http://news.com.com/2010-1071_3-5969719.html By Declan McCullagh November 28, 2005 If you believe President Bush, a "cybercrime" treaty about to be voted on by the U.S. Senate is needed to thwart online vandals and track down Internet miscreants. Bush claims the treaty, formally approved by a Senate committee this month, will "deny safe havens to criminals, including terrorists, who can cause damage to U.S. interests from abroad, using computer systems." But in reality, the Convention on Cybercrime will endanger Americans' privacy and civil liberties--and place the FBI's massive surveillance apparatus at the disposal of nations with much less respect for individual liberties. For instance, if the U.S. and Russia ratify it, President Vladimir Putin would be able to invoke the treaty's powers to unmask anonymous critics on U.S.-based Web sites and perhaps even snoop on their e-mail correspondence. This is no theoretical quibble: The onetime KGB apparatchik has squelched freedom of speech inside Russia and regularly muzzles journalists and critics. There's an easy fix. The U.S. Senate could attach an amendment to the treaty saying the FBI may aid other nations only if the alleged "crime" in their country also is a crime here. The concept is called dual criminality, and the treaty lets nations choose that option. Requiring dual criminality would let the FBI investigate actual transnational crimes, such as computer intrusions and virus creation. But trumped-up offenses, like a blogger "questioning President Putin," would not trigger U.S. aid. Unfortunately, neither the Bush administration nor the Senate Foreign Relations Committee has been willing to make that change, calling it too "rigid." "This is in the interest of U.S. law enforcement, which aggressively utilizes these treaties to gain evidence abroad and would be hamstrung by a rigid dual-criminality provision in all cases," said a Nov. 8 report prepared by committee chairman Sen. Richard Lugar, R-Ind. "Therefore, the United States will be able to use this (treaty) to obtain electronic evidence in cases involving money laundering, conspiracy, racketeering, and other offenses under U.S. law that may not have been criminalized in all other countries." No wonder that U.S. Internet service providers are worried about becoming surveillance arms for despotic regimes. One lobbyist told me the industry doesn't believe the Bush administration's assurances that the treaty's awesome powers will never be misused. (Remember that this is the same administration that said the same thing about the Patriot Act--and has been proven wrong.) Mutual assistance: Internet surveillance Fully half of the treaty, drafted by the Council of Europe, deals with mutual assistance. (The Council is a quasi-governmental group of 46 nations, including European nations, Russia, the U.S., Canada, Japan and Mexico.) The text spells out exactly what that means in practice. Included on the list: Internet providers must cooperate with electronic searches and seizures without reimbursement; the FBI must conduct electronic surveillance "in real time" on behalf of another government; U.S. businesses can be slapped with "expedited preservation" orders preventing them from routinely deleting logs or other data. In a letter to the Senate, the American Civil Liberties Union spelled out some of the problems. "France and Germany have laws prohibiting the advertisement for sale of Nazi memorabilia or even discussing Nazi philosophy, activities that are protected in the United States under the First Amendment," the letter said. "These countries could demand assistance from the United States to investigate and prosecute individuals for activities that are constitutionally protected in this country." Other potential problems with the treaty include requiring that participating nations outlaw Internet-based copyright infringement as a "criminal offense" even if it's not done for a profit, and prohibiting, in some cases, the "distribution" of computer programs that can be used for illicit purposes. It's true that there are some positive elements of the treaty that promise to help reduce cybercrime. But the lack of dual criminality is a real concern, especially when it's easily fixed with an amendment. Now's the time to let your senators know what you think. Copyright ©1995-2005 CNET Networks, Inc. _________________________________________ Earn your Master's degree in Information Security ONLINE www.msia.norwich.edu/csi Study IA management practices and the latest infosec issues. Norwich University is an NSA Center of Excellence.
This archive was generated by hypermail 2.1.3 : Tue Nov 29 2005 - 22:59:08 PST