Europe's cyber crime treaty criticised as vague

The draft treaty is meant to addresses a need for basic cooperation on the approach to computer-crime laws in the 41 nations that belong to the Strasbourg, France-based council, along with the US, Canada and Japan, which also have worked on the treaty as observers.

The goal is to ensure that governments will be able to investigate and prosecute computer-related crimes across borders, including attacks on computer systems and crimes that involve the use of computer systems.

But US companies, especially Internet service providers (ISPs), telecommunications carriers and security companies, are worried that the treaty is too vague and could result in cases such as the 1997 prosecution of a CompuServe Deutschland executive in Munich, Germany, over pornography sites hosted by the ISP. They also worry that it could create cost burdens and violate individual countries' due-process laws.

Speaking at a panel discussion on global cyber crime, Prof. Henrik Kaspersen, chairman of the Council of Europe's Committee of Experts on Crime in Cyberspace, said the council was trying to find a "flexible and dynamic way" to write the treaty, which is designed to "approximate" the essence of the countries' laws rather than change the laws to harmonise them.

Efforts have been made to ensure that the treaty includes language to prevent data havens, a guarantee that signatories will have effective sanctions in place for punishing cyber criminals and assurances that countries will assist each other in the investigation of suspected cyber crimes, Kaspersen said during the discussion, which was sponsored by the Washington consulting company McConnell International.

Despite these efforts, James Dempsey, senior staff counsel for the Center of Democracy and Technology, criticised the draft treaty for failing to address privacy and representing creeping government authority over the flow of information.

"A lot of this treaty is being looked at in the United States as a backdrop of what many of us see as ongoing government efforts to control the design of this new technology and to control the government power," Dempsey said. "This treaty is viewed as another step in the effort of our government to extend ... surveillance mandates to the Internet."

Dempsey said the treaty's provisions apply to all criminal investigations, making it resemble a treaty on international law enforcement cooperation. Europe is trying to take a centralised, top-down set of concepts and apply them to the radically decentralised, user-controlled global medium, and the treaty "at this point doesn't mesh with what the Internet is and where it's heading," he said.

Jeffrey Pryce, special adviser on cyber security for the World Information Technology and Services Alliance (WITSA), a global consortium of IT associations currently led by the Information Technology Association of America, said among the IT companies' concerns are the draft treaty's definition of an ISP, which he said could be interpreted to mean any company or organisation that "engages in the normal business of electronic interaction."

Another provision of the treaty that has raised concern addresses access to a computer system "without rights," but Pryce said that could jeopardise the work of a security company that has been hired to try to hack into a company's system to identify weaknesses. Though such a case may be thrown out quickly, companies would be more comfortable if they didn't have to worry at all about being prosecuted, said Kimberly Claman, executive director of WITSA.

WITSA's criticism of the treaty was already on record. Last week the association expressed concern about some provisions of the draft, saying they could impose burdensome data-preservation requirements on ISPs, make ISPs liable for third-party actions; and restrict legitimate activities on the Internet. Kaspersen, who met privately Wednesday with US government officials and industry representatives to discuss the treaty, said he could not accept Dempsey's interpretation that the draft treaty's provisions apply to all crimes. The language is limited to "serious crime" and only crimes that involve computers, he said.

Kaspersen also said the committee has taken steps to involve a broad circle of interested parties, including the telecommunications and economics agencies of the various countries involved and industry representatives. Despite those efforts, the treaty's drafters have encountered familiar differences between European and US approaches to government regulation, he said. European companies have expressed some of the same concerns the US companies have expressed, but the European companies have gone directly to the council, whereas US companies have complained more openly.

He said the committee did not wish to leave privacy matters out of the treaty but was forced to because it was impossible to find one international standard for privacy protections. Kaspersen also said it was not the intent of the committee to criminalise the use of security tools that are used with the expressed authorisation of the company involved.

The latest version of the treaty was released in October. The council is working toward approving it in July, then sending it to member countries and the observer countries for signing or legislative approval.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Margret Johnston

PC World
Show Comments

Father’s Day Gift Guide

Brand Post

PC World Evaluation Team Review - MSI GT75 TITAN

"I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it."

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?