United Nations adopts cybercrime convention after three years of negotiations

The United Nations has adopted a new cybercrime convention, the first such treaty to be adopted within the body. After three years of negotiations, UN member states adopted the United Nations Convention against Cybercrime by consensus on Thursday. The treaty will now be submitted to the General Assembly for formal approval.

“I consider the documents… adopted. Thank you very much, bravo to everyone!” Algerian diplomat Faouzia Boumaiza Mebarki, chair of the treaty body, said to applause from members. The move has been fiercely criticized by human rights activists and technology companies, who warn of potential surveillance risks from governments.

Lack of safeguards in the UN Cybercrime Convention

The new treaty aims to prevent and combat cybercrime more efficiently and effectively, particularly in relation to child sexual abuse images and money laundering. However, critics argue that the treaty’s broad scope and lack of human rights safeguards could facilitate state repression.

Deborah Brown of Human Rights Watch (HRW) called it an “unprecedented multilateral oversight” that will be “a disaster for human rights and a dark moment for the UN.”

The treaty’s adoption has also drawn mixed reactions from countries, with some complaining that it contains too many human rights safeguards. While Russia had supported the drafting of the law, it had also complained that the treaty was “oversaturated with human rights safeguards.” The country had unsuccessfully requested Iran to remove several “inherently flawed” clauses from the cybercrime treaty. The treaty was adopted by consensus, with 102 countries voting against Iran’s request, 23 in favor and 26 absent.

The title of the treaty defines cybercrime as any crime committed using information and communications technology systems,” said Deborah Brown of Human Rights Watch. She added: “As a result, when governments adopt domestic laws criminalizing any activity that uses the Internet in any way, they can point to this treaty to justify maintaining repressive laws.

The treaty also requires governments to assist in investigating crimes that are considered serious under domestic law – that is, offenses that carry a penalty of four years or more. This can include conduct protected by international human rights law, such as homosexual conduct, criticizing one’s own government or being a whistleblower.

“The lack of human rights safeguards is disturbing and should concern us all,” Brown said. “The current draft treaty relies on domestic law to provide for human rights safeguards, meaning that people are subject to the laws of individual countries, rather than benefiting from important human rights standards under international law,” she added.

Risks to children’s rights

The treaty attempts to address child abuse material, but critics argue it could inadvertently criminalize consensual behavior of children in same-age relationships, contrary to guidelines set by the UN Committee on the Rights of the Child.

“It would also jeopardize the work of human rights organizations that document child rights violations and who may have access to such material as part of their research,” Brown said.

Calls for rejection

The committee that drafted the treaty was established despite opposition from US and European governments, following Russia’s first move in 2017. “This treaty is in fact a legal instrument of repression,” Brown said. She warned: “It can be used to crack down on journalists, activists, LGBT people, freethinkers and others across borders.”

Nick Ashton-Hart, representing the Cybersecurity Tech Accord delegation, which includes Microsoft and Meta, called on countries not to sign or implement the treaty, saying it would be “harmful to the digital environment in general and to human rights in particular.” Nick said the UN committee had adopted a treaty without addressing the major shortcomings identified by civil society, the private sector and the UN’s own human rights body.

These human rights groups and technology companies oppose the Cybercrime Convention and urge UN member states to reject the current version of the Cybercrime Convention. They warn that the treaty could facilitate transnational repression and undermine fundamental freedoms.