[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] Cybercrime-Convention: Umsetzung und Probleme in Kanada
Eine gute Analyse, die noch mal auf den Punkt bringt, was mit diesen
Gesetzesinitiativen verbunden ist: Eine verstärkte Überwachung des
Federal proposal tells only part of cybercrime story
Thursday, October 3, 2002
In the wake of the Sept. 11 terrorist attacks, the Canadian government
hurriedly introduced a series of new anti-terror measures.
Quietly included was a seemingly innocuous announcement -- Canada,
alongside other countries such as the United States, would implement the
global cybercrime treaty developed by the Council of Europe.
The full impact of that decision began to take shape last month when
Ottawa released a discussion document outlining the changes required to
bring Canadian law into conformity with the treaty. The document, titled
Lawful Access, details significant changes in the surveillance practices
of Internet service providers (ISP) and in law enforcement's access to
computer data. The proposal is troubling not only for what it says, but
even more so for what it doesn't say.
The Lawful Access document covers four main issues. First, ISPs will be
required to install surveillance systems on their networks to allow for
interception capabilities. If implemented, the law would ensure that
ISPs could provide authorities with access to all communications over
their networks including the content of messages and details about data
traffic. While the proposal recognizes that this entails a significant
new cost for ISPs, it leaves open the question of who should pay for it.
Second, the proposal calls for the creation of several new production
orders, which could be used by law enforcement to compel ISPs to
disclose certain information. The orders, which could be obtained merely
by meeting a low evidentiary standard, include compelling ISPs to
provide authorities with subscriber information.
Third, in order to meet the cybercrime treaty requirements, the proposal
recommends creating a new data preservation order, which would be used
to force ISPs to preserve all data specific to a client or to a
transaction for a specified period of time. The order would ensure that
ISPs do not delete the information while an investigation is under way.
Fourth, the proposal seeks to clarify the legal status of e-mail,
particularly with regard to how it should be treated for interception
The new proposal has created considerable concern for many groups,
including ISPs (who worry about compliance costs), privacy advocates
(who worry about the increased level of surveillance) and individual
Internet users (who worry about both the costs and the loss of privacy).
While Canadian officials have suggested that those who operate within
the law have nothing to fear, the establishment of widespread network
surveillance and the lowered threshold for obtaining data is clearly a
matter of concern to everyone.
Even more disturbing is what the document doesn't say. The proposals are
obviously far reaching, yet surprisingly they contain little evidence
that the changes are actually needed by law enforcement. Rather than
justify new surveillance by demonstrating how the current framework has
resulted in botched investigations and frustrated officials, the
proposal merely points to the need to comply with the cybercrime treaty
as the primary rationale for many of the reforms.
As a point of comparison, the current debate over the Kyoto Protocol has
prompted heated discussion from both advocates and opponents on the
effects of its implementation. Though few would try to justify Kyoto
simply on the basis that Canada signed on several years ago, that is
precisely what seems to be happening in the cybercrime realm where
support for dramatic changes are based on treaty obligations and not on
what is best for Canadians.
Moreover, the proposed document tells only part of the cybercrime treaty
story. A detailed look at the treaty's 48 articles reveals that its
obligations go much deeper than the proposal suggests. For example, it
covers far more than just computer crimes such as hacking and fraud --
it goes so far as to include copyright infringement among its list of
covered offences. This suggests that surveillance and data preservation
orders could be used in investigations related to suspected copyright
matters such as large scale peer-to-peer file sharing.
The cybercrime treaty also contains detailed provisions on mutual
assistance between countries. If another signatory to the treaty, such
as Ukraine, were to ask Canada to obtain a data preservation order as
part of one of its investigations, the treaty would require Canada to
make the request on Ukraine's behalf. Canada can refuse only if it
considers the request to be related to a political offence or if the
request is likely to prejudice Canadian sovereignty or security.
The federal government's proposals, which are open to public comment
through Nov. 15, will have far-reaching effects on the privacy and
security of every Canadian. While some new cybercrime reforms may be
needed, Ottawa must do a better job of explaining where the current
system falls short and how it plans to address the rest of the
cybercrime treaty before it rushes to enact these proposals.
Michael Geist is a law professor at the University of Ottawa Law School
and director of e-commerce law at the law firm Goodmans LLP. His Web
site is http://www.lawbytes.com. mgeist -!
- uottawa -
Mail an infowar -
- infopeace -
de mit "unsubscribe" im Text.