Outrage over privacy violation in cybercrime treaty

Cybercrime treaty still doesn't cut it

A coalition of 22 human rights and public policy organisations say the Council of Europe's latest draft of an international cybercrime treaty gives law enforcement too much power and individuals too little.

In a letter to the Council of Europe secretary general of the Committee of Experts on Cyber Crime, Walter Schwimmer and the Global Internet Liberty Campaign (GILC) said the coalition's concerns, which prompted the latest revision of the treaty, were not adequately addressed.

"To our dismay and alarm, the convention continues to be a document that threatens the rights of the individual while extending the powers of police authorities, creates a low-barrier protection of rights uniformly across borders and ignores highly regarded data protection principles," coalition members wrote in a letter sent Tuesday.

The Committee of Experts on Cyber Crime is meeting this week in Strasbourg, France, where it is rewriting the latest version of the treaty, designed to help the Council of Europe's 41 member nations fight computer and electronic crime. The final draft of the treaty is expected to be completed this month and presented for ratification in mid-2001.

While the United States is not a member of the Council of Europe, US Department of Justice representatives have been actively involved in the process, having testified at the sessions and advised members of the committee. Moreover, if the cybercrime treaty is ratified by the Council of Europe, it is likely that the United States will also sign it.

Last week, a Washington-based Internet policy consultant, McConnell International, released a study showing that 33 of 52 nations surveyed did not have adequate laws to deal with electronic or computer crimes. Only the Philippines -- which recently changed its laws to fill gaps illuminated by the LoveLetter worm -- had addressed the 10 critical areas pinpointed by the study.

While no one denies the need for such a treaty, the tech industry and civil rights organisations still have reservations about the current draft. David Sobel, general counsel of the Electronic Privacy Information Center, a pro-privacy think tank in Washington is among the treaty's critics. He believes the DoJ's testimony to the council had been one-sided. "It's entirely slanted toward law enforcement interests," Sobel said. "There's definitely not enough attention paid to the privacy implications of these provisions."

The current version of the treaty would make unauthorised access and interception of communications illegal, although law enforcement would have the ability to wiretap international communications. In addition, the treaty tackles electronic fraud, child pornography, devices that aid computer crime and extradition of computer criminals.

The GILC raised concerns about the Council of Europe's attempt to patch the treaty with exceptions that do not go far enough to protect citizens' rights. It also criticised the treaty's espousing strong surveillance capabilities for law enforcement without adequate protections.

Others attacked the process, which for the most part has been closed to the public. "No one from outside the room can know what the Justice Department is saying and whose interests they are representing," said James X. Dempsey, senior staff counsel for the Centre for Democracy and Technology, a tech-policy think tank.

The Internet industry has also taken exception to treaty provisions that could force them to open corporate networks when requested by law enforcement and be liable for misuse of their networks.

In November, Yahoo! lost a ruling in France over Nazi memorabilia being sold on its auction site that could force the portal power to censor its network in the United States. If ratified, the cybercrime treaty could cause a flurry of such lawsuits as countries try to establish borders in cyberspace.

"Clearly, what Yahoo! did is legal in the United States," said Barry Steinhardt, associate director for the American Civil Liberties Union. "The current version of the cybercrime treaty says that the [United States] would not have to co-operate if the crime is political. ... Is what Yahoo! did political? Or a 'crime against humanity', as the French call it?"

At some point during the next four years the new US administration is going to take up the question of how to ensure security on an insecure Internet. Charles Cooper hopes it is more possessed of inspired brilliance about how to achieve that cherished objective than the outgoing administration. Go to AnchorDesk UK for the news comment.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the ZDNet News forum.

Let the editors know what you think in the Mailroom. And read other letters.