Multi-nation cybercrime pact gets OK

[InfoSec News <isn () c4i org>]

http://www.zdnet.com/zdnn/stories/news/0,4586,5093153,00.html

By Robert Lemos
ZDNet News 
June 22, 2001 1:25 PM PT
 
A committee on crimes for the Council of Europe signed off Friday on
the final draft of a broad treaty that aims to help countries fight
cybercrime, but which critics say sacrifices privacy protections.

When ratified by the council's leadership and signed by individual
countries, the Convention on Cyber-Crime will bind countries to
creating a minimum set of laws to deal with high-tech crimes,
including unauthorized access to a network, data interference,
computer-related fraud and forgery, child pornography, and digital
copyright infringement.

The convention--which reached its 27th draft before being
approved--also has provisions that will ensure surveillance powers for
governments and bind nations to helping each other gather evidence and
enforce laws.

However, the new international powers will come at the expense of
protections for citizens against government abuse, said James X.
Dempsey, deputy director of the tech-policy think tank Center for
Democracy and Technology in Washington, D.C.

"The treaty's framers started in the wrong place," he said. "For the
first nineteen drafts, they kept it essentially a law-enforcement
treaty. Only in the end did the privacy issues get attention, and they
never got the attention they deserved."

The Council of Europe--founded in 1949 and based in Strasbourg,
France--groups together 43 European countries. If the Convention on
Cyber-Crime is approved, the United States--along with others that
have observer status within the Council (Japan, Canada, Mexico and the
Vatican)--will be allowed to sign on.

The treaty "addresses an important problem: the difficulties law
enforcement has in pursing criminals across national borders,
something that is common in Internet crime," said Patricia Bellia,
assistant professor at Notre Dame Law School.

Bellia, formerly an attorney with the U.S. Department of Justice and
an expert in the jurisdictional problems in prosecuting Internet
crimes, thought that the privacy problems with the treaty have been
overstated.

"The convention is not designed to undermine privacy protection," she
said. "It keeps existing privacy protections. For example, if the
United States signed the treaty, it couldn't do anything to undermine
the Fourth Amendment." The Fourth Amendment to the Constitution is
generally cited in court cases as protecting U.S. citizens' right to
privacy.

Several officials from the DOJ have been advising the European
Committee on Crime Problems--the group that created the treaty--during
the draft process. The DOJ itself did not respond immediately to
requests for comment.

Although the United States has a foundation for defending privacy, the
treaty will not force other countries--whose citizens may not enjoy
constitutional privacy protections--to adopt laws to guard their
citizens' privacy.

Last month, the European Committee on Crime Problems bowed to pressure
from international rights groups and included some provisions in the
treaty to limit surveillance to criminal investigations and added some
safeguards to civil liberties.

But it's still not enough, Dempsey said.

"Unfortunately, it remains a fundamentally imbalanced document," he
said. "While the privacy issues received somewhat more attention in
the final stages of the process, the treaty does not have the
specificity needed for meaningful privacy protection in the face of
the increasing surveillance power of this new technology."

The final draft of the convention will be posted to the Council of
Europe Web site June 29.
 



ISN is hosted by SecurityFocus.com
---
To unsubscribe email isn-unsubscribe () SecurityFocus com.