Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cybercrime Treaty — Hidden Costs For All

Posted by kdawson on from the externalizing-costs dept.

linuxtelephony writes in with an article at CIO Insight about a cybercrime treaty drafted in Europe with help from the US. It has implications for just about everyone with a network. From the article: "Civil libertarians are especially concerned about the sweeping authority given to participating countries to seize information from private parties as they investigate cybercrimes, even when the activity being investigated isn't a crime in the country where the data is located... Telecommunications companies object to provisions that require member countries to establish and enforce potent data-retention policies for network traffic, and require any operator of a computer network to respond to requests for information from any participating country without compensation of any kind... The provisions for data retention and production apply to any operator of a computer network, not just telecoms... Worldwide law-enforcement agencies, in other words, may now avail themselves of the opportunity to outsource their most expensive problems to you."

13 of 100 comments (clear)

  1. data-retention policies for network traffic ??? by l2718 · · Score: 5, Informative

    Someone must be a bit confused methinks. It is not now (and will never be) technologically feasible to keep a record of network traffic over any non-trivial amount of time.

    1. Re:data-retention policies for network traffic ??? by Anonymous Coward · · Score: 5, Insightful

      This is the reason we should make it as hard for them as possible to tell what's being sent.

      As long as the vast majority of connections are plaintext, it will be easy for the snoop-happy authorities to compress traffic down to the most important portions (URLs, text of IMs rather than protocol overhead, etc.) then log them permanently.

      If we encrypt everything, it will simply become infeasible to perform long-term dragnet surveillance of innocent people. When someone is suspected of a crime, police will need to investigate that specific person, rather than assume everyone alive is a criminal. If you work in a position where you have influence, where you can make programming and protocol design decisions, hopefully you'll take this into account and help stop the surveillance state before it encompasses everything.

      We need universal encryption for no less noble purpose than the preservation of any semblance of justice in society.

    2. Re:data-retention policies for network traffic ??? by max+born · · Score: 4, Interesting

      If we encrypt everything, it will simply become infeasible to perform long-term dragnet surveillance of innocent people.

      Until they make encryption illegal. I think that's the next step when it doesn't work out for them.

      But really, what's new? Never in the history of humanity has there not been one group of people who felt it their god given right to tell another group of people what to say and think.

      Don't be lulled into thinking these folks are here to protect you.

      Just like the increased powers of search and seizure, designed to protect us from the terrorists, are used mostly to bust people for possession of pot; so the draconian measures enacted to save from the cyber criminals will mostly be used to bust you for downloading your favorite music.

    3. Re:data-retention policies for network traffic ??? by Seumas · · Score: 3, Interesting

      Of course, there is a lot of email that can NOT be encrypted. For example, my company has a strict policy that encrypting any communications can be cause for immediate termination. So while encrypting email is fine for personal communications sent through personal accounts via non-company networks and hardware, it still leaves a huge swath of communications open.

      Frankly, I would love to see all email clients come with built-in encryption in such a manner that you NEED to create a key (it could be a very simple process) and that all email will be communicated via that key and encryption by default. Otherwise, all you have is a bunch of people (like me) who really wish we could communicate via encrypted methods all the time, but know that 95% of the people we communicate with will not, can not and do not have a way to receive and read them

      In the long run, it won't matter. Denying a request to search your home or car or person will be probable cause in and of itself. And encrypting any communications will become enough probable cause in and of itself to consider you suspect.

      I would love to see personal privacy and civil liberties upheld without any exception, but I think we are only heading downhill in the long run. I expect to see all expectation of privacy eradicated within my lifetime. You need only look to things such as the prevalence of public cameras on city streets to "stop crime" and parents fingerprinting their children as if having their fingerprints will somehow imbue them with a magical protection against kidnapping or molestation to see where society is headed.

  2. well... by mastershake_phd · · Score: 4, Insightful

    .....and closes loopholes that make it possible for criminals to escape prosecution by locating their activities offshore.

    Well it depends which shore, as long as there is a country that doesnt sign the treaty the dedicated criminals can avoid this while we suffer it.

    --
    Libertarian Leaning Political Discussion Forum.
  3. Unfair by cedricfox · · Score: 3, Insightful

    I don't like it one bit. This is another law designed to keep the good people afraid, uncertain, and doubtful, while providing us less security.

    --
    Did you ever get the feeling the story is too damn long and in the present tense?
  4. Makes me want to.... by Em+Ellel · · Score: 5, Funny

    ...set up a small state, join the treaty, declare storage of any credit card information illegal and then demand that all companies doing business online turn over all their credit card information, as well as arrest of all of their employees...Could be fun....

    -Em

    --
    RelevantElephants: A Somatic WebComic...
  5. Can China join this by wannabgeek · · Score: 4, Interesting

    And demand information about bloggers posting from even outside their country?

    --
    I'm much more funny, interesting and insightful than the moderators think
  6. Cybercrime Treaty: What it Means to You and I? by SmoothTom · · Score: 4, Insightful

    I have not had an opportunity to peruse the ins and outs of these new and proposed laws, but as a retired businessman, who runs a six node wired/wireless network for myself and family at home, I wonder if as a 'network operator' of my own private LAN I will need a few terabytes of storage, etc. to meet the retention requirements.

    Sounds ridiculous, but it all depends on the wording, eh?

    --Tomas

  7. Re:In through the back door by drmerope · · Score: 4, Insightful
    Just watch as US passes laws restricting rights to "comply with the treaty" they helped draft

    Yes this one reason why those people who advocate the idea that treaties can trump the Constitution do not appear to apprehend all of the consequences. This is one point at least that Scalia et al do get right: allowing defacto amendment of the Constitution via the treaty process could significantly impair our Constitutional protections.

  8. If only.. by aero2600-5 · · Score: 3, Interesting
    If only the police would do their jobs, this wouldn't be necessary.

    What crimes can this help fight that can't be helped in other ways? As it is, everything leaves a digital trail, if not a physical one.

    Let's name some 'horrible' crimes. The only truly horrible crime I can think of on the internet is child pornography. It appears that, in light the large number of recent events, that they already know how to investigate this crime. In the event that didn't have a reasonable track record, there are still methods to combat this. The children are somewhere, find them. They're missing from somewhere, start there. There is money being made, follow that. The pervs get into these groups, so could the cops. The laws are pretty clear about child pornography: Have anything to do with it, and you'll go to jail for a long time.

    Let's talk about other crimes. DDOS? Will this law help stop Distributed Denial of Service attacks? Not likely. Most DDOS attacks are done remotely using a net of bots. This law would require terabytes worth of retained data created by these bots, while the people that created the bot-net will have done so in a manner that isn't traceable. This law won't help any.

    How about selling contraband over the internet? This law isn't necessary. The contraband is being created somewhere. The item is being shipped somewhere. Money is being transferred. There are standard methods to track all of this. The contraband is a physical item. Find it, you lazy fucks.

    In short, requiring network operators to retain a record of every digital transmission is a lot like banning guns. Ban guns, and then only the criminals will have them. Require that ISPs keep records, and then only the criminals will be able to move freely about the internet.

    Hey Keystone Kops, want to catch more bad guys? Work together better with your cohorts in other countries. Share that legally acquired data more efficiently. You found this item here. They're looking for this item there. Put two and two together, assholes.

    Why should network operators have to pick up the slack for inefficient and incompetent law enforcement?

    Aero

    "Any society that would give up a little liberty to gain a little security will deserve neither and lose both."
    --
    Please stop hurting America -- Jon Stewart
  9. HELP! by photomonkey · · Score: 5, Interesting

    I am an American, and I love my country. I am, however, getting really sick and tired of constantly watching my country crap all over everyone's rights (or in some cases, preempt people from HAVING rights) both here and abroad all for the sake of a few super-mega-corps; all the while, we're pretty powerless to immediately end any of it.

    As I sit back and watch all the industry in this country die as we make the shift to a service-based economy, I watch us become less important in the global marketplace. Sure we have lots of cash (read: power) now, but what happens when we piss it all away? For Pete's sake, the Shanghai market shows instability and Wall Street shits the bed. We're on the verge of recession.

    There were times in history in which the US helped prevent other countries from making stupid mistakes. Now we are the ones making lots of stupid mistakes, and we're doing it over and over again.

    How does it benefit the EU or anyone else to go along with our silly shenanigans (especially these ridiculous 'e-piracy', think-of-the-children policies)? They didn't with Iraq (for the most part) and escaped unscathed (mostly). Why not tell the current US administration to stop being stupid by not agreeing to participate in its bullshit?

    We're really not a bad country or a bad people. Unfortunately, the filth has risen to the top. Certainly we can do our part to help stop all this, but voting takes time. Please help us stop this train speeding off its track by not supporting/recognizing the US' inane global commercialization laws and regulations. In the end, it will be better for all of us.

    We are, as a world, beginning to define what a global economy really is. This is our (the world's) chance to make life better place for everyone, and even turn a buck doing it. Please help the US stop being stupid not for the sake of the Bush family or those that give us a bad name, but for the regular folks here who work to feed their families and really do want to spread freedom and wealth around the world.

    Americans really aren't bad people. The leadership class just needs a little reminder every once in a while that they are PART of the world, not the fucking owners of it.

    This is certainly no call for violence. Just a simple request that other countries not participate in nor support our stupidity.

    --
    Message contains 1 attachment: spam.gif
  10. Potential for abuse important, not overriding by buss_error · · Score: 4, Insightful
    Some good points about possible abuses have been raised, and not a few real problems too. These should be addressed; however, the problem on the internet today are so over-arching that something must be done. Not the law in it's present form, but SOMETHING.


    I admin for a moderately sized internet farm, and I can tell you this: If you take the amount of spam you see in your inbox, and multiply each spam by hundreds of thousands, you'll only just begin to get a glimmer of the amount of malicious or covert packets running around your own network, let alone from other networks.

    Sadly, the day where internet facing services can go unmonitored and un-logged is past by seven years or more. Criminals are stealing millions of US dollars every day, day in and day out, and some times stealing tens or hundreds of millions. Data theft is rampant, espionage (corporate and government) is rife, trust is broken... It's a mad house out there.

    One of the things we've done is to insert known "markers" in our own databases. These markers let us find how and who accessed a database, from where, what time, and what user/password were used to extract that data. In other situations, we've taken care to be able to trace the data flow. Some cases have arisen that made my hair stand on end, it was so bad.

    No, the "wild west" days of the internet are at an end, and they must come to a close. Reasonable laws, reasonable requirements should and must be put on networks so that criminals can be brought to the bar for judgment of their crimes. To do any less is to fail civilization. And that's from someone who signs his posts with the below. It's a fine quandry I find myself in...

    --
    Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.