A new UN convention against cybercrime could land you in jail – insider sources

This month, governments around the world agreed on a major UN treaty on police cooperation in the fight against cybercrime.

That should be a good thing, right? After all, cybercrime is exploding worldwide.

Unfortunately, a data access treaty was passed that allows governments worldwide to share citizens' personal information under constant secrecy if an offense is deemed a “serious” crime by two governments. This includes intercepting real-time location and communications data worldwide and requiring IT staff to reveal passwords or other access keys that would compromise the security of global systems that billions of people rely on every day. And this doesn't just apply to private sector systems. — Government systems are at risk.

The pact also puts journalists and whistleblowers at risk of criminal prosecution – the International Press Institute is so concerned that it took out a full-page ad in the Washington Post. Independent security experts from around the world warned in February that their work to protect IT systems from cybercriminals could result in prosecution.

Negotiators refused to resolve this issue despite having clearly indicated that the risks were not merely theoretical. According to the United Nations human rights body, negotiators were warned that the pact would undermine freedom of expression and international human rights. Negotiators failed to resolve any of the problems identified by the UN High Commissioner for Human Rights.

It is hard to believe, but the text (in Article 14) explicitly allows governments to prosecute children for “sexting”, in the same article that protect to protect them from sexual assault. This article also puts people working in charities to bring sex offenders to justice at risk of prosecution because their work requires them to access material created by sex offenders. This glaring deficiency has been repeatedly pointed out by civil society representatives, but to no avail.

Companies operating internationally will face increased legal and reputational risks, including the arrest of employees. The private data of individuals and vulnerable communities will be made available to law enforcement agencies worldwide, even when their conduct is not criminal where they live or in cases that raise significant free speech concerns. All of this cooperation may be kept secret, with no transparency about how governments use the treaty or provisions that allow companies to challenge requests from law enforcement agencies, even when they are illegal.

By enabling secret cooperation in “serious” crimes, the door is opened to “offences” such as criticising politicians or persecuting minorities, which violate basic human rights and force companies to respond to requests from law enforcement authorities that raise significant legal conflicts, human rights violations and reputational issues, without any mechanism to contest requests in many jurisdictions.

The pact contains some elements designed to limit this abuse. Because states can cooperate in constant secrecy, these elements are not worth the paper they are written on in situations where they would be most important.

Despite being given concrete examples of how the treaty puts their citizens at risk, the US and European Union refused to address the issues. Their stance is: “Since the treaty will not change our laws and we will not tolerate the abuses that other countries may commit, we cannot tell others how to behave.”

This is of course not true. The US and EU regularly reprimand countries around the world for human rights abuses and loudly proclaim their commitment to them. This is doubly short-sighted when you consider that the adoption of such a flawed instrument is a major diplomatic victory for Russia. These negotiations were his idea, so he deserves credit for the success. Since when has it been US or European policy to grant Russia victories of any kind?

The United States, the EU and many others openly supported the articles on children. They refused to suggest Solutions to protect journalists and whistleblowers and defended the retention of provisions that allow IT staff to be forced to undermine encryption and secure systems (Article 28.4).

My organization, the Cybersecurity Tech Accord, has addressed these issues in its negotiating proposal. The same goes for all private and civil society organizations, as well as large companies like Microsoft and Google.

The next step is for the text to be adopted by the UN General Assembly after the opening of the new session in September. The only right decision, especially for democratic countries, is not to agree. The International Chamber of Commerce, the largest and most representative global representative of the private sector, openly called on the United Nations on August 13 not to adopt the Convention. They are not alone.

If governments once again fail to protect the international human rights framework they so often loudly support, new, dangerous norms in international law will haunt us all for decades to come.