Cisco calls on UN to revise cybercrime convention • The Register

Networking giant Cisco has suggested that the United Nations' first convention against cybercrime has dangerous flaws and needs to be revised before a formal vote.

The document that Cisco doesn't like is the United Nations Convention against Cybercrime [PDF]The Convention took five years to draft and was drafted by a body called the Ad Hoc Committee for the Elaboration of a Comprehensive International Convention to Combat the Use of Information and Communication Technologies for Criminal Purposes.^*

The purpose of the Convention is to “enhance international cooperation, law enforcement efforts, technical assistance and capacity building in relation to cybercrime”, recognizing that digital technology has become a major enabler of cross-border abuses.

As The Register theregister.com reported that Russia was a driving force behind the document after the committee agreed on a draft text and that human rights groups did not like it.

Human Rights Watch, for example, criticized the convention as being too broad, while the Electronic Frontier Foundation described the convention as “too flawed to be adopted.”

These two organizations and others fear that the convention does not provide a narrow definition of cybercrime and gives signatory states legal leeway to target citizens who hold views they do not like. They also fear secrecy provisions in the document that would allow states to request information from service providers without the individuals concerned being informed or having a right to redress.

British human rights organisation Article 19 also warned that the broad wording of the convention could hamper legitimate infosec research by creating a legal environment in which cyber experts feel unsafe practicing their profession for fear of being branded as criminals.

In a post Wednesday, Eric Wenger, senior director of technology policy at Cisco, supported some of these arguments.

“Rather than focusing specifically on hacking and cybercrime, it targets the misuse of computer networks to spread offensive information more generally,” he wrote. “This is contrary to the values ​​of free expression in liberal democracies and should be addressed by an amendment before the Convention is submitted for adoption by member states.”

Note the reference to “liberal democracies.” Remember that Russia was one of the driving forces behind this agreement and that Cisco left Moscow in 2022.

Wenger wrote that Cisco is not opposed to a UN convention to combat cybercrime, arguing: “We must ensure that law enforcement agencies have the necessary capacity to prevent, investigate and prosecute cross-border cybercrime.”

However, he argued that Cisco believes that such tools “must also uphold and protect the importance of fundamental human rights and the rule of law.”

“Unfortunately, the UN Convention in its current form does not adequately protect fundamental human rights and poses risks to the rule of law.”

Wenger wants to change the convention. But in early August, the UN was enthusiastic that it would likely be adopted in its current form later this year, and the Biden administration reportedly believes the document strikes an appropriate balance between human rights and the need for international cooperation to curb cybercrime. ®

^* Boot note: No, we will not use the acronym “AHCTEACICOCTUOIACTFCP”. Calling it “the Committee” is easier for everyone involved.