Black boxes in Canada
Richard Clayton
richard at highwayman.com
Thu, 29 Aug 2002 11:54:04 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
In article <20020829105729.AD46.RICHARD.COX@mandarin.org>, Richard D G
Cox <Richard.Cox@mandarin.org> writes
>On 28 Aug 2002 11:51, Richard Clayton <richard@highwayman.com> wrote:
>
>> The first (and so far only) country to ratify the Convention on Cybercrime
>> (and five must ratify it before it comes into force, including 3 members
>> states of the CoE) was Albania. Says it all for me really :(
>
>Having worked in telecomms in Albania, I can assure you that there is so
>little telecommunications infrastructure there that the provision of
>whatever additional equipment would be required to comply would not cause
>significant expense and that - given the country's background - monitoring
>facilities are likely already fully installed. Their only difficulty might
>be getting comms data out of Strowger and relay PABXs that serve as public
>exchanges in the less populated areas (almost anywhere outside Tirana!)
The Convention also requires quite a lot of legislation to be put in
place (we have a lot of it already in the UK, but by no means all -- and
various exciting clauses in RIP about international assistance will need
to be turned on by secondary legislation).
For example you need to have...
Computer Misuse Act type legislation covering:
illegal access
data interference
system interference
RIP Act type legislation covering
interception is illegal unless authorised
real time warranted interception
real time production of traffic data
comms data production orders
Child Protection Act type legislation covering
child pornography offences
Copyright Act legislation covering
commercial scale infringement must be illegal
You ALSO need (ie: I don't think the UK has this in place yet)
misuse of devices
hacking programs need to be made illegal to
possess/distribute "without right"
computer-related fraud
there's a problem with Fraud in the UK since you cannot
mislead a machine
expedited preservation
it's unclear whether existing provisions can be used where
the request originates abroad - RIP has some stuff in this
area, but not all data will be covered by RIP
expedited disclosure
this is fast-track disclosure to allow hot pursuit
search and seizure of computer data
this can be done under PACE, but there's a requirement for
those who understand the systems to be compelled to assist!
jurisdiction
all offences must apply to nationals even though the offence
takes place abroad
extradition
all the (serious) offences need to be included into all
extradition treaties
trans-border access to data
this will require legislation because it interacts with the
Data Protection Act
I don't think many countries will be able to get through this workload
especially rapidly -- maybe Albania just missed the point ?
Hmmm... I suspect the list above is incomplete :( Perhaps the Home
Office lurkers would care to add to it ??? (there must be a small
department somewhere with a depressingly long list of action points that
they're wondering how to get Parliamentary time for!)
...or perhaps someone with a friendly MP might like to pose the right
question [eg: list the clauses in the Convention for which existing UK
legislation is felt to be adequate, those which can be enacted through
Statutory Instruments and those for which primary legislation will be
required]
- --
richard Richard Clayton
Are you a Friend of FIPR yet? http://www.fipr.org/friends.html
-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1
iQA/AwUBPW39TBfnRQV/feRLEQKVxACgiHeWzxOfPINxKayYthxVvtcuv0QAoJSp
f4gDP9SEDs9gdxKaqk5Yfq8Y
=64Bx
-----END PGP SIGNATURE-----