According to this ZDNet article, a second draft of the treaty might be out
next week:
http://www.zdnet.com/intweek/stories/news/0,4164,2631389,00.html
The final draft is expected around December 2000.
Back in December 1999, Stanford's Hoover Institution held a high-level
Conference on International Cooperation to Combat Cyber Crime and Terrorism.
Abraham Sofaer and Seymour Goodman have released this monograph in advance
of the conference manuscript publication, presumably in view of influencing
the contents of the treaty.
They are seeking comments.
http://www.oas.org/En/prog/juridico/english/monograph.htm
A Proposal for an International Convention on Cyber Crime and Terrorism
Abraham D. Sofaer
Seymour E. Goodman
Mariano-Florentino Cuéllar
Ekaterina A. Drozdova
David D. Elliott
Gregory D. Grove
Stephen J. Lukasik
Tonya L. Putnam
George D. Wilson
August 2000
Jointly Sponsored By:
The Hoover Institution
The Consortium for Research on Information Security and Policy (CRISP)
The Center for International Security and Cooperation (CISAC)
Stanford University
The opinions expressed here are those of the authors and do not necessarily
represent the positions of the Hoover Institution, CISAC, CRISP, their
supporters, the U.S. Government (or any department or agency thereof) or
Stanford University.
Executive Summary
The information infrastructure is increasingly under attack by cyber
criminals. The number, cost, and sophistication of attacks are increasing at
alarming rates. Worldwide aggregate annual damage from attacks is now
measured in billions of U.S. dollars. Attacks threaten the substantial and
growing reliance of commerce, governments, and the public upon the
information infrastructure to conduct business, carry messages, and process
information. Most significant attacks are transnational by design, with
victims throughout the world.
Measures thus far adopted by the private and public sectors have not
provided an adequate level of security. While new methods of attack have
been accurately predicted by experts and some large attacks have been
detected in early stages, efforts to prevent or deter them have been largely
unsuccessful, with increasingly damaging consequences. Information necessary
to combat attacks has not been timely shared. Investigations have been slow
and difficult to coordinate. Some attacks are from States that lack adequate
laws governing deliberate destructive conduct. Such international
cooperation as occurs is voluntary and inadequate. Some significant
enhancement of defensive capabilities seems essential. Cyber crime is
quintessentially transnational, and will often involve jurisdictional
assertions of multiple States. Agreements on jurisdiction and enforcement
must be developed to avoid conflicting claims.
[..snip..]
-Kristen
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of P.J. Ponder
Sent: Tuesday, September 26, 2000 10:56 AM
To: [EMAIL PROTECTED]
Subject: Council of Europe draft Cybercrime treaty
The Council of Eurpoe has released a draft of its cybercrime treaty. The
idea here is to get signatory nations to adopt similar laws as their own
national laws. A news article I read states that the treaty would
criminalize some forms of security testing and analysis.
One provision would require:
> Section 2 Procedural law
>
> Article 14 - Search and Seizure of Stored Computer Data
< . . . . >
> 5. Each Party shall take such legislative and other measures as may be
> necessary to empower its competent authorities to order for the purposes
> of criminal investigations and proceedings any person who has knowledge
> about the functioning of the computer system or measures applied to
> secure the computer data therein to provide all necessary information,
> as is reasonable, to enable the undertaking of the measures referred to
> in paragraphs 1 and 4.
This would require giving keys to authorities who were investigating your
system.
The draft treaty (English version) is at:
http://conventions.coe.int/treaty/en/projets/cybercrime.htm
