You are currently browsing EDRi's old website. Our new website is available at https://edri.org

If you wish to help EDRI promote digital rights, please consider making a private donation.


Flattr this

logo

EDRi booklets

Security

Romania implements Cybercrime Convention

5 May, 2004
» 

Romania has implemented the Cybercrime Convention with law nr. 64 from 24 March 2004. The law was published in the Official Monitor nr. 343, on 20 April 2004.

The main provisions of the Cybercrime Convention were already incorporated in Title III of the Anti-corruption law nr. 161/2003, published in the Official Monitor nr. 279 from 21 April 2003.

The Cybercrime Convention defines nine offences: illegal access, illegal interception, data interference, system interference, misuse of devices, computer-related forgery, computer-related fraud, offences related to child pornography and, notably, offences related to copyright and neighbouring rights. Signatory states have to establish a common minimum standard of relevant offences under their domestic law.

Under Romanian law, the first 2 offences are very broadly defined and will be punished severely: "The illegal access to a computer system is a crime and is punished with imprisonment from 6 months to 3 years. If access is gained by infringing security measures, the punishment is imprisonment from 3 to 12 years..

Entry into force of Convention on Cybercrime

24 March, 2004
» 

The Council of Europe's Convention on Cybercrime will enter into force on 1 July 2004, following its ratification by Lithuania. The convention requires at least 5 CoE members to ratify. Previously Albania, Croatia, Estonia and Hungary have done so.

The convention's aim is to develop a common criminal policy on cybercrime by promoting international co-operation and the adoption of appropriate legislation. Signatories will have to implement into their national law criminal code concerning computer crime and will also have to give their police new powers to conduct investigations regarding computers and the internet.

Besides computer hacking and viruses, the convention covers (virtual) child pornography and computer-related fraud. Police forces in the ratifying countries will get new powers to seize data, intercept

Dutch government: Cryptophone protects privacy

27 February, 2004
» 

The Dutch minister of Justice Donner has answered parliamentary questions about the introduction of a commercially available crypto-GSM.

The Cryptophone was developed in the Netherlands and is sold through a German company. The device is a combined GSM and organiser running Windows Pocket PC. The Cryptophone uses open-source software that encrypts the call when connecting to another device of its kind. The phone should make it impossible for any third-party, including the phone company and police, to listen in to the call.

The Dutch Christian-Democrat Member of Parliament Haersma-Buma asked government to forbid the phones, since they can make it impossible for police to use the information from a wiretapped mobile phone call. Dutch police relies heavily on phone interception with an estimated 12.000 phone taps per year. This number is higher then in any other European country or even the US (not counting the unknown number of taps by any intelligence service).

Hungary signs cybercrime treaty

11 February, 2004
» 

On 4 December 2003, Hungary became the fourth country (along with Albania, Croatia and Estonia) to ratify the Cybercrime Convention. Lithuania is the latest country to have signed the Convention (26 June 2003). All 15 EU states have already signed it.

Hungary made an explicit reservation, reserving the right not to apply Article 9, paragraph 2, sub-paragraph b. This means they won't consider a photo to be child pornography if the person depicted only appears to be under 18, but is in fact older.

To enter into force, the Cybercrime Treaty only needs 1 more ratification from a CoE country.

COE overview signatures treaties
http://www.coe.int/T/e/Com/Press/Convention/default.asp

Recommended reading

11 February, 2004
» 

Handbook of Legislative Procedures of Computer and Network Misuse in EU Countries - Study for the European Commission, Directorate-General Information Society, by Rand Europe.

The Handbook is designed to help European Computer Security Incident Response Teams (CSIRT) deal with incidents and operate in a European environment with divergent legal codes dealing with computer crime and misuse. Particular attention is devoted to the examination of the content of the Council of Europe's Cybercrime Convention and the proposed European Framework Decision on Attacks Against Information Systems.

The publication contains an analysis of legislation in each EU member state in the area of computer crime. A summary table is also provided together with the law enforcement points of contacts and reporting

Dutch parliament questions crypto telephone

3 December, 2003
» 

The presentation of a crypto mobile telephone has stirred some controversy in the Netherlands. The Cryptophone has been developed in the Netherlands and is sold through a German company. The device is a combined GSM and organiser running Windows Pocket PC. The software encrypts the call when connecting to another Cryptophone. The Cryptophone should make it impossible for any third-party, including the phone company and police, to listen to the call.

The Dutch christian-democrat Member of Parliament Haersma-Buma has asked the Dutch government if there is a possibility of forbidding the phones, since they can make it impossible for police to use the information from a wiretapped mobile phone call. Dutch police relies heavily on phone interception with an estimated 12.000 phone taps per year. This number is

Irish Labour Party wants to stop e-voting

3 December, 2003
» 

The Irish Labour Party is urging suspension of e-voting until major flaws are fixed. Ireland is planning to completely changeover to electronic voting in June 2004, for both local and European elections.

According to a report commissioned by the party the major defects are:

- An integrated end-to-end test of the entire system has not yet been conducted, only a partial test;

- The source code is not available, but code reviews indicate that certain formal methods have not been used to prove the accuracy of the software;

- It is possible to load the Microsoft Access database on the vote-counting computer with pre-prepared data. In addition vote information is transferred between PCs at the Count Centre on floppy discs. It would not be difficult to exchange discs.

- Unauthorised persons could produce an alternative version of the NEDAP

Stupid security measures in Europe

27 March, 2003
» 

During last weeks CFP conference (Computer Freedom Privacy) in New York, Simon Davies from UK EDRi-member Privacy International announced the winners of the Stupid Security Awards. The jury received some 5.000 nominations from 35 different countries. Though most of the winners are American, Europe also produced some very noteworthy stupid security measures. UK mobile phone company T-Mobile won a Most Annoyingly Stupid Award 'for pointless and idiotic financial security measure'. T-Mobile won't let anyone pay more than fifty pounds a month from a bank account, for unspecified 'security' reasons. Runner-Up for the Most Egregiously Stupid Award was Moscow Mayor Yury Luzhkov for the "Propiska" Identity Papers, while UK Heathrow Airport was selected the runner-up for the Most Inexplicably Stupid Award.

Syndicate content
 

Syndicate:

Syndicate contentCreative Commons License

With financial support from the EU's Fundamental Rights and Citizenship Programme.
eu logo