On Thursday, a UN committee endorsed the first global treaty on cybercrime, despite significant opposition from human rights advocates and a coalition of technology companies.
Next Steps for the Treaty
The treaty, which emerged from three years of negotiations, was adopted by consensus but still requires a General Assembly vote in the fall. It must be ratified by at least 40 countries to take effect.
Key Provisions of the Treaty
The treaty aims to establish a comprehensive “global criminal justice policy” to combat cybercrime through enhanced international cooperation. Key elements include:
- Illegal Access: Member states are required to legislate against unauthorized access to information and communication systems.
- Protection of Children: The treaty mandates laws to criminalize the production and distribution of explicit child sexual content, prevent online grooming, and protect children from online exploitation.
- Device Misuse and Forgery: It addresses illegal activities related to device misuse and computer-related forgery or theft.
- Deepfakes and Revenge Porn: States are encouraged to enact laws against the distribution of deepfakes and revenge porn without consent.
Additionally, the treaty authorizes states to collect and record data relevant to these crimes and compel service providers to disclose incriminating information.
Controversies and Criticisms
The vote proceeded despite some last-minute attempts by states to amend the treaty. Russia, which initiated the treaty process in 2017, criticized the draft for having excessive human rights safeguards and claimed that it was being used to further the interests of certain countries.
The previous UN protocol on cybercrime, the Budapest Convention of 2001, saw limited adoption by countries.
Industry and Human Rights Concerns
In a final open letter before the vote, the Cybersecurity Tech Accord, a consortium of tech companies, criticized the revised draft for being “ambiguous” and failing to adequately address human rights, press freedom, and gender equality.
The letter highlighted several issues, including:
- The potential for unauthorized personal information sharing.
- Broad definitions that could criminalize legitimate online activities.
- Increased difficulty for cybercrime victims to obtain justice.
Nick Ashton-Hart, head of the Tech Accord delegation, argued on social media that the treaty in its current form should be abandoned.
Microsoft also voiced concerns, stating that their objections had not been addressed and that the treaty’s provisions had been expanded, weakening human rights protections.
Human rights organizations, including the UN’s Office of the High Commissioner for Human Rights (OHCHR), have also criticized the treaty. The OHCHR has urged negotiators to ensure the treaty aligns with existing international laws and to narrow the list of criminal offenses to avoid infringing on fundamental rights such as freedom of expression.
David Kaye, former UN Special Rapporteur on Freedom of Expression, warned that the treaty could undermine human rights protections by pressuring the Department of Justice to share information about alleged criminals without adequate safeguards.
Kaye described the treaty as a “disaster” for human rights, potentially giving authoritarian regimes more tools to suppress dissent while failing to offer sufficient protections for democratic societies.
Looking Ahead
The treaty’s adoption marks a significant milestone in global efforts to tackle cybercrime, but its future depends on the upcoming General Assembly vote and further negotiations to address the highlighted concerns.