Friday, August 04, 2006

Enforcing the world's Internet laws in the U.S.

The United States Senate has, after a three-year delay, ratified the Convention on Cybercrime. This treaty requires United States law enforcement to help other countries enforce their cybercrime laws against offenders in the United States--even if the actions are not illegal in the United States.

There was an option for the Senate to attach an amendment to the treaty that said the FBI would only aid in cases where the crime in the foreign country was also a crime here ("dual criminality"), but they did not take that option, at the behest of the Bush Administration and the Senate Foreign Relations Committee. The result is that other countries that have ratified the treaty can force U.S. law enforcement to conduct searches, seizures, and surveillance on U.S. citizens who are doing things that are legal in the U.S., but illegal in those countries, which is the main concern that has been raised by the Electronic Frontier Foundation, the Technology Liberation Front, Ed Brayton at Dispatches from the Culture Wars, and Declan McCullagh in his discussion of the treaty at ZDNet.

A list of current signatories can be found at the Council of Europe's website.

Looking at the actual content of the treaty, I don't think it's as bad as the critics have made it sound. The treaty targets specific crimes in chapter II, section 1, Titles 1-5, and I don't see how it could be expanded to cover things like the Internet sale of or discussion of products that are illegal in other countries.

Title 1 covers crimes which involve "Offences against the confidentiality, integrity and availability of computer data and systems," which include illegal access to computers, illegal interception of data traffic, data interference (intentional damage or destruction of data), system interference (e.g., denial of service), and misuse of devices. The last item seems to be the most potentially problematic, but it is qualified to say that the signatories need not enforce that one, and that it only applies to devices intended to be used for the other offenses (i.e., it carves out an exception for security testing).

Title 2 covers computer-related forgery and computer-related fraud.

Title 3 covers child pornography.

Title 4 covers copyright, which imposes nothing worse than is already in place in the United States.

Title 5 covers ancillary liability--aiding and abetting the aforementioned offenses, and corporate liability for participation in such offenses.

The problematic provisions are in chapter III, on international cooperation. Title 3 on mutual assistance provides for the possibility of requiring dual criminality--which I agree is the way the Senate should have gone. But it appears to me that the wording is such that it only mandates mutual assistance for the offenses listed in titles 1-5 (articles 1-11 within those titles).

If this really mandated the U.S. to go after people in the U.S. who are doing things like selling Nazi memorabilia in violation of French law, wouldn't other countries be worried about the U.S. ratification on the grounds that they could go after online gambling in their countries?

No comments: