Hi, On 27-Apr-01 jochen mader wrote:
Has anybody here read about the european cybercrime act? It distrubs me quite much to not have seen anything on slashdot and in this list about it. Do you no what impact this thing will have on our work? It will make our work nearly impossible by making it illegal to use tools like nmap, nessus, statan under ANY circumstances.
Some months ago I covered this issue (in suse-security and bugtraq) and expressed my feelings against the new cybercrime draft convention (together with lots of concerned admins, security personell and other interested parties). Unfortunately, it seems that the EU is not willing to withdraw this overwhelmingly stupid convention, so it will probably be introduced. The convention itself does not represent some kind of "law", it basically is a framework for the members of the EU to implement nationwide anti-cybercrime legislation themselves. The EU correctly rates cybercrime as a serious threat to the net community and to companies doing business over the internet, but they did not consult any experts or security professionals to compile their convention. This lack of expert advise is clearly recogniseable if you read through the current version of this paper. If you are paranoid enough and browse through recent news stories about network security and incident handling, you may have turned up some documents covering certain issues discussed by top spooks at the NSA about gouvernmental access to traffic- and user data via dedicated sniffing devices ("lil' Echelons"). These devices would be installed in ISP networks and peers, and would collect any data worth of interest. As the EU cybercrime convention deals with this covert access in some paragraphs it may not be invalid to deduce that this will be the starting point of some kind of a global wiretapping network between national intelligence groups. As the convention itself can not be stopped anymore we should try to influence the local EU gouvernments/members towards a more sophisticated approach to the whole cybercrime thing. After all, we should give it a try.
This thing will become a LAW within the next few weeks (probably months). It has got that far that there is only one voting left to make it a law, and there is nobody there who knows a thing about security and privacy and they will harm ALL of us.
Regards Jochen
P.S.: The draft is located here http://stars.coe.int/doc/doc01/EDOC9031.htm [...]
Yow, --- Boris Lorenz <bolo@lupa.de> System Security Admin *nix - *nux ---