Slashdot Mirror

Version 22 rev 2 from 2 October 2000 is now online in HTML format at: http://conventions.coe.int/treaty/EN/projets/cyber crime22.htm

This version applies the "intent" language to both 1) and 2), as you suggested, and thus appears to addresse the 11 (b) issue also of contributing to open source software. Section 11 has also changed.

There still may be lots of problems here, but I agree with those that urge us to get involved. It has clearly finally had at least some impact.

--Neal

Quick! Post the wrong link to the site like an idiot!

You may want to tone down your assholishness when attempting to dress down other folks, as you are not yourself perfect.

Thanks to your episode of brilliance, you posted the link to the 8-month-old version, instead of the up-to-date version. Soooo....all those folks who actually *did* go there and download it and read it and make comments on it and send them in...were commenting on the wrong edition, if they didn't bother to actually check up on your information. Way to go - score 1 for democracy.

Yes, I realize you were trying to be helpful. But, helpful means doing the research first *in fullness*. I do appreciate the thought...but the execution was a bit lacking.

But, don't get pissed...get even. Do it right next time. I promise to eat my words if I see it. :)

Try This Instead

Hell, check all of 'em out

Quick! Post the wrong link to the site like an idiot!

You may want to tone down your assholishness when attempting to dress down other folks, as you are not yourself perfect.

Thanks to your episode of brilliance, you posted the link to the 8-month-old version, instead of the up-to-date version. Soooo....all those folks who actually *did* go there and download it and read it and make comments on it and send them in...were commenting on the wrong edition, if they didn't bother to actually check up on your information. Way to go - score 1 for democracy.

Yes, I realize you were trying to be helpful. But, helpful means doing the research first *in fullness*. I do appreciate the thought...but the execution was a bit lacking.

But, don't get pissed...get even. Do it right next time. I promise to eat my words if I see it. :)

Try This Instead

Hell, check all of 'em out

Each party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law when committed intentionally the serious hindering without right of the functioning of a computer system by inputting, [transmitting,] damaging, deleting, deteriorating, altering, or suppressing computer data. (Emphasis added).

Now IANAL, but that last bit about suppressing computer data where such suppression would hinder the proper operation of the system would seem to make full disclosure almost a requirement. Since in the U.S., corporate entities are more or less treated like an individual under the law, a large company which produces software, yet does not allow the publishing of its vulnerabilities (which seriously hinder its operation, IMHO) should be culpable under any law resulting from the ratification of this treaty.

While that in itself is a Good Thing, the fact that it appears in this treaty which would make the tools that would enable such discovery and disclosure illegal, it must be concluded that no sane person would ratify a treaty with such obvious internal inconsistencies.

Sadly, sanity is not a prerequisite for government position... (one may argue it is a hindrance to getting such a position)

As if this friggin Maginot line of computer defense wasn't bad enough, in the treaty in Section 2, article 14, paragraph 5 the signatory countries must pass laws to force you to give up your password on any system they want to access for any criminal investigation.

One thing I've noticed in reading through the draft is that every phrase is carefully worded to include only the intent to perform a criminal act.

With that being the case, would it not be upheld exactly the way it reads? For it sounds to me like the writing of DeCSS would be perfectly fine according to this document. Am I missing something?

Also, even when there is an intent to perform a crime, isn't that a bit hard to prove? Is there a way to not persecute those with good intentions while still persecuting those with criminal intentions?

I don't see how.

A journalist's report of one lawyer's interpretation of the treaty is not much to go on. The treaty itself is available, and the journalist seems to have left out a lot of the "without right", "intent" and similar issues that are in the treaty itself.

We should be concerned about this treaty, but base your arguments on the original source, not some journalist's interpretation (or the usual ill-informed speculation you see here).

The lawyer's opinion would also be useful input, but I don't have a reference to that.

Check out the text to the actual treaty here. Looks like the newest revision is only available as a Word doc, although there's a slightly older version available in HTML. Something worth noting, though: contrary to the implication of the article, the word "hack" or "hacking" does not appear anywhere in this draft. The "Illegal Access" section contains the phrase "A Party may require that the offence be committed either by infringing security measures or with the intent of obtaining computer data or other dishonest intent." IANAL, but I think this pretty much outlaws all white hat stuff.

One of the interesting things about this, also, is the fact that it's a treaty. It basically says that all nations who sign/agree to it will create a set of a laws that accomplish the goals laid out in it. The actual laws themselves will be created by the countries affected by it, and those are what are really going to make "hacking", "cracking" or anything else illegal.

Do you really, really want to do something about this?

Then take off your asbestos underwear, sit down at your computer, read the actual draft treaty in it's current form, think about exactly why you feel this is a bad idea, write it out, revise it, proofread it, and send it to daj@coe.int for review by the people who are actually working on the treaty itself.

This is the wonder of the Internet, folks. They want your input on this one.

I can assure you, though, that they aren't scanning through Slashdot "this is so fscking typical" posts to get that feedback.

If you care about this issue, save your flames, write out a thoughtful letter, send it to the commission, and post it here for others to read and expand upon. But for crying out loud, do something that actually has some chance of making a difference.

the full text of the draft convention is here conventions.coe.int/treaty/EN/projets/cybercrime.h tm I wonder just what chance DeCSS would have against this. Infact I wonder what chance a useful tool liek john would have against this.

Here is a link to the actual draft of the treaty. Please read it before posting. The article makes terrible simplifications of the wording that blur the original meaning.

Can someone please put this link into the /. article? It is important to the topic.

If you actually read the draft legilastion (cybercrime.doc) it only makes software/hardware illegal if it used illegally so from reading we can all keep using our cracking tools, sniffers etc providing we don't do anything illegal with them.
Where Zdnet dragged that 'access' up from I don't know but if we want to be taken seriously by non-computer literate people then maybe we need to have something like this to build trust (though sod the interception and recoding keeping parts of the act...)

The text of the draft Convention can be found on here. They do welcome comments, By releasing the latest draft of the treaty, the Council of Europe seeks to enhance the consultation process with interested parties, whether public or private. It particularly encourages business and civil society organisations to come forward and share their comments with the experts involved in the negotiations before the text eventually becomes final. Commentaries are welcome on : daj@coe.int So, instead of bitching here, Slashdot should create a communal comment, indicating the worries that we, as a community have. Thalia

... is here. I'm not sure if it's the latest draft though, it's dated 27th April 2000.

As someone else mentioned concern for ISP's that may be forced to store loads of "traffic data" for long periods of time, Article 17 seems to indicate that the gov't would be responsible for any storage of data, relieving the ISP of need for extra disk space, or liability in storing data.

There's probably more I'd like to mention, but its time to go home!

• 
  a. the production, sale, procurement for use, import, distribution or otherwise making available of:

  1. a device, including a computer program, designed or adapted [specifically] [primarily] [particularly] for the purpose of committing any of the offences established in accordance with Article 2 - 5;

  2. a computer password, access code, or similar data by which the whole or any part of a computer system is capable of being accessed with intent that it be used for the purpose of committing the offences established in Articles 2 - 5;

  a. the possession of an item referred to in paragraphs (a)(1) and (2) above, with intent that it be used for the purpose of committing the offenses established in Articles 2 - 5. A party may require by law that a number of such items be possessed before criminal liability attaches.

(please note: offline lockpicks are not illegal. online ones will be illegal soon.)
--

The Council of Europe members are from many countries:
Albania (address) Mr Paskal Milo, Minister for Foreign Affairs
Andorra (address) Mr Albert Pintat Santolaria, Minister for External Relations of the Principality of Andorra
Austria (address) Mrs Benita Ferrero-Waldner, Federal Minister for Foreign Affairs
Belgium (address) Mr Louis Michel, Minister for Foreign Affairs
Bulgaria (address) Mrs Nadezhda Mihailova, Minister for Foreign Affairs
Croatia (address) Mr. Tonino Picula, Minister for Foreign Affairs
Cyprus (address) Mr Ioannis Kasoulides, Minister for Foreign Affairs
Czech Republic (address) Mr Jan Kavan, Minister for Foreign Affairs
Denmark (address) Mr Niels Helveg Petersen, Minister for Foreign Affairs
Estonia (address) Mr Toomas Hendrik Ílves, Minister for Foreign Affairs
Finland (address) Mr Erkki Tuomioja, Minister for Foreign Affairs
France (address) Mr Hubert Védrine, Minister for Foreign Affairs
Georgia (address) Mr Irakli Menagarishvili, Minister for Foreign Affairs
Germany (address) Mr Joschka Fischer, Minister for Foreign Affairs
Greece (address) Mr Giorgos Papandreou, Minister for Foreign Affairs
Hungary (address) Mr János Martonyi, Minister for Foreign Affairs
Iceland (address) Mr Halldor Asgrimsson, Minister for Foreign Affairs
Ireland (address) Mr Brian Cowen, Minister for Foreign Affairs
Italy (address) Mr Lamberto Dini, Minister for Foreign Affairs
Latvia (address) Mr Indulis Berzins, Minister for Foreign Affairs
Liechtenstein (address) Mrs Andrea Willi, Minister for Foreign Affairs
Lithuania (address) Mr Algirdas Saudargas, Minister for Foreign Affairs
Luxembourg (address) Mrs Lydie Polfer, Deputy Prime Minister, Minister for Foreign Affairs, External trade.
Malta (address) Mr Joe Borg, Minister for Foreign Affairs
Moldova (address) Mr Nicolae Tabacaru, Minister for Foreign Affairs
Netherlands (address) Mr Jozias van Aartsen, Minister for Foreign Affairs
Norway (address) Mr Thorbjørn Jagland, Minister for Foreign Affairs
Poland (address) Mr Bronislaw Geremek, Minister for Foreign Affairs
Portugal (address) Mr Jaime José Matos Gama, Minister for Foreign Affairs
Romania (address) Mr Petre Roman, Minister for Foreign Affairs
Russian Federation (address) Mr Igor Ivanov, Minister for Foreign Affairs
San Marino (address) Mr Gabriele Gatti, Minister for Foreign and Political Affairs
Slovak Republic (address) Mr Eduard Kukan, Minister for Foreign Affairs
Slovenia (address) Mr Dimitrij Rupel, Minister for Foreign Affairs
Spain (address) Mr Josep Pique i Camps, Minister for Foreign Affairs
Sweden (address) Ms Anna Lindh, Minister for Foreign Affairs
Switzerland (address) Mr Joseph Deiss, Head of the Federal Department of Foreign Affairs
"the former Yugoslav Republic of Macedonia" (address) Mr Aleksandar Dimitrov, Minister for Foreign Affairs
Turkey (address) Mr Ismail Cem, Minister for Foreign Affairs
Ukraine (address) Mr Borys Tarasiuk, Minister for Foreign Affairs
United Kingdom (address) The Rt. Hon. Robin Cook, MP, Secretary of State for Foreign and Commonwealth Affairs

___________________________

If this is for real, Jon probably has a good case before the European Court for Human Rights. For starters, it appears his incarceration would violate Article 10 of the ECHR, which provides for freedom of expression (even though its "exceptions" are wide enough to drive a train through).