[In part from a reply to http://www.slaw.ca/2013/04/04/access-to-server-data-for-foreign-criminal-investigative-purposes/ at Slaw]
The U.S. requests under our Mutual Law Assistance Treaties for private information re Megaupload parallels the CISPA proposals, and both strike me as wrong-headed (;-)) It is arguably valid for such a process to be followed in cases of copyright infringement, and can be critiqued on the basis of whether it is necessary and sufficient.
However, it suggest that at least the U.S. government is trying to deal with a minor crime, copyright infringement, because they don't know how to deal with major ongoing ones, commercial espionage.
Real "computer crime"is centred around breaking in to people's machines to steal data or crash them to deny the data to its owners. This is done via viruses, root-kits and the like, communicating across the internet to "bot-nets", collections of machines used as accomplices and cut-outs. These in turn are run by "bot master" machines in the hands of the criminals.
To investigate a key-logger (snooping) virus running on the machine of your chief counsel, you need to trace the connections across the internet from the infected machine to the "bot" and thence to the master. This requires cooperation of the police in the jurisdictions where the machines are and the ISPs they are connected to, to trace the connections between machines. To the best of my knowledge, that is barely in discussion at ICANN, and is nowhere part of the law or practice.
Only once that is done does one need to identify persons, and only one person, the criminal operating the master, and seize the machine for evidence, possibly in a foreign country.
All the other human beings in the story are victims, whom we do not need to identify, but merely transmit a warning to via their ISP. Once we have seized the master machine, we know the IP addresses (and ISPs) of the people who are being attacked, and the IP addresses of the people whose machines have been taken over by viruses to become the bot-net. Without breaching confidentiality, an ISP can forward a message that they are infected by a criminal's virus, and in extreme cases require the machine to be cleaned of infectious before being allowed to connect to the ISPs other customers.
I'm just a bit horrified at our American cousins: right now, people are stealing corporate information, collecting credit-card numbers and sabotaging centrifuges using techniques that neither the police, legislators nor courts are paying any attention to. Instead they are prosecuting a drop-box operator for a misdemeanor.
They remind me of the story of the drunk looking for his car-keys under the street-light, instead of in the dark garage where he dropped them.
–dave