Slashdot Mirror
European Cybercrime Treaty 1.1
(eternal_software) writes: "Reuters is reporting that the world's first cybercrime treaty is being redrafted after Internet lobby groups assailed it as a threat to human rights that could have 'a chilling effect on the free flow of information and ideas.'" The
Council of Europe
has added new passages to clarify, according to Reuters, "that 'cracking' computer systems to test security is legal and that ISPs would only be asked to store specific data related to a suspected crime."
Since the European Convention on Human Rights legislation came in to force the other week (in Britain at least), our legislators seem to have been running scared of falling foul of it, and people are saying a lot of existing British laws will be annulled or substantially altered by interpretation in the light of the Euro-dictat. As far as I can tell, the wording is so vague that (lawyers reckon) it's easily interpretable for the benefit of David in any David v. Goliath case. The satirical magazine Private Eye said it best in a cartoon last week (damn can't find it on-line), picturing a game of Monopoly, with a man reading from a Chance card: `Go to jail. Go indirectly to jail via the European Court of Human Rights. Get out of jail free. Collect £2,000,000.' It's pretty rare that you get this sort of sweeping legislation coming into force, and here's a nice example of it protecting on-line rights already (hurrah!).
Matthew @ Bytemark Hosting
That's kind of hard to quantify for all of europe, considering drugs are legal to possess/use in some european countries. Everyone seems to want to put borders on the net (we Americans are of course the most notorious of this) and that, I think, is far too difficult considering the nature of the beast.
For example, pretend for a moment that a bill DID pass disallowing drug related sites...all they could enforce is not allowing them to be hosted in the US, and POSSIBLY not allowing Americans to peruse these sites. First of all, it would be an enforcement nightmare resulting in a LOT of gov't spying on Joe Average. Secondly, there are so many ways around it, that it's a joke...use an anonymous redirector, telnet to a shell account out of the country and use Lynx, etx.
For this reason, I can only see a law like that every getting passed is because they want to use it like they use meat-space drug laws...as a way to bypass the illegal search and seizure laws.
This message brought to you by the Council of People Who Are Sick of Seeing More People.
That is the best email address ever.
Really.
--Perianwyr Stormcrow
What we call folk wisdom is often no more than a kind of expedient stupidity.-Edward Abbey
--
--
Eat right, exercise regularly, die anyway.
"Those who desire to give up freedom in exchange for security will have neither, nor do they deserve, either one."
Thomas Jefferson
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
Benjamin Franklin
Just remeber these words everytime you agree it's OK to give up your rights.Maybe we DID take the blue pill. You wouldn't remember anyway.
Is that like Dilber's boss saying "I want a list of all the unexpected problems we expect through the next quarter"?
"Ain't no right way to do a wrong thing."
These are the first steps in a new direction, so i think we should look at this all with a grain of salt.
First of all, eveyone's going ape-shit about the whole cracking statement. They have to say something, and i guess it's inevitable that people (especially slashdoters) are going to scrutinize what they say, but i think they're getting near what needs to be said.
I think we can say that they don't want to ban cracking as a security measure. That's already pretty much accepted already, so i don't see what the fuss is about. If some company hires you to test their security, then that's fine. That already goes on. If you BREAK IN, then that's a different story. Why is the fact that it's finally being put into writing so weird and controversial. I mean, what do we want, the ability to hack a company's database, do whatever we want with it, and then say we were just testing their security? Although we'd like to say that everyone that would do something like that would do so in the spirit of curiosity, or have an "old-school hack ethic" or whatever, but that kind of assumption is just absurd. We all know that there are "good" people and "bad" people. Some people would take advantage of the security holes in a corporation. So it's natural that governments would want to protect against this. Now, if we're worried that the "good" hackers have their perceived right to poke around infringed upon, then that's a little screwy.
All of this has to come into writing at some point, and that's what's happening. Don't you see: it's happening right now. Those 400 people that wrote emails should be applauded. Why did only 400 know??? Now we can write too. Or at least pay attention, so when the resolution is passed, we can't say that we didn't know about it. You can't be forced to write in your opinion, but people have already started bitching about this proposal as if it's already law. Don't bitch; act. It's like watching someone walk up to you, and take your wallet. I suppose you CAN just stand there and say, well...he took my wallet, why isn't anything being done. And then the police might catch him later. Or you can react, and at least know that you took part in the situation.
There's going to be a lot of legislation about cyberlaw, cyberdemocracy, and whatever other cyber word we can come up with. The fact that we should recognize is that it's new territory. In hindsight, perhaps we'll see how novel these ideas were, and how many revisions they would need, but now all it seems we can do is freeze up, and say how unfair it all is. And it may be unfair, or imbalanced or whatever else it is. But it is a step along the way, and if, instead of focusing on the desired outcome, and losing sight of the steps, we take it a bill at a time, paying careful attention to detail along the way, we'll reach that original goal eventually.
When an agreement of this magnitude has to be "corrected" at the last minute, I have to wonder if the world (internet world and/or countries) is ready to develop a definition of Cybercrime. It seems that the Council of Europe has not taken into consideration all the aspects needed to draft such a document. Is it just me or does it seem that when governing bodies do not understand a technology (or any subject for that matter) they tend to pass laws defining the legality of said item that restricts an individual's rights, at the same time admitting that they do not understand what they are doing.
"We do not want to pass a text against the people." Well they may not want to pass text against the people, but they certainly seem to be in a rush to pass a text restricting people's rights to privacy and any actions that may be construed to be "cracking." I may not like someone port-scanning me, but I do not consider it illegal. Some day I may be arrested for ping-ing slashdot.....
http://www.codewolf.com - Just good stuff to waste time
I just wanted to say HORRAH that a large political body is capable of listening to reason. You heard that, US?
Stop the brainwash
the most important thing to consider is that its a treaty, not everyone will sign it...
:-)
NOT SEALAND, not Haven Co.
/nutt
How about not just to test security, why shouldn't cracking with permission in any case be acceptable? Just like if you have a gun, and you take an old car of yours, out in a remote area, and riddle that old car full of bullets, it's okay?
--
The jurisdiction article worries me most (Article 19). A country has jurisdiction over a communication if it has jurisdiction over any communicating party. This includes routers, so any Internet communication will be subject to the laws of all countries it may pass through. This is bad enough within Europe. For example, it would be illegal for a Spanish person to read a Greek historical site if a Nuremburg rally photo passes through Germany. It becomes even worse if, as planned, comparatively censorious countries like the USA, Australia, Singapore and China sign the treaty.
Ask me if I've been required to disclose any crypto keys.
Bought? My ass. Siggy gave me the account and asked me to burn his karma. In real life I am a fairly-well known /. troll. Hell I'm even on the troll mailing list. When I get bored with my other characters I write a few lines under siggy's account and lose some karma. Over a hundred so far, without spamming, I know I'm damn good.
CNN is running this story entitled Germany sues U.S. in World Court over Arizona executions regarding why and how the States are ignoring the 1963 Vienna Convention of Consular Relations.
http://www.cnn.com /20 00/LAW/11/13/germany.v.us.pol/index.html
-l
Help cure AIDS, cancer, and more. Donate your unused computer time to worldcommunitygrid.org. Join Team Slashdot!
Wow. Earthlings still think digital watches are a pretty neat idea.
Those who do not know the past are doomed to reimplement it, poorly.
Unfortunately, if you own a bolt cutter, and for whatever reason the police know that you own one, then if somebody cuts off your neighbors lock - even if it was clearly hacksawed open - then there is a very good chance that you will be charged with 'possession of burglar tools'.
( As I understand it, both Canada and most U.S. states allow this sort of charge - it comes under the heading of presumed innocent unless the police think you did it - then they'll hit you with whatever will stick, regardless of appropriateness)
Drawing the obvious parallels (to possesion of a copy of any *n*x system) is left as an excercise in futility.
Liquor
Liquor
Sanity is a highly overrated commodity.
One major advantage of having a revision history for laws would be that it would be simple to identify and examine 11th hour changes. A lot of our laws are amended at the last moment or slipped into other unrelated bills in order to work out compromises among legislators. Anything that highlights the "law enforcement" addendum to the "children's healthcare" bill would be a true window on the inner workings of our system.
It's doubtful legislators would want to loose the ability to commit high treason with little risk of being caught though...
It would also be useful to clearly differentiate an ammendement and a rider.
For example, pretend for a moment that a bill DID pass disallowing drug related sites...all they could enforce is not allowing them to be hosted in the US, and POSSIBLY not allowing Americans to peruse these sites.
This bill being one which also repealed the first and second ammendments...
Technically anyone attempting to enforce such a law is a terrorist.
I read the treaty draft. It clearly tried to extend in create all sorts of powers when it comes to computer crimes investigation and litigation. I will not that it did and does state that the local laws will take effect with concern for evidence collecting, search and ceasure sorts of things.
To claim that the treaty did not attempt to make illegal many sorts of activities that are not now is just plain crap. I hope they clearly define what is criminal in the rewrite.
Troy
I think a main point here is not making crimes "more illegal" (though I agree that that's a tendency and that it's stupid), but making it possible to prosecute at all. Like the thing with providerst having to join certain data. If that's not required by law, then an ISP could simply svae money by not storing any information, making it very difficult to prosecute criminals using that ISP, and they'd have the additional benefit of being attractive to customers for whom that is desirable.
The illegal we do immediately. The unconstitutional takes a little longer.
--Henry Kissinger
Distributing information should be covered by the first amendment, regardless of how the information is judge. This bill if enacted into law would make it illegal not only for posting and/or linking to drug related sites, but also teaching the manufacture in universities.
Except that you couldn't actually enact such a bill into law. You could give it the appearance of being enacted into law. But anyone involved in the process of the enactment (and any attempt at enforcement) is exceding their authority.
Whilst Americans like to make a big fuss about their written constitution, very few of them, including those who have taken on a specific role in upholding up appear to actually undstand what it means.
I believe the problem now. Is when a computer related crime is acrossed borders.
Two examples:
The guy who wrote the "ILOVEYOU" virus is in the Phillipeans. Last I heard there was no crime to charge him with under Phillipean law.
The highly publicized Microsoft cracking. Will Microsoft be able to pursue an investigation in Russia? If they find the criminal, will there be any legal recouse they could take in Russia?
I am not sure, but the treaty is an attempt to answer these questions in general.
Troy
precision != easy to understand
The illegal we do immediately. The unconstitutional takes a little longer.
--Henry Kissinger
But I remember there are laws that make using tools to commit a crime illegal, but not the actual possession. Thus owning a bolt-cutter isn't illegal, but using one to break off a lock is.
This is an example of "supercriminization". Breaking and entering (someone elses property without authority) is already illegal. Haveing laws about specific methods of entry is really redundant, but it gives politicans (and lawyers) something to do...
>a large unnamed phone company
It's large, and they havent even NAMED it yet?!?!
Also make sure to respond to the UK patent office's request for opinions. And they explicitly ask for opinions for people with experience of the US position.
If Europe accepts the American position on patents, how is America ever going to change it ?
Remember, the Reuters report says they were "inundated" with only 400 e-mails.
The European Council is caving in to the pressure from anarchistic leftwing lobbyists and is selling out our hard won victory over communism! Only the consumer will lose because of this.
Corporations will be afraid to innovate, because their intellectual property might be spread all over the globe in a blink of an eye and the guilty parts would never be found.
When laws and treaties are rewritten like this, the original is discarded and completely overwritten by the new
Oh boy, so instead of just a patch we have to download a whole new version. I'll stick with the old law, modem too slow...
If I ever meet you, I'll Ctrl-Alt-Delete you.
People replying to my sig annoy me. That's why I change it all the time.
We can't let the good fight go unreported.
We are talking about human rights, whether the humans use the net or not - mandatory recording of all web use by all ISPs is a travesty of justice. It's like forcing all shopkeepers to mount cameras on their doorways in case any store gets robbed. I don't want to live in a completely monitored society online or off just yet.
We fought the good fight - and we won concessions.
-Ben
Truer words were never spoken.
-----------------------------
1,2,3,4 Moderation has to Go!
One major advantage of having a revision history for laws would be that it would be simple to identify and examine 11th hour changes. A lot of our laws are amended at the last moment or slipped into other unrelated bills in order to work out compromises among legislators. Anything that highlights the "law enforcement" addendum to the "children's healthcare" bill would be a true window on the inner workings of our system.
How many UN resolutions and that type of thing do you read regularly? The fact that ONLY 400 people responded IS a small number, and it should be bigger, but the fact that even that many people noticed is amazing. Most of us hear about this crap after the fact; now we have a chance to respond before it's been passed.
I worked for an NGO to the UN for about 2 years in Athens, and we had to look at old laws and resolutions all the time. There's no big difference. Instead of looking at an amendment at the end of the document, you just look at the previous resolution, all of which is on file. Do you think that you can see all the drafts of an ammendment? All you really see is the one that is finally decided upon, much like you only see the resolution that is decided upon.
In actuality, a new resolution can only replace and old one after it's been lobbied, and then brought out on the floor, so when doing that whole process, you see all of the old material. And i'd like to note that all of documentation and crap is readily available for those who care, so the fact that it's a resolution doesn't really hinder anything.
For a group of people who are supposed to be following the net, a lot of the original provisions they wrote should have been clearly stated to BEGIN with. Things like hacking/cracking systems for security reasons, storing data should be OBVIOUS to anyone who's used a computer for more than just sending email. I really fail to see how an entire group of people could just "neglect" to be specific on these kinds of topics when it comes to trying to set worldwide standards for the internet and cybercrimes. The mind boggles.
http://www.nakedandfree.com
Actually, using a bolt cutter to break off a lock can be legal, too. If it's your lock, for example. Or if the lock's owner asked you to break it off.
Drawing the obvious parallels is left as an exercise to the reader.
That doesn't mean one shouldn't try and change the system, but I don't think a promising sign in this particular matter will translate to other issues with greater economic footprints.
-Isaac
I am not a lawyer, and this is not legal advice. For Entertainment Purposes Only.
However, didn't they get a lot of comments to the 17th draft allready? It was the same comments. Why didn't they change anything for the better before publishing the 19th draft?
I think we should keep an eye out for the actuall legal wording in the treaty, and we need some lawyers on it. Now, they may make a few public comments to get us off their backs, and keep all the wrong stuff in the treaty, and once this stuff becomes national laws, it's bad enough.
While they might have gotten a clue, I wouldn't be too confident.
Employee of Inrupt, Project Release Manager and Community Manager for Solid
Excellent point, Bruce. Unfortunately it seems to be common now to "supercriminalize" Bad Things That Society Cares Deeply About which continue to happen in spite of already being illegal.
Everything from drugs to murder is getting extra layers of law added to make it "more illegal" as though it would actually help. In reality, I think all this helps is lawyers (since nobody else can understand the laws pertaining to a specific situation now) and Congressmen (who can claim to have taken a "tough stance" on cocaine or hate crimes or whatever).
``We have learned we have to explain what we mean in plain language because legal terms are sometimes not clear.''
Gee... imagine that, having to clafity something for the lower class! "Stupid proles don't know what's good for them, we have to try and explain how this will benefit them." Remembers a lot of Animal Farm, when the pigs had Squealer explain why their latest act was good for them.
Open Source, Open Standards, Open Minds
Yeah, I thought that legal terms were there to be precise....
Employee of Inrupt, Project Release Manager and Community Manager for Solid
Uh... there is a law in the pipeline that will not only disallow drug related sites, but will also disallow linking to such sites. It's called the Methampheta min e Anti-Proliferation Act. Take a look.
Az.
I have one question, if the company is using tools on itself, who is going to press charges?
"Pressing charges", at least in the US system, doesn't mean very much. Remember that in a criminal case it is the government vs the accused, unlike a civil case where it is one civilian party vs another (as opposed to, say, the Islamic system where a criminal case faces the victim against the accused as the actual parties of the trial). All it means to "press charges" is that you will support the police and the prosecutor's office in their investigation and in court (and it indicates, in cases where the statute requires that something be done against your will in order to be illegal, that in fact it was against your will). You can not "press charges" and the prosecutor might still go ahead with the prosecution - it happens all the time.
"Patriotism is your conviction that this country is superior to all other countries because you were born in it." -- GBS
There's a nasty hole in X? I was totally unaware of that. I haven't seen anything in the man pages. Shit. . . where is it? Ahhhh!!!!
One day I feel I'm ahead of the wheel / the next it's rolling over me / I can get back on / I can get back on
How very devious to put a statement covering all "Controlled Substances" into a bill that is supposedly only covering methamphetamines.
Another nail into the coffin of the Bill of Rights. Distributing information should be covered by the first amendment, regardless of how the information is judge. This bill if enacted into law would make it illegal not only for posting and/or linking to drug related sites, but also teaching the manufacture in universities. (Note that there is no disclaimer excusing it's teaching in the interest of education)
I can just see, 20 years from now, some junkie ODs and gets brought to the emergency room, and the doctors are like "Uhhh...I have no idea how to treat this man, we didn't cover street drugs in med school, being illegal and all.
This message brought to you by the Council of People Who Are Sick of Seeing More People.
that they clarified and errata'd the "cracking" portion, I know that was causing a lot of problems with people here accepting it...
How Jaded Are You?
I talked with a staff guy from the Swiss Parliment at SGML '96 in Boston who was trying to solve this problem using SGML. The tools weren't really adequate at the time -- too slow and/or too complex for the average user. But the need for such a system has been acknowleged by at least some legislatures.
If sites like this were outlawed, M$ and co would have an easy time of it. Think if the public didn't know about the nasty holes in app X or Y? I'd be sure that the crackers would know all about but the sysadmins would need to work much harder to keep up if all the info wasn't in one place. Also M$ and co would be much less willing to give out fixes if the hole was harder to find. In short, it would be madness to make sites like securityfocus and bugtraq illegal. Apart from being impossible to enforce.
That's a US law-in-the-making, right? The original question was how things were done *outside* the US. Anyway, it simply depends on the local laws. In the Netherlands, so-called 'soft' drugs are almost but not quite legal, and as a result you can find plenty of info on the web on where to buy it. A quick search on a dutch search engine, and the top three results:
pinkfloyd coffee shop
Coffeeshop Smokey
Coffeeshop Bazar-Zoo
Thanks
Bruce
Bruce Perens.
--
Florida Voter IQ Test
Oh yes, i just, err, cracked your system to "test security". oops, im sorry, did i just download your whole payroll dbase and source code to your programs? i'll be sure to delete it right away...
I am !amused.
This part is a bit off topic, but I submitted the same story earlier too. No fair! :-p
Mas vale cholo, que mal acompañado.
Seeing as how I don't live in europe, I was wondering: do any of the europeans out there know if this treaty considers drug related websites a crime? I'm sure slashdoters out there remember some of the recently failed bills in america that tried to make the distribution of drug related information (and even linking to information) on the internet illegal, not to mention sites that sell drug related paraphernalia. Often these clauses are tacked on to unrelated bills (like bankruptcy law reform). For those that don't know, check out this bill.
So my question is, basically, what is the situation like across the pond? Here, even buying hydroponic equipment for legit reasons gets you put on a list to be watched. Is this treaty going to make it even harder to get the facts people need to make informed decisions?
Doug Alcorn
I am a webhoster by night, and a member of the Information Security team for a large unnamed phone company.
Let me just say how reassuring this is. We were watching this more than we were the election.
It simply makes NO sense to draft an international law banning the tools that help us secure systems.
Of course, we would love some more enforcement power to use against potential crackers, but not if it is a trade off for our tools.
Thats just NUTS.
My question is, what ratifications have to take place, and what is the current standing in Congress towards it?
Come on slashdot, make some calls!
GPL'd web-based tradewars themed space game
Would this be the same British Home Office that drafted the infamous RIP legislation? You know, the one that requires you to provide your decryption keys or prove that you have forgotten them, or face 2 years in gaol?
Or is it the same British Home Office that sucks FBI ass and drafts the laws the FBI thinks the rest of the World should adhere to (and that helps its domestic legal agenda by saying "they all have it why should we be different?")?
It is? oh thank God...
for a second I thought we'd have a bunch of puritanical right wing law-n-order assholes drafting oppressive legislation that violates civil liberties and freedom.
When laws and treaties are rewritten like this, the original is discarded and completely overwritten by the new; it's not accomplished by amendment -- it's by rewritten out of whole cloth. The new law may no longer be objectionable, but at the same time, its brief tyrannical status is not preserved for posterity. That job is today delegated to the media, who cannot be asked to maintain an archive of knowledge once its value for click-throughs and ad-supplements is exhausted.
What we need is for laws to be maintained in a CVS tree like most free software. We need to see what the law was before it became what it is today, because otherwise, we cannot hold our elected officials responsible for what they could have done if not for our eternal vigilence.
It would solve many judicial issues of "legislative intent", and it would allow a truly free society not to be blinded by nascent tyrrany. People are much less willing to give up privileges and rights they knew once existed (except for minor things like a 12-year-old age of consent in Victorian England) if they are made truly aware of what they used to have "in the good old days".
-- Anne Marie
I haven't observed any problems when it came to punishing cyber crime in the past, expecially in North America. I have one question, if the company is using tools on itself, who is going to press charges? I can't see companies turning themselves in for the good of 'the Treaty". Besides, it'll turn into one the numerous unenforcable laws that we hear the government whining on a regular basis about.
I love the smell of Karma in the morning
IANAL,
But I remember there are laws that make using tools to commit a crime illegal, but not the actual possession.
Thus owning a bolt-cutter isn't illegal, but using one to break off a lock is.
Drawing the obvious parallel is left as a exercise to the reader.