[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fwd: FC: US-Europe cybercrime treaty happening in secret --M.Wessling


On 13.01.2000 at 09:52 Declan McCullagh <declan@well.com> wrote:

>[The following note says a draft treaty would outlaw distributing (think: 
>posting on your web site) hacking and eavesdropping tools, including 
>presumably ones that are currently readily available like crack and 
>tcpdump. I wonder if there will be a grandfather clause for the version of

>crack I compiled in 1992? If not, does this mean I'll be a criminal if I 
>lend a CDROM with my hard drive archive to a friend? Hmmm. --Declan]
>To: declan@well.com
>Subject: Bogus cybercrime treaty happening in secret
>Date: Thu, 13 Jan 2000 06:37:49 -0800
>From: John Gilmore <gnu@toad.com>
>Date: Thu, 13 Jan 2000 15:23:17 +0100 (CET)
>From: Maurice Wessling <maurice@xs4all.nl>
>Subject: cybercrime treaty
>I've just submitted this to slashdot. Many people on this list will have
>to worry about it. It will make your job a lot more difficult.
>The Council of Europe is preparing a so-called "Cybercrime"
>treaty. European countries, the USA, Canada, Japan and
>South Africa are involved in the talks. There is no draft
>made public but a letter of the Dutch minister of Justice to
>the Dutch parliament is mentioning some of the details of
>what is discussed during the negotiations about the treaty.
>The draft is prepared by an ad-hoc group of experts
>(PC-CY) who will have to finish their work by the end of
>2000. There is only a Dutch language version of the letter
>(if you can read Dutch, I've put it on
>One part of the treaty is of particular interest to Slashdot
>readers. The treaty will outlaw hacking tools. A summary
>(not a word-by-word translation):
>Protection against so-called CIA-crimes (confidentiality,
>integrity and availability) of public and closed networks
>and systems: computer hacking, unauthorized eavesdropping,
>unauthorized changing or destroying of data (either stored
>or in transport). In discussion are also denial of service
>attacks to public and private networks and systems. This
>will probably not cover spam.
>The treaty will outlaw the production, making available or
>distribution of hardware and software tools to do the
>above-mentioned (hacking, denial of service, eavesdropping,
>etc.). The letter does not mention the possession of these
>The treaty will also outlaw sites with lists of passwords or
>codes that give unauthorized access to computer systems
>(this is not about copyright related serials and cracks).
>The letter explicitly points out that as a result of this
>treaty countries that wish to implement digital wiretapping
>or the use of hacking tools by law enforcement need to
>implement that in their national legislation.
>This definitely sounds like a bad idea. The public will get
>a false sense of safety, security experts can not do their
>work and software producers and system administrators will
>loose an important stimulation to improve the quality of
>their work.
>Other points in the treaty:
>illegal content
>There is only agreement upon child pornography.
>The countries involved could not agree upon racist speech
>and pornography in general. European countries wanted to
>include racist speech but the USA blocked this. On the other
>hand, European countries did not want to include pornography
>in general as some others wanted to (the letter doesn't
>mention who).
>Child pornography is defined here as "the realistic
>depiction of a child involved in sexual behavior". It does
>not matter if children were actually involved in the
>fabrication of the material. It explicitly includes material
>with adult actors impersonating as children or computer
>animations. Cartoons with a non-realistic character are not
>included in the definition.
>The letter states a broad international consensus about this
>The treaty defines the procedures of investigating the
>content of email. The treaty tries to follow regimes for
>search warrants when email is stored and warrants for
>tapping of telecommunication when email is in transport.
>Under circumstances (not further explained in the letter)
>the person subject of a search warrant which involves stored
>email can be ordered to keep the search secret to prevent
>damage to the further investigation.
>border crossing aspects of computer and network search
>Law enforcement can not cross borders during the search of a
>computer network. The draft outlines a procedure in which an
>official request is necessary to the other country to
>complete the search. All members of treaty will establish a
>national contact point where such request can be handled
>fast. In most cases this will be the Interpol contact point.
>Discussions are ongoing about accessing a computer in
>another country to which the person that gets the warrant
>already has authorized access. Is that a border crossing of
>law enforcement competence? Do the authorities in the other
>country need to be informed?
>There is no agreement yet about the status of information
>that was accidentally gathered from systems in other
>countries during a network search. One possibility is that
>that country gets a veto right on the use of that
>preservation order to admins of public or private networks
>The treaty will define a preservation order that can be
>given to the admin of the public or private network. Such an
>order is intended to log traffic data (not content) that
>would normally be lost immediately or as soon as that data
>is not important anymore for the maintenance of the network
>(according to privacy rules).
>The treaty will force countries to implement digital
>wiretapping into their national laws. Both of public and
>private networks.
>As the Netherlands already have digital wiretapping laws
>this section is not discussed extensively in the letter.
>POLITECH -- the moderated mailing list of politics and technology
>To subscribe: send a message to majordomo@vorlon.mit.edu with this text:
>subscribe politech
>More information is at http://www.well.com/~declan/politech/


Homepage: http://home.kamp.net/home/kai.raven/index.html
DH/DSS PGP-Key ID: 0xA0232531