Monday, August 29, 2011

Dangerous Cybercrime Treaty Pushes Surveillance and Secrecy Worldwide





EFF.Org - As part of an emerging international trend to try to ‘civilize the Internet’, one of the world’s worst Internet law treaties–the highly controversial Council of Europe (CoE) Convention on Cybercrime–is back on the agenda. Canada and Australia are using the Treaty to introduce new invasive, online surveillance laws, many of which go far beyond the Convention’s intended levels of intrusiveness. Negotiated over a decade ago, only 31 of its 47 signatories have ratified it. Many considered the Treaty to be dormant but in recent years a number of countries have been modeling national laws based on the flawed Treaty. Moreover, Azerbaijan, Montenegro, Portugal, Spain, and the United Kingdom are amongst those who have ratified within the last year. However, among non-European countries, only the U.S. has ratified the Treaty to date, making Canada and Australia’s efforts unique. The Treaty has not been harmless, and both Australia and Canada are fast-tracking legislation (Australia’s lower house approved a cybercrime bill last night) that will enable them to ratify the Treaty, at great cost to the civil liberties of their citizens.


Leaving out constitutional safeguards
Australia’s invasive bill highlights one of the fundamental flaws of the Convention on Cybercrime: the Treaty’s failure to specify proper level of privacy protection necessary to limit the over-broad surveillance powers it grants law enforcement agencies. This creates problems in countries like Australia since, as the Australia Privacy Foundation points out, Australia lacks the legal constitutional safeguards afforded to many other democratic countries:
The CoE Convention has to be read within the context that applies in CoE countries – where there are substantial and actionable constitutional protections for human rights. The absence of any such countervailing protection for human rights in Australia makes it completely untenable for the Convention to be implemented in Australia without very substantial additional provisions that achieve a comparable balance.
Bills proposed in Canada (read here and here) are also affected by the Convention’s flaws as they adopt the lowest possible standard of protection against many of the invasive powers they grant. The bills provide law enforcement access to sensitive data on the mere suspicion it might be useful to an investigation. Indeed, at times they leave out the safeguards altogether, as noted in a letter from Canadian privacy scholars and civil society organizations:
[the legislation] will give state agents the power to access …highly sensitive personal information, even where there is no reason to suspect it will assist in the investigation of any offense…What [this] facilitates, simply put, are unjustified and seemingly limitless fishing expeditions for private information of innocent and non‐suspicious Canadians.


Gag orders in place of oversight: Cultivating a culture of secrecy
The Convention’s most systemic flaw is that it seeks to impose invasive surveillance powers without legal protections. Aside from failing to specify adequate safeguards, it also leaves out the types of oversight mechanisms necessary to ensure its broad powers are not abused. Worse, the Convention takes active steps to reduce oversight and transparency by calling for limitations on when individuals can and cannot be notified that they are being surveilled upon.          More