Europe's cyber crime treaty criticised as vague

The draft treaty is meant to addresses a need for basic cooperation on the approach to computer-crime laws in the 41 nations that belong to the Strasbourg, France-based council, along with the US, Canada and Japan, which also have worked on the treaty as observers.

The goal is to ensure that governments will be able to investigate and prosecute computer-related crimes across borders, including attacks on computer systems and crimes that involve the use of computer systems.

But US companies, especially Internet service providers (ISPs), telecommunications carriers and security companies, are worried that the treaty is too vague and could result in cases such as the 1997 prosecution of a CompuServe Deutschland executive in Munich, Germany, over pornography sites hosted by the ISP. They also worry that it could create cost burdens and violate individual countries' due-process laws.

Speaking at a panel discussion on global cyber crime, Prof. Henrik Kaspersen, chairman of the Council of Europe's Committee of Experts on Crime in Cyberspace, said the council was trying to find a "flexible and dynamic way" to write the treaty, which is designed to "approximate" the essence of the countries' laws rather than change the laws to harmonise them.

Efforts have been made to ensure that the treaty includes language to prevent data havens, a guarantee that signatories will have effective sanctions in place for punishing cyber criminals and assurances that countries will assist each other in the investigation of suspected cyber crimes, Kaspersen said during the discussion, which was sponsored by the Washington consulting company McConnell International.

Despite these efforts, James Dempsey, senior staff counsel for the Center of Democracy and Technology, criticised the draft treaty for failing to address privacy and representing creeping government authority over the flow of information.

"A lot of this treaty is being looked at in the United States as a backdrop of what many of us see as ongoing government efforts to control the design of this new technology and to control the government power," Dempsey said. "This treaty is viewed as another step in the effort of our government to extend ... surveillance mandates to the Internet."

Dempsey said the treaty's provisions apply to all criminal investigations, making it resemble a treaty on international law enforcement cooperation. Europe is trying to take a centralised, top-down set of concepts and apply them to the radically decentralised, user-controlled global medium, and the treaty "at this point doesn't mesh with what the Internet is and where it's heading," he said.

Jeffrey Pryce, special adviser on cyber security for the World Information Technology and Services Alliance (WITSA), a global consortium of IT associations currently led by the Information Technology Association of America, said among the IT companies' concerns are the draft treaty's definition of an ISP, which he said could be interpreted to mean any company or organisation that "engages in the normal business of electronic interaction."

Another provision of the treaty that has raised concern addresses access to a computer system "without rights," but Pryce said that could jeopardise the work of a security company that has been hired to try to hack into a company's system to identify weaknesses. Though such a case may be thrown out quickly, companies would be more comfortable if they didn't have to worry at all about being prosecuted, said Kimberly Claman, executive director of WITSA.

WITSA's criticism of the treaty was already on record. Last week the association expressed concern about some provisions of the draft, saying they could impose burdensome data-preservation requirements on ISPs, make ISPs liable for third-party actions; and restrict legitimate activities on the Internet. Kaspersen, who met privately Wednesday with US government officials and industry representatives to discuss the treaty, said he could not accept Dempsey's interpretation that the draft treaty's provisions apply to all crimes. The language is limited to "serious crime" and only crimes that involve computers, he said.

Kaspersen also said the committee has taken steps to involve a broad circle of interested parties, including the telecommunications and economics agencies of the various countries involved and industry representatives. Despite those efforts, the treaty's drafters have encountered familiar differences between European and US approaches to government regulation, he said. European companies have expressed some of the same concerns the US companies have expressed, but the European companies have gone directly to the council, whereas US companies have complained more openly.

He said the committee did not wish to leave privacy matters out of the treaty but was forced to because it was impossible to find one international standard for privacy protections. Kaspersen also said it was not the intent of the committee to criminalise the use of security tools that are used with the expressed authorisation of the company involved.

The latest version of the treaty was released in October. The council is working toward approving it in July, then sending it to member countries and the observer countries for signing or legislative approval.

Join the PC World newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Margret Johnston

PC World
Show Comments

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Armand Abogado

HP OfficeJet 250 Mobile Printer

Wireless printing from my iPhone was also a handy feature, the whole experience was quick and seamless with no setup requirements - accessed through the default iOS printing menu options.

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?