NGO Statement on Draft COE Crime Convention
Dear Council of Europe Secretary General Walter Schwimmer
and COE Committee of Experts on Cyber Crime,
We write to you on behalf of a wide range of civil society
organizations from around the world to object to the proposed
Convention on Cyber-Crime. We believe that the draft treaty is
contrary to well established norms for the protection of the
individual, that it improperly extends the police authority of
national governments, that it will undermine the development of
network security techniques, and that it will reduce government
accountability in future law enforcement conduct.
Specifically, we object to provisions that will require Internet
Service Providers to retain records regarding the activities of
their customers. (Articles 17, 18, 24, 25). These provisions pose a
significant risk to the privacy and human rights of Internet users
and are at odds with well established principles of data protection
such as the Data Protection Directive of the European Union. Similar
communications transaction information has been used in the past to
identify dissidents and to persecute minorities. We urge you not to
establish this requirement in a modern communication network. In our
view the whole of Article 18 is incompatible with Article 8 of the
ECHR and with the jurisprudence of the European Court of Human
Rights.
We further object to the conception of "Illegal Devices" set out in
Article 6. We believe that this concept lacks sufficient specificity
to ensure that it will not become an all-purpose basis to
investigate individuals engaged in computer-related activity that is
completely lawful. As technical experts have made clear, this
provision will also discourage the development of new security tools
and give government an improper role in policing scientific
innovation.
We also object to the dramatic extension of copyright crimes in the
proposed Article 10. It is hardly a settled matter that criminal
penalties are the appropriate remedy for copyright infringement, nor
do the underlying treaties referenced impose such requirements. New
criminal penalties should not be established by international
convention in an area where national law is so unsettled. More
generally, we disagree with initiatives that allow for mutual
assistance without dual-criminality. This requirement is central to
preserving the sovereign authority of nations.
Additionally, we believe that clear procedures must be agreed upon
in international investigations, and that no law enforcement agency
within a different jurisdiction should act on behalf of another nation
without clear investigative procedures within its own jurisdiction.
Different countries have different procedures, admittedly, but now
is the opportunity to harmonize them, on the condition that we
assure a high level of consistency on individual rights protections.
The criminal provisions of Articles 9 and 11 could lead to a
chilling effect on the free flow of information and ideas. Imposing
liability on Internet Service Providers for third party content
places an unreasonable burden on providers of new network services
and will encourage inappropriate monitoring of private
communications.
Article 14 setting out the requirements for search and seizure of
stored computer data lacks necessary procedural safeguards to
safeguard the rights of the individual and to ensure due process of
law. In particular, there is no effort to ensure that an independent
judicial review, ensuring the respect of basic freedoms and
liberties, occurs before a search by the state is undertaken. Such
searches would constitute an "arbitrary interference" under
international legal norms.
Articles 14 and 15 could establish a requirement for government
access to encryption keys that would compel individuals to
incriminate themselves which may well be incompatible with
Article 6 of the European Convention on Human Rights and with the
jurisprudence of the European Court of Human Rights. We also question
the ambiguity that arises within this same article on government
access to decryption keys. The Council of Europe should clarify this
provision so that member countries do not take the convention to be
a mandate for passing legislation allowing for self-incrimination.
We also object in very strong terms to the manner under which this
proposal was developed. Police agencies and powerful private
interests acting outside of the democratic means of accountability
have sought to use a closed process to establish rules that will
have the effect of binding legislation. We believe this process
violates requirements of transparency and is at odds with democratic
decisionmaking.
Privacy experts have made clear their opposition to this proposal.
One expert warned that efforts to develop an international
convention on "Cyber crime" would lead to "fundamental restrictions
on privacy, anonymity and encryption."
Data Protection officials have made clear their opposition to this
proposal. The International Working Group on Data Protection in
Telecommunications earlier criticized attempts to require
maintaining traffic data and recommended improvements in security
over new criminal laws.
Technical experts have made clear their opposition to this proposal.
A letter from leading security practitioners, educators, and vendors
states that "the proposed treaty may inadvertently result in
criminalizing techniques and software commonly used to make computer
systems resistant to attack" and that the proposed treaty "would
adversely impact security practitioners, researchers, and
educators."
Now a wide range of organizations representing civil society across
the world make clear our opposition to this proposal.
We believe that any proposal to create new investigative and
prosecutorial authority should include a careful consideration of
articles 8 and 10 of the European Convention on Human Rights and the
related jurisprudence of the European Court of Human Rights. We do
not believe that these instruments were given adequate consideration
in the development of this proposal. Further, we believe that the
OECD Cryptography Policy Guidelines and the OECD Guidelines for the
Security of Information Systems reflect a more balanced, forward-looking
view of the need to promote strong security techniques to reduce the
risk of computer crime than the proposal now under consideration.
Finally, the Universal Declaration of Human Rights speaks directly
to the obligations of government to protect the privacy of
communication and to preserve freedom of expression in new media.
Article 12 states that "No one shall be subjected to arbitrary
interference with his privacy, family, home or correspondence."
Article 19 further states that "Everyone has the right to freedom of
opinion and expression; this right includes freedom to hold opinions
without interference and to seek, receive and impart information and
ideas through any media and regardless of frontiers."
We urge you not to approve the treaty proposal at this time. We, the
undersigned, are ready to support the CoE with experts in the area
to provide a better version of the document, aimed not only at
punishing, but also at preventing computer crimes.
Signed,
American Civil Liberties Union (US)
http://www.aclu.org/
Associazione per la LibertÞ nella Comunicazione
Elettronica Interattiva (IT)
http://www.alcei.it/
Bits of Freedom (NL)
http://www.bof.nl/
Canadian Journalists for Free Expression (CA)
http://www.cjfe.org/
Center for Democracy and Technology (US)
http://www.cdt.org/
Computer Professional for Social Responsibility (US)
http://www.cpsr.org/
Cyber-Rights & Cyber-Liberties (UK)
http://www.cyber-rights.org
Derechos Human Rights(US)
http://www.derechos.org/
Digital Freedom Network (US)
http://www.dfn.org/
Electronic Frontier Foundation (US)
http://www.eff.org/
Electronic Frontiers Australia (AU)
http://www.efa.org.au
Electronic Privacy Information Center (US)
http://www.epic.org/
Equipo Nizkor (ES)
http://www.derechos.org/nizkor/
Feminists Against Censorship (UK)
http://fiawol.demon.co.uk/FAC/
FITUG e.V - FÆrderverein Informationstechnik
und Gesellschaft (DE)
http://www.fitug.de/
Human Rights Network (RU)
http://www.hro.org
Internet Freedom (UK)
http://www.netfreedom.org/
Internet Society - Bulgaria (BG)
http://www.isoc.bg/
Internet Society
http://www.isoc.org/
IRIS - Imaginons un rÈseau Internet solidaire (FR)
http://www.iris.sgdg.org
Kriptopolis (ES)
http://www.kristopolis.org/
Liberty (UK)
http://www.liberty-human-rights.org.uk/
LINK Centre, Wits University, Johannesburg (ZA)
http://www.link.org.za
NetAction (US)
http://www.netaction.org/
Opennet
http://www.opennet.org/
Privacy International (UK)
http://www.privacyinternational.org/
quintessenz (AT)
http://www.quintessenz.at/
Verein fÝr Internet Benutzer (AT)
http://www.vibe.at/
XS4ALL (NL)
http://www.xs4all.nl/
Reference Documents
COE Convention on Cyber-Crime (draft)
http://conventions.coe.int/treaty/EN/projets/cybercrime.doc
COE Convention for the Protection of Human Rights
and Fundamental Freedoms
http://www.coe.fr/eng/legaltxt/5e.htm
COE Conventions - Background
http://conventions.coe.int/treaty/EN/cadreintro.htm
IAB/IESG Statement on Wassenaar Arrangement
http://www.iab.org/iab/121898.txt
IETF Policy on Wiretapping (RFC 2804)
ftp://ftp.isi.edu/in-notes/rfc2804.txt
OECD Cryptography Policy Guidelines (1997)
http://www.oecd.org//dsti/sti/it/secur/prod/e-crypto.htm
OECD Guidelines for the Security of Information Systems (1992)
http://www.oecd.org//dsti/sti/it/secur/prod/e_secur.htm
Privacy International - CyberCrime
http://www.privacyinternational.org/issues/cybercrime/
Security Focus Commentary on COE Convention
http://www.securityfocus.com/news/39
Statement of Concern from Technology Professionals
on Proposed COE Convention on Cyber-Crime
http://www.cerias.purdue.edu/homes/spaf/coe/TREATY_LETTER.html
Universal Declaration of Human Rights
http://www.un.org/Overview/rights.html
******************************************************************
Global Internet Liberty Campaign
http://www.gilc.org
"Users of the Internet must work together to protect
freedom of speech and the right of privacy."
******************************************************************
| 
what's new