Collaboration

Cybercrime treaty raises privacy and commerce questions

Today, your enterprise probably enjoys the same rights in cyberspace as in the real world. Soon, it may not. Find out why some fear a proposed treaty may reshape the Internet from a medium of free speech to a medium used for government spying.


U.S. companies have spent millions lobbying for and winning their rights online. From a landmark Supreme Court ruling that upheld freedom of speech on the Internet to this year's Internet tax moratorium, American corporations have always assumed the Internet would offer the same freedoms they enjoy in the “real” world.

That assumption may no longer be true.

That's because for the last four years, officials from the U.S. Justice Department have shuttled to and from Strasbourg, France, helping forge a treaty they say they need to assure international police cooperation when Internet investigations cross international borders. Completion could come as early as this September, and signers may begin ratifying as early as next year.

Costly but not private
No one quibbles over catching criminals. But multinationals led by AT&T and AOL Time Warner say the Council of Europe Treaty on Cyber Crime would place huge financial burdens on almost anyone who runs a Web site or operates a computer network, while obliterating safeguards against overzealous searches. Critics got a look at the treaty for the first time last summer, more than three years after negotiations began.

Daniel Ebert is president of the Net Coalition trade group, which includes AOL Time Warner in its membership. "Our concern is that the offenses under the convention are overly broad," Ebert says. "The mechanism for enforcing them would put service providers in the position of becoming Internet police." And David Banisar, deputy director of the human-rights group Privacy International, fears signatories will use the treaty as a pretext for intrusive surveillance. "The treaty wants to turn the Internet from a great medium for free speech into a great medium for government spying."

Depending on how signatories read the proposed treaty, opponents say, the agreement could require companies to keep detailed records and clickstream data on their customers at great expense and under questionable legal authority. It could also force ISPs to monitor their customers to make sure they were not infringing upon others' copyright on pain of legal penalties.

Consumers' use of others' copyrighted materials a la Napster could suddenly become a matter for the criminal courts in many countries, critics say. Worse still, they claim, child pornography provisions could turn ISPs into professional porn surfers responsible for watching their servers and turning over to police anyone they think may be violating the law.

All of these things could come to pass, they say, because of the loose wording of the treaty.

Who supports it?
Software, motion picture, and recording companies that don't run large networks of their own are the only major business groups supporting the draft treaty. "While piracy is a crime in the U.S., it isn't in other countries," says Emery Simons, a lawyer who represents the content providers before the Justice Department. "We think it's really important for police to go after these people and have a basis for stopping them."

The Justice Department's Computer Crime and Intellectual Property Section Chief Martha Stansell-Gamm says critics are fearful of a treaty that won't do most of the things they claim it will.

Stansell-Gamm says the treaty assures that signers have adequate copyright protection in place, while giving police the tools they need to investigate infringement. If countries go overboard writing laws to implement the treaty, she says, it won't be because of the treaty itself.

"One of the difficulties we have encountered is: A treaty is what it is," Stansell-Gamm says. "It is difficult to put in writing all the things that it isn't."

What's more, she says, police must standardize the way they preserve computer crime evidence. If they don't, hackers will continue to operate with impunity in most countries. "Countries agree it's important to be able to freeze certain data related to criminal investigations very quickly," she says. "Much of this data does not stay around very long. [U.S. law] already allows for this."

Justice Department officials have spent much of the last six months addressing some industry concerns through a lengthy "explanatory memorandum" prepared by a committee within the Council. That memorandum will be the official interpretation of the treaty.

Yet here, too, the treaty falls short, critics say. Memorandum or not, each signer can still interpret the treaty as it wishes. And given recent experiences in Europe (a French judgment banning the sale of Nazi artifacts, a British law requiring that citizens decode encrypted message on demand, and the placement of eavesdropping devices in every Russian ISP, ready to snoop on communications from anywhere in the world), opponents may have lots to worry about.

Growing opposition
One bright spot for antitreaty forces: Privacy commissioners, technology executives, and politicians in various European countries have begun to take notice as the treaty emerges from the Council. Jeffrey Pryce, an attorney for the World Information Technology and Services Alliance in Arlington, VA, said treaty backers were on the defensive when they presented to those groups in Paris and Brussels in March. And a recent white paper released by the European Commission deemed the treaty unacceptable under the continent's strict privacy protection guidelines.

Now, both sides are preparing for the coming fights in signers' home countries. Opponents say they hope they will get more help from national legislatures than the police representatives who dominated the Council of Europe negotiations.

The treaty is expected to emerge from the council sometime in September. From there, it goes to member countries. If five members plus two nonmember countries sign on, it's official. Here's hoping the United States isn't one of them.

Where do you stand?
What’s your take on the questions raised by this article? Do you support or oppose the Council of Europe Treaty on Cyber Crime? Where do you stand on the issue of fighting crime vs. privacy? Is there an inherent opposition between the two? Send us your thoughts by e-mail or post a comment below.

 

Editor's Picks