A new draft of the controversial United Nations Cybercrime Treaty has only heightened concerns that the Treaty will criminalise expression and dissent, create extensive surveillance powers and facilitate cross-border repression.
The Cybercrime Treaty that is currently being negotiated by the United Nations has the potential to substantively reshape international criminal law and bolster cross-border police surveillance powers to access and share users’ data, implicating the human rights of billions of people worldwide.
Without a clearly defined scope and sufficient safeguards, the Treaty could endanger human rights – both online and offline – and repressive governments could abuse its provisions to criminalise online free speech. It could also threaten digital rights by legitimising intrusive investigations and unhindered law enforcement access to personal information.
In December 2019, the UN passed a resolution which established an open-ended Ad Hoc Committee tasked with developing a “comprehensive international convention on countering the use of information and communications technologies for criminal purposes.”
Negotiations started in early 2022. The Treaty roadmap had six negotiating sessions, three in Vienna and three in New York. Each meeting addressed different parts of the treaty, including chapters on criminalisation, procedural measures, the role of law enforcement, international cooperation, technical assistance, preventive measures and implementation.
Negotiations have been marked by ongoing disagreements between governments on the Treaty’s scope and on what role, if any, human rights should play in its design and implementation.
Originally aimed at combating cybercrime, the Treaty has morphed into an expansive surveillance treaty, raising the risk of overreach in both national and international investigations.
At the end of the sixth and final negotiating session, Electronic Frontier Foundation (“EFF”), a non-profit organisation that defends civil liberties in the digital world, reported that it became apparent many nations – including Russia, Eritrea, Burundi, Sierra Leone, Zimbabwe, Ghana, Korea and others – were vying to expand the proposed treaty’s surveillance scope to cover practically any offense imaginable where a computer was involved, both at home and abroad. EFF noted:
The scope of the proposed Cybercrime Treaty will have a profound impact on human rights. The question of whether the Convention [or Treaty] should apply broadly or be limited in its application affects everything, from criminal procedures (such as domestic surveillance) to international cooperation (like cross-border spying or assistance).
Simply put, if Country B chooses to act as “big brother” for Country A, it could tap into an activist’s live chats or trace their exact whereabouts, all based on the loose privacy standards and arbitrary criminal definitions set by Country B’s laws. The absence of a mandate in the proposed Treaty for the same act to be a crime in both countries only magnifies the risks.
UN Cybercrime Treaty Talks End Without Consensus on Scope and Deep Divides About Surveillance Powers, EFF, 13 September 2023
The new draft was released on 28 November 2023. EFF raised the following concerns regarding the new draft:
It retains a controversial provision allowing states to compel engineers or employees to undermine security measures, posing a threat to encryption.
It not only disregards but also deepens EFF’s concerns, empowering nations to cast a wider net by accessing data stored by companies abroad, potentially in violation of other nations’ privacy laws.
It perilously broadens its scope beyond the cybercrimes specifically defined in the Treaty, encompassing a long list of non-cybercrimes.
It retains the concerning issue of expanding the scope of evidence collection and sharing across borders for any serious crime, including those crimes that blatantly violate human rights law.
It overreaches in investigating and prosecuting crimes beyond those detailed in the treaty; until now such power was limited to only the crimes defined in Articles 6-16 of the Treaty.
“We are deeply troubled by the blatant disregard of our input, which moves the text further away from consensus. This isn’t just an oversight; it’s a significant step in the wrong direction,” EFF said.
EFF quoted Deborah Brown, acting associate director for technology and human rights at Human Rights Watch, who said:
[This latest draft] is primed to facilitate abuses on a global scale, through extensive cross-border powers to investigate virtually any imaginable ‘crime’ – like peaceful dissent or expression of sexual orientation – while undermining the treaty’s purpose of addressing genuine cybercrime. Governments should not rush to conclude this treaty without ensuring that it elevates, rather than sacrifices, our fundamental rights.