Slashdot Mirror
Cybercrime Treaty — Hidden Costs For All
linuxtelephony writes in with an article at CIO Insight about a cybercrime treaty drafted in Europe with help from the US. It has implications for just about everyone with a network. From the article: "Civil libertarians are especially concerned about the sweeping authority given to participating countries to seize information from private parties as they investigate cybercrimes, even when the activity being investigated isn't a crime in the country where the data is located... Telecommunications companies object to provisions that require member countries to establish and enforce potent data-retention policies for network traffic, and require any operator of a computer network to respond to requests for information from any participating country without compensation of any kind... The provisions for data retention and production apply to any operator of a computer network, not just telecoms... Worldwide law-enforcement agencies, in other words, may now avail themselves of the opportunity to outsource their most expensive problems to you."
Microsoft made peace with the hackers.....
Someone must be a bit confused methinks. It is not now (and will never be) technologically feasible to keep a record of network traffic over any non-trivial amount of time.
.....and closes loopholes that make it possible for criminals to escape prosecution by locating their activities offshore.
Well it depends which shore, as long as there is a country that doesnt sign the treaty the dedicated criminals can avoid this while we suffer it.
Libertarian Leaning Political Discussion Forum.
Just watch as US passes laws restricting rights to "comply with the treaty" they helped draft, just as with the Convention on Psychotropic Substances.
Inventions have long since reached their limit, and I see no hope for further development.-- Frontinus, 1st cent. AD
I don't like it one bit. This is another law designed to keep the good people afraid, uncertain, and doubtful, while providing us less security.
Did you ever get the feeling the story is too damn long and in the present tense?
Another law that only barely benefits regular people
"Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
...set up a small state, join the treaty, declare storage of any credit card information illegal and then demand that all companies doing business online turn over all their credit card information, as well as arrest of all of their employees...Could be fun....
-Em
RelevantElephants: A Somatic WebComic...
And demand information about bloggers posting from even outside their country?
I'm much more funny, interesting and insightful than the moderators think
I have not had an opportunity to peruse the ins and outs of these new and proposed laws, but as a retired businessman, who runs a six node wired/wireless network for myself and family at home, I wonder if as a 'network operator' of my own private LAN I will need a few terabytes of storage, etc. to meet the retention requirements.
Sounds ridiculous, but it all depends on the wording, eh?
--Tomas
...decision if US Dept of Justice legitimizes this. Runs afoul of search and seizure provisions in bill of rights, to say the least.
KCb/fbOkdpYNYaW5xo1rKQHhTbphFdO0
What crimes can this help fight that can't be helped in other ways? As it is, everything leaves a digital trail, if not a physical one.
Let's name some 'horrible' crimes. The only truly horrible crime I can think of on the internet is child pornography. It appears that, in light the large number of recent events, that they already know how to investigate this crime. In the event that didn't have a reasonable track record, there are still methods to combat this. The children are somewhere, find them. They're missing from somewhere, start there. There is money being made, follow that. The pervs get into these groups, so could the cops. The laws are pretty clear about child pornography: Have anything to do with it, and you'll go to jail for a long time.
Let's talk about other crimes. DDOS? Will this law help stop Distributed Denial of Service attacks? Not likely. Most DDOS attacks are done remotely using a net of bots. This law would require terabytes worth of retained data created by these bots, while the people that created the bot-net will have done so in a manner that isn't traceable. This law won't help any.
How about selling contraband over the internet? This law isn't necessary. The contraband is being created somewhere. The item is being shipped somewhere. Money is being transferred. There are standard methods to track all of this. The contraband is a physical item. Find it, you lazy fucks.
In short, requiring network operators to retain a record of every digital transmission is a lot like banning guns. Ban guns, and then only the criminals will have them. Require that ISPs keep records, and then only the criminals will be able to move freely about the internet.
Hey Keystone Kops, want to catch more bad guys? Work together better with your cohorts in other countries. Share that legally acquired data more efficiently. You found this item here. They're looking for this item there. Put two and two together, assholes.
Why should network operators have to pick up the slack for inefficient and incompetent law enforcement?
Aero
"Any society that would give up a little liberty to gain a little security will deserve neither and lose both."
Please stop hurting America -- Jon Stewart
above link is Not Safe For Work
Why me? Why not!
BACKUP YOUR PARTITIONS
I am an American, and I love my country. I am, however, getting really sick and tired of constantly watching my country crap all over everyone's rights (or in some cases, preempt people from HAVING rights) both here and abroad all for the sake of a few super-mega-corps; all the while, we're pretty powerless to immediately end any of it.
As I sit back and watch all the industry in this country die as we make the shift to a service-based economy, I watch us become less important in the global marketplace. Sure we have lots of cash (read: power) now, but what happens when we piss it all away? For Pete's sake, the Shanghai market shows instability and Wall Street shits the bed. We're on the verge of recession.
There were times in history in which the US helped prevent other countries from making stupid mistakes. Now we are the ones making lots of stupid mistakes, and we're doing it over and over again.
How does it benefit the EU or anyone else to go along with our silly shenanigans (especially these ridiculous 'e-piracy', think-of-the-children policies)? They didn't with Iraq (for the most part) and escaped unscathed (mostly). Why not tell the current US administration to stop being stupid by not agreeing to participate in its bullshit?
We're really not a bad country or a bad people. Unfortunately, the filth has risen to the top. Certainly we can do our part to help stop all this, but voting takes time. Please help us stop this train speeding off its track by not supporting/recognizing the US' inane global commercialization laws and regulations. In the end, it will be better for all of us.
We are, as a world, beginning to define what a global economy really is. This is our (the world's) chance to make life better place for everyone, and even turn a buck doing it. Please help the US stop being stupid not for the sake of the Bush family or those that give us a bad name, but for the regular folks here who work to feed their families and really do want to spread freedom and wealth around the world.
Americans really aren't bad people. The leadership class just needs a little reminder every once in a while that they are PART of the world, not the fucking owners of it.
This is certainly no call for violence. Just a simple request that other countries not participate in nor support our stupidity.
Message contains 1 attachment: spam.gif
I admin for a moderately sized internet farm, and I can tell you this: If you take the amount of spam you see in your inbox, and multiply each spam by hundreds of thousands, you'll only just begin to get a glimmer of the amount of malicious or covert packets running around your own network, let alone from other networks.
Sadly, the day where internet facing services can go unmonitored and un-logged is past by seven years or more. Criminals are stealing millions of US dollars every day, day in and day out, and some times stealing tens or hundreds of millions. Data theft is rampant, espionage (corporate and government) is rife, trust is broken... It's a mad house out there.
One of the things we've done is to insert known "markers" in our own databases. These markers let us find how and who accessed a database, from where, what time, and what user/password were used to extract that data. In other situations, we've taken care to be able to trace the data flow. Some cases have arisen that made my hair stand on end, it was so bad.
No, the "wild west" days of the internet are at an end, and they must come to a close. Reasonable laws, reasonable requirements should and must be put on networks so that criminals can be brought to the bar for judgment of their crimes. To do any less is to fail civilization. And that's from someone who signs his posts with the below. It's a fine quandry I find myself in...
Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.
At work there are other considerations to use. But TLS is very simple. You can send the emails in plain text ... over an encrypted channel.
This is handy for me because it is far more likely that I'll have to grep through a month's worth of email looking for one message than it is that the government will have any LEGIT reason to search through the same mail.
But for just about everything you send from your personal account, spend some time and do it encrypted.
Well, here is the list of suckers so far.
A little disappointed to see Canada on there, but at least we didn't x the "signature without reservation as to ratification" box like the US did.
Anyway from my attempt at reading the treaty, it seems like all it *requires* is a country to make it possible for it's "competent authorities" to be able to record data when requested to do so. It doesn't say service providers are required to do more than facilitate this recording. See Article 20 and Article 21. This is still a pretty major loss of privacy, but not something we haven't seen before.
As for enforcing foreign laws and cooperate liability? I'm not seeing what the author claims on this one either. It looks like the country is expected to enact certain laws (nothing to do with Nazis), and make sure that there is always an entity responsible, even if it is a cooperation. Check your facts slashdot!!!
Ahh well, this whole thing, if it gets implemented, it will immediately cease to be that important as everyone rolls out strong end to end encryption in response. And thats probably a good thing if you think about it.
-- http://thegirlorthecar.com funny dating game for guys
We (those with technical abilities) can fully secure the Net - or a substantial subset of it. We could do it this year. But we won't, largely because we respect outlawry too much. Why? Because there are too many jackass laws. When governments stop persecuting people for free thought, for music, for sex (other than with children), for drugs, for spiritual practices and political involvements - then we can lock down the Net, knowing that our work isn't going to further greater evil than it prevents, won't be presenting governments with what they need to further destroy the true prosperity of individuals and societies.
And I say that as someone who firmly believes that governments are necessary and can (and sometimes do) do great good.
"with their freedom lost all virtue lose" - Milton
Yes they can, and the stupidest thing is that it doesn't matter if it's a crime here, if it's a crime in China then we would be obligated to spy on our own people for the benefit of China.
If you don't like it, you can't even complain to your elected representative because it's not a law in your own country and you don't elect the Chinese government.
This treaty directly applies the laws of foreign powers to enabled surveillance regardless of your home countries own laws.
It is totally unconstitutional in pretty much every country since there is no higher 'power' beyond the government of a country.
No incarceration without representation
Until they make encryption illegal. I think that's the next step when it doesn't work out for them.
jkerhi~uy@yy?>fdsalj9oyhuiyuio%$ewq!
In fact, they would be the only casualties. Any kid with knowledge of Basic would be able to create a tool to encrypt files.
You know, there is a difference between trolling and pointing out the flaws in your reasoning. Just saying.
In the time it'll take you to read this post, another $247 million dollars has been stolen from corporations. I, myself, just had my Visa card compromised for the 9th time this week. All my friends and family have their life savings disappear about one every other month, on average. Have you checked your online bank account in the last five minutes?
It's everywhere! It must be stopped! Like you, I am afraid to walk outside. The riots. The kidnappings. Security policies are a failure. The once-lauded firewalls have crumbled. Encryption is a joke. Passwords are too difficult! Only a brave hero like Captain Congress and the Guantanamo Brigade can save us from what clearly amounts to raw chaos in the streets.
The goddamn liberty bullshit must be sacrificed in order to stop the massive hemorrhaging that's destroying the very fabric our society. We need new laws; oodles of them. We can unemployment in our lifetime by quadrupling the number of law enforcement. Hire all the gamers to develop monitoring systems to scan the population. Implant those chips the Chinese used to control pigeons. Launch pre-crime. Build more prisons. Increase the laws. Increase invasiveness. It's for our own protection.
It's the only way to stop the burning tires on my street. The only way to put an end to the sinister criminal masterminds who are stealing millions of dollars day in and day out. The only went to end rampant data theft. The only want to stop the rife espionage. A shining light to restore trust in this fragile world.
Lock everything down. Or we're doomed. DOOMED!
This was pretty quick find in terms of the status in Canada:
Complementary or further amendments could be made to other existing laws , such as the Competition Act, in order to modernize them in accord with the Convention, notably in the areas of real-time tracing of traffic data (see section on Specific Production Orders below) and interception of e-mail.- we signed
- it isn't ratified by Parliament yet
- the bureaucrats are working on it
It is noted that a number of laws have to be changed in advance of ratification, so
There are a couple of beauties in here; the options being examined for the cost of building a required "interception capability" for ISP's include the ISP's paying for it, the ISP's paying for it when "significant upgrades" to their networks occur but not required to pay for changes to existing networks. This all adds up to the customer paying for the mechanisms that Johnny Law gets to use to bust those same customers. What a schmozzle in the making.
http://www.justice.gc.ca/en/cons/la_al/a.html
I don't have much of an alternative to contribute here, though. Crime on the Internet is apparently on the rise (I don't know if I believe stories of DOS-extortion, they always seem to be a rumour, not a news story, but maybe I'm naive). Internationally there needs to be a mechanism for a guy in France to charge a guy in Canada (yo MafiaBoy!) for DOS'ing his business, but this is Big Brother shit running wild.
Why aren't existing extradition treaties sufficient, and used in concert with whatever updates occur in the laws of respective countries? If you think someone's guilty, make your case in extradition court. Is the requirement of evidence so much higher for cyber-crime than other crimes?
[17] Leary, T., White, C., Wood, P. R., Bhabha, W. D., and Wirth, N. Lambda calculus considered harmful. In Proceedings
In case you missed my sarcasm, my point is that it is in no way "justice" (remember that word?) to raise penalties to offset the difficulty of catching criminals. Penalties for crimes are supposed to be in some way related to the severity of the crime. That's the notion of "justice". It's fair to weigh the penalty against the severity of the crime, not the difficulty to detect the crime.
Could they then demand that ISPs and/or LAN admins hand over information on who uploaded pictures to a magazine website, then use this information to demand the extradition of employees of any magazine that showed so much as a woman's bare ankle? Find out who uploaded Sports Illustrated Swimsuit Edition pictures and yank them over to Saudi Arabia for a public flogging followed by 15 years in jail?
An exaggeration, I'll admit, but just an extreme example of the types of things we could see if this is ratified by many nations. Just about anything you can think of is a criminal offense somewhere. Add extradition treaties and you get something quite scary.
I'm just glad that the retention requirement is impossible given today's technology. Even a small home LAN with a broadband connection would need a drive array with capacity measured in multiple Terabytes. A small enterprise network would require Petabytes. Fat chance!
Huh? Could you please explain the reasoning behind this? In my organization, we're rapidly moving toward encrypting all internal email (and as much external traffic as we can). I can't imagine any organization where there's NO data that isn't recognized as sufficiently sensitive that it should be protected when it's put in email. Even if it's just at the highest level (takeover offers, executive headhunting and salary negotiations, stuff like that), surely the top-level execs at your organization cannot believe that it's proper to leave all of their email in plain text on servers where an admin with sufficient privileges could read it.
Did you mis-state? Is the policy not *quite* universal?
Really, I find your statement fascinating and I just wanted a little background. TIA if you choose to reply.
although the courts cannot compel me to testify they can by god compel me to produce records that help to incriminate myself
every day http://en.wikipedia.org/wiki/Special:Random
It's data compression for efficiency with the added affect of business security.
Are you sure you responded to the right comment? I'm an American expat living in the EU, and I left America because of its rampant stupidity. I'm a "self-hating American", I suppose. And I found this guy's post to be very humble and critical of his own country. Nowhere in his post did he say that people outside the US have fewer rights than people in the US (nor would I make that idiotic claim). Are you just a troll? Honestly, there are plenty of perfectly good "stupid-ass redneck American" posts out there on Teh Intarweb without you having to fabricate outrage over a post which, really, is on the side of good (read: "unafraid to criticise the Big Bad US, even from the inside").
With spending like this, exactly what are "conservatives" conserving?