Discussions on the draft UN Cybercrime Convention came to an unexpected halt on Friday, February 9, 2024, due to ongoing disagreements between governments. The suspension, though temporary, provides the global community a much-needed break. We now have time to focus on the convention’s details and ensure cybercrime is addressed while respecting human rights. Civil society has long expressed concerns about the severe threats the agreement presents to human rights worldwide and the scant public and media attention given to these risks. What are these dangers, and how did we reach this contentious point? Will achieving consensus mean sacrificing human rights?

Russia proposed an international treaty on cybercrime

In 2017, Russia proposed the convention the stated goal of addressing “the problems and threats posed by crimes in the sphere of information and communications technologies.” The UN General Assembly narrowly decided to develop it through UNGA Resolution 74/247 in 2019, with 79 votes in favor from a cross-regional grouping primarily from Africa, Northern Africa, Asia and the Middle East; 60 votes against including the European bloc, Australia, New Zealand, Republic of Korea, Japan, the United States, Paraguay, Panama and Tonga; and 33 abstentions mainly from Latin American states and some others.

Of course, cybercrime poses a severe risk to human rights. But is a legally binding UN treaty a reasonable or practical course of action? UN human rights bodies and civil society organizations have extensively documented the widespread misuse of cybercrime laws. States abuse them to target journalists, human rights defenders, whistleblowers and technologists, imposing unwarranted restrictions on expression and justifying disproportionate surveillance powers.

UN Resolution 74/146 acknowledges the misuse of cybercrime legislation to target human rights activists, endangering their safety and impeding their work against international law. This abuse occurs at local and national levels, causing significant harm. How much greater would the problem become if abusable legislation were elevated to international law?

To achieve credible level of legislative harmonization, every signatory state must create new laws and alter current ones before the UN can develop any universal instrument. This approach risks triggering a legislative race to the bottom due to the diverse backgrounds of UN member nations, many of which have a history of abusing cybercrime laws and violating human rights. To make matters worse, the fact that negotiations took place in UN offices in Vienna and New York restricted transparency and limited opportunities for public interest actors to participate.

A dangerous document

The process proceeded despite these worries and the fundamental differences between the nations, including on the convention’s core goal, interspersed with ever louder protests from civil society organizations. UN member states began the final round of negotiations to adopt the agreement in late January 2024.

Before the meeting, Global Partners Digital and over a hundred civil society organizations sent a joint statement to the Ad Hoc Committee on Cybercrime (AHC), outlining the minimal standards necessary to ensure that the draft convention does not jeopardize cybersecurity or human rights. The statement raises three severe issues with the draft convention. One of the main concerns is the range of offenses it covers. Some passages in the text define offenses as any crime containing a digital element, which exceeds the generally accepted definition of cybercrime. This ambiguity could lead to the convention being interpreted and implemented in a manner that fosters prejudice or persecution. Research conducted by the Association for Progressive Communications and Derechos Digitales has charted the ways states have applied ambiguously worded cybercrime laws to suppress opposition voices and criminalize human rights advocates, from a transgender influencer in Nicaragua who was expelled due to her social media posts to an Egyptian human rights activist who received a two-year prison sentence for a video she made about sexual harassment.

The convention risks allowing law enforcement to share information excessively within and outside national borders. This increased sharing could result in prosecutions or extraditions due to the convention’s broad scope and lack of specific safeguards, such as requiring prior judicial authorization and transparency measures. Despite arguments that the convention isn’t intended as a human rights pact, several participating governments have rejected implementing adequate protections for these powers. As a consequence of its broad reach, individuals such as security researchers, journalists, activists and whistle-blowers may find themselves lacking necessary safeguards and potentially even facing criminal charges.

On the second-to-last day of negotiations, a coalition of civil society organizations, business representatives and technical experts published an open letter urging states not to endorse the convention due to its fundamental flaws. Negotiations were then suspended on the final day of the session and are scheduled to reconvene in New York later in 2024, with the aim of finalizing the agreement by the 78th session of the General Assembly, ending in September 2024. The decision to suspend negotiations was influenced by significant differences between the parties involved, possibly compounded by rising public criticism of the pact from a diverse array of stakeholders.

Where do we go from here?

The draft treaty presents several issues. It lacks protections for human rights and grants States the ability to monitor and obtain personal data from individuals outside their borders. Additionally, it requires computer corporations to collaborate with law enforcement on alleged criminal investigations. Since it fails to specify that accessing computer systems without the intent to steal, damage, or infect with malware should not lead to prosecution, it poses a threat to security researchers. If left unchanged, the draft treaty would significantly harm global cybersecurity.

The current hiatus in discussions provides a crucial opportunity to raise public awareness about the dangers inherent in the draft and advocate for a narrowly limited convention with robust language to prevent its potential misuse for repression, persecution and surveillance. Negotiating nations should not endorse the convention unless a more restricted, human rights-respecting approach can be achieved. If ratified in its current form, the treaty will greatly impact international criminal laws and grant law enforcement broad new powers to investigate crimes both domestically and internationally. Numerous studies have already suggested alternative strategies that respect human rights while combating cybercrime. Given the risks associated with proceeding with this flawed and potentially dangerous treaty, the time may have come to discuss these alternative ideas.

[Anton Schauble edited this piece.]

The views expressed in this article are the author’s own and do not necessarily reflect Fair Observer’s editorial policy.