title: Crime and Freedom
by: Scott Bradner
Next Friday the Council of Europe's (COE) new "Convention on Cybercrime" is due to be formally ratified at a meeting in Budapest. It is a broad-brush approach to crime in the networked age. It has been a long time in development and it will take a while to figure out the extent of its impact.
Even though the Council of Europe (http://www.coe.int) is comprised of 43 mostly European countries its conventions are often signed by countries outside Europe, including the U.S. Once signed, conventions are supposed to be supported by laws within the signing countries. I.e., if the U.S. signs this convention its provisions are supposed to apply in the U.S. as well as Europe.
The convention deals with data network service providers explicitly including private corporate networks and anyone that stores or processes data for others (including caches). It aims to improve the means to prevent and suppress computer- or computer – related crime by establishing a common minimum standard of relevant offences.
It has five basic sections: 1: "offences against the confidentiality, integrity and availability of computer data and systems," which among other things criminalizes hacker tools & publishing passwords; 2: "computer-related offences," where ordinary crimes that are committed through the use of a computer system - e.g., computer-related fraud and forgery, 3: "content-related offences," specifically child pornography - there was talk of including "racist propaganda" but the U.S. and others objected on free speech grounds; 4: "Offences related to infringements of copyright and related rights;" and 5: 'Ancillary liability and sanctions," dealing with corporate liability and collection of traffic data and interception of content data. The convention also defines a "24/7 Network," which are law enforcement contacts available 24 hours per day, 7 days a week ready to rush to preserve data, locate suspects, etc.
(See http://www.statewatch.org/news/2001/sep/22cybercrime.htm for a copy of the convention and supporting documents.)
The final pre-ratification action on this convention came the same day as a court in California reaffirmed the supremacy of the U.S. Constitution, at least in the U.S., by ruling that a French court order telling Yahoo to remove Nazi memorabilia from its on-line auctions. At the same time the Europeans decided to proceed with trying to ban racist speech on the Internet by creating a separate side agreement to the convention. The U.S. would presumably not sign the side agreement.
In spite of lots of nice words in the COE convention and the reassuring words used by the U.S. Attorney General when talking about the new U.S. antiterrorism law, I fear that we are now at the start of a process that will take many years to resolve, if it can be resolved at all. The business of governments is to govern and the free flow of ideas enabled by the Internet is too often seen as a threat to orderly government and sometimes is. But the fight to combat crime (or terrorism) is too often an excuse to adjust the balance between the individual and government to the risk of the individual.
disclaimer: There are lots of individuals at Harvard, this is the opinion of one.