UN greenlights controversial cybercrime treaty

On August 8, the United Nations Ad Hoc Committee on Cybercrime approved a landmark treaty designed to combat cybercrime, marking the first international convention of its kind.

The Convention Against Cybercrime, initiated by Russia in 2017, has faced significant opposition from digital rights organizations and major tech companies, Caliber.Az reports citing the foreign media.

The treaty, which aims to strengthen global efforts against cybercrime, addresses critical issues such as child sexual abuse imagery and money laundering. Despite resistance from the EU and US, the convention progressed over a three-year negotiation period, which included delays due to the COVID-19 pandemic.

The convention will now proceed to a vote in the UN General Assembly this autumn and will come into force once ratified by at least 40 member states. If adopted, it will become the first international convention specifically targeting cybercrime.

Currently, all EU member states, with the exception of Ireland— which has signed but not yet ratified it—are parties to the 2001 Budapest Convention on Cybercrime, negotiated under the Council of Europe.

Deputy Director of Human Rights Watch Deborah Brown expressed concerns on X about the adoption of the UN Convention Against Cybercrime, highlighting that it proceeded “despite stark warnings” from leading human rights experts, the UN Office of the High Commissioner for Human Rights, over 100 NGOs, and industry representatives.

Nick Ashton-Hart, head of the Cybersecurity Tech Accord delegation which includes major tech firms like HP, Meta, and Microsoft, criticized the adoption, stating, “Delegates failed to address even one of the shortcomings identified by the [Office of the High Commissioner for] Human Rights,” adding in a follow-up post that “unfortunately, [the treaty] was adopted today.”

Critics, including NGOs and tech giants, fear the treaty could be misused for state surveillance. Brown warned AFP that the treaty “is effectively a legal instrument of repression,” potentially used to target journalists, activists, LGBT individuals, and other dissenters across borders.

A key concern is a provision allowing states to request electronic evidence from foreign authorities if the crime is punishable by at least four years under domestic law. This includes data requests from internet service providers.

In the lead-up to the Convention’s adoption, Iran sought to remove several clauses protecting fundamental freedoms, but these efforts were overwhelmingly defeated. One clause Iran targeted stated that “nothing in this Convention shall be interpreted as permitting suppression of human rights or fundamental freedoms,” including freedoms of expression, conscience, opinion, religion, or belief. This request was rejected by 102 votes to 23, with supporters including India, Libya, North Korea, Russia, Sudan, Syria, and Venezuela.

The Russian Federation, while a long-time supporter of the convention, echoed concerns shared by the Egyptian, Iranian, Pakistani, Vietnamese, and Mauritanian delegations. They argued that the human rights safeguards might lead to excessive use by some states to deny legal assistance requests.

After years of negotiation, the Ad Hoc Committee on Cybercrime unanimously supported the text of the treaty.