BOB GARFIELD: Last month, Lithuania became the latest nation to ratify the Council of Europe Convention on Cybercrime. With Albania, Estonia, Hungary and Croatia, that makes 5, which renders the treaty open for any nation in the world to sign. President Bush calls it, quote, "the only international treaty to address the problems of computer-related crime and electronic evidence-gathering." In November the president sent the treaty to Congress for ratification, and it has been sitting there ever since. But groups like the Electronic Privacy Information Centre and the American Civil Liberties Union say this treaty is bad, bad, bad for personal freedoms. Barry Steinhardt, the director of the technology and liberty program at the ACLU says this treaty isn't what this country needs to combat child pornography, hackers and viruses.
BARRY STEINHARDT: This treaty goes well beyond those things that most of us would think of as computer crimes like hacking or cracking into somebody else's computer system. It can be as simple as a mugger who's walking around with a palm pilot that happens to have internet capabilities. That suddenly becomes a cybercrime under this treaty.
BOB GARFIELD: Is that an exaggeration?
BARRY STEINHARDT:No, it's not an exaggeration at all. Literally, a mugger who commits a crime who used his palm pilot to send a short e-mail in connection with that crime is eligible for investigation for all the draconian powers that are available under the cybercrime treaty.
BOB GARFIELD: Tell me why this treaty was drafted in such broad terms and what provisions particularly alarm you.
BARRY STEINHARDT:Well the treaty was very broad, in part because the United States insisted that it be very broad. Despite the fact that it was called the Council of Europe Treaty, it's actually a treaty that was largely driven by the U.S. government. Perhaps the worst provisions of this bill are those provisions that allow for countries to insist that we help them in prosecuting or investigating a crime even when the act that is being investigated is not a crime in the country that's being asked to do the investigation. So the Chinese government could come to us and say we have this dissident -- they won't say that, they'd say that we have this criminal and we want your internet service providers to give us all his records that happen to be in the United States. And we are essentially forbidden from inquiring into why it is they want to investigate him, and we are forbidden even from requiring that the act that he's being investigated for be a crime in the United States.
BOB GARFIELD: Now there is a specific prohibition on political crime in the language of the treaty.
BARRY STEINHARDT:The problem is that the decision about whether this is a political crime is going to be made by the U.S. Justice Department, and I don't think that most Americans at this point trust John Ashcroft to be deciding what's a political crime and what is truly a criminal matter that deserves investigation.
BOB GARFIELD:Let's just put aside for the moment the awkward question of the United States assisting repressive foreign governments in draconian police investigations. Let's talk more about the protection of U.S. citizens. If not provisions such as we find in this treaty, what law enforcement tools are available to U.S. investigators in preventing the kinds of crimes that this treaty is at least ostensibly designed to combat?
BARRY STEINHARDT: Well, we of course in the U.S. already have laws that prevent cracking into someone's system, the spread of the doom virus, all those things are already crimes in the United States, and we usually have in fact bilateral or multilateral treaties that will allow us to do the investigations. Cybercrime treaty is simply not necessary for that. It's a question at this point whether or not we're going to have sufficient resources and will to deal with those problems and whether the business community could be marshaled to protect itself.
BOB GARFIELD:As I understand the treaty, it permits Carnivore, the technology that allows the Justice Department or the FBI to go directly into an internet service provider and essentially monitor online communication, it would make that a legitimate tool of policing, but it's not currently legal in the United States for the government to employ the Carnivore technology.
BARRY STEINHARDT: The USA Patriot Act does permit Carnivore for what is known as a pen-register or trap-and-trace device; that's basically looking for addressing information. But it doesn't permit it for the content of communications -- what we're actually saying. The Cybercrime treaty actually requires nations to have Carnivore-like capacity.
BOB GARFIELD:And what happens when provisions of treaties that the United States is a signatory to turn out to be unconstitutional or are declared unconstitutional in U.S. courts?
BARRY STEINHARDT: Well, that's going to be the 64,000 dollar question here. First of all, the courts would only deal with it once the treaty is ratified, but secondly they'll only deal with it case by case where there are real people before them. So it could be quite some time before a case gets up to the federal court. Beyond that, of course, in many cases the victims here are simply not going to know about their victimization. These are powers that are used secretly. Often the businesses that are required to provide information are actually forbidden by federal law from disclosing that these powers have been used. So in many cases, the individuals involved will simply never know -- won't be in a position to challenge them.
BOB GARFIELD: Well, Barry, thank you very much for joining us.
BARRY STEINHARDT: Thank you.
BOB GARFIELD: Barry Steinhardt is director of the technology and liberty program at the American Civil Liberties Union in New York City. [MUSIC]
BROOKE GLADSTONE: Coming up, Ed Sullivan's rilly biggest shew, and the reverberations from America's many echo chambers.
BOB GARFIELD: This is On the Media, from NPR. [FUNDING CREDITS]