UN cybercrime treaty risks becoming a 'global surveillance pact'

An international treaty on countering cybercrime is in danger of becoming an "expansive global surveillance pact" that will trample data privacy and human rights, activists warned UN delegates as they meet in New York City this week to hammer out an updated proposal.

The draft United Nations cybercrime treaty, which has been under negotiations for over two years, aims to define what online crime actually is and how member states can better work together to curb the growing global problem.

However, there's concern among many governments and civil rights advocates that that the treaty — originally proposed by Russia, with support from countries including China, North Korea, Iran, Venezuela, and Nicaragua — will pave the way for regimes to legalize surveillance across borders and criminalize online speech, seemingly with the support of the international community.

The treaty's sixth negotiating session began on Monday at the UN headquarters in Manhattan with delegates reviewing the draft through September 1.

During a press conference on Wednesday, human rights and digital privacy advocates warned that unless the draft's wording changes significantly, the proposal will give governments the green light to persecute activists, journalists, and marginalized groups — in other words, the usual victims when it comes to authoritarian regimes' attempts to criminalize speech and privacy.

"That's where we're at," said Katitza Rodriguez, the Electronic Frontier Foundation's policy director for global privacy. "The draft treaty provides the legal basis for governments to make highly intrusive surveillance mechanisms like interception of content and real time tracking of metadata, available 'to the fullest extent possible' to foreign governments for almost any sort of criminal investigation of a serious crime with minimal safeguards."

Specifically: the draft would authorize police to help foreign governments investigate activities that may not be a punishable offense in both countries, she explained. 

"The dual criminality principle safeguards human rights, but it is treated as optional," Rodriguez said. "To uphold global human rights, the proposed treaty must mandate dual criminality."

EFF has called for the treaty to include wording that requires judicial authorization prior to surveillance, and to set minimum standards for data protection, such as putting limits on the purpose for collecting data and minimizing the amount of data that can legally be collected [PDF].

• Russia-pushed UN Cybercrime Treaty may rewrite global law. It's ... not great
• Last rites for the UK's Online Safety Bill, an idea too stupid to notice it's dead
• Veilid: A secure peer-to-peer network for apps that flips off the surveillance economy
• White House: Losing Section 702 spy powers would be among 'worst intelligence failures of our time'

Deborah Brown, senior researcher and advocate on technology and human rights at Human Rights Watch, said the vague wording in the treaty's Article 17 is especially concerning because it could allow governments to punish certain speech by defining it as a crime because it was posted online.

"The draft treaty fails to coherently articulate what does or does not constitute a cybercrime," Brown said. "This ambiguity invites governments to address their own laundry list of priorities when legislating cybercrimes. For many governments, this means cracking down on online dissent or expanding digital surveillance."

The draft's uncertain wording also makes it easier for states to criminalize LGBTQ+ people — and especially trans kids — and use cybercrime laws to do so, according to Carey Shenkman, a human rights attorney and representative for Article 19 at the treaty negotiations. 

"Law enforcement in Egypt have posted on Grindr," Shenkman said, referring to the cops there using fake accounts to snare people. "Jordan's cybercrime law targets LGBT communities. Uganda criminalizes being queer, and punishes cyber-obscenity. Lebanon even moved to ban the Barbie movie for promoting 'homosexuality and sexual transformation.'"

Think of the children, while we ban books

Plus, the draft includes content-based provisions that criminalize "written material," supposedly to prevent certain kinds of child sexual abuse material from circulating online. This, of course, isn't a new argument, and law enforcement has long used this think-of-the-children plea to justify surveillance and limit encrypted communications.

As free-speech org Article 19 has previously pointed out: some 176 member states have already signed on to the Optional Protocol on the Convention on the Rights of the Child. So it's questionable as to whether a cybercrime treaty is needed to protect children.

What's more likely to happen, according to Shenkman, is that governments will use the treaty to ban books and political speech, among other online content deemed offensive.

"We can't emphasize enough the importance of protecting the vulnerable," Shenkman said. "But it's important to empower and protect rights, and do so consistent with human rights standards." ®