title: Crime and Freedom
by: Scott Bradner
Next Friday the Council of Europe's (COE) new "Convention on
Cybercrime" is due to be formally ratified at a meeting in Budapest. It is
a broad-brush approach to crime in the networked age. It has been a long time
in development and it will take a while to figure out the extent of its impact.
Even though the
Council of Europe (http://www.coe.int) is comprised of 43 mostly European countries
its conventions are often signed by countries outside Europe, including the
U.S. Once signed, conventions are
supposed to be supported by laws within the signing countries. I.e., if the U.S. signs this convention
its provisions are supposed to apply in the U.S. as well as Europe.
The convention deals with
data network service providers explicitly including private corporate networks
and anyone that stores or processes data for others (including caches). It aims to improve
the means to prevent and suppress computer- or computer – related crime
by establishing a common minimum standard of relevant offences.
It has five basic
sections: 1: "offences against the confidentiality, integrity and
availability of computer data and systems," which among other things
criminalizes hacker tools & publishing passwords; 2: "computer-related
offences," where ordinary crimes that are committed through the use of a
computer system - e.g.,
computer-related fraud and forgery, 3: "content-related offences,"
specifically child pornography - there was talk of including "racist
propaganda" but the U.S. and others objected on free speech grounds; 4:
"Offences related to infringements of copyright and related rights;"
and 5: 'Ancillary liability and sanctions," dealing with corporate
liability and collection of traffic data and interception of content data. The convention also defines a
"24/7 Network," which are
law enforcement contacts available 24 hours per day, 7 days a week ready
to rush to preserve data, locate suspects, etc.
(See
http://www.statewatch.org/news/2001/sep/22cybercrime.htm for a copy of the
convention and supporting documents.)
The final pre-ratification
action on this convention came the same day as a court in California reaffirmed
the supremacy of the U.S. Constitution, at least in the U.S., by ruling that a
French court order telling Yahoo to remove Nazi memorabilia from its on-line
auctions. At the same time the Europeans decided to proceed with trying to ban
racist speech on the Internet by creating a separate side agreement to the
convention. The U.S. would
presumably not sign the side agreement.
In spite of lots of nice
words in the COE convention and the reassuring words used by the U.S. Attorney
General when talking about the new U.S. antiterrorism law, I fear that we are
now at the start of a process that will take many years to resolve, if it can
be resolved at all. The business
of governments is to govern and the free flow of ideas enabled by the Internet
is too often seen as a threat to orderly government and sometimes is. But the
fight to combat crime (or terrorism) is too often an excuse to adjust the
balance between the individual and government to the risk of the individual.
disclaimer: There are lots of
individuals at Harvard, this is the opinion of one.