Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cybercrime Treaty — Hidden Costs For All

Posted by kdawson on from the externalizing-costs dept.

linuxtelephony writes in with an article at CIO Insight about a cybercrime treaty drafted in Europe with help from the US. It has implications for just about everyone with a network. From the article: "Civil libertarians are especially concerned about the sweeping authority given to participating countries to seize information from private parties as they investigate cybercrimes, even when the activity being investigated isn't a crime in the country where the data is located... Telecommunications companies object to provisions that require member countries to establish and enforce potent data-retention policies for network traffic, and require any operator of a computer network to respond to requests for information from any participating country without compensation of any kind... The provisions for data retention and production apply to any operator of a computer network, not just telecoms... Worldwide law-enforcement agencies, in other words, may now avail themselves of the opportunity to outsource their most expensive problems to you."

9 of 100 comments (clear)

  1. well... by mastershake_phd · · Score: 4, Insightful

    .....and closes loopholes that make it possible for criminals to escape prosecution by locating their activities offshore.

    Well it depends which shore, as long as there is a country that doesnt sign the treaty the dedicated criminals can avoid this while we suffer it.

    --
    Libertarian Leaning Political Discussion Forum.
    1. Re:well... by Anonymous Coward · · Score: 1, Insightful

      You shouldn't have to be treated like a criminal on the internet. This is why networks like anoNet (http://www.anonet.org/) exist, but with this treaty, Tor and other networks like it may be compromised. Fight against data retention, encrypt your communications, and even join an anonymous community. The Internet should be ours, not theirs.

  2. Unfair by cedricfox · · Score: 3, Insightful

    I don't like it one bit. This is another law designed to keep the good people afraid, uncertain, and doubtful, while providing us less security.

    --
    Did you ever get the feeling the story is too damn long and in the present tense?
  3. Re:data-retention policies for network traffic ??? by Anonymous Coward · · Score: 5, Insightful

    This is the reason we should make it as hard for them as possible to tell what's being sent.

    As long as the vast majority of connections are plaintext, it will be easy for the snoop-happy authorities to compress traffic down to the most important portions (URLs, text of IMs rather than protocol overhead, etc.) then log them permanently.

    If we encrypt everything, it will simply become infeasible to perform long-term dragnet surveillance of innocent people. When someone is suspected of a crime, police will need to investigate that specific person, rather than assume everyone alive is a criminal. If you work in a position where you have influence, where you can make programming and protocol design decisions, hopefully you'll take this into account and help stop the surveillance state before it encompasses everything.

    We need universal encryption for no less noble purpose than the preservation of any semblance of justice in society.

  4. Cybercrime Treaty: What it Means to You and I? by SmoothTom · · Score: 4, Insightful

    I have not had an opportunity to peruse the ins and outs of these new and proposed laws, but as a retired businessman, who runs a six node wired/wireless network for myself and family at home, I wonder if as a 'network operator' of my own private LAN I will need a few terabytes of storage, etc. to meet the retention requirements.

    Sounds ridiculous, but it all depends on the wording, eh?

    --Tomas

    1. Re:Cybercrime Treaty: What it Means to You and I? by Dunbal · · Score: 2, Insightful

      Backups? Got destroyed in the blizzard of aught-six.

            You reported the back-ups lost within 90 days of the blizzard, didn't you citizen? I'm sure you wouldn't want to spend 2 years in jail for forgetting to file the appropriate form...like it says right here in subsection 39 paragraph C part xii...

      --
      Seven puppies were harmed during the making of this post.
  5. Re:In through the back door by drmerope · · Score: 4, Insightful
    Just watch as US passes laws restricting rights to "comply with the treaty" they helped draft

    Yes this one reason why those people who advocate the idea that treaties can trump the Constitution do not appear to apprehend all of the consequences. This is one point at least that Scalia et al do get right: allowing defacto amendment of the Constitution via the treaty process could significantly impair our Constitutional protections.

  6. Potential for abuse important, not overriding by buss_error · · Score: 4, Insightful
    Some good points about possible abuses have been raised, and not a few real problems too. These should be addressed; however, the problem on the internet today are so over-arching that something must be done. Not the law in it's present form, but SOMETHING.


    I admin for a moderately sized internet farm, and I can tell you this: If you take the amount of spam you see in your inbox, and multiply each spam by hundreds of thousands, you'll only just begin to get a glimmer of the amount of malicious or covert packets running around your own network, let alone from other networks.

    Sadly, the day where internet facing services can go unmonitored and un-logged is past by seven years or more. Criminals are stealing millions of US dollars every day, day in and day out, and some times stealing tens or hundreds of millions. Data theft is rampant, espionage (corporate and government) is rife, trust is broken... It's a mad house out there.

    One of the things we've done is to insert known "markers" in our own databases. These markers let us find how and who accessed a database, from where, what time, and what user/password were used to extract that data. In other situations, we've taken care to be able to trace the data flow. Some cases have arisen that made my hair stand on end, it was so bad.

    No, the "wild west" days of the internet are at an end, and they must come to a close. Reasonable laws, reasonable requirements should and must be put on networks so that criminals can be brought to the bar for judgment of their crimes. To do any less is to fail civilization. And that's from someone who signs his posts with the below. It's a fine quandry I find myself in...

    --
    Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.
  7. Re:Encrypt the channel. by Seumas · · Score: 2, Insightful

    Yeah, but encrypting transport methods only secures you against snooping. The greater problem is targeted retrieval and review of content. In my opinion, a company should want to encrypt the data as well. Perhaps they can have some master key for urgent or legal situations, but there is no reason every email from every employee should be sitting unencrypted in the mailstore for any number of people to access and read. Not to mention, if your system is ever the victim of malicious attack that allows access to the mailstore, encrypted data will mean very little to the attacker.

    Anyway, I really do hope that encryption becomes a more default and intrinsic part of email applications. I'd love to encrypt all of my communications, but taking the time to convince and assist every person you communicate with via jabber and email to employ similar methods would be both prohibitive and impossible. It's hard enough trying to convince the average person as to why they shouldn't just throw their social security numbers at every person that asks for them.