Concerns mount over cybersecurity treaty

As UN delegates meet in New York, rights organizations warn that the draft treaty threatens freedom of expression.

The UN is in the final stages of negotiating its cybercrime treaty, with delegates meeting in New York to thrash out the details – and human rights groups are becoming increasingly concerned.

In an attempt to reach a consensus, more than 145 representatives of UN member states are deliberating the current version, known as the Zero Draft, approved in June.

Meanwhile, informal working groups are taking place alongside the main debate, focused on some of the more contentious issues.

The aim is to create a legal framework to foster international cooperation on preventing and investigating cybercrime and prosecuting cybercriminals.

However, concern is rising about some of the draft treaty's provisions, which, rights organizations say, represent a “global surveillance pact.”

At a media briefing during the negotiations, experts highlighted measures that, they say, could undermine the privacy and freedom of expression of millions of people, particularly journalists, activists, and victims of discrimination and marginalization.

Freedom of expression

Some of the more controversial proposals have already been headed off at the pass – most notably, a suggestion from China that the dissemination of false information should be defined as a cybercrime and from Pakistan and Iran that religious insults should be included, too.

However, according to Deborah Brown, senior researcher and advocate on technology and human rights at Human Rights Watch, imprecise wording in the draft means that the treaty could still easily be used to restrict freedom of speech.

"In particular, we are concerned with Article 17 of the draft text because this basically extends the scope to a range of offences, including those that pose a threat to freedom of expression," she told the meeting.

"Earlier in the negotiations, there were lots of new proposals from states, including ones that were quite problematic, and those aren't all in the current draft text – but with Article 17, there's essentially a back door."

One issue is the concept of dual criminality, which means that offences can only be prosecuted if they're illegal in both the country where they're committed and the country carrying out an investigation.

"The draft treaty provides the legal basis for governments to make highly intrusive surveillance mechanisms like interception of content and real-time tracking of metadata, available ‘to the fullest extent possible' to foreign governments for almost any sort of criminal investigation of a serious crime with minimal safeguards," said Katitza Rodriguez, the Electronic Frontier Foundation's policy director for global privacy.

"To uphold global human rights, the proposed treaty must mandate dual criminality."

Meanwhile, as campaign group Article 19 points out, human rights and procedural safeguards are relegated to domestic law, are optional, or are to be "incorporated" rather than explicitly required.

While data sharing between jurisdictions is encouraged, there's little clarity over the type or scope of data this could cover, and users lack the right to know what's being shared. Data sharing is also a concern when it comes to information being provided to countries such as Russia and China.

Capacity building

Alongside the human rights issues, there are also concerns about the best way to address gaps in state capacity, with some states calling for commitments to technology transfer – which could, warns think tank Chatham House, include dual-use technologies with military as well as civil applications.

"While capacity-building and technical assistance activities are important, they generate their own risks, such as human rights risks from the intentional misuse of dual-use tools, unintentional harms from inadequate or ineffective training, and the reinforcement of existing global inequalities through conditional agreements," writes Isabella Wilkinson, Chatham House research associate, International Security Programme.

"It is essential to root capacity-building in established, shared principles, such as those proposed by the UN Open-Ended Working Group on cybersecurity."

Many suspect that enforcement may be tricky – particularly when it comes to criminal groups based in Russia, which doesn't extradite citizens and only rarely takes action itself against those accused of crimes in the West.

All in all, there's a strong chance that many of the ambiguities in the draft will remain, with delegates focused on getting something – anything – that could gain a consensus.

However, Rodriguez says, "Broadly scoped, ambiguous, and nonspecific international cooperation measures with few conditions and safeguards are simply a recipe for disaster that can put basic privacy and free expression rights at risk."

More from Cybernews

What does the latest hype say about crypto friends?

AI Achilles heel: why we shouldn’t bow to our computer “overlords” just yet

Users report being banned on Telegram despite never using it

Customer data compromised in Kroll cyberattack

Century-old technology hack brought 20 trains to a halt in Poland

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked