Members of the Foreign Relations Committee of the U.S. Senate on Tuesday approved a treaty addressing cyber-crime, prompting criticism from civil liberties groups that worry about the ramifications to privacy if the treaty is approved by the Senate later this year.
The treaty requires countries to adopt laws that govern search and seizure of stored information, as well as specify how it will investigate crimes through surreptitious Internet wiretapping.
Also included are tough copyright-related penalties, noting that companies signing the treaty must draw up laws surrounding Internet piracy.
Tech firms have urged ratification, believing that it would be an important step forward in investigating computer-based crimes, and giving power to law enforcement agencies to thwart criminals.
In June, several groups, including the BSA (Business Software Alliance) and the CSIA (Cyber Security Industry Alliance), sent a letter to the Senate, stating that the cyber-crime convention could serve as an important tool in a global fight against those who seek to disrupt computer networks and misuse private information.
“It creates a way to do investigation, and we need something formal in place to do that,” said Paul Kurtz, executive director of the CSIA. “Right now theres an ad hoc system that simply isnt working.”
Groups like the CSIA believe that the adoption of the treaty would benefit more than the U.S. tech industry, he added. “There are other industries affected by this, because of technologys wide reach,” said Kurtz.
Civil liberty groups, meanwhile, worry that there is a distinct lack of discussion about privacy in the past hearings, and that the treatys language barely touches on the issue.
“Privacy is mentioned once, in the preamble,” said Marvin Johnson, legislative counsel for the ACLU (American Civil Liberties Union). “If this goes through without any privacy protections built in, theres potential for mischief.”
Especially a concern, noted Johnson, is that another country could use U.S. law enforcement agencies to help investigate crimes against their country, even if the individual being accused of cyber-crime has not broken any U.S. laws.
“The Department of Justice says its no problem, well just follow constitutional law,” said Johnson. “But that doesnt make any sense. How can you investigate someone in the U.S. who hasnt committed a crime here, and still have it be Constitutional?”
The EPIC (Electronic Privacy Information Center) has sent a letter to the Foreign Relations Committee, asking that the treaty not be ratified, because of its potential for misuse in investigations.
“We understand that governments have a need to prosecute cyber-crime, but we think there should be a balance with protection,” said Marc Rotenberg, EPIC executive director.
Although the committee did not respond to EPICs letter, Rotenberg is still hopeful that as the treaty is discussed on the Senate floor, some recognition of its privacy limitations will be raised.
“Theres still an opportunity to address how we can protect privacy and civil liberties, and still fight cyber-crime,” he said.