Slashdot Mirror
European Cybercrime Treaty 1.1
(eternal_software) writes: "Reuters is reporting that the world's first cybercrime treaty is being redrafted after Internet lobby groups assailed it as a threat to human rights that could have 'a chilling effect on the free flow of information and ideas.'" The
Council of Europe
has added new passages to clarify, according to Reuters, "that 'cracking' computer systems to test security is legal and that ISPs would only be asked to store specific data related to a suspected crime."
Since the European Convention on Human Rights legislation came in to force the other week (in Britain at least), our legislators seem to have been running scared of falling foul of it, and people are saying a lot of existing British laws will be annulled or substantially altered by interpretation in the light of the Euro-dictat. As far as I can tell, the wording is so vague that (lawyers reckon) it's easily interpretable for the benefit of David in any David v. Goliath case. The satirical magazine Private Eye said it best in a cartoon last week (damn can't find it on-line), picturing a game of Monopoly, with a man reading from a Chance card: `Go to jail. Go indirectly to jail via the European Court of Human Rights. Get out of jail free. Collect £2,000,000.' It's pretty rare that you get this sort of sweeping legislation coming into force, and here's a nice example of it protecting on-line rights already (hurrah!).
Matthew @ Bytemark Hosting
That's kind of hard to quantify for all of europe, considering drugs are legal to possess/use in some european countries. Everyone seems to want to put borders on the net (we Americans are of course the most notorious of this) and that, I think, is far too difficult considering the nature of the beast.
For example, pretend for a moment that a bill DID pass disallowing drug related sites...all they could enforce is not allowing them to be hosted in the US, and POSSIBLY not allowing Americans to peruse these sites. First of all, it would be an enforcement nightmare resulting in a LOT of gov't spying on Joe Average. Secondly, there are so many ways around it, that it's a joke...use an anonymous redirector, telnet to a shell account out of the country and use Lynx, etx.
For this reason, I can only see a law like that every getting passed is because they want to use it like they use meat-space drug laws...as a way to bypass the illegal search and seizure laws.
This message brought to you by the Council of People Who Are Sick of Seeing More People.
Is that like Dilber's boss saying "I want a list of all the unexpected problems we expect through the next quarter"?
"Ain't no right way to do a wrong thing."
These are the first steps in a new direction, so i think we should look at this all with a grain of salt.
First of all, eveyone's going ape-shit about the whole cracking statement. They have to say something, and i guess it's inevitable that people (especially slashdoters) are going to scrutinize what they say, but i think they're getting near what needs to be said.
I think we can say that they don't want to ban cracking as a security measure. That's already pretty much accepted already, so i don't see what the fuss is about. If some company hires you to test their security, then that's fine. That already goes on. If you BREAK IN, then that's a different story. Why is the fact that it's finally being put into writing so weird and controversial. I mean, what do we want, the ability to hack a company's database, do whatever we want with it, and then say we were just testing their security? Although we'd like to say that everyone that would do something like that would do so in the spirit of curiosity, or have an "old-school hack ethic" or whatever, but that kind of assumption is just absurd. We all know that there are "good" people and "bad" people. Some people would take advantage of the security holes in a corporation. So it's natural that governments would want to protect against this. Now, if we're worried that the "good" hackers have their perceived right to poke around infringed upon, then that's a little screwy.
All of this has to come into writing at some point, and that's what's happening. Don't you see: it's happening right now. Those 400 people that wrote emails should be applauded. Why did only 400 know??? Now we can write too. Or at least pay attention, so when the resolution is passed, we can't say that we didn't know about it. You can't be forced to write in your opinion, but people have already started bitching about this proposal as if it's already law. Don't bitch; act. It's like watching someone walk up to you, and take your wallet. I suppose you CAN just stand there and say, well...he took my wallet, why isn't anything being done. And then the police might catch him later. Or you can react, and at least know that you took part in the situation.
There's going to be a lot of legislation about cyberlaw, cyberdemocracy, and whatever other cyber word we can come up with. The fact that we should recognize is that it's new territory. In hindsight, perhaps we'll see how novel these ideas were, and how many revisions they would need, but now all it seems we can do is freeze up, and say how unfair it all is. And it may be unfair, or imbalanced or whatever else it is. But it is a step along the way, and if, instead of focusing on the desired outcome, and losing sight of the steps, we take it a bill at a time, paying careful attention to detail along the way, we'll reach that original goal eventually.
How about not just to test security, why shouldn't cracking with permission in any case be acceptable? Just like if you have a gun, and you take an old car of yours, out in a remote area, and riddle that old car full of bullets, it's okay?
--
One major advantage of having a revision history for laws would be that it would be simple to identify and examine 11th hour changes. A lot of our laws are amended at the last moment or slipped into other unrelated bills in order to work out compromises among legislators. Anything that highlights the "law enforcement" addendum to the "children's healthcare" bill would be a true window on the inner workings of our system.
It's doubtful legislators would want to loose the ability to commit high treason with little risk of being caught though...
It would also be useful to clearly differentiate an ammendement and a rider.
For example, pretend for a moment that a bill DID pass disallowing drug related sites...all they could enforce is not allowing them to be hosted in the US, and POSSIBLY not allowing Americans to peruse these sites.
This bill being one which also repealed the first and second ammendments...
Technically anyone attempting to enforce such a law is a terrorist.
Distributing information should be covered by the first amendment, regardless of how the information is judge. This bill if enacted into law would make it illegal not only for posting and/or linking to drug related sites, but also teaching the manufacture in universities.
Except that you couldn't actually enact such a bill into law. You could give it the appearance of being enacted into law. But anyone involved in the process of the enactment (and any attempt at enforcement) is exceding their authority.
Whilst Americans like to make a big fuss about their written constitution, very few of them, including those who have taken on a specific role in upholding up appear to actually undstand what it means.
I believe the problem now. Is when a computer related crime is acrossed borders.
Two examples:
The guy who wrote the "ILOVEYOU" virus is in the Phillipeans. Last I heard there was no crime to charge him with under Phillipean law.
The highly publicized Microsoft cracking. Will Microsoft be able to pursue an investigation in Russia? If they find the criminal, will there be any legal recouse they could take in Russia?
I am not sure, but the treaty is an attempt to answer these questions in general.
Troy
But I remember there are laws that make using tools to commit a crime illegal, but not the actual possession. Thus owning a bolt-cutter isn't illegal, but using one to break off a lock is.
This is an example of "supercriminization". Breaking and entering (someone elses property without authority) is already illegal. Haveing laws about specific methods of entry is really redundant, but it gives politicans (and lawyers) something to do...
Also make sure to respond to the UK patent office's request for opinions. And they explicitly ask for opinions for people with experience of the US position.
If Europe accepts the American position on patents, how is America ever going to change it ?
Remember, the Reuters report says they were "inundated" with only 400 e-mails.
When laws and treaties are rewritten like this, the original is discarded and completely overwritten by the new
Oh boy, so instead of just a patch we have to download a whole new version. I'll stick with the old law, modem too slow...
If I ever meet you, I'll Ctrl-Alt-Delete you.
People replying to my sig annoy me. That's why I change it all the time.
We can't let the good fight go unreported.
We are talking about human rights, whether the humans use the net or not - mandatory recording of all web use by all ISPs is a travesty of justice. It's like forcing all shopkeepers to mount cameras on their doorways in case any store gets robbed. I don't want to live in a completely monitored society online or off just yet.
We fought the good fight - and we won concessions.
-Ben
One major advantage of having a revision history for laws would be that it would be simple to identify and examine 11th hour changes. A lot of our laws are amended at the last moment or slipped into other unrelated bills in order to work out compromises among legislators. Anything that highlights the "law enforcement" addendum to the "children's healthcare" bill would be a true window on the inner workings of our system.
I worked for an NGO to the UN for about 2 years in Athens, and we had to look at old laws and resolutions all the time. There's no big difference. Instead of looking at an amendment at the end of the document, you just look at the previous resolution, all of which is on file. Do you think that you can see all the drafts of an ammendment? All you really see is the one that is finally decided upon, much like you only see the resolution that is decided upon.
In actuality, a new resolution can only replace and old one after it's been lobbied, and then brought out on the floor, so when doing that whole process, you see all of the old material. And i'd like to note that all of documentation and crap is readily available for those who care, so the fact that it's a resolution doesn't really hinder anything.
Actually, using a bolt cutter to break off a lock can be legal, too. If it's your lock, for example. Or if the lock's owner asked you to break it off.
Drawing the obvious parallels is left as an exercise to the reader.
That doesn't mean one shouldn't try and change the system, but I don't think a promising sign in this particular matter will translate to other issues with greater economic footprints.
-Isaac
I am not a lawyer, and this is not legal advice. For Entertainment Purposes Only.
However, didn't they get a lot of comments to the 17th draft allready? It was the same comments. Why didn't they change anything for the better before publishing the 19th draft?
I think we should keep an eye out for the actuall legal wording in the treaty, and we need some lawyers on it. Now, they may make a few public comments to get us off their backs, and keep all the wrong stuff in the treaty, and once this stuff becomes national laws, it's bad enough.
While they might have gotten a clue, I wouldn't be too confident.
Employee of Inrupt, Project Release Manager and Community Manager for Solid
Excellent point, Bruce. Unfortunately it seems to be common now to "supercriminalize" Bad Things That Society Cares Deeply About which continue to happen in spite of already being illegal.
Everything from drugs to murder is getting extra layers of law added to make it "more illegal" as though it would actually help. In reality, I think all this helps is lawyers (since nobody else can understand the laws pertaining to a specific situation now) and Congressmen (who can claim to have taken a "tough stance" on cocaine or hate crimes or whatever).
The world better be ready, and if it's not, then those of us who are so "enlightened" must endeavour to do what the lobbying group did: correct these treaties and legislation. "Cyberspace" is here, now, and "cybercrime" WILL be legislated. Governments have not only a right, but a responsibility to their citizens, to protect them. The balance in all legislation (at least for governments built upon the Western European tradition of enlightenment democracy) is to balance people's individual freedoms and rights with the "greater good" of protection from crime, coercion, foreign espionage against national interests, etc.
:-)
Thus, governments will engage in such activities - that is their right and duty. It is our right, and duty, as the "class" of society which best understands this technology to help inform this process - not just complain about how they "just don't get it"...
It will be up to those of us in the "cyber community," and the lawyers and politicians who are willing to work with us, to speak up and help define the specifics of these laws and treaties - and precedents. Lawyers and politicians alone won't do a good job, but they will try regardless of the attitude we take.
If you want to help, I suggest that you join and/or write (even if you don't support their whole platform, membership gives you greater voice in their activities):
http://www.aclu.org
http://www.eff.org
http://www.cpsr.org
http://www.cyber-rights.org/
And support efforts like:
http://petition.eurolinux.org/
http://zgp.org/~dmarti/dmca/
And keep yourself informed so you can contribute to the discussion...
http://www.cyberlawcentre.org.uk/
http://cyber.law.harvard.edu/
http://cyber.lp.findlaw.com/
(Please post more in all 3 areas if you know of them...)
And, of course, keep posting about these issues to Slashdot
o/~ we are pissed, we are pissed, we have to resist... o/~ - ec8or
If sites like this were outlawed, M$ and co would have an easy time of it. Think if the public didn't know about the nasty holes in app X or Y? I'd be sure that the crackers would know all about but the sysadmins would need to work much harder to keep up if all the info wasn't in one place. Also M$ and co would be much less willing to give out fixes if the hole was harder to find. In short, it would be madness to make sites like securityfocus and bugtraq illegal. Apart from being impossible to enforce.
That's a US law-in-the-making, right? The original question was how things were done *outside* the US. Anyway, it simply depends on the local laws. In the Netherlands, so-called 'soft' drugs are almost but not quite legal, and as a result you can find plenty of info on the web on where to buy it. A quick search on a dutch search engine, and the top three results:
pinkfloyd coffee shop
Coffeeshop Smokey
Coffeeshop Bazar-Zoo
Thanks
Bruce
Bruce Perens.
--
Florida Voter IQ Test
Thanks
Bruce
Bruce Perens.
This part is a bit off topic, but I submitted the same story earlier too. No fair! :-p
Mas vale cholo, que mal acompañado.
Seeing as how I don't live in europe, I was wondering: do any of the europeans out there know if this treaty considers drug related websites a crime? I'm sure slashdoters out there remember some of the recently failed bills in america that tried to make the distribution of drug related information (and even linking to information) on the internet illegal, not to mention sites that sell drug related paraphernalia. Often these clauses are tacked on to unrelated bills (like bankruptcy law reform). For those that don't know, check out this bill.
So my question is, basically, what is the situation like across the pond? Here, even buying hydroponic equipment for legit reasons gets you put on a list to be watched. Is this treaty going to make it even harder to get the facts people need to make informed decisions?
Doug Alcorn
I am a webhoster by night, and a member of the Information Security team for a large unnamed phone company.
Let me just say how reassuring this is. We were watching this more than we were the election.
It simply makes NO sense to draft an international law banning the tools that help us secure systems.
Of course, we would love some more enforcement power to use against potential crackers, but not if it is a trade off for our tools.
Thats just NUTS.
My question is, what ratifications have to take place, and what is the current standing in Congress towards it?
Come on slashdot, make some calls!
GPL'd web-based tradewars themed space game
When laws and treaties are rewritten like this, the original is discarded and completely overwritten by the new; it's not accomplished by amendment -- it's by rewritten out of whole cloth. The new law may no longer be objectionable, but at the same time, its brief tyrannical status is not preserved for posterity. That job is today delegated to the media, who cannot be asked to maintain an archive of knowledge once its value for click-throughs and ad-supplements is exhausted.
What we need is for laws to be maintained in a CVS tree like most free software. We need to see what the law was before it became what it is today, because otherwise, we cannot hold our elected officials responsible for what they could have done if not for our eternal vigilence.
It would solve many judicial issues of "legislative intent", and it would allow a truly free society not to be blinded by nascent tyrrany. People are much less willing to give up privileges and rights they knew once existed (except for minor things like a 12-year-old age of consent in Victorian England) if they are made truly aware of what they used to have "in the good old days".
-- Anne Marie
IANAL,
But I remember there are laws that make using tools to commit a crime illegal, but not the actual possession.
Thus owning a bolt-cutter isn't illegal, but using one to break off a lock is.
Drawing the obvious parallel is left as a exercise to the reader.