Human rights organizations, including ARTICLE 19, Human Rights Watch, Reporters Without Borders, CyberPeace Institute, Electronic Frontier Foundation, and International Chamber of Commerce, have issued a letter to the Chair of the UN's Ad Hoc Committee on Cybercrime, urging significant amendments to the draft of the UN Cybercrime Convention. The coalition argues that without amendments, the convention could compromise global cyberspace security and human rights protections [1bf2aef0].
The coalition highlights several concerns with the current draft of the treaty. They argue that the scope of the draft is overly broad, which could lead to abuse by states using user data for surveillance purposes. They emphasize the need for the treaty to be narrowly focused on cyber-dependent crimes and to incorporate robust protections for security researchers, whistleblowers, journalists, and human rights defenders. The coalition also stresses the importance of universally applying explicit data protection and human rights standards within the convention [1bf2aef0].
This call for amendments aligns with the concerns raised by other critics of the treaty. The lack of human rights protections in the proposed treaty has been a major point of contention, with the United States and the European Union expressing their reservations. Critics argue that the language used in the proposed chapters is vague and could lead to bulk data sharing and the investigation of activities that are not considered crimes in certain countries [86d1140a].
The coalition's letter further emphasizes the need for the draft treaty to include safeguards that prevent the compromise of digital communications or systems. They call for a consensus-based treaty that promotes international cooperation, protects human rights, and engages multiple stakeholders [1bf2aef0].
Human rights organizations are warning that the UN Cybercrime Convention threatens freedom of expression and normalizes domestic surveillance. The UN General Assembly is set to adopt or reject the draft on August 9 after two and a half years of negotiations. Concerns include broad surveillance powers without robust safeguards, lack of data protection principles, inadequate judicial or independent review, no right to an effective remedy, no limits on surveillance, and varying national laws that may not provide adequate protections. The draft could also criminalize security researchers and investigative journalists. The United Nations Office of the High Commissioner for Human Rights is calling for more safeguards and a narrow scope. Human rights groups urge member states to reject the convention if these issues are not rectified [2927d14b].
The United Nations Ad Hoc Committee is finalizing a too-broad Cybercrime Draft Convention that would normalize unchecked domestic surveillance and government overreach. The latest draft still authorizes broad surveillance powers without robust safeguards and fails to spell out data protection principles. Member States have a last chance to address the lack of safeguards before the August 9 finalization date. EFF has consistently advocated for human rights safeguards to prevent government abuse of power in the collection and use of digital evidence. Countries committed to human rights and the rule of law must demand stronger data protection and human rights safeguards or reject the treaty altogether [b662c506].
Tech companies, including Microsoft, are also expressing concerns about the draft UN Cybercrime Convention. Microsoft has stated that 'no outcome is better than a bad outcome' and has aligned with human rights groups in calling for substantial improvements to the draft. They argue that the current draft fails to meet international human rights standards and claims too much power over an expansive field. Nick Ashton-Hart, head of the Cybersecurity Tech Accord delegation, suggests that better options for cooperation on cybercrime exist, such as the Council of Europe's Budapest Convention on Cybercrime or the UN Convention Against Organized Transnational Crime. If the current draft is not substantially improved, tech companies may call on member states not to sign or ratify the treaty [43f7ff89].
Russia, however, defends its vision for the treaty and accuses Western countries of wanting to politicize discussions. The draft text of the treaty will come up for a vote by member states at the end of a two-week session. The outcome of the vote remains uncertain as concerns about the draft's shortcomings persist [43f7ff89].
The United Nations passed its first cybercrime treaty in a unanimous vote on August 9. The treaty establishes a global-level cybercrime and data access-enabling legal framework. The treaty was supported by Russia, despite earlier concerns raised by the country's representative. The final outcome of the treaty does not significantly change earlier versions of the draft agreement. The agreed-upon treaty is seen as a 'bad treaty is better than no treaty' by human rights and digital freedoms proponents. The treaty is the first legal framework accepted by consensus among all UN member states. The Budapest Convention, an existing treaty on cybercrime, was not signed by China, Russia, India, or Brazil. The treaty was negotiated with involvement from global south countries. The U.S. was represented by Ambassador Deborah McCarthy in the negotiations [ee3cddca].