From: Carey Lening (firstname.lastname@example.org)
Date: Mon Jan 17 2000 - 15:06:51 PST
This just looks fugly. I don't care how any of the governments are trying
to rationalize this. Too many things are included as possible 'bad' while
they neglect many other things (for instance, spam is not included as a
target, but hacking tools are). It also makes note that government/law
enforcement who wish to implement digital wire tapping need to implement it
in their national legislation. Where is the line drawn for country to
country eavesdropping? IN the politech article (which is referenced in
this ) they make note of more potential things to go after, such as
pornography, child pornography (seperated from the prior) and racist
speech/web pages. Very scary stuff.
Here's the cybercrime treaty information:
And here's the politech mail message.
Date: Thu, 13 Jan 2000 15:23:17 +0100 (CET)
From: Maurice Wessling <email@example.com>
Subject: cybercrime treaty
I've just submitted this to slashdot. Many people on this list will have
to worry about it. It will make your job a lot more difficult.
The Council of Europe is preparing a so-called "Cybercrime"
treaty. European countries, the USA, Canada, Japan and
South Africa are involved in the talks. There is no draft
made public but a letter of the Dutch minister of Justice to
the Dutch parliament is mentioning some of the details of
what is discussed during the negotiations about the treaty.
The draft is prepared by an ad-hoc group of experts
(PC-CY) who will have to finish their work by the end of
2000. There is only a Dutch language version of the letter
(if you can read Dutch, I've put it on
One part of the treaty is of particular interest to Slashdot
readers. The treaty will outlaw hacking tools. A summary
(not a word-by-word translation):
Protection against so-called CIA-crimes (confidentiality,
integrity and availability) of public and closed networks
and systems: computer hacking, unauthorized eavesdropping,
unauthorized changing or destroying of data (either stored
or in transport). In discussion are also denial of service
attacks to public and private networks and systems. This
will probably not cover spam.
The treaty will outlaw the production, making available or
distribution of hardware and software tools to do the
above-mentioned (hacking, denial of service, eavesdropping,
etc.). The letter does not mention the possession of these
The treaty will also outlaw sites with lists of passwords or
codes that give unauthorized access to computer systems
(this is not about copyright related serials and cracks).
The letter explicitly points out that as a result of this
treaty countries that wish to implement digital wiretapping
or the use of hacking tools by law enforcement need to
implement that in their national legislation.
This definitely sounds like a bad idea. The public will get
a false sense of safety, security experts can not do their
work and software producers and system administrators will
loose an important stimulation to improve the quality of
Other points in the treaty:
There is only agreement upon child pornography.
The countries involved could not agree upon racist speech
and pornography in general. European countries wanted to
include racist speech but the USA blocked this. On the other
hand, European countries did not want to include pornography
in general as some others wanted to (the letter doesn't
Child pornography is defined here as "the realistic
depiction of a child involved in sexual behavior". It does
not matter if children were actually involved in the
fabrication of the material. It explicitly includes material
with adult actors impersonating as children or computer
animations. Cartoons with a non-realistic character are not
included in the definition.
The letter states a broad international consensus about this
The treaty defines the procedures of investigating the
content of email. The treaty tries to follow regimes for
search warrants when email is stored and warrants for
tapping of telecommunication when email is in transport.
Under circumstances (not further explained in the letter)
the person subject of a search warrant which involves stored
email can be ordered to keep the search secret to prevent
damage to the further investigation.
border crossing aspects of computer and network search
Law enforcement can not cross borders during the search of a
computer network. The draft outlines a procedure in which an
official request is necessary to the other country to
complete the search. All members of treaty will establish a
national contact point where such request can be handled
fast. In most cases this will be the Interpol contact point.
Discussions are ongoing about accessing a computer in
another country to which the person that gets the warrant
already has authorized access. Is that a border crossing of
law enforcement competence? Do the authorities in the other
country need to be informed?
There is no agreement yet about the status of information
that was accidentally gathered from systems in other
countries during a network search. One possibility is that
that country gets a veto right on the use of that
preservation order to admins of public or private networks
The treaty will define a preservation order that can be
given to the admin of the public or private network. Such an
order is intended to log traffic data (not content) that
would normally be lost immediately or as soon as that data
is not important anymore for the maintenance of the network
(according to privacy rules).
The treaty will force countries to implement digital
wiretapping into their national laws. Both of public and
As the Netherlands already have digital wiretapping laws
this section is not discussed extensively in the letter.
This archive was generated by hypermail 2b29 : Wed Jan 19 2000 - 15:03:09 PST