New U.N. cybercrime treaty threatens human rights

Barbora Bukovská is the senior director for law and policy at ARTICLE 19

Over the last two weeks in Vienna, negotiations took place over a new United Nations treaty on cybercrime.

Having a new international treaty on how to tackle criminal activities enabled by digital technology might seem like a worthy cause. There is a real need for more effective cooperation between law enforcement authorities to address cyber-enabled crimes, online scams and cyberattacks.

The current international effort around a new treaty however, raises serious human rights concerns. It was first spearheaded in 2019 by Russia and gained support from, among others, China, Cambodia, Belarus, Iran and Venezuela - hardly champions of human rights, online or offline. It has quickly become clear that some states intend to use the process to push for expansion of state power to control and criminalise a broad range of online speech.

In fact, many of the aspects of the proposed new treaty follow a trend of restrictive cybercrime laws around the world. From Tunisia to Thailand, cybercrime laws are routinely subject to abuse, and used to attack freedom of expression, undermine privacy, and exert greater control over people’s legitimate online activities.

Many of these laws include vaguely worded and overbroad definitions relating to a wide swath of issues from terrorism to extremism, to disinformation, fake news, hate speech and morality. In many contexts, under the guise of tackling new crimes, the laws provide yet another avenue for states to engage in old tactics of surveillance, censorship, silencing dissent and imprisoning critical voices.

It is in this context that the cybercrime convention is being negotiated. Civil society has been deeply sceptical about the need for a new, global treaty, calling the process “unnecessary” and “ill advised”. There is a real danger that the adoption of the convention will have a negative impact on human rights.

The draft treaty, presented during the negotiations, included a number of speech offences, which are evidence of the convention’s glaring mission-creep beyond cyberspace. Many new offences, like those related to terrorism, extremism or copyright, are vague and overbroad, putting them directly at odds with existing human rights standards.

While various speech-related offences became a contentious issue during the negotiations, China proposed  to include an additional crime on “dissemination of false information” based on its own Cybersecurity Law, but such provisions are routinely used by Beijing to prosecute those who diverge from official narratives.

Many of the proposed offences in the draft treaty should not be criminalised to begin with. They go beyond what states can prohibit under international free speech standards and extend well beyond any regional instrument.

While some states strongly oppose the inclusion of various speech-related offences, many others are open to negotiating the text and keeping some of them in. Worryingly, even some democratic countries are willing to include an overbroad offence of “incitement to subversive activities”; provisions such as these have recently been used in Hong Kong to persecute protesters.

However, it is not just new crimes that are setting off alarm bells. Several procedural provisions under consideration risk seriously undermining the right to privacy. For instance, obligations requiring service providers to “assist” or “enable” investigations could be used to bypass court orders and force private companies to, effectively, become extensions of law enforcement. At the request of states, providers could be compelled to disclose all kinds of information, insert security backdoors into products, weaken encryption, and engage in active surveillance of users.

The final draft of the convention is due to be presented during the 78th session of the U.N. General Assembly later this year. A lot is at stake if this treaty is adopted – and not just for people living in authoritarian countries. As negotiations continue between countries with vastly different human rights standards, the result is likely to be a compromise that could undermine protection of fundamental freedoms across the globe. It will be a compromise that some states are willing to make.

The next stages of the negotiations will therefore be crucial to ensure that the treaty is not used as a tool to stifle freedom of expression, infringe on privacy and data protection, or endanger individuals and communities at risk globally. The important work of combating cybercrime must be consistent with states’ international human rights obligations.