Cybercrime Treaty Fight Begins

Deskpoet writes "This article on ZDnet details how the Global Internet Liberty Campaign, based in Europe, is rising up to create awareness of this perfidy-in-action. There's also info about how it's really US law enforcement that's driving this thing. Your tax dollars at work."

Re:What an awfully broad brush they're painting wi

Broadly criminalize child pornography, even if the subject only appears to be a child; Well, I support this one, no more NAMBLA

How about this picture? Should it be illegal? [artpassions.net]

Click on the link...don't worry, it is nothing gross, but it could be cosidered child pornography by some people.

Re:It's better than that

"Criminalize the production, sale, distribution or otherwise making available of devices or computer programs who's primary use is to access, intercept or interfere with computer systems or communications."

This also means many other tools will be illegal, including telnet, ftp, ssh, tcpdump...

"Evil beware: I'm armed to the teeth and packing a hampster!"

It would make sniffers illegal!

Criminalize the production, sale, distribution or otherwise making available of devices or computer programs who's primary use is to access, intercept or interfere with computer systems or communications

Sniffers are extremely useful networking tools. They serve a valuable, productive purpose. Apparently, no effort was made in thinking this treaty up.

Oh god... here we go again...

Point 1:

Make illegal access, interception, and interference of computer systems or communications a criminal offense;

Okay, this is fair enough if it applies to governments as well as individuals.

Criminalize the production, sale, distribution or otherwise making available of devices or computer programs who's primary use is to access, intercept or interfere with computer systems or communications; HOW the hell do they expect me then as a network engineer to monitor network traffic to actually fix problems or to debug software, keep track of illeagle use...

Outlaw the fraud and forgery of computer data as well as copyright infringement;

No problems with this.

Broadly criminalize child pornography, even if the subject only appears to be a child;

How do they plan to enforce this and what age is a child... all the countries in Europe have different ages of consent.

Hold corporations liable for crimes and make certain service providers can collect data on their subscribers and save such data when authorities request it; and Cooperate with other jurisdictions to secure evidence and extradite those persons charged with a computer crime.

As we can't intercept traffic on our networks or have the equipment to do it how do we keep information? And I thought RIP was bad...

Time to leave Europe I think...

There goes telnet and minicom

From the article, with my bolding

Criminalize the production, sale, distribution or otherwise making available of devices or computer programs who's primary use is to access, intercept or interfere with computer systems or communications;

So, any program that is designed to access a computer system is illegal? Like:

• telnet
  
• minicom
  
• lynx
  
• ftp
  
• smbclient
  

They better rethink that one.

I imagine they will try to outlaw SA security tools too, like SAINT, COPS, TIGER and crack, just because a cracker can use these too.

Of course, I can think of a lot of Slashdotter's who wouldn't object to these tools being outlawed, because they're dangerous and can be misused by uneducated persons, no wait, that's guns that should be outlawed because they're dangerous, not security tools.

No, there certainly is no analogy between security tools like SAINT that can be misused and guns that can protect you or be misused, none at all.

Criminalize the possession of such devices by govt

I think that *everyone* should be able to eavesdrop on the government, but not the other way around. Radical proposal? Sure, but doing things the other way hasn't worked out, has it?

If we can trust ZDNet's take on it...

I've never regarded ZDNet as a particularly intelligent news source, but assuming what they're saying is correct, the salient points seem to be:

Any country that adopts the legislation will be required to:
* Make illegal access, interception, and interference of computer systems or communications a criminal offense;

I assume this is poorly worded and the wording should have been "Make illegal unauthorized access", otherwise it doesn't make sense! ["We caught you using your own computer, your nicked!"] This is already illegal in most juristictions I'm aware of. Arguably the laws tend to be unworkable and/or go after the wrong targets, but they do exist. Britain has the Computer Misuse Act and Telecommunications Act 1984 which coveres different aspects of the above.

* Criminalize the production, sale, distribution or otherwise making available of devices or computer programs who's primary use is to access, intercept or interfere with computer systems or communications;"

The key words being "whose primary use" is to. Again I'm not sure whether the wording is suspect, surely they mean "whose primary use is intended to be..." as arresting someone for, say, creating an ordinary FTP client which, for coincidental reasons, ends up being the #1 choice of crackers would be unfortunate...

Assuming, again, ZDNet is being sleepy this morning, this isn't that unusual a request. Indeed, it probably already is illegal. In the US, the reason Napster is being targetted as a piracy tool rather than mIRC is because Napster's #1 intended use was to facilitate unauthorised copying, whereas mIRC was designed as a chat program. The fact that there are legitimate uses for Napster and illegal uses for mIRC doesn't change that. One assumes intent, therefore, is already a significant part of the equation.

* Outlaw the fraud and forgery of computer data as well as copyright infringement;

I'd be surprised if there aren't laws out there covering some of this, and copyright infringement's been covered by treaties for years. This is one of those "Why bother?" entries.

* Broadly criminalize child pornography, even if the subject only appears to be a child;

I assume "intent" is going to be part of this. How else do you legally distinguish between child porn and pictures of children? FWIW, I recall Britain has a law now against artificial child porn - pictures that have been created via Photoshop.

Either way, it's tempting to get worried about this because no question of intent is explicitly worded, and many IANAL types get worried about anything so subjective, but given there'd be a international outcry if proud parents, owners of stores selling goods aimed at children, etc, suddenly started getting jailed and/or deported due to pictures of people under 21 appearing on their sites, we can be reasonably sure that intent will be a factor in practice.

* Hold corporations liable for crimes and make certain service providers can collect data on their subscribers and save such data when authorities request it;

It's pretty much true that, because of the lack of common carrier statuses to ISPs even in countries that have the notion of a common carrier (in Britain, most phone companies have no legal protection against acts of their subscribers, for instance), corporations are liable. The collection of data is the new bit, but I assume it needs clarification. What possible incentive does a company have for collecting acurate data on its own users if the only occasion it will be used is in evidence against it? Is the intention that companies who collect such data will not be held liable?

Finally:

* Cooperate with other jurisdictions to secure evidence and extradite those persons charged with a computer crime.

Probably the only part of this that I think is going to be largely new in most juristictions.

The truth is that generally governments already have this mix of laws, in one way or another, both the somewhat bizarre ones and the not so bizarre ones, with the exception of the extradition part. That's the only bit that scares me - how far does it go? Can a 16 year old in the US looking at an adult website in Holland result in the extradition of the webmaster because the age of consent is different in the two countries?
--

Re:You need to look at both sides of the issue

Why do we need laws governing the net? I can't think of any good reason. The first two W's in WWW stand for world-wide... nobody owns it, nobody controls it, and that's the way it should be. The internet is the one true place I at one time thought we could be without shackles, free to do whatever. All we are doing by passing laws is limiting the freedom of the intellectuals of our age, while adding power to the corporations who already controll the masses from outside the net. I honestly can't think of one good reason for passing any laws, by any country, that have ANY jurisdiction on the net. I love my freedom more than anything else in the world, and will die to protect it.

"Evil beware: I'm armed to the teeth and packing a hampster!"

Re:It would make sniffers illegal!

This is effectively taking the tools to protect ourselves from illegal or otherwise undesired activity and placing it in the hands of law enforcement via Carnivore. Of course they could be used to perpetrate "crimes", but they can just as easily be directed to preventing them. Charlton Heston doesn't sound so crazy any more...

ZDNET have summarised the article incorrectly

That is what zdnet say. But if you read the actual treaty (http://conventions.coe.int/treaty/EN/projets/cybe rcrime.doc) (sorry for the icky Word doc, NMF) you will see that the words "access, intercept or interfere" are qualified with the term "without right", and the treaty sections are headed "Illegal Access", "Illegal Interception", and so on.

I don't like the treaty for other reasons, but it's not that stupidly drafted. So remember people, always read the primary sources, and don't get distracted from the main issues, which are (IMHO):
- to what extent governments should compromise your rights in order to prevent or detect crime.
- what constitutes "cybercrime" in any case.

This is really poor reporting

Here [coe.int] is a link to the actual draft of the treaty. Please read it before posting. The article makes terrible simplifications of the wording that blur the original meaning.

Can someone please put this link into the /. article? It is important to the topic.

All hot air?

Isn't this "cybercrime" treaty all hot air anyway?

Aren't there existing laws that deal with these crimes already in existence? We already have copyright law. I know in Britain, there is already the Computer Misuse Act which deals with unauthorized access to computers.

Why are they trying to invent new laws where existing ones already suffice: is this just another case of bureaucrats trying to justify their existence?

Re:It's better than that

Just look at the DeCSS case to see an example of how "primary use" can be twisted to mean just about anything. Even in the face of clear intent by a large group of users to use it non-infringingly, the remote possibility of abuse was enough to ignore the fair use exemptions.

Software is a tool, no different than anything that you'd find in a hardware store. Although imaginative individuals can think of any number of ways to bash, stab, and slice someone with anything you could find at Home Depot, that's no reason to outlaw or restrict them.

Yes!

Yes, new laws against those mean "hackers" and "Cybercrime" will definitely solve the problem! I mean, it sure as hell solved all those drug problems.

It's better than that

"...devices or computer programs who's primary use is to..."

Announcing the latest and greatest version of "ps". Its primary purpose is to show the process running on your system. But now we've added the "--root_host_x" switch. If you use this switch, it launches a root attack against any foreign system. Totally legal!
--
An abstained vote is a vote for Bush and Gore.

Support from abroad?

the U.S. government is going overseas to promote in whatever international forum it can find, an expansion of authority that it has not been able to acquire here

I find this pretty interesting - since when did the united states government ever have to get support from abroad to implement policies?

Re:Support from abroad?

"...since when did the united states government ever have to get support from abroad to implement policies?"

This is not at all unusual. I believe the same thing happened with copyright laws, with the U.S. government encouraging foreign governments to increase copyright holder's powers, and then came to Congress and said, 'See, the rest of the world is doing it, so we should too.'

When fanaticism is in play, not getting support for your idea is no deterrent. Just do an end-run around the problem and get what you want without public support.
________________