The convention is being drafted under the auspices of the 41-member Council of Europe, but it is also backed by the Governments of other major countries, including the US and Japan. It is now in its 25th draft. It aims to harmonise laws on hacking, piracy, on-line fraud and child pornography. However, the idea of harmonising police powers of investigation has raised fears in the US.
One US commentator asks lawyers on Law.com, “Do you want investigators rummaging around your clients’ computer systems on warrants issued by former Soviet-bloc nations?”
This fear seems to have persuaded AT&T and other high-tech companies, the US Chamber of Commerce and the Information Technology Association of America to oppose the convention. They worry that all ISPs, telcos and other businesses would have to co-operate with warrants issued by foreign courts.
The World Information Technology and Services Alliance (WITSA) has complained about “burdensome data preservation requirements on ISPs” – yet the current draft does not go this far.
The draft states that an ISP can be required by its country's laws to collect traffic and content data only “within its existing technical capability,” meaning that no new equipment would be required by the ISP.
For ISPs in the UK, under the Regulation of Investigatory Powers Act 2000, the police and other authorities will, in certain circumstances, be able to require the company to put such equipment in place to comply with an order to intercept certain communications on their systems. The cybercrime convention’s proposals will not change this position in the UK because the draft convention does not go this far. Many other countries have similar requirements, but not the US.