Cybercrime Treaty
'All Eyes' are on the UN this week as the Ad Hoc Committee on Cybercrime goes into its final negotiations. Below the jump I've published my latest essay on this particular Russia-led "cyber-" effort and why the global, UN effort to replace the Budapest Convention as well as the Five-, Nine-, 14-Eyes alliances needs more– not fewer– human rights guardrails.
There is no shortage of concern for the process and substance of the Treaty from every conceivable stakeholder group:
- The flaws: scope, human rights and data protection https://cdt.org/insights/the-three-top-issues-to-address-for-the-global-cybercrime-treaty/
- EFF writes about how security researchers, journalists are at risk https://www.eff.org/deeplinks/2024/07/journalists-and-security-researchers-risk-why-you-should-hate-proposed-un
- The Office of the High Commissioner on Human Rights is concerned with several points in the text and details them in a report earlier this year https://www.ohchr.org/sites/default/files/2024-05/Human-Rights-Draft-Cybercrime-Convention.pdf
- And so is the UN Special Rapporteur on Countering Terrorism https://www.unodc.org/documents/Cybercrime/AdHocCommittee/Reconvened_concluding_session/Written_submissions/OP7/UN_SR_HR_Terrorism.pdf
- Cory Doctorow raised the alarm, too https://doctorow.medium.com/https-pluralistic-net-2024-07-23-expanded-spying-powers-in-russia-crime-cybers-you-607f0ab61f8a
- The many industry members of the Global Network Initiative are united against the treaty https://globalnetworkinitiative.org/cybercrime-convention-statement
- Surveillance watchdog Privacy International has a litany of changes to the text, though few if any have been taken up in these final days of negotiations https://www.unodc.org/documents/Cybercrime/AdHocCommittee/Reconvened_concluding_session/Written_submissions/OP8/Privacy_International.pdf
- Foreign Policy In Focus states that the grounds for States refusal of cross-border cooperation, based on human rights concerns for example, are "entirely discretionary and so become the exception rather than the rule." https://fpif.org/upcoming-cybercrime-treaty-will-be-nothing-but-trouble/
- International Press Institute calls it the "surveillance treaty" https://ipi.media/ipi-calls-on-us-eu-to-reject-dangerous-global-surveillance-treaty
In these final hours, there are more statements being drafted to dissuade member states from signing the treaty. It's clear this treaty is a disaster for human rights, which should be a red line for any democratic government.
Please subscribe!
Internet Roundup
- Apply to be an ICANN fellow https://www.icann.org/fellowshipprogram
- ARTICLE 19 has a new report out about Iran's latest forms of digital repression https://www.article19.org/resources/tightening-the-net-irans-new-phase-of-digital-repression/
- Citizen Lab has published a report about how online translation services are automating censorship https://mailchi.mp/citizenlab.ca/lost-in-translation?e=efc391dbdd
- How tall is the internet? https://www.e-flux.com/architecture/spatial-computing/602471/how-tall-is-the-internet/
- CDT just published a report about why web standards matter for human rights https://cdt.org/insights/implementing-recommendations-for-supporting-human-rights-in-web-standards/
- A civil society letter to the African Union Commission on data policy and AI https://misa.org/blog/open-letter-to-the-au-of-heads-of-state-and-government-on-the-endorsed-continental-ai-strategy-and-african-digital-compact/
- Detecting Unwanted Location Trackers working group at the IETF has two drafts published on the "Accessory Protocol" and threat model: https://datatracker.ietf.org/group/dult/documents/
- Who Profits? takes on Cisco in Palestine https://www.whoprofits.org/companies/company/6529?cisco-systems
My latest on the CDT blog, "The Wrong Cybercrime Treaty"
Cybercrime–ranging from identity theft and one-off scams to attacks on major institutions–has become a major threat to the safety and privacy of internet users around the world. But a new treaty that purports to address the issue could do more harm than good.
A UN committee has been engaged in drafting a potential cybercrime treaty since the process was proposed by the Russian government in 2017. The group, with an impressively long title – the Ad Hoc Committee to Elaborate a Comprehensive International Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes – has held rounds of meetings to hash out details of what an international agreement on cybercrime would look like.
CDT is an accredited stakeholder participant in the negotiations and as early as 2021 we raised alarm bells about its scope.
As further explained in a more recent open letter to the committee from civil society organizations, the current proposed treaty could allow governments to collect massive amounts of personal data from internet users, even across national borders, without their knowledge or consent. It could also threaten the work of network security researchers whose efforts help to identify and close vulnerabilities in systems that bad actors can exploit.
The level of data collection allowed under this treaty could also be used to suppress dissent, and the paltry safeguards text notably doesn’t mention the protection of political opinion because some states have sought to keep that protection out of the negotiated language. As the open letter notes, the possibility that governments could collect the data will itself have a chilling effect, since citizens will often censor themselves if they think Big Brother is watching.
It’s critical to make progress against cybercrime, but we know that any successful cybersecurity treaty will need to be built on a firm foundation of human rights, including the right to privacy and freedom of expression and opinion. As it stands now, this treaty would almost certainly make a bad situation worse. We as a planet of internet users deserve better.
Please forward and share this edition.