The E-longating Arm of the Law

By JJ King, 10 December 2001

JJ King investigates a European treaty that signals the demise of national sovereignty and continues the gradual decay of the individual’s right to privacy


One thing September 11 has demonstrated is that surveillance systems such as Echelon and Carnivore (see Mute 21) are not providing European or American intelligence services with anything very useful by way of ‘terror’-related information – a fact that makes such systems’ incursions on the privacy of ordinary citizens seem even more unwarranted than they were already. So it is very disturbing indeed that, within ten days of the Great American Catastrophe, the Council of Europe Ministers’ Deputies had approved the US-engineered International Convention on Cybercrime, which advances the surveillance regime over our computer networks still further.

The Convention requires signatory states to alter domestic law to grant enforcement authorities – even non-national ones – the power to collect and record net traffic and data. It also requires ISPs to retain records regarding the activities of their customers – a provision completely at odds with the EU’s own Data Protection Directive (and which, incidentally, the US is currently lobbying to have changed). Indeed, it goes a long way towards giving law enforcement agencies powers of surveillance and investigation that will threaten fundamental human rights, such as the right to privacy and the right to a fair trial, for years to come.

Privacy groups and civil liberties organisations are concerned about the instrumentality of the United States Department of Justice and the FBI in the creation of this treaty. The US is not part of Council of Europe (a 43-nation public body created to promote – ahem – democracy and the rule of law), which makes its role as a primary architect of the convention seem rather bizarre. But what really rankles is the DOJ and FBI’s use of a foreign forum to create an international law-enforcement regime that favours the interests of the feds – European and American – over those of ordinary citizens; these, in fact, are provisions that even the US’ own domestic legislative has thrown out, so why does the Council of Europe seem so keen to play ball?

The chief consequence of the convention will be to facilitate the gathering of evidence from abroad, and to make it possible to extradite and prosecute foreign nationals for certain kinds of crimes – as the US has attempted to do with Russian national Dmitri Sklyarov over the infamous Adobe / CSS case. Indeed, this promotion of unheard-of levels of extraterritoriality is perhaps the treaty’s most egregious aspect, producing supranational reach for signatory states with only minor exceptions. In certain cases, the convention will make it possible for a UK national living in his or her own country to be extradited and prosecuted under US law, and vice versa. And, the convention states, the ‘mere fact’ that a country’s legal system does not recognise an act as illegal ‘is not a sufficient ground to refuse to apply the procedure requested by the requesting Party.’

All of this, once again, has been enacted under the laughable rubric of apprehending those mysteriously-yet-to-be-observed-but-really-actually-existing-and-extremely-dangerous-cyberterrorists. But of course, it’s at times like these that we all must be prepared to give up certain civil liberties for the just cause. Right?

JJ King <jamie AT> is contributing editor of Mute

The final draft of the Convention on Cybercrime is available courtesy of Cryptome: [ ]