Businesses push back on UN cybercrime convention

The United Nations’ draft convention to strengthen international cooperation on cybercrime – which passed the committee stage recently – has been simultaneously hailed as a major step forward for law enforcement and an assault on online rights and freedoms.

The UN said the convention looks set to become the first global legally binding instrument on cybercrime if formally adopted later this year and will enhance international cooperation and law enforcement efforts, and promote technical support and capacity building for developing countries.

According to the International Chambers of Commerce (ICC), however, it has far-reaching implications that could compromise cybersecurity and data privacy, and undermine freedom of expression.

In particular, the trade body is concerned that it will allow data collection “without proper safeguards and judicial oversight, violating rights and preventing individuals from challenging arbitrary access,” which could expose sensitive information and increase their vulnerability to cybercrime.

At the same time, the wording of the draft – which has been five years in the making – could end up stifling economic growth by reducing investment and innovation in digital services and introducing conflicts with national rules.

The Council of Europe – which contributed to the development of the draft – said it is a “major political achievement” but acknowledged that the concerns of industry stakeholders and civil society “remain valid.”

Human Rights Watch, for example, has said the draft is fundamentally flawed due to its “ill-defined and exceedingly broad scope,” claiming that rather than focusing on cybercrime, it in fact “requires states to establish expansive electronic surveillance powers to investigate and cooperate on a wide range of crimes, even offences where no information and communication (ICT) system is involved.”

That greater surveillance should be accompanied by human rights safeguards, but that is not the case as it continues to defer to domestic laws to provide them, it claims. Meanwhile, other concerns have been raised about how the convention addresses gaps in state capacity, and whether it harmonises with other instruments like the 20-year-old Budapest Convention on Cybercrime (BC).

IT giant Microsoft has also weighed in, saying that after years of tinkering with the text “states have not yet reached consensus on some of the most fundamental issues, including the very purpose and scope of the convention.”

It added: “Failure to agree that cybercrime – and not the misuse of technology in general – is the objective of this treaty would inevitably create legal uncertainty and encourage abuse of its provisions.”

The ICC has urged governments to consider the “fundamental risks” associated with the draft carefully before proceeding with ratifying “what is ultimately a flawed instrument” at the next UN General Assembly next month.

When a UN convention is ratified in sufficient numbers, it enters into force and becomes legally binding.

Image by Patrick Gruban via Wikimedia