Table of contents
Part 1
What are ICT and internet policies?
Part 2
The internet, markets and access
Part 3
National ICT and internet policy and regulation
Part 4
Specific issues in internet policy and regulation
Part 5
Organisations active in ICT

  22. Cybercrime and anti-terrorism legislation

- 22.1. International legislative frameworks
- 22.2. The War on Terrorism
- 22.3. The implications for civil society groups

Following the attacks on the World Trade Centre and The Pentagon on September 11th 2001, many states enacted laws to tackle the perceived threat of terrorism. At the same time, there was an increase in the dialogue and cooperation between the operators of the Internet and electronic networks, and the security services of many states. Although these measures were promoted as an essential part of the so-called ‘war on terrorism’, in fact many had been already in preparation before September 11th. The attacks merely led to faster implementation of technical and legal measures for the surveillance of individuals and organisations. September 11th also provided a perfect excuse to introduce measures that previously would have met more resistance from those concerned about how these new measures might erode essential civil liberties.

Most of these measures are aimed at tackling terrorism and serious crime, but at the same time many states have redefined the boundaries of these terms. There is a thin dividing line between everyday protest activities and what can be defined as ‘organised crime’. This is typified by, for example, the UK’s ‘common purpose principle’. This new principle was created as part of the laws that gives investigative powers to police forces and the security services. It states:

"Conduct which constitutes one or more offences shall be regarded as serious crime where it involves conduct by a large number of persons in pursuit of a common purpose” 1

This principle has allowed the widespread surveillance of many protest groups in the UK. Whilst the offences these groups carry out are very minor (such as trespass and obstruction of the highway), the fact that they are carried out by many people working together allows them to be investigated with the same powers reserved for organised criminals.

When considering how the state has taken new powers to enable the surveillance of groups in society we must take note of this semantic re-definition. Terms such as ‘cybercrime’, ‘terrorism’ and ‘organised crime’ can be used under these new procedures to allow the surveillance of groups that oppose many aspects of government policy, as well as developments which may affect the economic well-being of large corporations. Organisations that may be affected by this redrafting of legislation, must consider these implications as part of their planning for future work and campaigns.

22.1. International legislative frameworks

The Cold War enabled the development of global networks of surveillance as part of military systems. Little information was thus publicly available about the functioning of these systems. In the post-Cold War era, these systems have been given legitimacy as ‘security measures’ to facilitate fight against international terrorism or criminal activity. Global surveillance systems that were developed out of the Cold War, such as the Echelon System2 (a signals intelligence network developed the USA, UK, Canada, Australia and New Zealand), have pioneered new ideas for global surveillance networks.

In recent years, certain international bodies, such as the Council or Europe, the Organisation for Economic Co-operation and Development (OECD), or the G8 Conference, have begun to consider these issues as part of their policy agenda 3 .Whilst this has included extending co-op-eration on terrorism and security, an equally important strand in these discussions has been the development of policies on ‘information systems’. The purpose of these policy discussions was to develop a common global standard for the retention of telecommunications and internet traffic data. For example, during the G8 conference in 1998 a set of principles, and a ten point action plan, were adopted, to ‘preserve electronic data’ for sharing between ‘international partners’. This was followed-up in 2001 with a further conference workshop devoted to the preservation of data.4 . Initiatives such as this have in turn created an impetus for national legislation on the monitoring of electronic networks.

Within Europe, a significant development has been the adoption of the Cybercrime Convention 5by the Council of Europe (CoE). The Council of Europe is an intergovernmental body formed from the 43 nations of Europe. Other states, such as the USA, also participate in the Council as observers. The CoE first proposed a convention to tackle cybercrime in 1995, which was finalised in September 2001. The Convention has three parts: the first proposes that all states criminalise certain on-line activities; the second that states require the operators of telecommunications networks or internet service providers to institute more detailed surveillance of network traffic, including where possible real-time analysis; and part three requires that states co-operate in the investigation of cybercrime by allowing data to be shared between them
– even if the crime being investigated in one state is not a crime in the state from where information is requested.

As observers, the USA, Japan and Canada have co-signed the Convention. States in other regions are looking at the Cybercrime Convention as the basis for drawing up treaties on the sharing of communications data. Other states that are not members of the CoE are also free to sign-up to the Convention and co-operate with other states.


TreatyWatch: Eight Reasons the International Cybercrime Treaty Should be Rejected

“In November 2001, the members of the Council of Europe signed an extraordinarily broad new treaty to increase cooperation among law enforcement officials of different nations. Officially, this Cybercrime Convention was drafted by the 43-member Council of Europe, with the U.S., Canada, Japan and other countries participating as “observers.” In reality, American law enforcement officials have been among the primary drivers behind the treaty.

The Cybercrime Convention does three major things:
    1. It includes a list of crimes that each member country must have on its books. The treaty requires criminalization of offenses such as hacking, the production, sale or distribution of hacking tools, and child pornography, and an expansion of criminal liability for intellectual property violations (Articles 2-11).

    2. It requires each participating nation to grant new powers of search and seizure to its law enforcement authorities, including the power to force an ISP (Internet Service Provider) to preserve a citizen's Internet usage records or other data, and the power to monitor a citizen's online activities in real time (Articles 16-22).

    3. It requires law enforcement in every participating country to assist police from other participating countries by cooperating with "mutual assistance requests" from police in other participating nations "to the widest extent possible" (Articles 23-35).

    This is a bad treaty, and nations should not sign or ratify it. There are 8 main problems with the agreement:

    Reason #1: The treaty lacks privacy and civil liberties protections
    Reason #2: The treaty is far too broad
    Reason #3: The treaty lacks a “dual criminality” requirement for cooperation with the police of other nations
    Reason #4: Protection for political activities is too weak
    Reason #5: The treaty threatens to further unbalance intellectual property law
    Reason #6: The treaty would give police invasive new surveillance powers
    Reason #7: The treaty contains an overly broad criminalization of hacking tools
    Reason #8: The treaty was drafted in a closed and secretive manner

    Source: (justifies these arguments)

What all these policies, such as the G8's action plan or the CoE's Cybercrime Convention, lack is a common definition of what is 'serious crime' or 'cybercrime'. There is also no requirement that before the data collected by a country is released it should be shown that the alleged actions would have been a crime if committed there. This means that there can exist wide differences in legal interpretation of the important terms, such as 'terrorism', 'serious crime' and 'cybercrime' between different states. This has significant implications for trans-national organisations that seek to challenge the actions of governments or corporations, particularly where these actions are primarily co-ordinated over the Internet.

22.2. The War on Terrorism

More than anything, the events of September 11th 2001 have led to an updating and expansion of ‘terrorism’ legislation to take it beyond the Cold War. Until recently ‘terrorism’ was defined as activities motivated by a political ideology for the overthrow of a government. The re-definition of terrorism by states since September 11th has stressed motivations other than political ideology, potentially classifying non-mainstream protest actions, campaigns and organisations as being involved in supportive of terrorism.

Terrorism, like cybercrime, is defined differently from state to state. In the USA, evidence given to the US Congress by the Federal Bureau of Investigations (FBI) stresses that any group that uses or threatens violence or damage against persons or property “in furtherance of political or social objectives” may be classified as ‘terrorists’.6 . In the UK, the interpretation of new terrorism laws given by the government to local authorities stresses a much lower threshold, covering “acts that may not in themselves be violent but which nonetheless but have a significant impact on modern life7 . This supports the approach taken in the Terrorism Act 2000 (enacted a full year before the September 11th attacks) that redefines terrorism from some form of paramilitary action to any form of direct action or protest that “seeks to change the mind of the government8 .

The problem with these new laws is that they extend the definition of terrorism into areas of campaigning by civil society groups. Those engaging in mass protests, or taking direct action to disrupt trade conferences, the development of infrastructure projects, or the operation of private enterprises, risk being classified as ‘terrorists’. In practical terms, these new laws will not allow the banning of most protest groups or the prosecution of their members as terrorists (although that could happen in the case of a few groups that take extreme action, such as Earth First!). However, those who associate or work with these groups can be investigated as if they were terrorists. In turn, the information gathered from such investigations could be used to restrict or nullify the actions of these groups.

Using Anti-terrorist Laws for other Objectives

“Citing a provision of the Patriot Act, the FBI is sending letters to journalists telling them to secretly prepare to turn over their notes, e-mails and sources to the bureau. Should we throw out the First Amendment to nail a hacker? ... The demand that journalists preserve their notes is being made under laws that require ISP’s and other “providers of electronic communications services” to preserve, for example, e-mails stored on their service, pending a subpoena, under a statute modified by the USA-PATRIOT Act. The purpose of that law was to prevent the inadvertent destruction of ephemeral electronic records pending a subpoena. For example, you could tell an ISP that you were investigating a hacking case, and that they should preserve the audit logs while you ran to the local magistrate for a subpoena. It was never intended to apply to journalist’s records.“

Source: Mark Rasch, “The Subpoenas are Coming!”,http://

22.3. The implications for civil society groups

It is important to remember that most new terrorism legislation, and pretty much all the initiatives in relation to the investigation of serious crime/cybercrime, are based on the increased surveillance of communications. Groups that seriously challenge governments or multinational corporations could, under these legislative framework, come under direct surveillance. It is more likely though, that governments will use this new system to monitor and retain communications data in order to map the activities and the membership of campaign groups. This has implications for the functioning of these groups.

The late 1990s saw a surge in action by campaign groups coordinated via the internet. Electronic networking has facilitated the development of grassroots action at the national and international level. At the same time, this has left organisations that work in this way open to far more intrusive surveillance than other traditional groups. The membership of these organisations, even if they have no formal structure, can be mapped. The role of different members within the organisation can be analysed. From this data, opponents could devise actions against key individuals, or the network as a whole, to stop it from func-tioning. This is particularly problematic if the group is campaigning against the state, but would also affect anti-cor-porations campaigns. For those who engage in international action, there is also the problem that instruments such as the Cybercrime Convention would allow the supply of communications surveillance data from their home state, to another state, even if their actions were lawful in their home state.

There are two possible responses to the problems created by communications surveillance and the extension of anti-terrorism powers.

Those involved can practice good communication security. They can encrypt communications, use ‘privacy enhancing technologies’ (PETs) to restrict the disclosure of information whilst working on-line. They can also improve their own computer security to prevent the use of more active surveillance techniques such as the FBI’s ‘Magic Lantern’ virus. The problem with this approach is that, at the public level, the organisation will take on the same pattern of activity as that practised by a terrorist group. This will make it easier for those who wish to restrict the activities of that group to take action, using the secrecy practised by the organisation as a justification.

The alternative to the good security option is the opposite in terms of tactics – not only does the organisation take no steps to restrict the disclosure of information via its communications, it actively seeks to be open. In addition, it uses every opportunity to enforce the rights of the organisation, or the individuals within that organisation, to have respect for the privacy of their communications, using legal opportunities to complain about the disclosure of information. An important part of this process is turning the network of mass surveillance into a campaign in itself. In this way, not only would it be difficult to characterise the organisation as a ‘secretive’ terrorist group, the organisation would be able to maintain an accessible public profile in order to build support for its work.

In practical terms, the solution for most organisations will be somewhere between these two options. Most of the time, being open is not a problem. But where the activities of the group involve working with those living under more repressive regimes, or where a group deals with sensitive information sources or whistle-blowers, the need to protect the identities of those individuals must be recognised.

1Police Act 1997,, and Security Services Act 1996,

2See Interception Caperbilities 2000Link and

3Policing high tech crime in the global context, Dr. Paul Norman –


5Council of Europe Cybercrime Convention –

7UK Home Office Circular 03/2001, The Terrorism Act 2000

8Section 1, Terrorism Act 2000

<< Back | Next >>