Will the New Cybercrime Treaty be Used as a Tool for Government Repression?

Global Cybercrime Treaty: A delicate balance between security and human rights. Credit: Unsplash/Jefferson Santos Via UN News

By Thalif Deen
Aug 8 2024 – A new UN Cybercrime Treaty, which is expected to be adopted by the UN General Assembly later this year, is being denounced by over 100 human rights activists and civil society organizations (CSOs) as a potential tool for government repression.

The treaty is expected to be adopted by a UN Ad Hoc Committee later this week and move to the 193-member General Assembly for final approval.

Deborah Brown, Deputy Director for Technology, Rights, and Investigations at Human Rights Watch (HRW), told IPS governments would then need to sign and ratify the treaty, which means going through national processes.

“We anticipate that as countries move to ratify the treaty it will face considerable scrutiny and pushback from legislators and the public because of the threat it poses to human rights.”

The treaty, she pointed out, would expand government surveillance and create an unprecedented tool for cross-border cooperation between governments on a wide range of crimes, without adequate safeguards to protect people from abuses of power.

“Negotiations are also expected to start on a protocol to accompany the treaty to address additional crimes and further expand the treaty’s reach. We urge governments to reject a cybercrime treaty that undermines rights,” Brown said.

Recognizing the growing dangers of cybercrime, the UN says member states have set about drafting a legally-binding international treaty to counter the threat.

Five years later, negotiations are still ongoing, with parties unable to reach an acceptable consensus, and the latest meeting of the Committee members in February did not conclude with an agreed draft, with countries unable to agree on wording that would balance human rights safeguards with security concerns.

One of the nongovernmental organizations taking part in the negotiations is Access Now, which defends and extends the digital rights of people and communities at risk around the world.

Whilst the February session was still taking place at UN Headquarters, Raman Jit Singh Chima, the Senior International Counsel and Asia Pacific Policy Director for Access Now, spoke to Conor Lennon from UN News, to explain his organization’s concerns.

“This treaty needs to address “core cybercrime”, namely those crimes that are possible only through a computer, that are sometimes called “cyber dependent” crimes, such as hacking into computer systems, and undermining the security of networks”, said Chima.

Clearly, these should be criminalized by states, with clear provisions put in place enabling governments across the world can cooperate with each other.

“If you make the scope of the treaty too broad, it could include political crimes. For example, if someone makes a comment about a head of government, or a head of state, that might end up being penalized under the cybercrime law,” he pointed out.

“When it comes to law enforcement agencies cooperating on this treaty, we need to put strong human rights standards in place, because that provides trust and confidence in the process”.

Also, if you have a broad treaty with no safeguards, every request for cooperation could end up being challenged, not only by human rights advocates and impacted communities, but by governments themselves, he warned.

Meanwhile, the joint statement by CSOs points to critical shortcomings in the current draft of the treaty, which threatens freedom of expression, privacy, and other human rights.

The draft convention contains broad criminal provisions that are weak –- and in some places nonexistent -– human rights safeguards, and provides for excessive cross-border information sharing and cooperation requirements, which could facilitate intrusive surveillance.

“Cybercrime regimes around the world have been misused to target and surveil human rights defenders, journalists, security researchers, and lesbian, gay, bisexual and transgender people, in blatant violation of human rights”.

The draft convention’s overbreadth also threatens to undermine its own objectives by diluting efforts to address actual cybercrime while failing to safeguard legitimate security research, leaving people less secure online, the CSOs warn.

“National and regional cybercrime laws are regrettably far too often misused to unjustly target journalists and security researchers, suppress dissent and whistleblowers, endanger human rights defenders, limit free expression, and justify unnecessary and disproportionate state surveillance measures”.

Throughout the negotiations over the last two years, civil society groups and other stakeholders have consistently emphasized that the fight against cybercrime must not come at the expense of human rights, gender equality, and the dignity of the people whose lives will be affected by this Convention.

In an oped piece in Foreign Policy in Focus, Tirana Hassan, executive director of Human Rights Watch, says the new treaty, backed by Russia, is aimed to stifle dissent.

She points out that Cybercrime—the malicious hacking of computer networks, systems, and data—threatens people’s rights and livelihoods, and governments need to work together to do more to address it.

But the cybercrime treaty sitting before the United Nations for adoption, could instead facilitate government repression, she noted.

By expanding government surveillance to investigate crimes, the treaty could create an unprecedented tool for cross-border cooperation in connection with a wide range of offenses, without adequate safeguards to protect people from abuses of power.

“It’s no secret that Russia is the driver of this treaty. In its moves to control dissent, the Russian government has in recent years significantly expanded laws and regulations that tighten control over Internet infrastructure, online content, and the privacy of communications,” said Hassan.

But Russia doesn’t have a monopoly on the abuse of cybercrime laws. Human Rights Watch has documented that many governments have introduced cybercrime laws that extend well beyond addressing malicious attacks on computer systems to target people who disagree with them and undermine the rights to freedom of expression and privacy, she pointed out.

For example, in June 2020, a Philippine court convicted Maria Ressa, the Nobel prize-winning journalist and founder and executive editor of the news website Rappler, of “cyber libel” under its Cybercrime Prevention Act.

The government has used the law against journalists, columnists, critics of the government, and ordinary social media users, including Walden Bello, a prominent progressive social activist, academic, and former congressman.

In Tunisia, authorities have invoked a cybercrime law to detain, charge, or place under investigation journalists, lawyers, students, and other critics for their public statements online or in the media.

In Jordan, the authorities have arrested and harassed scores of people who participated in pro-Palestine protests or engaged in online advocacy since October 2023, bringing charges against some of them under a new, widely criticized cybercrimes law.

Countries in the Middle East-North Africa region have weaponized laws criminalizing same-sex conduct and used cybercrime laws to prosecute online speech.

The treaty has three main problems: its broad scope, its lack of human-rights safeguards, and the risks it poses to children’s rights, said Hassan.

“Instead of limiting the treaty to address crimes committed against computer systems, networks, and data—think hacking or ransomware—the treaty’s title defines cybercrime to include any crime committed by using Information and Communications Technology systems.”

The negotiators are also poised to agree to the immediate drafting of a protocol to the treaty to address “additional criminal offenses as appropriate.”

As a result, when governments pass domestic laws that criminalize any activity that uses the Internet in any way to plan, commit, or carry out a crime, they can point to this treaty’s title and potentially its protocol to justify the enforcement of repressive laws.

In addition to the treaty’s broad definition of cybercrime, it essentially requires governments to surveil people and turn over their data to foreign law enforcement upon request if the requesting government claims they’ve committed any “serious crime” under national law, defined as a crime with a sentence of four years or more, Hassan said.

This would include behavior that is protected under international human rights law but that some countries abusively criminalize, like same-sex conduct, criticizing one’s government, investigative reporting, participating in a protest, or being a whistleblower.

In the last year, a Saudi court sentenced a man to death and a second man to 20 years in prison, both for their peaceful expression online, in an escalation of the country’s ever-worsening crackdown on freedom of expression and other basic rights.

This treaty would compel other governments to assist in and become complicit in the prosecution of such “crimes.”

Moreover, the lack of human rights safeguards, says Hassan, “is disturbing and should worry us all.”

IPS UN Bureau Report

 


!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?’http’:’https’;if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+’://platform.twitter.com/widgets.js’;fjs.parentNode.insertBefore(js,fjs);}}(document, ‘script’, ‘twitter-wjs’);