from the give-me-liberty-or-give-me-something-something dept.
Bloomberg* is reporting on a UN-backed treaty which could become the global framework for investigating cybercriminals.
From TFA:
The Biden administration plans to support a controversial cybercrime treaty at the United Nations this week despite concerns that it could be misused by authoritarian regimes, according to senior government officials.
The agreement would be the first legally binding UN agreement on cybersecurity and could become a global legal framework for countries to cooperate on preventing and investigating cybercriminals. However, critics fear it could be used by authoritarian states to try to pursue dissidents overseas or collect data from political opponents.
Still, the officials said there are persuasive reasons to support the treaty. For instance, it would advance the criminalization of child sexual-abuse material and nonconsensual spreading of intimate images, they said.
[...]
While the treaty is expected to pass the vote in the UN, it was highly unlikely it would be ratified by the US government unless there was implementation of human-rights controls, the official said.
What say you, Soylentils? "If you have nothing to hide, you have nothing to fear?", "We can't let those authoritarian scum further oppress their dissidents!" Something in between?
*https://archive.ph/HSa0S
(Score: 4, Interesting) by JoeMerchant on Tuesday November 12 2024, @03:47PM
At the "level of play" mentioned in the article, having a legal construct through which to handle extradition and prosecution is probably a net benefit for any suspected criminals. The legal process, even when over-reaching with potential for abuse, is at least a somewhat transparent and measured process that affords the accused some level of public scrutiny and perhaps a bit of justice in their proceedings. At least it affords some time for investigations to reach conclusions based on more complete information.
With no legal avenues for their powerful adversaries to pursue, significant suspects tend to fall out of high windows or experience similar "accidents."
All in all, it's better to avoid becoming "significant" unless you have a correspondingly capable network of backers to assure your continued well being.
In my opinion, the more wealth (aka power) disparity we develop as a global society, the further we retreat from Montesquieu's ideals of Liberty [stanford.edu]: "Liberty involves living under laws that protect us from harm while leaving us free to do as much as possible, and that enable us to feel the greatest possible confidence that if we obey those laws, the power of the state will not be directed against us."
All in all, I prefer to live in a world where the nation-states enforce necessary protections from harm through open and legal processes, instead of powerful actors "taking care of business" in the shadows.
🌻🌻🌻 [google.com]
(Score: -1, Troll) by Anonymous Coward on Tuesday November 12 2024, @04:08PM (24 children)
They want to pass international treaties that will risk* enabling authoritarian regimes (which? the US?) persecuting citizens (presumably of foreign nations), all so that they can...
> and nonconsensual spreading of intimate images, they said
persecute people for sending fucking pictures on the internet.
How is this a worthwhile surrender of freedoms (as illusory as they may be) at all?
(Score: 2) by JoeMerchant on Tuesday November 12 2024, @04:29PM (14 children)
That's just a "for instance" that elected officials can use to gain support from their constituencies.
IMO, the real meat behind the teeth of this act is the monetary damage being done to large established institutions by relatively small and hard to track actors. Lacking other exposures, this legal snare might just entangle and disable some of the forces "out there" that are sabotaging the big wheels of power (money).
🌻🌻🌻 [google.com]
(Score: 3, Informative) by RamiK on Tuesday November 12 2024, @06:58PM (13 children)
The treaty draft specifies child porn, hacking (intrusion... data theft...), laundering money and "non-consensual dissemination of intimate images": https://documents.un.org/doc/undoc/gen/v24/055/06/pdf/v2405506.pdf [un.org] (Draft United Nations convention against cybercrime, Chapter II: Criminalization p.5-9)
While that should be covered by the treaty, they won't be able to investigate by themselves. Instead, they'll need to file a complaint that will then start a joint investigation with the locals. Combined with the 90 days maximum retention limit, all the hackers will have to do is bounce around, say, a dozen different dysfunctional jurisdictions that take a week or two to process requests for joint investigations and it will guarantee there won't be evidence left of their crimes:
(p.13)
p.s. I'm also not a fan of limiting security researchers to domestic probes:
(Preventive Measures p.33)
I mean, a simple IP trace can bounce around through a dozen different countries and cloud infrastructure of local services and products is often located overseas so we won't be able to even port scan suspect C&C servers...
compiling...
(Score: 2) by JoeMerchant on Tuesday November 12 2024, @07:07PM (12 children)
> the hackers will have to do is bounce around, say, a dozen different dysfunctional jurisdictions
That costs hard currency, and a lot of effort that disrupts their operations to some degree.
🌻🌻🌻 [google.com]
(Score: 2) by NotSanguine on Tuesday November 12 2024, @08:44PM (7 children)
A fair point, I suppose.
Then again, if it was me, I could bounce around to more than a half-dozen places and stay with family and friends at no cost (other than transport and food, the latter of which I'd need to spend anyway), and as long as I have access to the Internet, what disruption?
As such, I'm not sure that's necessarily much of a burden, although it might well be.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 2) by JoeMerchant on Tuesday November 12 2024, @08:48PM (6 children)
I'm going to guess that the "real threat actors" in this space are bigger than single individuals, though one rogue hacker can probably do pretty significant damage to much of the soft underbelly of the infrastructure out there even today.
🌻🌻🌻 [google.com]
(Score: 2) by NotSanguine on Tuesday November 12 2024, @08:57PM (5 children)
I'm guessing that cyber-criminal gangs and other "threat actors" moved to "WFH" even before the pandemic. Why congregate in one place when you don't have to?
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 2) by JoeMerchant on Tuesday November 12 2024, @09:30PM (4 children)
>I'm guessing that cyber-criminal gangs and other "threat actors" moved to "WFH" even before the pandemic. Why congregate in one place when you don't have to?
Absolutely, although a given gang will probably have a common spoken language and other similarities among the members.
Still, wherever they may be spread, having international authority to "round up the usual suspects" is a step ahead of having to choose between letting them run free or assassinating them.
🌻🌻🌻 [google.com]
(Score: 2) by NotSanguine on Tuesday November 12 2024, @09:42PM (3 children)
You misunderstood my point.
I said:
That makes no value judgement WRT the value and/or utility of the treaty under discussion. Rather I merely pointed out that your assertion that:
Isn't necessarily a burden on such folks.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 2) by JoeMerchant on Tuesday November 12 2024, @09:54PM (2 children)
Just to flog the logic horse one more time:
>Isn't necessarily a burden on such folks.
Even when "the gang" is globally distributed, their members will still have to duck and cover from jurisdiction to jurisdiction to avoid prosecution, and that's a hassle. So, yeah, sure, if they're all a bunch of couch surfers, it's not a big deal to hop a plane and crash at the next stop, but even then... hopping a plane is a pain, it puts you through customs which can be problematic. Your equipment will be under scrutiny as you travel, which I understand you can keep your "real system" on a USB stick, encrypted and steganographically hidden under the complete collection of "Married With Children" TV shows and just download the restoration program when you get to your destination then quick restore your system from USB, but... all that takes time, money, brain cycles that aren't being spent on active attack work. Plus, the whole time you are on the move, any contacts you make will be easier to spot than when you're "dug in" to your normal network...
It's not like being imprisoned, but it certainly plays hell on any face to face relationships such people might have, and even if they don't value those, just relocating internationally every few weeks is still a significant load.
🌻🌻🌻 [google.com]
(Score: 2) by NotSanguine on Tuesday November 12 2024, @10:35PM (1 child)
Perhaps. Although again, not necessarily:
Cloud resources [wikipedia.org] hosted on onion-only sites [wikipedia.org]
The Schengen Area [wikipedia.org] as well as any countries that don't ratify the treaty (like the US, and I'd be willing to bet, Russia and China)
Please understand I'm not saying you're wrong. Nor am I saying such a treaty would have no effect. But if you use a little imagination and creativity (whether or not criminals/threat actors can/will do so is an open question), it's clear that avoiding the clutches of John Q. Law ain't that hard.
Over the long-term, that calculation may well change. As a criminal, you need to get your security/opsec right every. single. time. forever., but law enforcement only needs to get it right once. Just ask Russ Ulbrecht [wikipedia.org].
But that doesn't mean folks, especially organized gangs, can't (or won't) use a variety of tools (including the above and likely more I haven't thought about) to avoid detection, identification and capture.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 2) by JoeMerchant on Tuesday November 12 2024, @11:22PM
>avoiding the clutches of John Q. Law ain't that hard.
Well, of course any non extradition country becomes safe haven, even John McAfee figured out Belize.
🌻🌻🌻 [google.com]
(Score: 2) by RamiK on Tuesday November 12 2024, @10:35PM (3 children)
Eh, I said "bounce around" as to mean chaining proxies, VPNs or servers. As in, ssh to a box to ssh to a box to ssh to a box... Use different debit cards to rent from both AWS and Azure at different countries so the court orders will only return a single IP from the other service so that it will require another court order... This is pretty standard practice for black hats.
compiling...
(Score: 2) by JoeMerchant on Tuesday November 12 2024, @11:25PM (2 children)
>This is pretty standard practice for black hats.
And unwinding it is pretty standard practice for black hat hunters.
The old days where you set up a physical redialer in an abandoned warehouse cost more per hop, both to setup and to unwind.
🌻🌻🌻 [google.com]
(Score: 2) by RamiK on Wednesday November 13 2024, @11:19AM (1 child)
Which will still require individual court orders per hop for law enforcement to be able to make use of the information when reverse construction to overcome fruit of the poisonous tree...
Yeah you can hop off aws t3 nano and equivalents for cents per hour nowadays: https://instances.vantage.sh [vantage.sh]
So, assuming a minimum of around $30, that's well under the max debit card draws and charges.
But regardless of the details, it just don't make any sense to have a maximum there at all. I mean, it doesn't even address potential privacy concerns since there's nothing obliging members from running parallel laws that require longer periods that cover more and different crimes. So, the only purpose the maximum serves is to give members a mechanism for not cooperating with joint investigations...
Honestly after the bipartisan silence about Epstein I've become paranoid enough to suspect it's intentional in that they want to have the means for those in power to be able to coverup those sorts of political scandals. Well, that and covering up your own contractors' attacks on other nations...
compiling...
(Score: 2) by JoeMerchant on Wednesday November 13 2024, @12:24PM
>Which will still require individual court orders per hop for law enforcement to be able to make use of the information when reverse construction to overcome fruit of the poisonous tree...
When pursuing the highest ideals, sure. When you simply want to get positive ID on Dread Pirate Roberts so you can tail him IRL, that whole skip trace can be done by "an anonymous tipster."
>it's intentional in that they want to have the means for those in power to be able to coverup those sorts of political scandals. Well, that and covering up your own contractors' attacks on other nations..
And that is the other end of the spectrum, one that's used almost exclusively when there aren't viable legal routes for effective intervention.
🌻🌻🌻 [google.com]
(Score: 3, Informative) by Thexalon on Tuesday November 12 2024, @07:40PM (8 children)
You might think differently about that if the pictures in question were of you and/or somebody you cared about. The word "nonconsensual" is key here: This is aimed at stuff like dudes sending out videos of their ex having sex with them in response to a breakup.
"Think of how stupid the average person is. Then realize half of 'em are stupider than that." - George Carlin
(Score: 0) by Anonymous Coward on Tuesday November 12 2024, @08:52PM
Consent is not optional. That deserves to be repeated often, and applies to more than just sexual activity, and definitely applies to posting recordings of sexual activity to the Internet.
There is the concept of "consensual non-consent," [psychologytoday.com] but even that, at the end of the day, requires the informed consent of all parties.
(Score: 2) by DrkShadow on Tuesday November 12 2024, @10:29PM (6 children)
I personally would not.
Pictures are not an international justice crisis. They are not significant enough to involve state agencies.
Get over yourself.
(Score: 2) by DrkShadow on Tuesday November 12 2024, @10:44PM (2 children)
And part 2, again, get over yourself. National agencies should not be chasing down "dudes posting videos of their ex because of a breakup". What asinine nonsense.
If she really wants to be the largest cunt in the world, she can sue him. This is most definitely not something that nations should be expending their resources on.
(Score: 1, Insightful) by Anonymous Coward on Tuesday November 12 2024, @10:47PM
Thankfully, the rest of the world disagrees with you, asshole.
(Score: 3, Insightful) by Thexalon on Wednesday November 13 2024, @04:56AM
The reason that there's talk of an international treaty to deal with this is that somebody like you can potentially avoid experiencing consequences simply by moving the videos to a server in another country where enforcement of laws is lax and thus it's harder to prove that it was you who posted the videos / pics in any ensuing legal actions.
But I clearly have less experience doing this sort of thing than you sure seem to. If you did do this, and she did sue you over it, she definitely had grounds for complaint.
"Think of how stupid the average person is. Then realize half of 'em are stupider than that." - George Carlin
(Score: 0) by Anonymous Coward on Tuesday November 12 2024, @10:45PM (1 child)
Okay. So post some action videos of you and eight or nine "boyfriends," and put links up on your Facebook page.
What's that? You don't want to share that sort of thing? Fair enough. What if one of those "boyfriends" posts such videos and links on your parents' Facebook pages?
In most jurisdictions, at least in the US (Federally and in 48 states [ballotpedia.org]) that's a felony. And IIUC in the UK [lawcom.gov.uk], as well as many other places.
So yes. It is a matter for local/state/federal/international law enforcement agencies.
Why don't you go ahead and surreptitiously video sexual acts between some folks and then post them online and see what happens?
(Score: 2) by DrkShadow on Wednesday November 13 2024, @03:55AM
I think you've missed my point:
Got a problem with it? Call the cops up the street. Let them deal with it. Maybe they'll engage the cops up the state. Maybe you'll pull the social media Co. into court.
Just for clarity,
(Score: 3, Interesting) by c0lo on Wednesday November 13 2024, @08:52AM
Hmmmm... business idea: advertising company for sex slavers.
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford
(Score: -1, Flamebait) by Anonymous Coward on Tuesday November 12 2024, @07:00PM
Democrats don't believe in free speech either...
Wait, so why does anybody think replacing them with republicans will help? That's weird.
Eh, whatever, it's for the kids, right? When did we let them become the new tyrants?
(Score: 5, Informative) by gnuman on Tuesday November 12 2024, @07:15PM (5 children)
Whenever a supra-national organization is mentioned, there is always lots of FUD from the "omg! think of our freedoms!" crowd. Relax! The bottom line is, frameworks like these are *fundamental* to allow nations to solve issues that are across borders. If these don't exist, then good luck being able to extradite individuals from one nation to another if there is a crime committed.
Fundamentally, agreements like these DO NOT force one nation to become a rug for another. On the contrary. Agreements allow a more level playing field when it comes to international relations. These agreements are expectations of how nations behave towards each other.
For example, take the Apostille Convention. If you ever have to prove some legal document in one country to another country, then this is a godsend. An example here is validity of a marriage certificate in one nation when it comes to another nation. In the "good old days", you needed to validate these via embassies. Sometimes this took months or years. Today, most nations will accept each other's legal documents as being valid. See: https://en.wikipedia.org/wiki/Apostille_Convention [wikipedia.org]
And FTFS:
Exactly. These things generally become the "lowest common denominator" of laws, or, they are ignored. That's how international law works. Your country either likes the convention and implements it, or it ignores it. This is especially true for the wealthier or more influential nations.
(Score: 0, Informative) by Anonymous Coward on Tuesday November 12 2024, @07:30PM (2 children)
Um, excuse me? Does anybody really believe that the incoming administration gives a tinker's damn about human rights? They will do a simple cost/benefit study and decide based on that.
(Score: 2) by JoeMerchant on Tuesday November 12 2024, @10:01PM (1 child)
> They will do a simple cost/benefit study and decide based on that.
If you believe everything that was said during the campaign, "enemies within" will be easily dealt with using the national guard or even military...
Right after we handle COVID with bleach injections.
My advice: Ignore the clown, pay attention to the puppet masters.
🌻🌻🌻 [google.com]
(Score: 0) by Anonymous Coward on Tuesday November 12 2024, @11:42PM
No, I don't believe anything that was said during the campaign. I said, follow the money (in so many words). But some silly partisan moderator is easily offended by being told the ugly truth.
(Score: 2, Insightful) by Thexalon on Tuesday November 12 2024, @07:35PM
Another reason to relax is that the odds of this actually happening are zero: They need more votes in the Senate than they're going to get to ratify any treaty, and the next administration will scrap it on the grounds of "If Biden likes it, it must be bad".
"Think of how stupid the average person is. Then realize half of 'em are stupider than that." - George Carlin
(Score: 2) by corey on Wednesday November 13 2024, @09:44PM
Makes me wonder what would happen differently to Edward Snowden or Julian Assange under this framework, if it was fully in place.