Since May 2021, UN member states have negotiated to create an international treaty to combat cyber crime. If adopted by the UN General Assembly, this treaty would represent a significant milestone, being the first binding UN instrument specifically addressing cyber crime.
The proposed treaty can establish a global legal framework for international cooperation in preventing, investigating, and prosecuting cybercrimes.
However, concerns have been raised regarding its scope and the potential impact on human rights. This article explores the UN cybercrime treaty and its potential implications for human rights.
Understanding Cyber Crime
Before delving into the treaty’s impact on human rights, it’s essential to understand what constitutes cyber crime. Cyber crime can be broadly categorized into two groups:
These crimes can only be committed through Information and Communication Technologies (ICTs). Examples include ransomware attacks, where hackers encrypt data and demand a ransom for decryption.
Traditional crimes have been transformed in scale, speed, and scope due to the use of ICTs. Examples include online banking scams, identity theft, and child sexual exploitation.
The Relevance of the UN Cyber Crime Treaty
The need for a new cybercrime treaty arises from technology’s rapid evolution and new threat actors’ emergence over the past two decades. Cybercrimes have become a global concern, impacting individuals, communities, businesses, and governments.
Incidents like ransomware attacks and online scams have highlighted the urgent need for international cooperation to combat cybercriminals effectively.
The treaty negotiation process began in December 2019 when the UN established an open-ended ad hoc committee tasked with developing a comprehensive international convention on countering the use of ICTs for criminal purposes.
Negotiations officially started in early 2022 and have involved multiple sessions in Vienna and New York. While states are responsible for the negotiation, civil society, and the private sector have played crucial roles in shaping the convention through statements, consultations, and side events.
Key Areas of Disagreement
The negotiation process has been complex, with several key areas of disagreement among UN member states:
Scope of the Treaty
Some states advocate for a broad treaty that criminalizes a wide range of cyber-enabled crimes, including content-based offenses. Others prefer a narrower approach, focusing on core cyber-dependent crimes and a limited number of transformed cyber-enabled crimes.
Human Rights Safeguards
There is a debate about how the treaty should protect human rights. While most states agree on the importance of human rights commitments, there are differing opinions on the convention’s specificity and references to existing human rights treaties.
Addressing Capacity Gaps
The treaty’s chapter on technical assistance outlines the responsibilities and expectations for addressing capacity gaps among member states. Disagreements exist regarding technology transfer, including dual-use technologies, and whether such transfers could be misused.
Harmonization with Existing Efforts
The treaty must align with existing international mechanisms and networks dealing with cybercrime, including regional instruments such as the Council of Europe’s Budapest Convention.
Gender has emerged as an issue in treaty negotiations, with some states advocating for mainstreaming gender perspectives throughout the treaty to address specific risks faced by different gender identities in the context of cyber crime.
The Need for Human Rights Protection
One of the central concerns regarding the UN cyber crime treaty is its potential impact on human rights. Measures to counter cyber crime can inadvertently jeopardize human rights, such as freedom of expression and privacy.
Some states argue that the treaty is not primarily a human rights instrument, while others emphasize the importance of including explicit references to human rights commitments.
Protection of human rights is critical, as certain states have misused cyber crime laws to stifle online speech and target journalists, activists, and political opposition. Additionally, cyber crime investigations can involve invasive practices that raise privacy concerns.
Addressing Capacity Gaps
There are notable global asymmetries in state capacity, including funding, resources, and the skills required to counter cyber crime effectively.
Developing states are often more vulnerable to both direct and indirect impacts of cyber crime. This vulnerability underscores the urgent need for capacity-building efforts to bridge these gaps.
Within the treaty’s framework, a dedicated technical assistance chapter outlines member states’ responsibilities and expectations in addressing capacity gaps. Some developing states have called for commitments related to technology transfer.
This could encompass sharing “dual-use” technologies, which have both civil and military applications. However, concerns have been raised about the potential for abuse of such technology transfers.
Regardless of terminology, it’s important to recognize that capacity-building and technical assistance activities come with risks.
These risks include potential human rights violations resulting from the misuse of dual-use tools, inadvertent harms due to inadequate or ineffective training, and the possibility of reinforcing global inequalities through conditional agreements.
To ensure a balanced approach, capacity-building should be rooted in established, shared principles, such as those proposed by the UN Open-Ended Working Group on cybersecurity.
Harmonizing with Existing Efforts
While creating a new treaty to combat cyber crime is a significant step forward, it must harmonize with existing international mechanisms and networks that address similar issues.
These include the United Nations conventions against transnational organized crime and corruption, which have been ratified by almost all member states and are crucial to the global response to transnational crime.
One notable example is the Council of Europe’s Budapest Convention, which has existed for over two decades and sought to define cyber crime and establish guidelines for how law enforcement agencies should cooperate to combat it.
Many countries have used the Budapest Convention as a model for their national legislation.
However, it’s important to note that not all countries have ratified the Budapest Convention. Some, like Russia, have consistently argued that it is not globally relevant and could undermine principles like state sovereignty and non-interference.
Russia was leading in championing the resolution that established the ad hoc committee (AHC) responsible for negotiating the UN cyber crime treaty despite opposition from Western states and civil society representatives.
As negotiations continue, it is crucial for UN member states to strike a balance between countering cyber crime effectively and protecting human rights. The draft text of the convention, published in June, adopts a relatively narrow approach to criminalization.
However, the final treaty’s impact on human rights will depend on the outcome of ongoing negotiations and the specific provisions that are ultimately included.
To adopt the treaty during the UN General Assembly in September 2024, the coming months will be pivotal in shaping the future of global cooperation against cyber crime and its implications for human rights.
Civil society, the private sector, and concerned individuals will continue to play a vital role in ensuring that the treaty strikes the right balance between security and human rights in the digital age.