U.S. Considering Ratifying Cybercrime Treaty

waytoomuchcoffee writes "SecurityFocus has a new article on the Council of Europe's "Convention on Cybercrime". The U.S. has already signed the treaty, but it has not yet been ratified by the Senate (although President Bush has written a letter urging the treaty's passage). This treaty, among other items, would require the U.S. to "cooperate with foreign authorities" in conducting surveillance on American citizens who have committed no crime under U.S. law, but may have broken another country's law (selling historic Nazi posters on Ebay? Germany might have you wiretapped), prohibiting the "production, sale or distribution of hacking tools", whatever that means (would Nmap be illegal?) and require the U.S. to pass laws to "force users to provide their encryption keys" and the plain text of their encrypted files. Canada is a signatory as well."

Won't stand up to a court challenge.

[fmaxwell]

Requiring that someone provide encryption keys would likely be construed as a violation of a U.S. citizen's Fifth Amendment rights: "nor shall be compelled in any criminal case to be a witness against himself." If the hard drive had incriminating evidence of ANY crime on it, then the person would be within their Constitutional rights to refuse to provide the encryption keys to access the data.

From a practical standpoint, "I can't recall" is a very effective three words sentence in such a case. It's not like any of us can honestly say that we've never forgotten a password or encryption key, so the prosecution would be hard-pressed to convince a judge and jury that such a claim is preposterous.