This story appeared on Network World Fusion at

'Net Insider:

Crime and freedom

By Scott Bradner
Network World, 11/19/01            

This Friday, the Council of Europe's new "Convention on Cybercrime" is due to be formally ratified at a meeting in Budapest. It is a broad-brush approach to crime in the networked age. It has been a long time in development, and it will take a while to figure out the extent of its impact.

Although the council ( comprises 43 mostly European countries, its conventions are often signed by countries outside Europe, including the U.S. Once signed, conventions are supposed to be supported by laws within the signing countries. If the U.S. signs this convention its provisions are supposed to apply here as well as in Europe.

The convention explicitly deals with data network service providers, including private corporate networks and any entity that stores or processes data for others (including caches). It aims to improve the means to prevent and suppress computer-related crime by establishing a common minimum standard of relevant offenses.

It has five basic sections:

1. "Offenses against the confidentiality, integrity and availability of computer data and systems," which among other things, criminalizes hacker tools and publishing passwords;

2. "Computer-related offenses," where ordinary crimes, such as fraud or forgery, are committed through the use of a computer system;

3. "Content-related offenses," specifically child pornography. There was talk of including "racist propaganda," but the U.S. and others objected on free speech grounds;

4. "Offenses related to infringements of copyright and related rights";

5. "Ancillary liability and sanctions," dealing with corporate liability and collection of traffic data and interception of content data.

The convention also defines a "24/7 Network," which involves law enforcement contacts available 24 hours per day, 7 days per week, ready to rush to preserve data, locate suspects and so on. (See, DocFinder: 6929) for a copy of the convention and supporting documents.)

The final preratification action on this convention came the same day that a court in California reaffirmed the supremacy of the U.S. Constitution, at least here, by ruling that a French court order telling Yahoo to remove Nazi memorabilia from its online auctions was invalid in the U.S. At the same time, the Europeans proceeded with trying to ban racist speech on the Internet by creating a separate side agreement to the convention. The U.S. would presumably not sign the side agreement.

In spite of lots of nice words in the COE convention and the reassuring words used by the U.S. Attorney General when talking about the new U.S. antiterrorism law, I fear that we are now at the start of a process that will take many years to resolve, if it can be resolved at all. The business of governments is to govern, and the free flow of ideas enabled by the Internet is too often seen as a threat to orderly government and sometimes is. But the fight to combat crime (or terrorism) is too often an excuse to adjust the balance between the individual and government to the risk of the individual.

Disclaimer: There are lots of individuals at Harvard; this is the opinion of one.

All contents copyright 1995-2002 Network World, Inc.