Although international treaties may seem distant and unrelated to our daily lives, they directly impact fundamental aspects of our existence. The United Nations Convention on Cybercrime, recently drafted by the ad hoc committee, is a clear example. This treaty, resulting from complex negotiations, establishes a global framework to combat cybercrime. Its regulations directly affect the security of our online transactions, the protection of our digital privacy, freedom of expression, and the integrity of critical infrastructures. Understanding and participating in these processes is essential to promoting a safer and more equitable digital world.
August 8, 2024, will be remembered as a historic day in the global fight against cybercrime, marking a decisive step toward creating a safer and more equitable digital environment. This achievement is a testament to the international community’s ability to unite in the face of complex challenges, recognizing that only through global cooperation can we effectively address emerging threats in cyberspace (United Nations Office on Drugs and Crime, 2024).
To read the draft convention, click here.
Context of the Convention
The negotiations for this Convention have been intricate and controversial, with some states proposing criminalizing a wide range of technology-enabled offenses. According to Human Rights Watch, these proposals could threaten freedom of expression and other fundamental human rights, being used to suppress activists and journalists under the guise of combating cybercrime. Several civil society organizations, industry stakeholders, and academia have highlighted the need to include robust safeguards to protect human rights and focus on the most severe cybercrimes, such as child sexual exploitation (Human Rights Watch, Knowmad Institut, Chatham House).
Human Rights at Risk
The risks to human rights are significant. The broad provisions of the Convention could facilitate mass surveillance and cross-border information sharing without sufficient safeguards, endangering privacy and freedom of expression. This is particularly concerning in contexts where cybercrime laws are already used to silence dissent and repress vulnerable minorities.
For example, some states have proposed criminalizing the “dissemination of false information” or the “incitement of subversive activities,” which could be broadly interpreted and used to suppress press freedom and peaceful protest. These concerns are backed by a joint statement from the Knowmad Institut and other organizations, emphasizing the need to include international frameworks such as the International Covenant on Civil and Political Rights (ICCPR) in the Convention.
Despite the significant progress represented by the Convention, it is essential to recognize the inherent risks in its implementation. In particular, some states could use the broad provisions of the treaty to justify repression of freedom of expression and unrestricted surveillance. Recent examples in various regions of the world show how similar laws have been employed to silence journalists, activists, and vulnerable minorities under the pretext of national security (United Nations Information Service, 2024; Human Rights Watch, 2024).
Key Proposals and Advances in the Deliberations
During the deliberations of the Ad Hoc Committee on Cybercrime, key proposals were discussed, and areas of consensus and pending challenges were identified. Any international convention in this area must include robust safeguards to protect human rights. The implementation of the Convention must be consistent with human rights obligations under international law, as suggested by the UNODC’s preliminary text.
To ensure these concerns are heard, the Knowmad Institut and other civil society organizations and industry supported an open letter led by the Cybersecurity Tech Accord. The letter, signed by a diverse coalition including AccessNow, Human Rights Watch, Electronic Frontier Foundation (EFF), and other vital actors, was sent to member state delegations hours before the final text of the Convention was approved. In this letter, governments were urged not to adopt or ratify the Convention unless substantial changes were made to address fundamental concerns, such as the lack of robust safeguards for human rights and press freedom, as well as the risks of power abuse under the current provisions of the treaty.
In its written statement for the reconvened substantive session of the Ad Hoc Committee, Microsoft also emphasized the need for a proper balance between security and individual freedoms. The company stressed that the protection of human rights must be a fundamental pillar of the Convention and that cybersecurity measures should be implemented to respect privacy and freedom of expression.
The Knowmad Institut, leading a coalition of organizations, suggested clarifying the scope of the definition of cybercrimes, specifying that individuals, legal entities, state, and parastatal actors can commit them. It also highlights the inclusion of espionage perpetrated by these entities against activists, journalists, and other civil society actors.
International Lessons and Models to Follow
The EU Cybersecurity Act and the European Commission’s proposal on cybersecurity are examples of balancing the prevention of cybercrime and the protection of human rights. These regulations include detailed measures to enhance cybersecurity while safeguarding privacy and other fundamental rights.
Challenges and Additional Considerations
Once an international convention is approved and ratified, it is difficult to amend its unintended consequences. The processes are time-consuming and require significant effort. Currently, various efforts are underway to address the adverse repercussions of the 1961 Single Convention on Narcotic Drugs, which has had multidimensional impacts on the daily lives of hundreds of millions of people in social, economic, political, and health aspects.
Social Impact: This Convention has influenced the perception and stigmatization of people who use drugs, promoting criminalization policies that have led to the marginalization of particular communities.
Economic Impact: It has fueled an illicit drug market that generates significant income for criminal organizations, negatively affecting the formal economy, overall development, and the environment.
Political Impact: It has forced governments to invest significant resources in the war on drugs, often at the expense of addressing severe crimes and other priority areas such as education and health.
Health Impact: It has restricted access to controlled substances for medical and scientific uses, limiting patient therapeutic options and hindering scientific research.
Future Implications and Proposals for Improvement
The rapid evolution of cyberspace requires continuous updates to the Convention to avoid ambiguous terms and ensure the clarity and relevance of the measures. Additionally, it is necessary to promote educational and awareness programs on ICT security and cybercrime prevention, informing the population about the risks and preventive measures.
Specific Concerns: Any international convention in this area must include robust safeguards to protect privacy, freedom of expression, and access to public information. The definitions of cybercrimes must be clear and cover individuals and state and parastatal entities that may commit espionage against activists and journalists.
Moreover, the Convention must adopt an intersectional and gender-sensitive approach, ensuring equitable and non-discriminatory measures.
Article 14 and Child Protection: One of the most debated points has been Article 14, on the protection of children from online exploitation and sexual abuse. This article must include clear definitions and support and rehabilitation mechanisms for victims. The proposal to include Interpol’s Luxembourg Guidelines could help close existing gaps and address the concerns of several member states.
Critical Exclusions
A crucial aspect that must be urgently addressed is the exclusion of serious crimes such as extremism and terrorism from the scope of the Convention. This omission presents several significant risks:
State and Parastatal Espionage: The lack of specific coverage for extremism and terrorism limits countries’ ability to address espionage carried out by state and parastatal entities. This may result in insufficient protection for activists, journalists, and other civil society actors frequently targeted by such practices.
Child Rights and Vulnerable Groups: The current provisions must also address concerns about protecting children and migrant and displaced populations. The Convention’s implementation protocols must include specific measures to protect these groups from particular risks associated with cybercrime.
Freedom of Expression and Privacy: There is a considerable risk that the treaty’s broad provisions could justify mass surveillance and the suppression of freedom of expression under the guise of combating cybercrime. The Convention must establish precise mechanisms to prevent these measures from negatively impacting privacy and freedom of expression.
To address these concerns, the Convention’s implementation protocols must include:
Clear and Comprehensive Definitions: Ensuring that the definitions of cybercrimes specifically and thoroughly cover espionage, extremism, and terrorism perpetrated by state and parastatal entities.
Comprehensive Protection of Vulnerable Groups: Establishing effective mechanisms to protect children and vulnerable populations, including support and rehabilitation networks and prevention strategies tailored to their needs.
Fundamental Rights Safeguards: Implementing strict safeguards to prevent the abuse of cybercrime measures that could compromise freedom of expression and the right to privacy.
Monitoring and Review Protocol: Creating a continuous monitoring and review system to assess the impact of implemented measures, ensuring alignment with human rights and justice principles.
Including these elements in the implementation protocols will allow for a more robust and equitable response to cybercrimes, protecting fundamental rights and promoting a safe and fair digital environment.
Call to Action
International cooperation is vital. States must work together and coordinate with industry, NGOs, and civil society to develop a framework that not only effectively combats cybercrime but also protects and respects the fundamental rights of all people. Only in this way can we build a safe and fair digital environment for everyone.
We invite our community to continue supporting our initiatives and to actively participate in defending a free and secure internet, where human rights are always prioritized. For more information on our participation and how you can contribute, please check the following links:
Support Us with Your Valuable Donation
Contributions of the Knowmad Institut to the Special Committee tasked with developing a comprehensive international convention on the use of information and communications technologies for criminal purposes:
- Knowmad Institut. (2023). Recommendations to the Ad Hoc Committee tasked with developing a comprehensive international convention on combating the use of information and communications technologies for criminal purposes [PDF]. United Nations Office on Drugs and Crime. https://www.unodc.org/documents/Cybercrime/AdHocCommittee/Fourth_intersessional_consultation/ES_-_Recomendaciones_2023_Knowmad_Institut_S.pdf
- Ad Hoc Committee to Elaborate a Comprehensive International Convention on Cybercrime. (2023). Recommendations to the Ad Hoc Committee tasked with developing a comprehensive international convention on combating the use of information and communications technologies for criminal purposes [PDF]. United Nations Office on Drugs and Crime. https://www.unodc.org/documents/Cybercrime/AdHocCommittee/Fourth_intersessional_consultation/ES_-_Recomendaciones_2023_Comite_ad_hoc_para_la_elaboracion_de_una_convencion_internacio_S.pdf
- Knowmad Institut. (2022). Ad Hoc Committee to Elaborate a Comprehensive International Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes: Third session: International cooperation, technical assistance, prevention measures, and the mechanism of implementation [PDF]. United Nations Office on Drugs and Crime. https://www.unodc.org/documents/Cybercrime/AdHocCommittee/Second_session/Documents/Knowad_E_3rd_session.pdf
- Knowmad Institut. (2024). Final report of recommendations on the UN Cybercrime Convention (May 2024): Final comments and recommendations to the Ad Hoc Committee tasked with developing a comprehensive international convention on combating the use of information and communications technologies for criminal purposes, on the updated convention text dated May 2024 [PDF]. United Nations Office on Drugs and Crime. https://www.unodc.org/documents/Cybercrime/AdHocCommittee/Reconvened_concluding_session/Written_submissions/OP9/ES_INF1.PDF
