cybercrime treaty gets US Senate nod
ZDNet Asia, Asia
By Declan McCullagh and Anne Broache,
|The first and only international treaty designed exclusively to combat computer crime won approval late last week from the U.S. Senate.
The Council of
Europe Convention on Cybercrime "will enhance our ability to cooperate with
foreign governments in fighting terrorism, computer hacking, money laundering
and child pornography, among other crimes," senator Richard Lugar, the Indiana
Republican who is chairman of the Senate Foreign Relations Committee, said in a
The treaty is intended to harmonize computer crime laws, especially those in
smaller or less developed nations that may not have updated their legal
framework to reflect the complexities of the internet. It requires participating
countries to target a broad swath of activities, including unauthorized
intrusions into networks, fraud, the release of worms and viruses, child
pornography and copyright infringement.
U.S. attorney general Alberto Gonzales said in a statement last week: "This
treaty provides important tools in the battles against terrorism, attacks on
computer networks and the sexual exploitation of children over the Internet, by
strengthening U.S. cooperation with foreign countries in obtaining electronic
Because U.S. law already includes much of what the treaty requires, the
Senate's consent is in part symbolic.
But one portion, which provoked the most controversy, deals with
international cooperation. It says internet providers must cooperate with
electronic searches and seizures without reimbursement; the FBI must conduct
electronic surveillance "in real time" on behalf of another government; that US
businesses can be slapped with "expedited preservation" orders preventing them
from routinely deleting logs or other data.
What's controversial about those requirements is that they don't require
"dual criminality"--in other words, Russian security services investigating
democracy activists could ask for the FBI's help in uncovering the contents of
their Yahoo! Mail or Hotmail accounts, or even conducting live wiretaps.
Danny O'Brien, activism coordinator with the Electronic Frontier Foundation
in San Francisco, said: "Our primary concern is that there's no dual criminality
within the mutual assistance provisions. The United States is now obliged to
investigate and monitor French Internet crimes, say, and France is obliged to
obey America's requests to spy on its citizens, for instance--even if those
citizens are under no suspicion for crimes on the statute books of their own
The Council of Europe consists of 45 member states, including all of the
European Union, and five non-voting members, of which the US is one.
Negotiations on the treaty began in 1997, and so far, 15 European nations,
including Albania, Denmark, France, Norway and Ukraine, have fully ratified the
The Bush administration began pressuring Congress to do the same in 2003. The
Senate Foreign Relations Committee approved the treaty last summer.
Long-time technology industry advocates of the treaty hailed the Senate's
action, which occurred on its final day in session before a month-long summer
recess. The Business Software Alliance, a lobbying group whose members include
Apple, Cisco Systems, IBM, Intel and Microsoft, said the treaty "will serve as
an important tool in the global fight against cyber criminals and encourage
greater cooperation among nations".
The software industry, which has been lobbying for years for action on the
treaty, has found it contains much to ...
cheer about, including a requirement that nations enact criminal penalties for
The ratification marks "an important milestone in the fight against
international cybercrime," said Paul Kurtz, executive director of the Cyber
Security Industry Alliance, which counts Juniper Networks, McAfee, RSA Security
and Symantec among its member companies.
The Senate did not consider an optional separate
section dealing with internet-based hate speech that would have required
participating nations to imprison anyone guilty of "insulting publicly, through
a computer system" certain groups of people based on characteristics such as
race or ethnic origin.
The U.S. Department of Justice had said that such a provision--which would
make it a crime to, say, email racist jokes or question conventional wisdom
about the Holocaust--was inconsistent with the First Amendment's free-expression
Attorney general Gonzales said late last week: "The convention is in full
accord with all U.S. constitutional protections, such as free speech and other
civil liberties, and will require no change to U.S. laws."
Civil liberties groups have begged to differ, mounting resistance against the
international document ever since its inception.
In a letter to senators last summer (click here for pdf), the Electronic Privacy Information Center
(Epic) attacked the treaty for offering only "vague and weak" privacy
protections. One section, for example, would force participating nations to have
laws forcing individuals to disclose their decryption keys so that law
enforcement could seize data for investigations, Epic wrote.