The United States recently joined close to 30 other countries in signing the Council of Europe's Convention on Cybercrime, the first international treaty designed to increase its signatories' ability to fight computer-related crimes. Although the changes to U.S. law, required if the Convention were ratified by the Senate, are moderate considering existing legislation, the adoption of these new standards would have far-reaching effects not only on criminal enforcement, but also on the privacy rights enjoyed by U.S. citizens and businesses.
The Statute of the Council of Europe, signed in London in 1949, created the body that would be dedicated to "agreements and common action in economic, social, cultural, scientific, legal and administrative matters and in the maintenance and further realisation of human rights and fundamental freedoms." (Article 1[b]) The Convention on Cybercrime is the result of several years of preparation aimed at attacking the growing, global threats of internet and other network-related crime. Depleting millions of dollars from global banks from the comfort of a bedroom, releasing bugs like the 'I Love You' virus, copyright infringement, internet piracy and the distribution of child pornography are all offenses to which countries have lately turned their collective attention. The broad approval of this treatise is a testament to the importance of these issues in our growingly-linked world community, as not only European Community States but also non-member states like the U.S., Canada, Japan and South Africa have signed the document. Indeed, the U.S. Department of Justice was instrumental in the development of the final accord.
The preamble to the Convention emphasizes an objective of pursuing international cooperation in criminal policy among the States. Various provisions would accomplish things like imposing corporate liability for failure to effectively supervise employees, requiring that each country provide for the preservation and production of stored computer data, ensuring that each signatory has the ability to collect traffic and content data in real time, and setting up a system of cooperation among nations for the investigation and monitoring of cybercrime.
To a certain extent it is the cooperation referred to in the Convention that has some people worried here in the U.S., especially since ratification in the Senate seems assured. Many companies fear they will be swamped with subpoenas for computer data as investigators in other countries take advantage of the breadth of the accord. Processing these requests costs money and strains network systems, though revisions in the treaty's surveillance requirements guarantee that only the "existing technical capability" of service providers will be necessary. Nonetheless, the U.S. is generally regarded as the center of the Internet and will undoubtedly have to entertain a large volume of requests related to many international investigations.
Concerns about privacy also dominate. Collection of personal information and the monitoring of information systems use will surely increase, and the general exchange of sensitive information between countries, some having data protection standards far below others, evokes concern in people like Mike Godwin, chief correspondent of IP Worldwide. He believes the dominant role played by the U.S. Department of Justice and the Federal Bureau of Investigation in the drafting of the document is essentially an attempt by the government to create a law enforcement body that favors government action at the expense of the rights of citizens and businesses. In his article, "International Treaty on Cybercrime Poses Burden on High-Tech Companies," Godwin discusses the prospect of these invasive practices being adopted not only by the U.S., but also by various other countries whose histories do not necessarily reflect strong checks on police power. Contemplating some of the situations that adherence to the Convention would make possible certainly creates doubt and even fear in U.S. citizens who are used to the fundamental and relatively broad protections guaranteed by our Constitution and local laws.
These issues will undoubtedly receive increased attention in the near future, especially considering the political climate of the past several months. An attack on crime in all its forms on a global level is unquestionably a priority of the day, but it remains to be seen how our government, and the governments of the other Convention signatories, balance the need for a criminal crackdown with the equally critical need to maintain our basic freedoms.
For the complete text of the Convention on Cybercrime, as well as supporting materials including an Explanatory Report, go to: http://conventions.coe.int/Treaty/EN/projets/FinalCybercrime.htm
For a comprehensive FAQ sheet on the Convention, visit:
http://www.usdoj.gov/criminal/cybercrime/COEFAQ.htm
For the complete text of Mike Godwin's April 2001 article in IP Worldwide, visit: http://www.law.com/cgi-bin/gx.cgi/AppLogic+FTContentServer?pagename=law/View&c=Article&cid=ZZZD3WRL5LC&live=true&cst=1&pc=0&pa=0&s=News&ExpIgnore=true&showsummary=0
To read an article by Declan McCullagh entitled, "Cybercrime Solution Has Bugs, " go to: http://www.wired.com/news/politics/0,1283,36047,00.html
