US joins European cybercrime convention

The US Government has ratified the European Convention on cybercrime, which digital rights campaigners fear could lead to countries spying on each other's citizens
Written by Tom Espiner, Contributor

The US Government has embraced European legislation that is meant to help the global fight against cybercrime.

The Council of Europe Convention on Cybercrime calls on countries to co-ordinate international law to fight cybercrime. Signatories must also work together to investigate and prosecute these crimes.

The Convention has now been signed by 43 EU member states and 15 other parties including America.

It will come into US law on 1 January 2007 and will help "protect citizens against computer hacking and Internet fraud, as well as crimes involving electronic evidence, including child sexual exploitation, organised crime and terrorism," according to Sean McCormack, spokesman for the US Department of State.

"The Council of Europe Convention on Cybercrime is a global approach to the global problem of computer crime. The United States urges all states to consider joining the Convention," said McCormack in a statement.

However, digital rights campaigners say there is a danger the convention could be used by countries to conduct surveillance on each other's citizens — even if they are suspected of actions which aren't a crime in their home country.

"Our primary concern is that there's no dual criminality within the mutual assistance provisions," Danny O'Brien, activism co-ordinator with the Electronic Frontier Foundation in San Francisco, told ZDNet UK's sister site CNET News.com in August.

"The US is now obliged to investigate and monitor French Internet crimes, say, and France is obliged to obey America's requests to spy on its citizens, for instance — even if those citizens are under no suspicion for crimes on the statute books of their own country," said O'Brien.

Also, under the terms of the treaty Internet service providers must co-operate with electronic searches and seizures without reimbursement, and businesses can be prevented from routinely deleting logs or other data through data preservation orders.

CNET News.com's Declan McCullagh and Anne Broache contributed to this report.

Editorial standards