First 'cybercrime' treaty advances in Senate

Senate could vote this year on controversial treaty, beloved by software makers but opposed by privacy groups.

Declan McCullagh Former Senior Writer
Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
Declan McCullagh
3 min read
A U.S. Senate panel on Tuesday approved the world's first treaty targeting "cybercrime," clearing the way for a floor vote later this year.

All nine members of the Foreign Relations Committee who were present said by voice vote that they broadly agreed with the Council of Europe Convention on Cybercrime, handing a hard-won victory to software companies that are eager for the U.S. to ratify it.

Because U.S. law already includes much of what the treaty requires, the Senate's consent would be largely symbolic. The document requires nations to adopt laws governing search and seizure of stored data, surreptitious Internet wiretapping, cross-border assistance, and retention of Internet provider records upon police demand.

But during a brief discussion on Tuesday, Sen. Chris Dodd, D-Conn., stressed that "there are some questions being raised" by civil libertarians that deserve to be noted.

"They're not illegitimate issues," Dodd said. "I just bring that point up and include those questions in the record."

The Electronic Privacy Information Center has sent a letter to the Foreign Relations Committee saying the treaty should not be ratified because it "would create invasive investigative techniques while failing to provide meaningful privacy and civil liberties safeguards."

Software companies, on the other hand, had dispatched their lobbyists to twist arms on Capitol Hill in favor of ratification. "We have been pushing this treaty from the beginning of this year pretty hard," Robert Cresanti, vice president for public policy at the Business Software Alliance, said after the vote.

"What I've been saying is that it applies justice to a borderless world where cybercriminals operate with little or no consequence," Cresanti said.

One reason why software companies are so interested is that the treaty includes stiff copyright-related penalties. It says participating nations must enact criminal laws targeting Internet piracy and circumvention devices--that is, a measure akin to the Digital Millennium Copyright Act--when acts "are committed willfully, on a commercial scale and by means of a computer system."

Another section requires participating nations to outlaw the act of "making available" on the Internet any type of hardware or software that is designed for the purposes of committing a long list of computer crimes including "illegal interception" or "data interference." In some cases, even the mere possession of such hardware or software must be criminalized.

So far, the treaty has been ratified by nations including Hungary, Romania and Croatia. President Bush has called on the Senate to follow suit.

An addition to the treaty would require nations to imprison anyone guilty of "insulting publicly, through a computer system" certain groups of people based on characteristics such as race or ethnic origin, a requirement that could make it a crime to e-mail jokes about Polish people or question whether the Holocaust occurred.

The U.S. Department of Justice has said that it would be unconstitutional for the United States to sign that addition because of the First Amendment's guarantee of freedom of expression. Because of that objection, the Senate is not considering the addition, but other nations ratifying the treaty are expected to adopt both documents.

CNET News.com's Anne Broache contributed to this report from Washington.