Internet Governance > UN Convention Against Cybercrime News Update
UN Convention Against Cybercrime:
Internet Society’s Views
After three years of intensive negotiations, the United Nations Ad Hoc Committee on Cybercrime (UN AHC) recently approved the draft text of the United Nations Convention against Cybercrime by consensus. As the next step, the text of the treaty will be submitted for formal adoption to the UN General Assembly (UNGA). The Convention requires 40 ratifications to become effective and legally binding for the parties who ratified it.
The Internet Society has monitored the UN AHC process and worked closely with other stakeholders to identify and mitigate the risks to the open, globally connected, secure, and trustworthy Internet.
The Outcome of the AHC Process
Despite attempts from some countries to expand the scope of the proposed convention to include almost any crime committed using a computer or the Internet, the proposed convention criminalizes a more limited number of offenses. However, the draft resolution to adopt the convention that the General Assembly will consider in September asks for a UN commitment to continue the work of the AHC to negotiate a protocol that considers additional crimes.
The proposed treaty takes a broad approach to the collection and cross-border exchange of electronic evidence. It creates a range of procedural powers, with the opportunity to use most of them—except for interception of content data—to get evidence in electronic form for any criminal offense.
While the scope of international cooperation for investigations, prosecutions, and asset recovery is narrowed to “serious crimes,” many stakeholders find this limitation vague and problematic because countries can designate any crime as serious in their domestic law by raising a penalty threshold.
Our Concerns
While the Internet Society recognizes the need for international cooperation to tackle cybercrime, we remain concerned about the risks the adoption and implementation of this UN treaty pose to the open, globally connected, secure, and trustworthy Internet, in particular, its:
- Impact on the work of security researchers: As highlighted in this statement from security experts, good faith security research is crucial to ensuring the security of the Internet and preventing cybercrime. The criminalization of illegal access, illegal interception, and illegal interference with data and systems (Articles 7—10) lacks elevated intent or another form of protection for the legitimate activity of those who identify, detect, mitigate, and report cybersecurity risks. The proposed convention leaves such protection to the discretion of member states, which could lead to the prosecution of security researchers. If security researchers are unable to do their jobs safely, vulnerabilities may not be identified in a timely manner, unnecessarily exposing Internet users to abuse and reducing the security and trustworthiness of the Internet.
- Impact on encryption: Article 28.4 on search and seizure of electronic data might be interpreted to allow countries to authorize competent authorities to order the handover of encryption keys or other sensitive information about the security of hardware or software. This provision could potentially undermine security or encryption as the proposed treaty leaves most of the safeguards in criminal procedure to the domestic law of the member states. When encryption is undermined so are user expectations of privacy and security, exposing Internet users to new risks and reducing user trust not only in encryption but the Internet as a whole.
Our Next Steps
The Internet Society will follow the adoption process at the UN General Assembly and the ratification and implementation of the UN Cybercrime Convention at the national level to identify its impact on the Internet, security researchers, service providers, and end users. We will also monitor how the outcome of the UN AHC’s work will affect Internet governance-related multilateral negotiations in the United Nations and other international and regional organizations.