New UN cybercrime treaty could threaten human rights
Recently adopted UN treaty could lead to invasive digital surveillance, rights experts warn
NEW YORK CITY — The United Nations approved the first-ever international cybercrime treaty yesterday. The effort succeeded despite opposition from technology companies and human rights groups, who warned that the treaty would allow countries to expand intrusive electronic surveillance in the name of criminal investigations. Experts from these groups say the treaty contains provisions that countries could interpret to prosecute internationally, undermining the global human right of freedom of speech and expression. Any It is considered a crime that occurs on a computer system.
After the adoption of the treaty, the UN Committee Room erupted in applause, as many member states and representatives celebrated the end of three years of difficult discussions. Representatives from South Africa and elsewhere praised the adoption of the treaty, citing its support for countries with smaller cyber infrastructure.
But among watchdog groups closely following the meeting, the mood was funereal. “The UN Cybercrime Convention is a blank check against surveillance abuses,” says Katitsa Rodriguez, director of international privacy policy at the Electronic Frontier Foundation. “It can and will be used as a tool for systematic rights violations.”
Supporting science journalism
If you enjoyed this article, please support our award-winning journalism. Subscribe. By purchasing a subscription, you help ensure a future of influential stories about the discoveries and ideas shaping the world today.
In the coming weeks, the treaty will be put to a vote by the UN’s 193 member states in the General Assembly, where if it is approved by a majority, it will move on to the ratification process, where it must be signed by governments.
The treaty, called the Comprehensive International Convention on Combating the Criminal Use of Information and Communications Technologies, was first conceived in 2019, with discussions to determine its content beginning in 2021. It aims to provide a global legal framework for preventing and combating cybercrime. In a July statement before the treaty’s adoption, the United States and other members of the Freedom Online Coalition called the treaty an opportunity to “strengthen cooperation on combating and preventing cybercrime, and on collecting and sharing electronic evidence of serious crimes,” but noted the pact could be misused as a tool for human rights violations and called for a more precise definition of its scope. (The U.S. State Department did not immediately respond to a request for comment. Scientific American.
The agreement is a response to major technological developments over the past few decades that have caused cyber threats to rapidly evolve. According to data from the Identity Theft Resource Center, more than 340 million people worldwide will be victims of cybercrime in 2023 alone.
Years of deliberations over a long and complex treaty culminated in the final session of negotiations this week. Critics, such as EFF and Human Rights Watch (HRW), argue that the treaty’s scope is too broad and could apply to crimes other than those previously considered cybercrimes. The Budapest Cybercrime Convention, which came into force in 2004, is the only major international treaty dealing with cybercrime. The treaty sought to criminalize a range of crimes, including cybercrimes (such as online banking fraud and identity theft) and cyber-dependent crimes (such as hacking and malware), but also sought to respect human rights and freedoms.
But experts say the newly adopted treaty lacks such guarantees for a free internet. A major concern is that the treaty could apply to all crimes as long as they involve information and communications technology (ICT) systems. HRW has documented the prosecution of LGBTQ+ people and others who express themselves online. The treaty could require governments to cooperate with other countries that have, for example, made LGBTQ+ conduct or digital forms of political protest illegal.
“This broad definition effectively means that when governments enact domestic laws to criminalize a wide range of conduct, if it is carried out through ICT systems, they can use this treaty as justification for implementing repressive laws,” HRW Executive Director Tirana Hassan said at a press conference late last month.
Hassan added that the treaty opens the door to violations of human rights and freedom of speech. The adopted text leaves human rights protections to domestic law, “which means people are subject to the whims of each country’s laws,” he said. Countries with a poor track record of such protections but strong supporters of the treaty include Belarus, China, Nicaragua, Cuba and Russia (which has been particularly vocal in its support).
The agreement could also create cross-border dangers: “The treaty allows for cross-border surveillance and cooperation to collect evidence of serious crimes, effectively turning it into a global surveillance network,” Rodrigues said. “This creates significant risks of cross-border human rights violations and cross-border repression.”
Industry representatives from the Cybersecurity Technology Agreement, a coalition that includes Microsoft, Meta and more than 150 other global technology companies, were concerned about whether the private sector could comply with the treaty. In January, the coalition warned that the agreement would force internet service providers to share data across jurisdictions, potentially conflicting with local laws. Nick Ashton-Hart, head of the Cybersecurity Technology Agreement delegation in the treaty negotiations, said it was disappointing that the UN committee adopted it despite its major flaws. “If implemented, this treaty would be harmful to the digital environment in general and human rights in particular,” Ashton-Hart said. The treaty “will weaken cybersecurity, making the online world less safe and more vulnerable to cybercrime.”