Story: COE Cyber Crime Treaty Debated, 12/11/00

(December 11, 2000) Council of Europe Representative Henrik Kaspersen defended the Draft Treaty on Cyber Crime at a panel discussion in Washington DC on December 7.

Henrik Kaspersen, Chairman of Committee of Experts on Crime in Cyber-Space, of the Council of Europe (COE), was a member of a panel discussion held at the Johns Hopkins School of Advanced International Studies. "We do not want to leave privacy apart from the convention," said Kaspersen. "we share an interest in the protection of the rights of the individual."

Kaspersen, an avuncular Dutch professor, is in the United States to try to allay concerns about the COE draft cyber crime treaty.

Two other panelists, James Dempsey and Jeffrey Price, both criticized the Council of Europe Draft Treaty on Cyber Crime for expanding government authority, and reducing individual privacy.

Bruce McConnell opened the discussion by presenting a study that he prepared on the state of cyber crime laws in various nations. The study was based on a survey mailed to 120 nations. 42 provided responses. The report did not utilize the international collections of law libraries.

He found that "only nine of these nations have amended their laws to cover more than half of the kinds of crimes that need to be addressed. While many of the others have initiatives underway, it is clear that a great deal of additional work is needed before organizations and individuals can be confident that cyber criminals will think twice before attacking valued systems and information.

James Dempsey was not impressed with the McConnell study. He pointed out that it found that China's laws prohibited only three of the ten activities that McConnell concluded should be criminalized. Dempsey suggested that China already has too many Internet laws. Dempsey also made a similar point with respect to France, which he criticized for its recent ruling against Yahoo.

Dempsey argued that the COE draft treaty would enable governments to use new technologies to increase their surveillance powers.

"I think the sense of most citizens is that if you look at the broad sweep of this technology, the Internet revolution -- digital communications technologies that have now become so completely interwoven into our lives -- if you look at, why do we have these technologies in the first place? They are to generate, collect, share vast sets of information. And, governments are taking advantage of precisely those technologies for their surveillance purposes, and I believe, that on balance, if you look at this technology objectively, you would have to conclude that the vast sweep of this revolution has benefited governments, and government power -- the ability of governments to collect information."

Jeffrey Pryce focused on details contained in the draft treaty. He stated that the definition of Internet Service Provider (ISP) is overbroad. He condemned the language pertaining to illegal access, which provides that access is illegal unless permitted. He stated that this is just the opposite of the fundamental legal principal that all activity is legal, unless prohibited.

He also criticized the treaty for criminalizing conduct which is already made illegal by existing laws. This, said Pryce, creates an unnecessary duplication of prohibitions.

The panel also took questions from the audience. John Ryan of America Online stated that the draft treaty should not provide for liability of ISPs. Kaspersen responded that "we don't have provider liability in the convention." Pryce then added that ISP liability could arise under the "aiding and abetting" language.

David Banisar, a Senior Fellow at the Electronic Privacy Information Center (EPIC), told Tech Law Journal after the event that there are errors in the McConnell International report, and cited examples regarding the report's summaries of cyber crime laws in China and Malaysia.

Wayne Madsen, a Senior Fellow at EPIC, told Tech Law Journal after the event that the draft cyber crime treaty is another example of "policy laundering" by the U.S. Department of Justice. According to Madsen, the DOJ cannot get some of the provisions contained in the draft treaty through the U.S. Congress, or even the EU, so it has attempted to persuade the COE to include them in a treaty proposal.

Excerpts from Remarks of James Dempsey.
December 7, 2000.

The second section of the treaty is about surveillance, government ___, government is going to require anybody with computer data to freeze that data, in anticipation of any government request for production of that data, search and seizure of computers, interception, real time, of communications and transactional data related to computers. And those provisions, let me make clear, those provisions apply to all crimes.

The interception authority that countries would be bound to adopt would be interception authority, search and seizure authority, access to stored data authority, for all crimes. So we are saying in the Internet is somehow different, and that we therefore need to adopt special rules and laws for the Internet, and yet that we are using that as the basis for expanding government surveillance authority with respect to all kinds of crimes.

The third element of the treaty deals with international cooperation, across borders, specifically requiring one government to implement or carry out or enforce or cooperate to enforce the seizure and seizure, surveillance, data access requests from another government. And again, these provisions apply to all criminal investigations. So, in many respects, it is a treaty on international law enforcement cooperation.

And since this began, we think about how is the Internet different, and how is it the same. The Internet obviously makes -- has implications -- for law enforcement procedures, implications for law enforcement cooperation. In some respects it is harder to investigate crime on the Internet. But, in some respects it is easier with digital technology to investigate.

I think the sense of most citizens is that if you look at the broad sweep of this technology, the Internet revolution -- digital communications technologies that have now become so completely interwoven into our lives -- if you look at, why do we have these technologies in the first place? They are to generate, collect, share vast sets of information. And, governments are taking advantage of precisely those technologies for their surveillance purposes, and I believe, that on balance, if you look at this technology objectively, you would have to conclude that the vast sweep of this revolution has benefited governments, and government power -- the ability of governments to collect information.

The FBI had one case recently in which in a single case they collected enough computer evidence to fill the Library of Congress one and one half times. That is the power of this technology, and that is the ability of governments to utilize this technology for their investigative purposes.

So, then, when we look at the treaty itself, what do we see? Substantive criminal laws, surveillance authorities, transborder cooperation. What is missing? What is missing from this treaty is anything ____.

Worldwide one of the central policy issues of our time, which is privacy, which is the relationship between governments and individuals in the face of the power of this technology. And we hear that, 'well, yes, we don't have that in there, but privacy was impossible to deal with hear because there are too many different legal systems.' And yet we have a judgment in this treaty that we will have, that we have too many legal systems, we have insufficient laws, so we will address the criminal provisions.

...

A lot of this treaty is being looked at in the United States against the backdrop of what many of us see as ongoing government efforts to control the design of this new technology, to control it in order to expand government surveillance powers. Here, you have a technology, GPS, now being built into cell phones. Nice. Convenient. Tremendous. But, also tremendous tracking and surveillance potential in that technology if it is not build in properly, and not subject to sufficient rules.