Eight nations are considering major modifications of their criminal law as they prepare for accession to the Council of Europe’s Convention on Cybercrime. The convention, adopted by the council in November 2001, remains the only binding international treaty addressing Internet-related crimes.
Argentina, Brazil, Colombia, Egypt, India, Indonesia, Nigeria, and the Philippines may shortly join the 22 nations that have ratified the treaty.
The United States acceded to the convention in 2006. Then-Attorney General Alberto R. Gonzales said at the time, “The Cybercrime Convention–the first of its kind–will be a key tool for the United States in fighting global, information-age crime. This treaty provides important tools in the battles against terrorism, attacks on computer networks, and the sexual exploitation of children over the Internet, by strengthening U.S. cooperation with foreign countries in obtaining electronic evidence.
“The convention is in full accord with all U.S. constitutional protections, such as free speech and other civil liberties, and will require no change to U.S. laws,” Gonzalez continued.
“U.S. acceptance of the convention didn’t occur until many of the privacy concerns were addressed,” said Jeffrey Pryce, counsel at Steptoe & Johnson LLP.
Provisions were included to clarify the treaty would not mandate data retention or the use of specific interception technology, Pryce said. Other changes limited vicarious liability, and thereby offered more balanced risks and burdens for Internet service providers and communications networks.
“It’s primarily a law enforcement treaty; it provides a more regular avenue for the prosecution of crimes,” Pryce said. “But it extends beyond just Internet-related crimes, so some privacy groups still think it has insufficient privacy protections.”
Among those groups are the Electronic Privacy Information Center (EPIC) and the American Civil Liberties Union.
The convention “threatens core legal protections, in the United States Constitution, for persons in the United States,” EPIC said in opposing ratification of the treaty.
According to EPIC, the convention creates “invasive investigative techniques while failing to provide meaningful privacy and civil liberties safeguards, and specifically lacking judicial review and probable cause determinations required under the Fourth Amendment.”
The treaty goes beyond just attempting to protect against virtual criminals, Pryce notes. He said the convention’s rules for electronic evidence-gathering mean foreign authorities may request, and expect to receive, data from U.S.-based Internet service providers and other data holders.
Daniel Ballon, a senior fellow in technology studies at the Pacific Research Institute, finds those provisions troubling. “I am concerned about a broad international cybercrime treaty because other countries do not necessarily respect America’s fundamental constitutional rights,” he said.
Ballon cautioned against what he sees as the convention’s implicit endorsement of expanded government power, noting, “Law enforcement agencies have a legitimate interest in protecting their citizens, but new technologies are not an excuse for the government to claim vast surveillance and censorship powers.”
Ballon added, “Law enforcement agencies should remember that companies [also] have a legitimate interest in the safety of their customers. Therefore, the free market will provide more than sufficient incentive to ensure that service providers develop and implement the most effective and least intrusive technologies for protecting their users.”
Phil Britt ([email protected]) writes on technology issues from South Holland, Illinois.