Tuesday, March 6, 2007

Cybercrime Treaty: What it Means to You In that vein, in August the Senate ratified the Convention on Cybercrime, drafted by the Council of Europe with considerable input from the United States. So far, 43 nations have signed on. The Convention includes many sensible provisions aimed at unifying global computer-crime laws, and closes loopholes that make it possible for criminals to escape prosecution by locating their activities offshore. But civil libertarians, along with leading telecommunications companies, strongly oppose the treaty. Civil libertarians are especially concerned about the sweeping authority given to participating countries to seize information from private parties as they investigate cybercrimes, even when the activity being investigated isn't a crime in the country where the data is located. If France is investigating a sale of Nazi memorabilia on eBay, the U.S. must cooperate, even though such transactions are not illegal in the U.S. Telecommunications companies object to provisions that require member countries to establish and enforce potent data-retention policies for network traffic, and require any operator of a computer network to respond to requests for information from any participating country without compensation of any kind. These are potentially serious problems, especially given that the Convention is open to any country that wants to join. But there are more practical reasons U.S. businesses should be concerned. The provisions for data retention and production apply to any operator of a computer network, not just telecoms. Worse, Article 12 attaches liability to businesses for "lack of supervision or control" of employees who commit criminal offenses covered by the Convention. Businesses must worry about employee activities that may be legal here, but illegal elsewhere, risking administrative, civil, or even criminal penalties. These investigative and supervision costs will invariably be imposed on businesses without any real controls. Worldwide law-enforcement agencies, in other words, may now avail themselves of the opportunity to outsource their most expensive problems to you. 9:53:57 PM

Cybercrime Treaty ó Hidden Costs For All. Cybercrime Treaty [~] Hidden Costs For All. linuxtelephony writes in with an article at CIO Insight about a cybercrime treaty drafted in Europe with help from the US. It has implications for just about everyone with a network. From the article: "Civil libertarians are especially concerned about the sweeping authority given to participating countries to seize information from private parties as they investigate cybercrimes, even when the activity being investigated isn't a crime in the country where the data is located... Telecommunications companies object to provisions that require member countries to establish and enforce potent data-retention policies for network traffic, and require any operator of a computer network to respond to requests for information from any participating country without compensation of any kind... The provisions for data retention and production apply to any operator of a computer network, not just telecoms... Worldwide law-enforcement agencies, in other words, may now avail themselves of the opportunity to outsource their most expensive problems to you." [Slashdot: Your Rights Online] 9:48:08 PM

Action Alert: Repeal the REAL ID Act! Action Alert: Repeal the REAL ID Act! The federal government has taken another step towards forcing you to carry a national ID in order to get on airplanes, open a bank account, enter federal buildings, and much more. But with state legislatures and Congressional representatives increasingly turning against the REAL ID Act, you can help stop this costly, privacy-invasive mandate -- voice your opposition now. On March 1, the Department of Homeland Security (DHS) released draft regulations [PDF] for implementing REAL ID, which makes states standardize drivers licenses and create a vast national database linking all of the ID records together. Once in place, uses of the IDs and database will inevitably expand to facilitate a wide range of tracking and surveillance activities. Remember, the Social Security number started innocuously enough, but it has become a prerequisite for a host of government services and been co-opted by private companies to create massive databases of personal information. REAL ID won't just cost you your privacy. The states and individual taxpayers bear the estimated 23 billion dollar burden of implementing the law, and that figure is probably low given that the necessary verification systems don't exist yet. And what will you get in return? Not improved national security, because IDs do little to stop those who haven't already been identified as threats, and wrongdoers will still be able to create fake documents. REAL ID is fundamentally flawed, and DHS' proposed regulations do nothing to change that. Thankfully, the tide is turning against REAL ID in a big way -- state legislatures around the country are passing or considering legislation rejecting its implementation, and Congress is considering repealing it. The DHS regulations mean that states must have an implementation plan ready by October 2007. Make sure your Congressional representatives support the repeal of REAL ID before it's too late. For more information, check out San Jose Mercury News' recent editorial opposing REAL ID as well as the ACLU's Realnightmare.org. [EFF: Deep Links] 9:24:48 PM

© Copyright 2007 Paul Hardwick. Last update: 3/18/07; 8:08:41 PM.