wondering about how viable this is... I'd be curious to hear the results...
    • I...I'm having an ethical dilemma. On the one hand, I think every senator and congressman who votes these constitutionally illegal laws into existence is a traitor and should die for treason. On the other hand, I would gladly shell out big bucks to DOJ@msn.net to see spammers hung up by their balls and beaten like pinatas. What would Jesus do?

      Probably both. Go, Jesus!

      -Legion

  • Dear Slashdot (Score:5, Funny)

    by Exmet Paff Daxx ( 535601 ) on Wednesday November 21, 2001 @04:00PM (#2597554) Homepage Journal
    Attention! Now that this treaty has been signed into law, keep in mind that it is very important that you never forget your passwords. If you forget your password, and it is required for a terrorist investigation, you can be arrested for failure to disclose your password. Please be extremely careful with all your passwords, never EVER forget them.

    Specfically:
    - If you have Alzheimers, do not use any computer system that requires a password.
    - If you write software, make sure that any time you ask a user to create a password, you inform them that they could be imprisoned for life in a foreign country if they forget it.
    - If you have to remember multiple passwords, repeat them to yourself 100 times every night, before you go to sleep.

    Please follow these tips to keep everyone safe & free from terrorism!

    • What the fuh? This wasn't a troll message, it took a point from the treaty and expanded on it to its absurd endpoint.


      Forgetting everything you did wrong is OK for a US President (Reagan, Bush senior, even Clinton) but forgetting a password is NOT OK for regular citizens under the cyber"crime" treaty. Forget and go to jail for obstruction of justice.

    • I could be missing something here ... but has anyone READ this treaty? I can find no reference to an onus on a signatory to enact law that will force the disclosure of passwords.

      The treaty bans: illegal access and interception, data or system interference, and misuse of device (with Article 6(2) specifically putting in a way out for testing software). Forgery and fraud are also on the no-no list.

      The child porno regulations are overly broad because they include "realistic images" are porno, and define a minor as under 18 (16 at a push). This screws nations where the age of consent is low (as low as 14) and banning images can restrict education about child abuse.

      The Copyright provisions basically say that you must be a signatory to the Bern and Rome Conventions, and that you must enact legislation to outlaw wilful violations on a commercial scale.

      The adoption of many of these provisions (or at least the nastiest parts of them) is optional.

      Article 15 explicitly limits the application of the treaty to protect human rights and have the powers afforded under the treaty reasonably limited.

      As for "phone tapping" - provision is made for data preservation 'on demand', not for disclosure. A service provider must preserve data on request for up to 90 days, to give authorities a chance to request (through a normal court process) disclosure.

      I can find no reference to disclosure of passwords. If you are responsible for a computer system you may be required to submit data, which implies that you may be required to decode it if it is encoded. That could implicitly place an onus on any system administrator to have backdoor access to everything on the system.

      More worrying though is that every subscriber will need to be able to supply information about users of their service, including identity and address. While this is limited to the "information available on the basis of the service agreement", SPs (including Internet Cafes and ASPs) may have to get proof of identity from you to cover themselves.

      Article 19(4) is the bit that everything is shitting themselves about: 4. Each Party shall adopt such legislative and other measures as may be necessary to empower its competent authorities to order any person who has knowledge about the functioning of the computer system or measures applied to protect the computer data therein to provide, as is reasonable, the necessary information, to enable the undertaking of the measures referred to in paragraphs 1 and 2. I think this speak for itself; if you know how to access the data, they can order you to do it.

      ISPs should worry about the provisions for collection and interception, but the Treaty states "within [their] existing technical capacity". The Treaty does not require ISPs to have the ability to do this!

      The extradition provisions are a big grey and worrying, but only relate to offenses under the treaty. The mutual assistance clauses are similarly restricted to the monitoring and laws enacted under the treaty; i.e. if you don't have a problem with the laws YOUR country enacts to fulfil their obligation to this treaty, then you have no need to worry.

      A lot of the FUD flying around on Slashdot related to the perception of what laws the US seems to want to enact in relation to this treaty. Most people seem oblivious to the provisions of the treaty itself, most of which are reasonably balanaced and aimed at identifying and preventing criminal activity, rather than screwing Joe Public.

      If you're a cracker, a DDoSer or a script kiddie, then you have more of a problem. You get treated like a graffiti artist or basically anyone who defiles someone else's property.

      If you're a hacker, by comparison, then you have permission to screw with your own system and find and report vulnerabilities.

  • See a pattern here? (Score:3, Insightful)

    by joebp ( 528430 ) on Wednesday November 21, 2001 @04:02PM (#2597572) Homepage
    computer criminals, who have moved on from `innocent' hacking to fraud, embezzlement and life-threatening felonies

    Has anyone else noticed the increasing tendancy for the 'news' media to report links between mostly inert activities enabled by corporate and government stupidity, in the area of technology, and mass murder, terrorism and other, arguably more serious, crimes?

    Seems a good use of FUD on the media and government's part to reduce civil liberties and conceal their clear wrong technical choices.

    What kind of goddamn MCSE moron has a computer which controls landing lights connected, directly or otherwise, to the internet?

  • It is important to note . . . (Score:5, Informative)

    by taustin ( 171655 ) on Wednesday November 21, 2001 @04:04PM (#2597584) Homepage Journal
    . . . that under the provisions of the United States Constitution, "Interior ministers and law enforcement officials" can sign whatever the hell they want, but only the US Senate can actually approve a treaty with another nation. And until they do, it's not law.

    Also note that treaties cannot alter the Constitution itself, nor can they implement anything that violates it.
    • Treaties can alter the Constitution.


      Article VI

      This Constitution, and the laws of the United States which shall be made in pursuance thereof; and all treaties made, or which shall be made, under the authority of the United States, shall be the supreme law of the land; and the judges in every state shall be bound thereby, anything in the Constitution or laws of any State to the contrary notwithstanding.

      • Re:It is important to note . . . (Score:5, Informative)

        by praedor ( 218403 ) on Wednesday November 21, 2001 @04:24PM (#2597693) Homepage

        This doesn't negate the original statement. Only Congress can OK a treaty. Until they do, signing the paper means nothing (see the treaty on Global Warming, signed but essentially dead in the US because it hasn't gotten past Congress).


        Without amending/revoking Constitutional Amendments, the treaty STILL cannot override the Bill of Rights, period. The ONLY way to beat something in the Bill of Rights and all Amendments attached to it is via another Amendment.

      • you, and people like you, keep posting this. It seems you are not reading closely.

        State is the operative word here.

        See, there are State Governments, and Federal Governments. This clause is about State's rights, and basically says they don't have any. Federal Laws supercede state laws and Constitutions ( Yes, the States have Constitutions too... )

        It has 0 to do with Federal Laws. No law, treaty, or executive mandate supercedes the Federal constitution, period. It is the "Supreme Law of the Land" and can only be interpreted, rightly or wrongly, by the Supreme Court.

        People, please stop posting this thing... I've seen this so many times posted wrongly regarding treaties the US is going to enter into, I'm not going to answer it anymore. It only applies if Virginia or Ohio signs a treaty with Pago Pago.
      • Article VI is actually what keeps treaties from altering the Constitution.

        Treaties (just like other "laws of the United States") are part of the "Law of the Land" and, therefore, subject to the restraints of the Constitution.

  • In come the landsharks^WLawyers (Score:3, Informative)

    by Darth RadaR ( 221648 ) on Wednesday November 21, 2001 @04:10PM (#2597618) Journal
    I don't like where this is going.

    Article 11 - Attempt and aiding or abetting

    1. Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally, aiding or abetting the commission of any of the offences established in accordance with Articles 2 - 10 of the present Convention with intent that such offence be committed.

    Great. Now software developers that make things like Nmap, tcpdump, portscanner, sniffit, and other security tools will get jailed or fined out of existence and charged with "aiding and abetting" just because J. Random Cracker ran their software to 0\/\/3n3d someone's unsecured box. You just *know* some lawyer can't wait to make a bunch of money^W^W^W^W^Wuse this little bit of legislation to put people behind bars.
    • Typical slashdot dramatization. There are loads of precedents against prosecution of the tool maker. When was the last time the manufacturer of a handgun (or knife, or screwdriver, or icepick) was tried in a murder case?
      • Ahhh, but they have, ye who hath too much faith in the concept of common sense being a very common thing. :)

        DISCLAIMER: This is not a pro/anti gun rant. Just making a point.

        Check here [yahoo.com]and here [cnn.com] and here [cnn.com] to read about when the gov't filed suit against gun manufacturers. Even the NAACP [cnn.com] and the state of California [cnn.com] have filed suit against gun manufacturers. New York [cnn.com] successfully won a case. Yes, these are technically murder based because they are blaming gun companies for murders that people commit.

        If the powers that be will go after powerful (i.e. lotsa $) gun manufacturers, you can be certain that they'll have no problem going after software developers and anyone that helps them. (*Cough* Dimitri Sklyarov *cough* 2600, *cough* DeCSS, ad infinitum) And they'll probably be villianized by the media as terrorists too. Who knows?

        No dramatization here, just the facts and a natural assumption that the people working on the "Cybercrime Treaty" do not have our best interests at heart.

  • Lessig's message never more timely (Score:5, Insightful)

    by pdqlamb ( 10952 ) on Wednesday November 21, 2001 @04:13PM (#2597631)
    Lawrence Lessig came out the other week saying the geeks who helped create the internet, and enjoy the freedom it was designed to permit, are not helping to defend that freedom. Those who want to limit or eliminate that freedom, from big business who wants to sell you something, to those who want to use it to watch your every move, are winning the political battle by default.

    This is the time to prove Lessig wrong. I don't know how to get a congresscritter's attention any more. They only used to pay attention to postal mail, which they are afraid to open now. But between telephone, fax, e-mail, and watching out for him when he comes into town, I intend to let my congresscritters know not just how much I despise this crock, but why.

    It's time for a call to arms. Slashdotters can take down almost any web site, because there's lots of us and we're not too lazy to click on a few buttons. But if we want to avoid the tremendous pitfall this treaty will engender, it's time to slashdot Congress. I doubt there will be 10,000 phone calls, pieces of mail, etc., the entire Congress will get because of newspaper, radio, or TV coverage. If we're not too lazy, we can generate a normal ./ volume in faxes, phone calls, and so forth, we can make ourselves heard.

    The alternative is to whimper, roll over, and cringe.

    • Some time ago I worked for a company that was developing a system where one could go to a webpage, find his congress member and the system would fax the message to them (rather than emailing it). Maybe we should create an open source equivaliant. Then we can have our faxes and our laziness too! :)
    • Yes go ahead and issue a call to arms. It won't work. This is just one of a series of devestating blows to the so called "geek community". I don't need to go into the litany of awful decisions made by the govt on technical issues from the MS settlement to the anti terrorist bill. Why do you think they win all the time? Why is it that we are batting 0%. Here are few possible reasons.

      1) There is no such thing as a geek community. Sure a bunch of people hang out on slashdot but most don't really care. In fact most can't even agree on anything and here to perpetuate some flame war or another.
      2) Even though geeks make more money then your average teacher or auto worker they are not willing to part with their money to bribe congresspeople. Without those bribes you get shit.
      3) Geeks are notoriously anti union. Not only are they anti union but they hate the idea of joining any kind of organization which smacks of resembling a union. As a result teachers and autoworkers get heard and you get shit.
      4) Geeks tend to worship businesses and business. They are afraid or unwilling to critizise businesses for bribing politicians or unwilling or afraid to critize their own companies for bribing politicians. Imagine if the programmers at disney got together and told their bosses to lay off pushing stupid laws.

      I am sure you can think of more but in essense you have to organize and raise money. All your emails and faxes and mails do nothing. A politicians only cares about where the money is coming from. Right now Disney, AOL, Microsoft etc are spreading around millions of dollars while the geeks are playing everquest. What do you expect?

  • Copyright? (Score:2, Insightful)

    by Anonymous Coward

    Article 10 - Offences related to infringements of copyright and related rights 1. Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law the infringement of copyright, as defined under the law of that Party pursuant to the obligations it has undertaken under the Paris Act of 24 July 1971 of the Bern Convention for the Protection of Literary and Artistic Works, the Agreement on Trade-Related Aspects of Intellectual Property Rights and the WIPO Copyright Treaty, with the exception of any moral rights conferred by such Conventions, where such acts are committed wilfully, on a commercial scale and by means of a computer system.


    Look carefully at the last eleven words. Does this mean our warez sites are not covered under the convention?

  • Whoa. Paranoia runs deeper than i thought. (Score:4, Insightful)

    by imrdkl ( 302224 ) on Wednesday November 21, 2001 @04:42PM (#2597796) Homepage Journal
    Man. This is pretty sad, folks. I mean, at least theres encryption. But you gotta use encryption for fun too, or the strength is broken.

    Every country that signs onto this treaty currently has citizens who can use encryption. The legalities are changing, it seems since the various governments realized that the cat is already out of the bag, wrt encryption. The bad guys got it, and the good guys need to get it now. Witness in fact, direct from the treaty:

    to the extent that such means provide appropriate levels of security and authentication (including the use of encryption, where necessary

    So, it's simple. Make yourself a key, and begin to encrypt things you send. If you dont know what it means to make a key, then go read any PGP site, including the one (still) at MIT [mit.edu].

    If you really want to oppose this at the level where it matters, then encrypt. Dont write your senator, dont address the fine folks in Brussels. Encrypt.

    Remember, encryption makes the internet a cozy bedside chat. Use it with your lovers, and use it with your friends.

    Fear only the One who can factor large primes in his head, and never let them put a key on your head or your hand. Simple. Easy. Fun. Have fun. Love God. Love your neighbor. And have a Great Thanksgiving, America.

    • Here's a challenge to any mathematically-minded geeks with way too much spare time:

      I want a new form of encryption. I want this form of encryption to take two separate plain text messages and two separate passwords. I want the algorithm to generate a single cipher text.

      This allows me to have one real message and one 'bluff' message. If my password is ever demanded of me, I can provide the 'bluff' password. Lo and behold it reveals an innocent, readable message.

      I probably have the skills to implement this such that the cipher text contains both messages in separate blocks, but it would be too easy for someone to detect the fact that the cipher text contains two messages. It would be great if somebody knew how to make this sophisticated enough to appear to any reasonably intelligent encryption buff to be a single message.

      My limited experience in this field makes me think this would be very computationally difficult. Hundreds of thousands of internal keys would need to be generated until a set of keys is found that yield the same ciphertext for the two messages. Brute force would be unrealistic, so you'd need someone with some fairly serious math skills to come up with some fancy algorithm.

      Even better would be if the 'bluff' text could be decrypted by some common tool like PGP. This would do no good if the person asking for passwords knew to ask for two of them.
    • The law makes it mandatory to reveal any encryption keys you have. Failure to do so can result in fine/imprisonment etc.

      As a previous poster mentioned, best not be forgetting those passwords, you could be jailed for not supplying it.

      So imagine a scenario, you slander somebody in the UK, under the UK's more draconian slander laws the UK government requests your files from your computer. The US law enforcement agencies then confiscate your computer and demand all encryption keys. You, not wanting to go to jail, supply them with all you can remember, however there are 3 you don't recall. You go to jail for not supplying keys....

      ... or, during the process of the investigation, the UK law enforcement officials let it slip (since they know you can't do anything to them) that according to your email archives you're having an affair with your wife's sister....

      ... or, they find evidence of slander and order you to pay restitution of 100,000 or face extradition and jail.

      Mind, you as previously stated, until congress gives it the OK, this is still somewhat conjecture, but just encrypting anything is not necessarily the answer.
      • The law makes it mandatory to reveal any encryption keys you have. Failure to do so can result in fine/imprisonment etc.

        This is where Rubberhose [rubberhose.org] comes in. Never thought I'd need it in America....

        -Legion

      • However, Ron Rivest has shown in his papers on "chaffing and winnowing" that you can have efficient encryption based only on authentication. Essentially, you toss garbage information in with the real stuff and use MAC's in such a way that only someone who knows the authentication key can distinguish the real data from the garbage.

        This alone is nice, but the kicker is that the 5th amendment (self-incrimination) should prevent legislation that requires the release of authentication (as opposed to encryption) information. The courts have repeatedly ruled that while the authorities have the right to subpoena your data, they cannot (under protection against self-incrimination) require you to testify that the data is in fact yours.

        • Er, yea. Thats what I meant. (or wanted to mean, anyways :-) Nice.

          Sharing of information privately does usually imply encrypting with someone elses key, and signing with your own. It's nice to know that signing alone gives anyone a clean alternative to plead the fifth. This makes the written word unrecordable until it is revealed willfully, as in a beaten confession, I guess. :-)

    • -----BEGIN PGP SIGNED MESSAGE-----
      Hash: SHA1


      Remember, encryption makes the internet a cozy bedside chat


      ...unless you're communicating with someone in the UK, who can
      be compelled to hand over /their/ key (on pain of five years
      in prison), and who is forbidden to tell you (or anyone else)
      that using encryption to communicate with them is now
      compromised (on pain of, you guessed it, five years in
      prison. This is the way that ECHELON works: one of it's
      functions is to allow certain members of UKUSA to get around
      domestic legislation banning surveillance of their own citizens.
      There's no law forbidding them from using stuff intercepted,
      and then passed on by, friendly governments.


      The worldwide stampede to crush individual's freedom and privacy
      is the most depressing thing to happen since I was born four
      decades back. Join the EFF, write to your governmental representatives,
      and encrypt, encrypt, encrypt... secure your machines and networks
      as well as you possibly can. Use IPSec. Use VPNs. Tunnel stuff through
      ssh.

      -----BEGIN PGP SIGNATURE-----
      Version: GnuPG v1.0.6 (CYGWIN_NT-4.0)
      Comment: For info see http://www.gnupg.org

      iD8DBQE7/VmVkZawWPzItK8RAncVAJ0ZmBWoSyZvCTaez68W wC XiCWGkXwCePYNs
      5GaHQtwd6JBeRGZIdnWZ8GQ=
      =/2q4
      -----END PGP SIGNATURE-----

  • It is sad to see that the US goes the European way regarding civil liberties. Many people tend to think that europe is more-crypto friendly or so, because the german government sponsors GnuPG [gnupg.org].

    But Germany is the country with the most tapped phones per 1000 inhabitants in the whole world, and still growing.

    That they fund GnuPG hast something to do with the fact, that the european industry is afraid of Echelon.

    But the government is really eager nowadays to enforce an Orwellian police state.

    If you are able to understand german, there are some disturbing articles at telepolis [heise.de] about the new European cyber-police called Enfopol [heise.de].

    Anybody know a country which doesn't sacrifice freedom to "fight terrorism" these days ?

  • Can someone please give me an example of *ONE* "life-threatening [felony]" that has been committed as a resulkt of a hack?

    I don't remember ever reading about one...

  • Innocent? (Score:3, Insightful)

    by nooch ( 538215 ) <comicfu AT yahoo DOT com> on Wednesday November 21, 2001 @05:01PM (#2597899) Homepage
    "A European convention to be signed on Friday aims to unite countries in the fight against computer criminals, who have moved on from ``innocent'' hacking to fraud, embezzlement and life-threatening felonies."

    This little quote from the article on yahoo illustrates another misconception... that "innocent" hackers are the one moving into fraud etc. Innocent hackers are still innocent hackers. Criminals that perpetrate these crimes intended to be criminals from the outset. The people (jerks) committing these so-called life-threatening felonies most likely never were innocent, or even hackers.

    We should stand up and say something to our legislators, but realistically nothing will be done. I have tried to contact my "congresswoman" on several occasions to no avail. The only thing most politicians seem to care about are their careers. Sorry to the decent politicos for the generalization.

    J

  • Interesting tidbits you'll find in the draft: (Score:4, Insightful)

    by Chagrin ( 128939 ) on Wednesday November 21, 2001 @05:01PM (#2597901) Homepage
    Section 9.2.c:
    "child pornography shall include pornographic material that visually depicts ... realistic images representing a minor engaged in sexually explicit conduct."

    Rendered images will be deemed illegal. (Also note that section 9.2.b says you can't take pronographic pictures of someone that "appears" to be a minor)

    And no, I am not a fan of child pornography, but section 9.2.c seems to be making new clarifications to current pornography law, and 9.2.b is just very poorly worded.
    • And no, I am not a fan of child pornography, but section 9.2.c seems to be making new clarifications to current pornography law, and 9.2.b is just very poorly worded.

      If it weren't so pig-headed and blatant, it would almost be funny; for years the government has deemed child porn a crime because it victimizes children. That's a great reason to outlaw it, but now we see it isn't the real one. As vile as child porn is, who's being victimized when someone draws a child porn situation (c.f. some anime)? According to this new treaty, the "artist" himself is about to be victimized. Don't you just love moral agendas in the government?

      -Legion

      • If it weren't so pig-headed and blatant, it would almost be funny; for years the government has deemed child porn a crime because it victimizes children. That's a great reason to outlaw it, but now we see it isn't the real one. As vile as child porn is, who's being victimized when someone draws a child porn situation (c.f. some anime)?

        The reasoning behind it is also disturbing. Its effectivly a case of "if must be this way otherwise it's too difficult to obtain convictions".
        You also end up with subjective exceptions, unless you want to ban Shakesphere or Star Trek Voyager.

        According to this new treaty, the "artist" himself is about to be victimized. Don't you just love moral agendas in the government?

        You also have a likelyhood of a double standard where if you are Paramount you can have a 3 year humanoid alien having sex. But if you are joe public artist or writer then it isn't ok (unless you happen to be a famous enough actor/author...)

  • Perhaps it's time (Score:4, Interesting)

    by Myselfthethoom ( 303715 ) on Wednesday November 21, 2001 @05:58PM (#2598190)
    Perhaps it is time for the geeks of the world to declare the internt a soverign country, with and end user licenses agrement that says something like the folowing:
    ATTENTION by connecting your computer to the internet you agree that
    1) Everyone has the right to say whatever they $^&# 'ign want and you can choose to listen or not.
    2) you realize that the internet might be insecure, like walking down a street, Provide secruity for yourself.
    3) We wil not take down a page you find offencive, someone wanted to say that.
    4) We don't care about treaties you all signed, they are not ours.
    5)By conneting your machine to our network you agree that you have read this agreement, even if you are a government this applies to you.
    6) I said that we don't care if you are #$%'ing offended you controll where you browse.
    7)Don't look to us to solve your internal network problems, it is YOUR fault they were not secure.
    To governments:
    we know your country has laws, so do we, we don't care what someone in another country did, it was not in your country. If you are so afraid of content perhaps you are closed minded or if you dislike content perhaps your citizens shouldn't be here.

    Perhaps someone a little bit better should draft the deleration of indpendence for the net, But Hey the whole internet dosen't need to be indepented, Perhaps /. could declare soverinty along with other places that would work better too. I suppose my long rant ends with a summary. I don't reacall the citizens of the internet having a say, that is bad.
    • "Beware of he who would deny you access to information, for in his heart he dreams himself your master."

      This quote is from the Alpha Centauri game. From the character Commisioner Pravin Lal (leader of the UN Peacekeeper faction), and said to be from the U.N. Declaration of Rights.

  • Luckily (Score:2, Funny)

    by OmegaDan ( 101255 )
    Luckily congress still has to approve the treaty and we're lucky they're not stupid enuf--oh *shit*.

  • what I'd kill for (Score:2, Insightful)

    by maxpublic ( 450413 )
    God, I'd kill for a country that wasn't so full of it's own pseudo-moral in-your-face neighbors-want-to-tell-you-how-the-fuck-to-live-yo ur-life bullshit. What violence I wouldn't do to live an a free country that's actually FREE.

    Hey, I'm not sure if I remember this correctly since the Unacceptable Textbook Ban Treaty of 2014, but weren't there some guys who pretty much said the same thing back in the 1700's and did something about it?

    Hope that little comment doesn't violate the Revisionist History Act of 2019. Wait, hold on, somebody's pounding on my front door....

    Max

  • What about confidential files? (Score:4, Insightful)

    by rhincewind ( 302966 ) on Wednesday November 21, 2001 @06:28PM (#2598295)
    When asked, one must suply his/her password, right? So how does this work with doctors, lawyers (e.a.) and non-disclosure agreements with third parties? How will this law relate to other trust-relations which are also integrated within law?

    Before a file is decrypted, it is impossible to tell whether it is part of such relation, or if it in fact contains illegal data, so how will this work out?

  • "Sorta like the Volstead act" (Score:3, Interesting)

    by Biker Jim ( 210124 ) on Wednesday November 21, 2001 @06:44PM (#2598372)
    So I read it. the whole thing. Looks like it will:
    A-Keep a zillion or so int. lawyers off food stamps for the foreseeable future.
    B-Reassure the int. fat cats that the "problem has been adequately addressed"
    C-Set a new world record for obscufatory( I think that means unclear, sometimes contradictory and in view of the mass of existing law on the issue somewhat pointless) rhetoric.
    D-Scare the pants off every cracker in the known world.( Man! I could hear all those plugs coming out of wall sockets all the way over here!)
    E-Prove to the world that these guys(and gals and any others of the 8 or 9 known sexes involved) know what they are talking about and have banded together to do something about it!

    As i sometimes do, I went to one of my old fart buddies and got his opinion (I'm 52 so these guys are really ancient). I explained it rather well I thought and when he stopped laughing he had this to say.
    "Well it sorta reminds me of the Volstead act. (Booze prohibition in the 20's) We'd come out of those logging camps with a hell of a thirst and there was nary a drop to be had. We bought our booze from the local sherrif because he would'nt throw us in the pokie if we bought it from him. I don't remember that it changed much of anything at all except who got our wages. But you know that pretty much convinced us all that when it comes right down to it each man has pretty much got to make his own rules. You know what I mean?"

    Yeah, guess I do. Well thaks for taking the time to read this. Jim Sofra, Queen Charlotte Island,"The trailing edge of technology"
  • Is to find some twisted way to get a high ranking politician or law enforcement official liable under the treaty.

    Use the treaty as a tool against those individuals who passed it in the first place.

    The wording of the treaty is loose enough that there should be plenty of wiggle room to abuse.

    Just imagine a US official being extradited to some obscure european country... the US will nullify that treaty so quickly the photons won't have time to reach your eyeballs.

  • The following has the potential to outlaw current feedback system that keeps vendors providing patches for glaring holes in their products. See Bruce Schneiers CryptoGram. [counterpane.com]

    If the interpretation of device is as wide as it was in the DeCSS/DMCA case, also discussion about vulnerabilities could be prosecuted. Not to mention the actual exploits that seem to be the only things that push some vendors to take action.

    I live in Europe/Finland. Until now it has been mostly safe to distribute & possess things like DeCSS here, but that seems to be changing.

    Quotes from the convention: [coe.int]
    Article 6 - Misuse of devices

    1. Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally and without right:

    a. the production, sale, procurement for use, import, distribution or otherwise making available of:

    i. a device, including a computer program, designed or adapted primarily for the purpose of committing any of the offences established in accordance with Article 2 ? 5;

Slashdot Top Deals

1 + 1 = 3, for large values of 1.

Close