The United Nations committee has recently advanced the final draft of a treaty aimed at combating cross-border cybercriminal organizations. However, concerns have been raised by opponents who argue that the treaty lacks sufficient safeguards for human rights and could potentially be misused by repressive governments to persecute journalists, cybersecurity researchers, and protesters.
If the UN General Assembly adopts the UN Convention Against Cybercrime, it would mandate that any nation signing the treaty criminalize unauthorized access to information or communications technology systems as well as the interception of data or communications. Additionally, signatories would be required to have mechanisms in place to preserve stored data and certain elements of traffic data.
Nick Ashton-Hart, who heads the Cybersecurity Tech Accord delegation to the negotiations, emphasized that the treaty would not only compel companies in various sectors such as financial services, travel, technology, and telecommunications to cooperate with domestic law enforcement but also to assist signatories upon request.
However, Ashton-Hart expressed disappointment with the final draft, noting that it failed to address concerns raised by the private sector and civil society regarding the potential risks posed to security researchers, penetration testers, investigative journalists, whistleblowers, and others due to the ambiguous and inadequate wording in the criminalization section.
The UN Convention Against Cybercrime is not the first international treaty dealing with cybercrime. The Council of Europe’s Convention on Cybercrime, known as the Budapest Convention, has been in place since 2001 and has garnered over 75 signatories, including most European countries, the United States, Japan, and Brazil.
Despite some support for the UN treaty, notable opposition from countries like the United States and technology companies persists. Concerns have been raised about the lack of oversight and the potential for abusive cooperation requests that could compromise the security systems relied upon by billions of individuals and businesses daily.
A notable point of contention is the absence of any provisions regarding conditions and safeguards in the latest version of the treaty. The U.S. State Department highlighted the importance of protecting human rights and freedom of speech, warning that the treaty could be exploited by certain governments to target dissidents, journalists, and protestors.
In addition to the U.S. and technology companies, the Freedom Online Coalition (FOC), a coalition of 40 nations advocating for human rights, has also expressed reservations about the current draft of the UN Convention Against Cybercrime. The FOC emphasized the need for additional safeguards and human rights protections to be integrated into the treaty framework to prevent its misuse by repressive regimes.
As the UN Convention Against Cybercrime moves to the general assembly for potential adoption, it remains to be seen how the concerns raised by opponents will be addressed and whether the treaty will strike a balance between combatting cybercrime and upholding fundamental human rights.