FC: U.S. wants to be the world's cyber police, from SecurityFocus

From: Declan McCullagh (declanat_private)
Date: Tue Nov 27 2001 - 06:26:32 PST

  • Next message: Declan McCullagh: "FC: Dorothy Denning on "geo-encryption": Tracking people by their locations"

    ---
    
    From: "Kevin L. Poulsen" <klpat_private>
    To: "Declan McCullagh" <declanat_private>
    Subject: U.S as the world's cyber police
    Date: Mon, 26 Nov 2001 12:23:46 -0500
    
    
    http://www.securityfocus.com/columnists/39
    
    Ashcroft's Global Internet Power-Grab
    
    A little-noticed provision in the new anti-terrorism act imposes U.S. cyber
    crime laws on other nations, whether they like it or not
    
    By Mark Rasch
    
    Much has been written about the new anti-terrorism legislation passed by
    Congress and signed by President Bush, particularly as it respects the
    ability of the government to conduct surveillance on email, voice-mail, and
    other electronic communications. However, too little attention has been paid
    to other provisions of the legislation, particularly a significant change to
    the definition of the types of computers protected under federal law.
    
    An amendment to the definition of a "protected computer" for the first time
    explicitly enables U.S. law enforcement to prosecute computer hackers
    outside the United States in cases where neither the hackers nor their
    victims are in the U.S., provided only that packets related to that activity
    traveled through U.S. computers or routers.
    
    [...]
    
    The new statute requires no threshold of damage or even effect on U.S.
    computers to trigger U.S. sovereignty. The vast majority of Internet traffic
    travels through the United States, with more than half of the traffic
    traveling through Northern Virginia alone. The mere fact that packets
    relating to the criminal activity travel through the United States should
    not be enough to trigger U.S. jurisdiction, even though such traffic would
    "affect" international commerce, albeit infinitesimally.
    
    The expanded statute, and the DOJ policy guidance, would permit the U.S. to
    impose its law on the Internet generally, without the need to show damage or
    trespass to a U.S. computer, merely on the basis of packets being
    inadvertently routed through U.S. computers. This represents and unwarranted
    and dangerous expansion of U.S. sovereignty, and will invariably result in
    more turf battles with foreign law enforcement agencies, rather than fewer.
    
    Under the Department of Justice's interpretation of this legislation, a
    computer hacker in Frankfurt Germany who hacks into a computer in Cologne
    Germany could be prosecuted in the Eastern District of Virginia in
    Alexandria if the packet of related to the attack traveled through America
    Online's computers. Moreover, the United States would reserve the right to
    demand that the extradition of the hacker even if the conduct would not have
    violated German law, or to, as it has in other kinds of cases, simply remove
    the offender forcibly for trial.
    
    <snip>
    
    
    
    
    -------------------------------------------------------------------------
    POLITECH -- Declan McCullagh's politics and technology mailing list
    You may redistribute this message freely if you include this notice.
    Declan McCullagh's photographs are at http://www.mccullagh.org/
    To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
    This message is archived at http://www.politechbot.com/
    -------------------------------------------------------------------------
    



    This archive was generated by hypermail 2b30 : Tue Nov 27 2001 - 07:12:23 PST