© Jean Lecointre, Paris
|
Cybercrime
convention:
one false move, and you’re a hacker!
In 1997, a
Council of Europe working group formed by law enforcement officials and interior
ministers from select COE member countries, the U.S., Canada and Japan began drafting
an international convention on cybercrime. Since then, the treaty has gone through
25 drafts.
Unlike similar actions at the OECD, civil liberties and industry associations were
not invited to participate. The Committee met behind closed doors for several years
and did not release a draft until April 2000. Instead of openly discussing the proposal,
the COE asked people to submit comments via the Internet. Despite the hundreds of
emails sent, only minor changes have been made to the original draft.
The treaty is extremely law-enforcement oriented, barely mentioning civil liberties,
human rights or corporate interests. The basic premise is that behaviour is prohibited
unless allowed. The first section creates broad new categories for computer crimes
that could, for example, outlaw the development of basic tools to test the security
of computer systems.
The treaty also expands the definition of hacking to include violations of contracts
and the terms of service posting on websites. One example: bypassing the main page
(and the advertising) of a commercial site to reach an inner page would be a violation
of law. Similarly, Internet service providers could be held liable if their users
link to child pornography, even if they are not aware of it. Average citizens could
even be held guilty for putting incorrect information on web forms to protect their
privacy.
Governments would also have the mandate to enact broad new powers on wiretapping,
real-time collection of traffic data as well as the search and seizure of information.
Most strikingly, the draft treaty fails to incorporate the COE’s long-standing human
rights protections. When asked publicly why the proposal has nothing on procedural
protections for civil liberties, the chair said that it would be too difficult to
come up with privacy standards, perhaps inadvertently admitting that the members
of the panel knew very little about the subject.
GILC and industry associations led by AT&T and the International Chamber of Commerce
have recently begun working together to oppose the convention. The companies are
primarily concerned about the costs of redesigning systems and undertaking surveillance
activities on behalf of governments. They also fear being held liable for the actions
of their users or third parties.
Whether this NGO/corporate alliance will manage to overhaul or stop the treaty remains
to be seen. Not only must they reverse years of secretive negotiations, but the unity
of the groups has yet to be tested. Many companies sit on the opposite side of NGOs
when dealing with the protection of consumers’ personal data.
www.gilc.org/privacy
|
|
Cyber-rights
and business groups are fighting a proposed cybercrime treaty. While there is strength
in numbers, the groups’ diversity may prove too much for the coalition to bear
As you flip through
the pages of this March issue, members of the Council of Europe will be poring over
a blueprint to force its countries and others around the world to dramatically increase
surveillance and invade your privacy in the name of preventing cybercrime (see
box).
An eclectic coalition of civil rights and corporate groups however, has launched
an offensive against the proposed cybercrime treaty as well as a battery of controversial
national laws and international standards.
Not surprisingly, the first privacy campaign emerged in the U.S., an Internet stronghold,
against the infamous Clipper Chip. According to the government, this cryptographic
device would have offered a standard for securing private voice communication. Two
government agencies would have held the “keys,” to be handed out only with “legal
authorization.” Privacy-minded citizens quickly saw the dangers of this in light
of the federal government’s history of illegal domestic surveillance. In 1994, 50,000
people—a hefty chunk of the cybernaut population—signed the largest Internet petition
of its time against the proposal, which died soon after.
Perhaps the most striking feature in the battle to protect privacy has been the diversity
of groups involved. The year 1996 saw a motley crew of immigration groups, gun-owners,
liberals and conservatives band together to oppose legislation that would notably
have extended wiretapping and allowed for more investigations of political groups.
Irish-American and Arab-American associations joined out of concern that they would
be more aggressively targeted in the “war on terrorism.” Meanwhile, the fear of a
more invasive government rallied gun-owners alongside groups from across the ideological
spectrum. Once again, by tapping the Internet’s power to organize and disseminate
information, they shelved the legislation.
But this ad hoc co-operation is based on shaky ground. There was considerable coordination,
for example, between civil liberties groups and the industry to oppose the 1994 Communications
Assistance for Law Enforcement Act, which requires telecommunications carriers to
modify their equipment, facilities and services in order to comply with authorized
electronic surveillance. Yet once the industry received a promise of government funding
to implement the law, it quickly abandoned the coalition. Corporate representatives
then jumped sides again and sued the government over implementation rules in a controversy
that is still brewing.
Old
enemies become new allies
With
the Internet’s growth, the privacy battle is becoming increasingly international.
Most Western European countries have at least one cyber-rights group, a trend that
is spreading across the continent and Asia, particularly in Japan. At the same time,
existing human rights groups have also started to focus on the Internet. All it takes
is for a single national government to ban free speech on the Web and the issue instantly
takes on a global character.
For decades, international bodies like the Organisation for Economic Co-operation
and Development (OECD), the Council of Europe and the European Union (EU) have been
developing international standards relating to privacy, free speech and other civil
liberties issues. Their work has included brokering common rules on data protection
and encryption policy to promote e-commerce. While some government representatives
have put a stronger emphasis on protecting human rights, economic interests have
clearly dominated the debate, strongly influenced by the International Chamber of
Commerce, a powerful lobby of industry groups. Today, by pressuring governments bilaterally
and multilaterally, the U.S. is leading the efforts to expand surveillance worldwide.
This pressure amounts to what privacy advocates call “policy laundering”: by pushing
other governments into accepting controversial plans like the Clipper Chip, international
standards will be developed which will in turn force the U.S. Congress to accept
proposals it had originally rejected.
To respond with more muscle to these trends, a new opposition front emerged in 1996:
the Global Internet Liberty Campaign (GILC), started by the Electronic Privacy Information
Center, Human Rights Watch and the American Civil Liberties Association. The group
now represents over 50 NGOs from some 30 countries. GILC operates by consensus. Member
organizations propose specific actions such as drafting letters to world leaders,
releasing reports and holding conferences. Member groups then agree to join in the
action.
GILC and groups like the Trans-Atlantic Consumer Dialogue (TACD) are making inroads
into the policy processes. Perhaps the most tangible signs of their success are the
frequent invitations to participate in OECD meetings. But the movement has just one
foot in the door: the next step lies in strengthening the role of NGOs outside the
U.S. The problem lies in the old Achilles heel of international movements: a lack
of funding. |
