Council of Europe Convention on Cybercrime
The U.S. Department of Justice web site provides background information on the Council of Europe Convention on Cybercrime. The DoJ states that since "the late 1980s, the CoE has been working to address the growing international concern over the threats posed by hacking and other computer-related crimes. In 1989, it published a study and recommendations addressing the need for new substantive laws criminalizing certain conduct committed through computer networks. ... This was followed by a second study, published in 1995, which contained principles concerning the adequacy of criminal procedural laws in this area. ... Building on the principles developed in the 1989 and 1995 reports, in 1997 the CoE established a Committee of Experts on Crime in Cyberspace (PC-CY) to begin drafting a binding convention to facilitate international cooperation in the investigation and prosecution of computer crimes."
The United States, a non-CoE State, was invited to participate as an "observer" during both the 1989 and 1995 Recommendations, as well as "in the development of the Convention on Cybercrime." The United States, as well as other non-CoE States (Canada, Japan, and South Africa), participated in Convention negotiations and, "by virtue of their having participated in the Convention's elaboration, ... [they] have the right to become Parties to the Convention, and all have in fact signed it."
According to the DoJ, "the Convention breaks new ground by being the first multilateral agreement drafted specifically to address the problems posed by the international nature of computer crime. Although we believe that the obligations and powers that the Convention requires the U.S. to undertake are already provided for under United States law, the Convention makes progress in this area by (1) requiring signatory countries to establish certain substantive offenses in the area of computer crime, (2) requiring Parties to adopt domestic procedural laws to investigate computer crimes, and (3) providing a solid basis for international law enforcement cooperation in combating crime committed through computer systems."[1]
"The working group assigned to draft the Convention concluded its activities in May, 2001. The Convention was opened for signature at a signing ceremony in Budapest, Hungary on November 23, 2001, during which 30 countries signed the Convention (including 26 member States of the Council of Europe, and the four observer States that participated in the negotiations). Since that time, additional States have signed."[2]
"The terms of the Convention require that it will enter into force only once it has been ratified by five countries, at least three of which are member States of the Council of Europe. As of October 2003, the Convention has been ratified by three countries (Albania, Croatia, and Estonia) all of which are members of the Council of Europe."[3]
"The United States was one of 30 countries (including 26 member States and three other observers) that signed the Convention on November 23, 2001 in Budapest. On November 17, 2003, President George W. Bush transmitted the Convention to the Senate with a view to receiving its advice and consent to ratification."[4]
On January 21, 2004, Inter Press News Service's Haider Rizvi reported that, "After delaying for about two years, U.S. President George W. Bush recently asked the U.S. Senate to ratify the Council of Europe Convention on Cybercrime, a global agreement apparently created to help police worldwide cooperate to fight Internet crimes."[5]
- "The treaty criminalizes acts such as hacking and the production, sale or distribution of hacking tools, and expands criminal liability for intellectual property violations that nations must have on their books as crimes."
- "The agreement also makes it mandatory for each participating nation to grant new powers of search and seizure to its law enforcement authorities, including the power to force an Internet service provider (ISP) to preserve a customer's usage records and to monitor his or her online activities as they occur."
The President's position is that this is "'the only international treaty to address the problems of computer-related crime and electronic evidence gathering ... [and] promises to be an effective tool in the global effort to combat computer-related crime.'"
However, "civil libertarians say [that ratification] would pose threats to privacy rights at home and abroad ... [and] independent legal experts and right activists on both sides of the Atlantic are skeptical about such claims." Barry Steinhardt of the American Civil Liberties Union says that "'This is a bad treaty that not only threatens core liberties, but will obligate the United States to use extraordinary powers to do the dirty work of other nations.' ... Steinhardt wonders why Bush decided to request ratification now. 'We are trying to understand why the U.S. government did not do anything two years ago ... They had abandoned this (treaty). I think it's all related to 9/11. But it's a mystery to us.'" Cedric Laurent, a senior policy fellow at the Electronic Privacy Information Center, says that EPIC is also opposed to the treaty.
"Rights groups are also worried about the possible use of new surveillance devices like Carnivore, the 'Internet-tapping' system used by the Federal Bureau of Investigation (FBI) to intercept communications.
"Unlike wiretaps, which are set up by a telephone company on behalf of authorities, Carnivore allows law enforcement agents direct access to entire ISP networks, far beyond the scope of powers those agents now have.
"When the U.S. Congress passed the infamous Patriot Act I to boost law-enforcement in response to the September 11, 2001 terrorist attacks, it authorized the use of Carnivore for collecting information on Internet addresses and traffic. But it stopped short of permitting the system to be used to eavesdrop on actual content."
Also see U.S. Department of Justice web page on the Convention on Cybercrime's Frequently Asked Questions and Answers(Update as of November 10, 2003).