A treaty on cybercrime prevention is likely to be made European law despite warnings from some quarters that it is over-invasive and unclear.
EuroISPA, the European internet service providers association, this week said it feared the cybercrime treaty, now in its 25th draft, would trample on existing European directives on issues such as data protection and
"Contrary to some reports, the treaty looks like [it is] going through in the way we fear," said Jo McNamee, EuroISPA's public affairs manager.
The treaty will set the parameters for law enforcers investigating crimes such as fraud on the internet. A European Commission official has repeated his concerns to IDG News that the treaty will go ahead even though it clashes with several strands of European Union law.
"We still have some points to negotiate. Some changes are needed so that the treaty does not overrule EU law," the official, who cannot be named, said.
In the e-commerce directive, for example, there is a clause outlawing general monitoring of data, and only permitting interception of electronic traffic under specific conditions.
"The treaty doesn't go as far as call for a general mechanism of interception of messages and data, but it leaves the possibility open for one in the future," the official said.
EuroISPA's main worry is the treaty's lack of clarity. Corporate liability provisions are "wide and vague", McNamee said.
The treaty requires service providers to make it possible for law enforcers to intercept data traffic, "but nowhere does it define what data traffic is", McNamee said. "If it includes all e-mails and website links then the law is simply unenforceable."
It defines 'service provider' as any public or private entity that provides a service via a computer, or any entity that stores data for such an online service. "By that definition a pizza delivery firm is a service provider. It doesn't help them to have such a vague text," said McNamee.
The draft treaty is due to be adopted officially on 24 April and ratified in June.