[ISN] Fuzzy logic behind Bush's cybercrime treaty

From: InfoSec News (isn@private)
Date: Tue Nov 29 2005 - 22:29:41 PST


http://news.com.com/2010-1071_3-5969719.html

By Declan McCullagh 
November 28, 2005

If you believe President Bush, a "cybercrime" treaty about to be voted
on by the U.S. Senate is needed to thwart online vandals and track
down Internet miscreants.

Bush claims the treaty, formally approved by a Senate committee this
month, will "deny safe havens to criminals, including terrorists, who
can cause damage to U.S. interests from abroad, using computer
systems."

But in reality, the Convention on Cybercrime will endanger Americans'
privacy and civil liberties--and place the FBI's massive surveillance
apparatus at the disposal of nations with much less respect for
individual liberties.

For instance, if the U.S. and Russia ratify it, President Vladimir
Putin would be able to invoke the treaty's powers to unmask anonymous
critics on U.S.-based Web sites and perhaps even snoop on their e-mail
correspondence. This is no theoretical quibble: The onetime KGB
apparatchik has squelched freedom of speech inside Russia and
regularly muzzles journalists and critics.

There's an easy fix. The U.S. Senate could attach an amendment to the
treaty saying the FBI may aid other nations only if the alleged
"crime" in their country also is a crime here. The concept is called
dual criminality, and the treaty lets nations choose that option.
 
Requiring dual criminality would let the FBI investigate actual
transnational crimes, such as computer intrusions and virus creation.  
But trumped-up offenses, like a blogger "questioning President Putin,"  
would not trigger U.S. aid.

Unfortunately, neither the Bush administration nor the Senate Foreign
Relations Committee has been willing to make that change, calling it
too "rigid."

"This is in the interest of U.S. law enforcement, which aggressively
utilizes these treaties to gain evidence abroad and would be hamstrung
by a rigid dual-criminality provision in all cases," said a Nov. 8
report prepared by committee chairman Sen. Richard Lugar, R-Ind.  
"Therefore, the United States will be able to use this (treaty) to
obtain electronic evidence in cases involving money laundering,
conspiracy, racketeering, and other offenses under U.S. law that may
not have been criminalized in all other countries."

No wonder that U.S. Internet service providers are worried about
becoming surveillance arms for despotic regimes. One lobbyist told me
the industry doesn't believe the Bush administration's assurances that
the treaty's awesome powers will never be misused. (Remember that this
is the same administration that said the same thing about the Patriot
Act--and has been proven wrong.)


Mutual assistance: Internet surveillance

Fully half of the treaty, drafted by the Council of Europe, deals with
mutual assistance. (The Council is a quasi-governmental group of 46
nations, including European nations, Russia, the U.S., Canada, Japan
and Mexico.)

The text spells out exactly what that means in practice. Included on
the list: Internet providers must cooperate with electronic searches
and seizures without reimbursement; the FBI must conduct electronic
surveillance "in real time" on behalf of another government; U.S.  
businesses can be slapped with "expedited preservation" orders
preventing them from routinely deleting logs or other data.

In a letter to the Senate, the American Civil Liberties Union spelled
out some of the problems. "France and Germany have laws prohibiting
the advertisement for sale of Nazi memorabilia or even discussing Nazi
philosophy, activities that are protected in the United States under
the First Amendment," the letter said. "These countries could demand
assistance from the United States to investigate and prosecute
individuals for activities that are constitutionally protected in this
country."

Other potential problems with the treaty include requiring that
participating nations outlaw Internet-based copyright infringement as
a "criminal offense" even if it's not done for a profit, and
prohibiting, in some cases, the "distribution" of computer programs
that can be used for illicit purposes.

It's true that there are some positive elements of the treaty that
promise to help reduce cybercrime. But the lack of dual criminality is
a real concern, especially when it's easily fixed with an amendment.  
Now's the time to let your senators know what you think.

Copyright ©1995-2005 CNET Networks, Inc.



_________________________________________
Earn your Master's degree in Information Security ONLINE
www.msia.norwich.edu/csi
Study IA management practices and the latest infosec issues.
Norwich University is an NSA Center of Excellence.



This archive was generated by hypermail 2.1.3 : Tue Nov 29 2005 - 22:59:08 PST