United Nations member states have adopted the Convention Against Cybercrime, ending almost three years of negotiations.
However, many stakeholders, including NGOs and tech policy experts, have criticized the final text and expressed concerns that it offers authoritarian regimes the opportunity to stifle political opposition and violate human rights.
Cybercrime Treaty Adopted by all UN Member States
Initially proposed by Russia to the UN in 2017, the Comprehensive International Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes (commonly referred to as the Cybercrime Treaty) is designed to create a globally agreed legal framework to combat online fraud, scams and harassment.
In addition, it will be used to help define how countries investigate and criminalize cybercrime-related matters.
The final text, the UN Convention Against Cybercrime, was adopted by consensus by all UN member states on August 8, 2024, after a two-week Ad Hoc Committee session in New York.
The Ad Hoc Committee also agreed on a draft resolution that anticipates negotiating a protocol supplementary to the Convention, addressing additional criminal offenses.
Iran’s Attempt to Scrap Human Rights Safeguards
Despite this final consensus, Pavlina Pavlova, an independent expert participating in the negotiations, told Infosecurity that the New York session was marked by seven rounds of voting requested by Iran, which aimed to remove existing human rights safeguards.
Notably, the Iranian UN delegation wanted to remove an article (Chapter I, Article 6) saying, "Nothing in this Convention shall be interpreted as permitting suppression of human rights or fundamental freedoms.”
This request was rejected by 102 votes to 23 with 26 abstentions. Among those who supported Iran’s positive were Russia, India, Sudan, Venezuela, Syria, North Korea and Libya.
Cybercrime Treaty’s Final Draft Heavily Criticized
Many stakeholders have voiced their reservations regarding the adopted text.
Articles 28 to 30, which cover the search and seizure of electronic data, the real-time collection of traffic data, and the interception of content data, are particularly controversial.
Global Surveillance Threats
In a blog post, the Global Initiative against Transnational Organized Crime commented that while the treaty has some positive aspects, including the express reference to human rights and a grounds for refusal for mutual legal assistance on the basis of non-discrimination, there are numerous inherent risks that member states will no doubt be paying close attention to.
Notably, the NGO criticized the lack of oversight detail regarding the right for nation states to access and share e-data for use as evidence, which could present global surveillance threats.
In addition, there are no measures for legal training or judicial oversight of electronic evidence collection, or how to properly use electronic data in building legal cases, which includes personal data security.
According to the Global Initiative, this brings into question what would be the point in providing support to request, collect and retain data if such data could become inadmissible in future legal proceedings from improper handling?
In earlier negotiations, several NGOs, the Office of the United Nations High Commissioner for Human Rights (OHCHR) and the International Chamber of Commerce (ICC) called for removing articles 28 to 30.
Fundamental Freedom Violation Threats
Another contentious point lies in a clause in articles 29 and 30 that could grant nation-states more power to stifle dissidents and political opposition.
The Global Initiative pointed out that the clause would allow governments to adopt legislation that would require a service provider to keep confidential the fact of the execution of any power under this Article and any information relating to it.
A coalition of press freedom NGOs, including the International Press Institute and the Committee to Protect Journalists (CPJ), supported by the Electronic Frontier Foundation, had called to reject the treaty altogether.
Another member of the coalition, the Washington Post Press Freedom Partnership, said on X that “The treaty […] could hand governments around the world dangerous new spying capabilities to track down and punish journalists, and give repressive regimes even more tools for targeting and muzzling the press.”
Speaking to Infosecurity, Nick Ashton-Hart, who led the delegation of the Cybersecurity Tech Accord organization, which brings together over 100 companies in the sector, including Microsoft and Meta, also expressed his opposition to the final text.
“Regrettably, the UN member states adopted the cybercrime convention [...] without addressing any of the major flaws that the private sector and civil society had identified coming into the session. In key areas, the text was actually weakened, particularly with regard to human rights and safeguards against abuse," he said.
"The poor drafting of the criminalization articles will endanger security researchers, whistleblowers, and journalists, as well as allow for member-states to compel IT professionals to break into secure systems in secret, undermining global network security."
Road to Implementation
The final draft of the Cybercrime Treaty will be submitted to the Annual General Meeting for formal adoption later this year. To become an official UN instrument, it must then be ratified by 40 UN member states.
Pavlova said that it will take considerable time before the treaty becomes operational.
“Many developing countries have also stressed the importance of technical assistance and capacity-building for the implementation,” she said.
“Civil society and technology companies have shown an unprecedented unity, warning that the proposed treaty could seriously infringe on rights and freedoms globally. Now, they remain concerned about the human rights and privacy implications of the future treaty, and some may opt to boycott its ratification,” she added.
It remains to be seen how the treaty's contentious aspects will be interpreted and implemented by signatory states.
Photo credits: Viktor_IS/oliverdelahaye/Shutterstock