International Convention on Cybercrime
Threatens Freedom of Speech and Thought
by Carolyn Meinel
Aug. 4, 2006, the U.S. Senate ratified the Cybercrime Treaty. You can read about it at the Washington Post: http://www.washingtonpost.com/wp-dyn/content/article/2006/08/04/AR2006080400479.html. This means the treaty has become law in the U.S. As you probably already know, any nation that adopts this this treaty can ask any other nation that has adopted it to arrest anyone who writes or distributes computer break-in techniques -- if the he or she does this with the intent of helping someone commit computer crime.
According to the Washington Post story above, U.S. Attorney General Alberto Gonzales says, "The Convention is in full accord with all U.S. constitutional protections, such as free speech and other civil liberties, and will require no change to U.S.laws." However, many experts on U.S. Constitutional law say that this is untrue, for it violates the First Amendment to the U.S. Constitution, which guarantees freedom of speech.
The problem with this treaty is is that if you write or say anything about how to break into computers, how will the police decide whether you intend to help someone commit computer crime? Will they count your tattoos and piercings? Will they see if you wear hacker clothes? Will they snoop on your emails or chat groups and say to themselves, "This dude acts like he wants people to commit crime"?
If you are a teenage boy, you probably have discovered that some adults assume you are a criminal just because you are a teenager and you like to hack. They don't understand that you are just curious, that you have better sense than to use your knowledge to help anyone commit crime.
I'm going to keep on running www.happyhacker.org because I figure the authorities would look foolish if they bust an old grandmother like me. But they might go after you, especially if you are the wrong age, wrong sex and wrong haircut.
What You Can Do
If you or anyone you know is arrested or faces extradition to another country because of publishing exploit code, your best hope is to appeal to the legal system for your rights.
For those of us in the U.S., our next hope is the Supreme Court will rule that this treaty violates the First Amendment to the Constitution. First, someone would have to be arrested and put on trial in the U.S. for distributing computer break-in information with the intent of helping someone else commit crime. The victim of the arrest will have to get lawyers willing to fight all the way to the Supreme Court. This is hugely expensive. Unless the victim is super rich, he or she will need help. Lots of help. Fortunately there are many organizations devoted to free speech, and they might be willing to help you. Here's a list of them, which I got from a website devoted to fighting the Cybercrime treaty at http://www.treatywatch.org/about.html:
ACLU - American Civil Liberties Union
ACM - Association for Computing Machinery
CDT - Center for Democracy and Technology
Computer Professional for Social Responsibility
Derechos Human Rights
Digital Freedom Network
EFF - Electronic Frontier Foundation
EPIC - Electronic Privacy Information Center
If you live outside the U.S., you might be able to find organizations that fight for freedom of speech in your country at this site.
As Benjamin Franklin, one of the founders of the United States said back in 1759, "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." The U.S. government has just made another decision to take away our essential liberty to say and write what we please about how to break into computers. It's up to us to defend that right. If some hacker gets arrested for doing just that, we will need to stand behind him or her by supporting any group that helps defend the victim.
More details on problems with the treaty:
The end of today's freedom (or anarchy, depending on one's
point of view) to create or possess exploit proof of concept
code may now be within sight. The area of concern that is most relevant to computer security
researchers is Section I, Article 6 "Misuse of devices":
1. Each Party shall adopt such legislative and other measures
as may be necessary to establish as criminal offences under it
is domestic law, when committed intentionally and without right:
a. the production, sale, procurement for use, import, distribution
or otherwise making available of:
i. a device, including a computer program, designed or adapted
primarily for the purpose of committing any of the offences established
in accordance with Article 2 5;
ii. a computer password, access code, or similar data by which
the whole or any part of a computer system is capable of being
with intent that it be used for the purpose of committing any
of the offences established in Articles 2 - 5; and
b. the possession of an item referred to in paragraphs (a)(1)
or (2) above, with intent that it be used for the purpose of
committing any of the offences established in Articles 2
5. A Party may require by law that a number of such items be
possessed before criminal liability attaches.
2. This article shall not be interpreted as imposing criminal
liability where the production, sale, procurement for use, import,
distribution or otherwise making available or possession referred
to in paragraph 1 of this Article is not for the purpose of committing
an offence established in accordance with articles 2 through
5 of this Convention, such as for the authorised testing or protection
of a computer system.
3. Each Party may reserve the right not to apply paragraph 1
of this Article, provided that the reservation does not concern
the sale, distribution or otherwise making available of the items
referred to in paragraph 1 (a) (2). (Click
here for details)