Privacy Treaty a Global Invasion?

WASHINGTON — Civil liberty groups are vexed over a proposed treaty that would grant more surveillance powers to U.S. and European police agencies, and expand copyright crimes.

WASHINGTON — Civil liberty groups are vexed over a proposed treaty that would grant more surveillance powers to U.S. and European police agencies, and expand copyright crimes.

Thirty groups — from North America, Asia, Africa, Australia and Europe — said this week that the treaty “improperly extends the police authority of national governments” and places the privacy of Internet users and the freedom of computer programmers at risk.

In a long letter to Walter Schwimmer, the Council of Europe’s secretary general, the groups advise the participating governments to delay action on the treaty and consult with technical and privacy experts instead.

“It’s a direct assault on legal protections and constitutional protections that have been established by national governments to protect their citizens,” says Marc Rotenberg of the Electronic Privacy Information Center. “It’s both an end run by police agencies and a bit of policy laundering by the U.S. Department of Justice to get more (surveillance) authority.”

Rotenberg said EPIC and other groups wanted to rally opposition to the measure before a summit of participating nations next week in Berlin.

The U.S. has helped craft the Council of Europe’s proposal, which is expected to be finalized within the next few months, making it the first computer crime treaty. The draft treaty is designed to aid police in investigations of online miscreants in cases where attacks or intrusions cross national borders.

It would:

  • Make it a crime to create, download, or post on a website any “device, including a computer program, designed or adapted” primarily to gain access to a computer system without permission. Also banned is software designed to interfere with the “functioning of a computer system” by deleting or altering data.
  • Allow authorities to order someone to reveal his or her pass-phrase for an encryption key. According to one survey, only Singapore and Malaysia have enacted such a requirement into law, and experts say that in the United States it could run afoul of constitutional protections against self-incrimination.
  • Internationalize a U.S. law that makes it a crime to possess even digital images that “appear” to represent children’s genitals or children engaged in sexual conduct. Linking to such a site also would be a crime.
  • Require websites and Internet providers to collect information about their users, a rule that would potentially restrict anonymous emailers.
  • Require each country signing the treaty “to establish as criminal offences under its domestic law the infringement of copyright.” Currently the United States appears to be the only country where sharing software or music with a friend — what lawyers call “nonprofit infringing” — is a crime.

Restricting security-related software is not a wise choice, the groups say.

The letter argues: “We believe that this concept lacks sufficient specificity to ensure that it will not become an all-purpose basis to investigate individuals engaged in computer-related activity that is completely lawful. As technical experts have made clear, this provision will also discourage the development of new security tools and give government an improper role in policing scientific innovation.”

Technical experts have said Article 6 of the measure, titled “Illegal Devices,” could ban commonplace network security tools like crack and nmap, which is included with Linux as a standard utility.

Groups participating in the letter include Russia’s Human Rights Network,the U.K.’s Privacy International, the LINK Center in Africa, France’s IRIS, the American Civil Liberties Union, and the Canadian Journalists for Free Expression.

Representing the United States in the drafting process is the Justice Department’s Computer Crime and Intellectual Property section, which chairs the G-8 subgroup on high-tech crime and also is involved with a cybercrime project at the Organization of American States. In December 1997 Reno convened the first meeting on computer crime of the G-8 nations.

The Council of Europe is not affiliated with the European Union, and includes over 40 member nations, including Russia, which joined in 1996.

After the Council of Europe’s expert group finalizes the proposed treaty, the full committee of ministers must adopt the text. Then it will be sent to countries for their signatures and subsequent legislation to create the new civil and criminal offenses. Comments can be sent to daj@coe.int.

Author: Declan McCullagh

News Service: Wired News

URL: http://www.wired.com/news/politics/0,1283,39519,00.html