An over-invasive, unclear treaty on cyber-crime prevention with transatlantic impact is on course for ratification by the 41-member Council of Europe, warned the European association of Internet service providers, EuroISPA, Thursday.
A European Commission official has repeated his concerns that the treaty will go ahead even though it clashes with several strands of European Union law.
"Contrary to some reports, the treaty looks like (it is) going through in the way we fear," said Jo McNamee, EuroISPA's public affairs manager.
He referred to an article on Silicon.com's news page claiming that industry lobbyists had succeeded in derailing the cyber-crime treaty. The article cites "high-level industry sources," who say that the Council of Europe's decision to concede to their concerns was "due to the threat of a complete breakdown of relations between the lawmakers and the industry."
"I wish it were true," McNamee said. "The last indication I received did not fill me with hope."
The Council of Europe, as well as the U.S. and Canada, which have signed up as associated members for the purposes of the treaty, have shown "no evidence yet of a change of heart," said a Commission official who follows cyber-crime issues and requested anonymity.
The cyber-crime treaty, now in its 25th draft, will set the parameters for law enforcers investigating crimes such as fraud on the Internet.
"We still have some points to negotiate. Some changes are needed so that the treaty does not overrule EU law," the official said, referring to directives on data protection, and e-commerce.
In the e-commerce directive there is a clause outlawing general monitoring of data, and only permitting interception of electronic traffic under specific conditions.
"The treaty doesn't go as far as call for a general mechanism of interception of messages and data, but it leaves the possibility open for one in the future," the official said.
Both the Internal Market and the Information Society departments "share a common view that we should do everything to enhance the new technologies," he said. However, the Justice and Home Affairs Department of the Commission views the cyber-crime issue from a law enforcement viewpoint, he said.
Justice officials are forging EU laws on cyber crime, which are expected to follow the line of the Council of Europe's treaty.
EuroISPA's main worry is the treaty's lack of clarity. Corporate liability provisions are "wide and vague," McNamee said.
The treaty requires service providers to make it possible for law enforcers to intercept data traffic, "but nowhere does it define what data traffic is," he said. "If it includes all e-mails and Web site links then the law is simply unenforceable."
It defines "service provider" as any public or private entity that provides a service via a computer, or any entity that stores data for such an online service. "By that definition a pizza delivery firm is a service provider. It doesn't help them to have such a vague text," McNamee said.
He also highlighted a clause in the draft treaty that could prevent ISPs from filtering out unwanted mass e-mail, or spam, from people's inboxes.
"The Council of Europe draft treaty says it may be a criminal offense to stop spam. We'd quite like to continue sifting out spam and I think most of our subscribers would too," he said, adding that even automatic virus checkers could be accused of intercepting a private communication.
The Council of Europe couldn't be contacted at the time this story was written.
The draft treaty is to be adopted officially on April 24 and ratified in June. Some member states including Italy and the Netherlands automatically adopt the treaty into their own national statutes. Others, including the U.K., transpose the treaty only after having debated it in their national Parliaments first.