Unlike most recent international treaties, this new Internet Treaty was developed in relative secrecy, not by the United Nations, but by the Council of Europe – a 43 nation alliance, with the United States, Canada, and Japan participating as “observers.”
The treaty has been under development by a special committee of the Council of Europe since 1997, but their work was classified, until recently. The document evolved through 27 drafts before being approved by the committee June 22, 2001.
The United States has been involved in the negotiations since the beginning. Representatives from the Departments of State, Justice, and Commerce have participated in the U.S. delegation.
The treaty seeks to control internet crimes by requiring participating nations to create a specific, uniform body of laws to deal with unauthorized access, interference, fraud and forgery, child pornography, copyright infringement. Racism, and xenophobia are to be addressed in a separate protocol to be added later.
The working title of the treaty is: “International Convention on Cyber-crime.” It has three primary objectives:
Harmonisation of the national laws which define offences;
Definition of investigation and prosecution procedures to cope with global networks; and
Establishment of a rapid and effective system of international co-operation.”
The treaty addresses these “crimes:”
Offences against the confidentiality, integrity and availability of computer data and systems: illegal access, illegal interception, data interference, system interference, misuse of devices.
Computer-related offences: forgery and computer fraud.
Content-related offences: production, dissemination and possession of child pornography. A protocol is to cover the propagation of racist and xenophobic ideas over the web.
Offences related to infringement of copyright and related rights: the wide-scale distribution of pirated copies of protected works, etc.
The Convention embodies basic rules which will make it easier for the police to investigate computer crimes, with the help of new forms of mutual assistance. These include:
preservation of computer-stored data,
preservation and rapid disclosure of data relating to traffic,
system search and seizure,
real-time collection of traffic data, and
interception of content data.
To protect human rights and the principle of proportionality, these rules are subject to the conditions and safeguards provided for in the law of signatory states. Specifically, proceedings may not be started except under certain conditions such as prior authorisation by a judge or another independent authority.
The enforcement rules discussed, say that “the legal authorities and police in one country will be able to collect computer-based evidence for police in another …” Articles 18 through 21 detail how service providers must be compelled to provide subscriber information and data; collect real-time data as requested by “competent authorities,” and keep such collection confidential. Article 19 authorizes search and seizure of equipment and data.
Information about this treaty, as limited as it has been, has caused an immediate response from the Internet user community. An international coalition of 28 organizations – from the United States, France, Britain, Australia, Bulgaria, Canada, Italy, South Africa, Austria, the Netherlands, and Denmark – has notified the Council of its opposition to the treaty.
In a letter to the Council, The Global Internet Liberty Campaign (GILC) claims that the treaty is little more than a “wish list” for law enforcement.
The group is concerned that the U.S. Department of Justice is using the treaty process to force Congress to enact laws to broaden police power, that Congress has rejected in the past. “Police agencies and powerful private interests acting outside of the democratic means of accountability have sought to use a closed process to establish rules that will have the effect of binding legislation,” the GILC stated in its letter.
Questions arise about who, exactly, will decide which content is “racist” or “xenophobic?” Will internet service providers be held liable for the content on websites for which they serve only as host? How can internet users’ privacy rights be protected as required by the Fourth Amendment?
More to the point: should any governmental authority “police” the content of web sites? First Amendment advocates recoil at the suggestion of a national, or an international police force to examine internet content. The Council of Europe says it is necessary to catch crooks, and prevent “hate speech.”
The contrast between the U.S., and European standards of free speech is demonstrated in the language of the First Amendment, compared to the language of the U.N. Covenant on Civil and Political Rights.
The First Amendment says: “Congress shall make no law … abridging the freedom of speech, or of the press …”
The U.N. Covenant, on the other hand, which, incidentally, is referenced in the preamble to the cyber-crime treaty, says in Article 19:
Everyone shall have the right to freedom of expression; this right shall include freedom to seek, receive and impart information and ideas of all kinds, regardless of frontiers, either orally, in writing or in print, in the form of art, or through any other media of his choice.
The exercise of the rights provided for in paragraph 2 of this article carries with it special duties and responsibilities. It may therefore be subject to certain restrictions, but these shall only be such as are provided by law and are necessary …
This treaty is not the first attempt by the international community to control the Internet. ICANN (Internet Corporation for Assigned Names and Numbers) has gone through a tumultuous process attempting to gain some measure of control. WIPO (World Intellectual Property Organization) has also struggled unsuccessfully with measures aimed at controlling the exploding Internet phenomenon.
An Internet systems administrator, identified as “h2odragon,” who has carefully followed the growth of the Internet for more than a decade, says that “these efforts are like trying to cap a geyser. Every time a new control is proposed, the Internet blasts-off again and leaves the would-be controllers scrambling for a new grip.”
The current effort by the Council of Europe may gain some traction. Since the Council was created in 1949, it has developed more than 170 treaties and international agreements that are now in force.
The Council is not the same thing as the European Union. The Council was created to fulfill Winston Churchill’s dream of a “United States of Europe,” which he advocated as early as 1946.
To bring the treaty into force, the draft must first be approved by the leadership of the Council of Europe, then ratified by only five of the participating nations.
The United States has not yet officially signed the treaty. The U.S. delegation accepted the draft finalized on June 22, with a noted reservation regarding Article 41, the “federal clause.” If the U.S. delegation can get its concerns on this clause satisfied, the Bush administration is expected to send the treaty to the U.S. Senate for ratification.
The Council of Europe’s 43 member states* helped to prepare the text, and Canada, the United States, Japan – which have observer status – and South Africa were also actively involved. They will all be able to sign the Convention, which will cover most of the world’s data traffic.
*Albania, Andorra, Armenia, Austria, Azerbaijan, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Georgia, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Moldova, Netherlands, Norway, Poland, Portugal, Romania, Russia, San Marino, Slovakia, Slovenia, Spain, Sweden, Switzerland, “The former Yugoslav Republic of Macedonia”, Turkey, Ukraine, United Kingdom.