UN Cybercrime Convention Moves Forward With Treaty, But Will It Hold Up?

by | Aug 26, 2024

In spite of an absolute load of criticism from many different quarters, the UN’s cybercrime convention is moving forward and is now likely to see nations ratifying it in the coming months. The treaty has displeased human rights groups, but it is also being rebuffed by tech and business interests due to the new burdens it threatens to put on them.

Longstanding human rights objections joined by tech lobbies, chambers of commerce

First initiated and pushed forward by Russia and other nations displeased with the prior Budapest Convention on Cybercrime, the new cybercrime convention has been working for three years with human rights concerns essentially at the center of the battle the entire time. But business interests are also displeased for a variety of reasons: new requirements to cooperate in cross-border requests (and associated compliance costs), anticipated chilling effects on both tech investment and cybersecurity research, more national security issues, and tougher IT security staffing conditions in a market that is already very challenging. The International Chamber of Commerce has come out in opposition to the new cybercrime convention as has the Cybersecurity Tech Accord, a group that represents Microsoft and Meta among others.

While the new cybercrime convention is essentially an agreement in principle, it is not a UN instrument as of yet. It must first be put to a formal vote before the UN’s members, likely to happen within the coming weeks. After clearing a majority vote it is then up to be ratified by each member state, and must be signed onto by at least 40 to be officially adopted.

Cybercrime convention sparks fears of overbroad definition of “cybercrime”

The tactic employed by authoritarian nations negotiating at the cybercrime convention, Iran seemingly the most vociferous among them, was essentially to expand the definition of “cybercrime” to cover a broad range of speech and political dissent activities while also removing as much mention of human rights as possible.

A central concern for watchdog groups is that individual nations no longer have to agree to mutual legal assistance treaties under the cybercrime convention’s new terms, giving regimes that target dissidents more tools with which to pursue them across borders. And what constitutes a “human rights” issue is left up to each individual nation; a lack of equivalency in this view between two states will not necessarily prevent a request for cooperation from being made by one that has less respect for the concept.

The cybercrime convention does provide member states with some right to refuse cooperation when they believe it is being done as a matter of political or religious persecution, but it removes prior requirements that the requester demonstrate a malicious act or attempt to cause actual harm was involved.

As such this treaty may well end up expanding the international view of what constitutes “cybercrime,” yet that view may include many things that do not simply involve using a computer to commit theft or cause damage. The continuing development of the cybercrime convention is thus very much worth keeping an eye on.

 

Recent Posts

How can we help?

10 + 10 =

× How can I help you?