After three years of intense negotiations, UN member states reached consensus and adopted the draft of the first global convention against cybercrime on August 8. The UN Ad Hoc Committee on Cybercrime, established in 2019 and proposed by Russia, is an intergovernmental committee composed of experts and representatives of all regions. It is tasked with drafting an international convention to address the growing global threat of cybercrime and establish a comprehensive, legally binding framework that supports international cooperation, strengthens national legislation, and encourages the sharing of best practices among states.
Divergent views among states made the negotiation process complex and difficult at times. Achieving consensus among countries with different legal systems and levels of technological development as well as differing views on privacy and human rights has been one of the significant challenges. Member states were not able to reach agreement on the draft text at the concluding session in February 2024 and an additional session was needed to come to a consensus.
Despite the convention’s intended goals, several concerns were raised throughout the process by various private sector and civil society stakeholders, particularly regarding its potential implications for privacy, human rights, national security and global cybersecurity. There are fears that the convention might enable or legitimize state surveillance and infringe on individuals' privacy rights, including extensive monitoring of internet activities that could be used to suppress dissent or target activists, journalists, and opposition figures, and justifying restrictions on freedom of expression.
The convention’s broad definitions of cybercrime and the potential for overcriminalization have also been criticized with human rights stakeholders pushing for a precise and narrow scope and the UN Office of the High Commissioner for Human Rights, stating that vague and imprecise definitions of offenses leave room for arbitrary interpretations and risk infringement of human rights.
Private sector stakeholders such as Microsoft and the Cybersecurity Tech Accord, a coalition of technology firms, have pointed out certain provisions undermine national security because they might allow for unauthorized disclosure of sensitive date and classified information to third states. They also allow for states to compel IT professionals to break into secure systems in secret, undermining global network security. Additionally, global cybersecurity is weakened by criminalizing practices that secure the digital ecosystem, including the work of ethical hackers.
Despite this significant opposition from human rights groups, civil society, and technology companies, the convention was adopted. These stakeholders remain deeply concerned about the implications of the treaty and stated their concerns with regard to human rights safeguards, national security, and cybersecurity had not been addressed adequately in the adopted draft, with some urging governments to reject the treaty (including the International Chamber of Commerce and Human Rights Watch).
It should be mentioned that many countries advocated for the inclusion of strong human rights safeguards throughout the process, but as is the case in many negotiations and consensus driven processes, concessions need to be made to come to an agreement in the end. The draft convention will now be presented for adoption to the UN General Assembly at its next session in September 2024 and the treaty will enter into force once it is ratified by 40 countries.
While reaching an agreement in the current geopolitical climate is certainly a diplomatic achievement, concerns remain about how governments will interpret and implement the provisions in the convention and what the implications will be for human rights, privacy, and cybersecurity. In this respect, civil society, private sector, and other stakeholders have an important role to play in the coming years to monitor and ensure that fundamental freedoms are safeguarded and the rule of law respected.
Anneleen Roggeman is Senior Program Manager for the Cyberspace Cooperation Initiative at ORF America.