The final round of negotiations on a proposed international cybercrime treaty, set to begin on Monday at the United Nations, has sparked criticism from civil society organizations. They argue that the treaty, if enacted, would criminalize security research and promote indiscriminate police surveillance.
Following a 2019 General Assembly vote authorizing negotiations for the treaty, U.N. members have been working on the draft, which is set to be finalized in February. However, more than 100 civil society organizations have expressed strong opposition to the proposed language, asserting that it would be counterproductive in the fight against cybercrime.
One key point of contention is the proposed treaty’s definition of cybercrime. Civil society groups claim that the treaty would categorize security research, such as bug bounty programs and pen testing, as criminal offenses. This, they argue, could lead to the prosecution of acts carried out with beneficial intent, ultimately undermining the security of digital communications.
Critics also take issue with the treaty’s provisions for real-time interception of traffic and content data, which could require internet intermediaries to weaken encryption protocols. According to the Cyber Peace Institute, this would significantly weaken existing privacy measures adopted by technology providers to ensure the safety of internet users.
The language of the proposed treaty has drawn criticism from influential figures in the tech industry as well. Microsoft’s head of cyber policy and protection, for example, has described the treaty as a “weapon” that could allow authoritarian governments to “suppress dissent under the guise of fighting cybercrime.” Despite these concerns, negotiators have not addressed suggestions put forth by civil society proponents to make the treaty more secure.
Instead of focusing on a new cybercrime proposal, some argue that states should prioritize strengthening the legal capacities of their law enforcement agencies and rely on existing measures, such as the Budapest Convention, which has 68 current signatories. They also stress the importance of providing cyberattack victims with greater access to redress and justice, which they argue the current text of the proposed treaty does not achieve.
The proposed international cybercrime treaty has ignited a fierce debate among U.N. members and civil society organizations. As negotiations enter their final stages, the outcome will have far-reaching implications for the future of cybersecurity and digital privacy. Critics are urging U.N. members to carefully consider the potential consequences of the proposed treaty and to work towards a solution that balances the fight against cybercrime with the protection of fundamental rights and freedoms.