U.N. member states on Thursday approved a treaty targeting cybercrime, the body’s first such text, despite fierce opposition from human rights activists who have warned of potential surveillance dangers.
After three years of negotiations and a final two-week session in New York, members approved the United Nations Convention Against Cybercrime by consensus, and it will now be submitted to the General Assembly for formal adoption.
“I consider the documents … adopted. Thank you very much, bravo to all!” Algerian diplomat Faouzia Boumaiza Mebarki, chairwoman of the treaty drafting committee, said to applause.
The committee was set up, despite U.S. and European opposition, following an initial move in 2017 by Russia.
The new treaty would enter into force once it has been ratified by 40 member nations and aims to “prevent and combat cybercrime more efficiently and effectively,” notably regarding child sexual abuse imagery and money laundering.
Hailing a “landmark convention,” South Africa’s delegate said, “the provisions of technical assistance and capacity building offer much needed support to countries with less developed cyber infrastructures.”
But the treaty’s detractors — an unusual alliance of human rights activists and big tech companies — denounce it as being far too broad in scope, claiming it could amount to a global “surveillance” treaty and be used for repression.
In particular, the text provides that a state may, in order to investigate any crime punishable by a minimum of four years’ imprisonment under its domestic law, ask the authorities of another nation for any electronic evidence linked to the crime, and also request data from internet service providers.
Warning of an “unprecedented multilateral tool for surveillance,” Deborah Brown of Human Rights Watch told AFP the treaty “will be a disaster for human rights and is a dark moment for the UN.”
“This treaty is effectively a legal instrument of repression,” she said. “It can be used to crack down on journalists, activists, LGBT people, free thinkers, and others across borders.”
Human rights clause
Nick Ashton-Hart heads the Cybersecurity Tech Accord delegation to the treaty talks, representing more than 100 technology companies, including Microsoft and Meta.
“Regretably,” he said Thursday, the committee “adopted a convention without addressing many of the major flaws identified by civil society, the private sector, or even the U.N.’s own human rights body.”
“Wherever it is implemented the Convention will be harmful to the digital environment generally and human rights in particular,” he told AFP, calling for nations not to sign or implement it.
Some nations however are complaining the treaty actually includes too many human rights safeguards.
A few days ago, Russia, which has historically supported the drafting process, complained the treaty had become “oversaturated with human rights safeguards,” while accusing countries of pursuing “narrow self-serving goals under the banner of democratic values.”
During Thursday’s session, Iran attempted to have several clauses with “inherent flaws” deleted.
One paragraph in question stipulated that “nothing in this Convention shall be interpreted as permitting suppression of human rights or fundamental freedoms,” such as “freedoms of expression, conscience, opinion, religion or belief.”
The deletion request was rejected with 102 votes against, 23 in favor (including Russia, India, Sudan, Venezuela, Syria, North Korea and Libya) and 26 abstentions.
Neither Iran nor any other country, however, chose to prevent approval by consensus.