By Thalif Deen
UNITED NATIONS | 25 January 2024 (IDN) — A new international treaty against cybercrimes, which is expected to be finalized next month, has come under heavy fire.
A group of over 100 civil society (CSOs) and human rights organizations has warned that cybercrime regimes around the world have been misused to target and surveil human rights defenders, journalists, security researchers, and lesbian, gay, bisexual and transgender people, in blatant violation of human rights.
“The draft convention’s overbreadth also threatens to undermine its own objectives by diluting efforts to address actual cybercrime while failing to safeguard legitimate security research, leaving people less secure online,” the group said.
Louis Charbonneau, UN Director for Human Rights Watch (HRW), said negotiations on a draft Cybercrime Treaty at the UN are coming to a close. But “the draft, in its current form, risks facilitating domestic and transnational rights abuses.”
In a statement released on January 23, HRW said the proposed treaty risks facilitating the domestic and international crackdown on human rights with the blessings of the United Nations.
The concluding session of negotiations will be held from January 29 to February 9, at the UN headquarters in New York.
The states negotiating at the UN should ensure that the proposed Cybercrime Convention is narrowly focused on tackling cybercrime and should effectively incorporate strong and meaningful human rights safeguards, or they should reject it, the groups said in a statement released on January 23.
“Despite multiple rounds of negotiations, fundamental flaws continue to plague this proposed cybercrime convention, which poses a significant risk to human rights and fails to effectively tackle cybercrime,” said Deborah Brown, acting associate technology and human rights director at HRW.
“If states cannot agree on vital human right safeguards and a narrow scope, then we urge them to reject it,” she declared.
The group’s joint statement points to “critical shortcomings” in the current draft of the Cybercrime Convention, which threatens freedom of expression, privacy, and other human rights.
The draft convention contains broad criminal provisions, which are weak—and in some places nonexistent—on human rights safeguards and provides for excessive cross-border information sharing and cooperation requirements, which could facilitate intrusive surveillance.
The draft convention’s overbreadth also threatens to undermine its own objectives by diluting efforts to address actual cybercrime while failing to safeguard legitimate security research, leaving people less secure online.
The joint statement says the treaty should be rejected if there are no meaningful changes to address the shortcomings.
“We, the undersigned organizations and individual experts call on the state delegations participating in the concluding session of the United Nations (UN) Ad Hoc Committee to ensure that the proposed Cybercrime Convention (the Convention) is narrowly focused on tackling cybercrime, and not used as a tool to undermine human rights.
Civil society groups have contributed time and expertise to improve the draft and fully align it with existing human rights law and standards, the principles of the UN Charter and the rule of law, as well as best practices to provide legal certainty in efforts to improve cybersecurity.
Our concerns about the proposed text of the Convention are informed by our experience and human rights advocacy around the world.
National and regional cybercrime laws are regrettably far too often misused to unjustly target journalists and security researchers, suppress dissent and whistleblowers, endanger human rights defenders, limit free expression, and justify unnecessary and disproportionate state surveillance measures.
Throughout the negotiations over the last two years, civil society groups and other stakeholders have consistently emphasized that the fight against cybercrime must not come at the expense of human rights, gender equality, and the dignity of the people whose lives will be affected by this Convention.
It should not result in impeding security research and making us all less secure. Robust and meaningful safeguards and limitations are essential to avoid the possibility of abuse of relevant provisions of the Convention that could arise under the guise of combating cybercrime.
Regrettably, the latest draft of the proposed Convention, which is due to be finalized by February 2024, fails to address many of our significant concerns.
We believe that if the text of the Convention is approved in its current form, the risk of abuses and human rights violations will increase exponentially and leave us with a less secure internet. We are particularly concerned that the latest draft of the Convention:
- Remains over-broad in the scope of the range of the activities it requires states to criminalize. It includes cyber-enabled offenses and other content-related crimes and creates legal uncertainty through an open-ended reference to crimes under other “applicable international conventions and protocols.” This overbroad scope gives rise to the danger that the Convention will be used to criminalize legitimate online expression, which is likely to create discriminatory impacts and deepen gender inequality;
- Fails to incorporate language sufficient to protect security researchers, whistleblowers, activists, and journalists from excessive criminalization;
- Contains insufficient references to states’ obligations under international human rights law, includes weak domestic human rights safeguards in its criminal procedural chapter, and fails to explicitly incorporate robust safeguards applicable to the whole treaty to ensure that cybercrime efforts provide adequate protection for human rights and are in accordance with the principles of legality, non-discrimination, legitimate purpose, necessity, and proportionality;
- Lacks effective gender mainstreaming which is critical to ensure the Convention is not used to undermine people’s human rights on the basis of gender;
- Proposes to create legal regimes to monitor, store, and allow cross-border sharing of information in a manner that would undermine trust in secure communications and infringe on international human rights standards, including the requirements for prior judicial authorization and the principles of legality, non discrimination, legitimate purpose, necessity, and proportionality;
- Permits excessive information sharing for law enforcement cooperation, beyond the scope of specific criminal investigations and without specific, explicit data protection and human rights safeguards.
The Convention should only move forward if it pursues a specific goal of combating cybercrime without endangering the human rights and fundamental freedoms of those it seeks to protect nor undermining efforts to improve cybersecurity for an open internet. The present draft text falls far short of this goal and these basic minimum requirements, and must be comprehensively revised, amended, or rejected.
Therefore, we call on all state delegations to:
- Narrow the scope of the whole Convention to cyber-dependent crimes specifically defined and included in its text;
- Make certain the Convention includes provisions to ensure that security researchers, whistleblowers, journalists, and human rights defenders are not prosecuted for their legitimate activities and that other public interest activities are protected;
- Guarantee that explicit data protection and human rights standards – including the principles of non-discrimination, legality, legitimate purpose, necessity, and proportionality – are applicable to the whole Convention. Specific, explicit safeguards, such as the principle of prior judicial authorization, must be put in place for accessing or sharing data, as well as for conducting cross-border investigations and cooperation in accordance with the rule of law;
- Mainstream gender across the Convention as a whole and throughout each article in efforts to prevent and combat cybercrime;
- Limit the scope of application of procedural measures and international cooperation to the cyber-dependent crimes established in the criminalization chapter of the Convention;
- Avoid endorsing any surveillance provision that can be abused to undermine cybersecurity and encryption. As the UN Ad Hoc Committee convenes its concluding session, we call on state delegations to redouble their efforts to address these critical gaps in the current draft.
- The final outcome of the treaty negotiation process should only be deemed acceptable if it effectively incorporates strong and meaningful safeguards to protect human rights, ensures legal clarity for fairness and due process, and fosters international cooperation under the rule of law.
The proposed Convention must not serve as a validation of intrusion and surveillance practices harmful to human rights. Absent these minimum requirements, we call on state delegations to reject the draft treaty and not advance it to the UN General Assembly for adoption, concludes the joint statement.
Current list of signatories https://www.hrw.org/sites/default/files/media_2024/01/Joint.Advocacy.Statement-Cybercrime.Convention-Jan.23.2024.pdf [IDN-InDepthNews]
Photo: United Nations Headquarters building in Manhattan, New York City, on December 21, 2021. © 2021 Sergi Reboredo / VWPics
IDN is the flagship agency of the Non-profit International Press Syndicate.