Cybercrime Convention
So what happened to ratification of the Council of Europe's Cybercrime Convention? We had a cheery hearing in June, but since then there's been senatorial silence, as far as I can tell.
The Convention makes the US domestic efforts on CALEA look tame. Puppy-like.
Each ratifier of the Convention is required to “empower its competent authorities” to “compel” service providers, “within [their] existing technical capability,” to cooperate and assist the competent authorities in the interception and recording of both “traffic data” and “content data” in realtime of communications transmitted by means of a computer system. And service providers are to be obliged to “keep confidential the fact of and any information about the execution of any power provided for” in these surveillance provisions.
These are broader requirements than any possible reading of CALEA — which specifically deals with non-content data and does not gag service providers — would support.
The Convention does say that service providers can be compelled only within their “existing technical capabilities.” As we have seen in the DOJ response in the FCC's CALEA proceeding, however, any innovator's reliance on such “existing technical capabilities” language would be misplaced. Law enforcement agencies will want pre-launch approval discretion.
Moreover, law enforcement authorities in countries that ratify the Convention undertake to provide online wiretap assistance (for both content and traffic data) to their treaty partners in the form of a “point of contact available on a 24 hour, 7 day per week basis in order to ensure the provision of immediate assistance for the purpose of investigations or proceedings concerning criminal offences related to computer systems and data, or for the collection of evidence in electronic form of a criminal offence.” The FCC may believe that because the Convention is about to be ratified it should provide the means for assisting law enforcement to carry out these international obligations.
So — is the Convention about to be ratified in the US? I have a feeling the pressure was taken off for the election period and that we'll see it come up rather quickly early in 2005. BSA, ITAA and a bunch of other trade associations recently issued supportive press releases.
It's all too much for me. I am going off to read a volume of Proust, slowly.
Patterns — Broadcast flag followup
On February 22, there will be a hearing on the FCC's jurisdiction to adopt the broadcast flag rule. (That's a really big day in my life already, because Clay Shirky is coming to talk to the advanced cyberlaw seminar that day.)
Michael Geist told us this several months ago, but I went back today and soaked it in. Canada, our sane neighbor to the north, is interested in adopting the flag regime. I poked around online and found this “priorities for 2005″ [word doc] document from the Radio Advisory Board of Canada (note cheery radio guy in picture) blithely noting that they'll be working on a standard for “recognition of the broadcast flag.”
Meanwhile, Jamie Love and Manon Ress have been bravely following and reporting on the WIPO broadcasting treaty talks. (This article is a good report of the confusion and alarm that filled the room in November when the chairman decided to ram things through and call for a straw vote so as to isolate dissenters.)
Here's my understanding of how these extra-US events fit within the strategy that brought us the November 2003 flag order: Let's do everything everywhere to make sure that no unauthorized online transmissions of our stuff can easily occur.
Let's pass state laws that prohibit the attachment of unauthorized devices to broadband networks. Let's have federal regulations that prohibit the manufacture of “noncompliant” devices. Let's have services be contributorily liable for copyright infringement. Let's promote the creation of closed circles of safe machines, all stubbornly refusing to interoperate with those unclean, unauthorized devices. Let's have our closest friends adopt the flag as well, so it comes to feel like a global inevitability. Let's create a treaty making online transmission of a particular stream of bits the exclusive province of webcasters — whether or not they had a hand in creating the material in question. With those exclusive rights in hand, and with a worldwide agreement establishing the illegality of circumventing any efforts a broadcaster/webcaster makes to protect content, we can get manufacturers all over the world to build ”compliant” devices.
The strategy is still in place, but there are some frayed bits around the edges. Some of the state laws didn't pass. Despite the MPAA's best efforts, Tivo managed to get a content protection technology approved by the FCC that permits a copy of a broadcast to be sent to a computer over the internet. Sure, the computer has to be wearing a dongle, and it's a shriveled, pale imitation of free-flowing bits, but it's something. Geist is on the case in Canada. Some influential WIPO members aren't so sure they need a broadcasting treaty, and don't like being rushed.
It's far too early to feel optimistic about February 22, so all I'm doing here is thanking Michael, Jamie, Manon, and everyone else who follows this issue around the world. We're all in this together.