April 16, 2024


Is the UN Cybercrime Convention a threat to human rights?

In the ever-evolving landscape of global threats, cybercrimes are becoming increasingly par for the course. State and non-state actors have the tools and expertise to wreak havoc from anywhere. They can target individuals or critical infrastructure like power or water supply, healthcare, government agencies, private companies, etc. It’s all fair game.

While countries will have their own measures to thwart such attacks, there’s room for a more coordinated global response mechanism. That’s precisely what the UN cybercrime treaty is, or rather, will be. Countries have come together to try and form a comprehensive framework to combat cybercrime. They recognise the need for strong mitigation and offensive measures. However, questions have been raised about how far-reaching it should be.


There’s no universally accepted definition of cybercrime. A common approach is to look at it in two ways – cyber-dependent and cyber-enabled crimes. The former uses information and communication technology like ransomware, i.e., hacking into a device and demanding payment. The latter is more traditional, like banking scams, identity theft, and online exploitation.

In 2017, Russia presented a letter to the UN General Assembly of a draft of the UN Convention on Cooperation in Combating Cybercrime to circulate to the member states. Two years later, a resolution sponsored by Russia to set up a convention to combat cybercrime passed. Interestingly, it was opposed by the US, the European Union (EU), and some other countries. Human rights organisations urged the UN to reject it, citing human rights concerns.

The first committee meeting convened in 2021 with representatives from 160 countries who agreed on an outline for negotiations. It wasn’t all cordial. The UK and other countries complained that they weren’t consulted about the final text. Brazil introduced an amendment that required the committee to gain a two-thirds majority instead of a simple majority. It passed.

Throughout the following couple of years, several organisations voiced their concerns as member nations sat down to hash out the treaty. In January 2022, the Committee to Protect Journalists (CPJ) warned that the treaty could endanger journalists by giving tools to authorities who want to punish those who report on the news.

Even during the first international consultation with rights organisations and stakeholders in Vienna in March 2022, many were worried about such a treaty. Some even questioned the need for it since it could perpetuate existing abuses of cybercrime laws.

As these negotiations continued, cybercrime capabilities have only increased. International attention to the issue has only grown over the past several years. That has come with a surge in cybercrime laws around the world. The problem is some of these laws target journalists, activists, opposition leaders, etc.

There’s no doubt everyone can agree on one thing – there need to be ways in which governments and countries can effectively combat cybercrimes and punish the perpetrators. However, does the UN cybercrime treaty do just that, or will it just be a tool to squash dissent?

VIEW: It’s a necessary treaty

The global warfare landscape has changed, and it’s high time countries and governments keep up to protect their people and critical infrastructure. Some estimates show that there are lakhs of cyberattacks every year. Some are more malicious than others. They also exact a financial toll. The global cost of online criminal acts is projected to be over $23 trillion by 2027.

There’s a global cybersecurity skill gap. While countries invest billions of dollars into digitising their economies, it gives bad actors more opportunities. There’s a shortage of over 3 million cybersecurity experts to support today’s global and increasingly digital economy. If countries can’t even identify who these people or groups are, then they’ve already lost. The treaty aims to define a criminal or terrorist beyond the traditional definition of someone robbing a bank or carrying out a terrorist attack in public.

The treaty is important and necessary since the perpetrators of cybercrimes are as diverse as their methods. They range from small-scale scammers to traditional cybercrime gangs and state-sponsored actors. One example is North Korea’s hack of Sony a decade ago. What these people and groups have done is often target victims in different national jurisdictions. There’s no clear streamlined approach to tackle this which would facilitate greater partnerships and communications between countries.

COUNTERVIEW: Too many pitfalls

Even before we get to some of the concerns that have been repeatedly outlined by activists and human rights organisations, the fact that Russia, of all countries, introduced the draft treaty is ironic. Especially coming the year after it was widely accused of interfering in the 2016 US presidential election through cyber means. That aside, a binding international treaty like the one discussed could expand a government’s power to regulate online content and reshape law enforcement access to private data.

The problem with a treaty like this is that it’s usually looked at from a geopolitical perspective first. There’s little scrutiny from a human rights one, and that’s dangerous. One of the sticking points in the negotiations has been, how to define “crime” and “criminal”. Many governments that have supported the treaty over the years treat free speech and expression as criticism and dissent. This includes China and Russia, two of the most hostile governments to free speech.

One of the components could involve allowing law enforcement to share information excessively within and outside national borders. Without adequate safeguards, this could result in prosecutions or extraditions. In early February, a group of people spanning civil society and industries wrote a letter urging states to not endorse the treaty due to its flaws. Thankfully, the negotiators are currently on hiatus. It gives time and opportunity to raise public awareness about the inherent dangers of this treaty in its current form.

Reference Links:

What is your opinion on this?
(Only subscribers can participate in polls)

a) The UN Cybercrime Convention isn’t a threat to human rights.

b) The UN Cybercrime Convention is a threat to human rights.


For the Right:

Why the BJP shies away from fielding Muslim candidates

For the Left:

Congress Manifesto’s MSP Promise To Farmers Can Have Adverse Consequences