--- From: "Kevin L. Poulsen" <klpat_private> To: "Declan McCullagh" <declanat_private> Subject: U.S as the world's cyber police Date: Mon, 26 Nov 2001 12:23:46 -0500 http://www.securityfocus.com/columnists/39 Ashcroft's Global Internet Power-Grab A little-noticed provision in the new anti-terrorism act imposes U.S. cyber crime laws on other nations, whether they like it or not By Mark Rasch Much has been written about the new anti-terrorism legislation passed by Congress and signed by President Bush, particularly as it respects the ability of the government to conduct surveillance on email, voice-mail, and other electronic communications. However, too little attention has been paid to other provisions of the legislation, particularly a significant change to the definition of the types of computers protected under federal law. An amendment to the definition of a "protected computer" for the first time explicitly enables U.S. law enforcement to prosecute computer hackers outside the United States in cases where neither the hackers nor their victims are in the U.S., provided only that packets related to that activity traveled through U.S. computers or routers. [...] The new statute requires no threshold of damage or even effect on U.S. computers to trigger U.S. sovereignty. The vast majority of Internet traffic travels through the United States, with more than half of the traffic traveling through Northern Virginia alone. The mere fact that packets relating to the criminal activity travel through the United States should not be enough to trigger U.S. jurisdiction, even though such traffic would "affect" international commerce, albeit infinitesimally. The expanded statute, and the DOJ policy guidance, would permit the U.S. to impose its law on the Internet generally, without the need to show damage or trespass to a U.S. computer, merely on the basis of packets being inadvertently routed through U.S. computers. This represents and unwarranted and dangerous expansion of U.S. sovereignty, and will invariably result in more turf battles with foreign law enforcement agencies, rather than fewer. Under the Department of Justice's interpretation of this legislation, a computer hacker in Frankfurt Germany who hacks into a computer in Cologne Germany could be prosecuted in the Eastern District of Virginia in Alexandria if the packet of related to the attack traveled through America Online's computers. Moreover, the United States would reserve the right to demand that the extradition of the hacker even if the conduct would not have violated German law, or to, as it has in other kinds of cases, simply remove the offender forcibly for trial. <snip> ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. Declan McCullagh's photographs are at http://www.mccullagh.org/ To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Nov 27 2001 - 07:12:23 PST