Activists accuse proposed UN Cybercrime Treaty of empowering surveillance, repression
Human rights and privacy advocates slammed the current version of the U.N. Cybercrime Treaty in advance of next week’s negotiations to finalize it, saying Wednesday that the draft agreement will increase surveillance and criminalization of journalists, human rights activists, children and members of civil society worldwide.
The treaty also will increase the marginalization of women and LGBTQ+ individuals, the advocates said.
Many countries in the Middle East and North Africa have introduced cybercrime laws in recent years that go well beyond protecting computer systems and instead target dissidents, whistleblowers and journalists, endangering the right to freedom of expression, said Tirana Hassan, executive director at Human Rights Watch, which she said investigates human rights abuses in more than 100 countries worldwide.
The draft treaty is alarming activists because of its broad scope and lack of human rights protections for people challenging repressive governments, Hassan said.
As currently drafted the agreement would “fuel the rewriting of criminal laws around the world to establish new expansive police powers,” Hassan said, calling it an “unprecedented multilateral tool for cross border surveillance by law enforcement without adequate safeguards for human rights.”
Instead of dealing with attacks on computer network systems and data, Hassan said, the treaty changes the meaning of cybercrime to encompass crimes committed using international communications technology, which she said will facilitate and increase national repression.
Her remarks came during a virtual panel discussion hosted by the Electronic Frontier Foundation with several human rights and privacy advocates expressing alarm over the treaty.
Many member countries, including democracies, appear to prefer a “bad treaty to no treaty” because they are seeking more international cooperation on cybercrime within the U.N., said Raman Jit Singh Chima, global cybersecurity lead and senior international counsel at the digital civil rights group Access Now.
A historic effort
The treaty negotiations come 23 years after the signing of the first international convention on cybercrime in Budapest in 2001. That treaty was not supported by the U.N., however, and was not signed by China, Russia, India or Brazil, countries that Western democracies say host important online criminal organizations.
There has been dissent among countries negotiating the new U.N. treaty — which was initially called for by Russia — with China trying to expand the definition of cybercrime to encompass “dissemination of false information” online. While that proposal was tossed from the draft, human rights and privacy advocates say many problems remain.
The activists' concerns are overheated, said Jim Lewis, who directs the Technology and Public Policy Program at the Center for Strategic and International Studies, who called their claims a “complete misrepresentation of the draft treaty and how the U.N. works.”
The treaty isn't about “global surveillance, it's about cybercrimes and reflects agreements that have been in place for decades,” said Lewis, a former diplomat who previously served as a senior adviser for four U.N. Groups of Governmental Experts on Information Security. Lewis was not part of the EFF panel.
Anyone who is against the treaty is “de facto in favor of crime,” Lewis said, noting that while Russia proposed the treaty it appears possible the country won’t back it due to extensive modifications which take into account human rights concerns.
Empowering authoritarian regimes?
Activists dispute Lewis’s take, portraying the treaty as a dire threat to free speech and privacy and a powerful tool for repressive governments..
The draft agreement would push private companies to become state agents by monitoring and intercepting data in real time, typically without user’s knowledge, said Katitza Rodriquez, policy director for global policy at the Electronic Frontier Foundation.
It also would force service providers to remain silent, which will stop citizens from knowing when their data is monitored and used, she added.
“As a result, the treaty becomes a powerful tool for countries with poor human rights records, enabling them to pressure companies into assisting with surveillance practices,” Rodriguez said.
The document “takes us back when it comes to protecting our right to privacy in the digital age, to an era before Snowden, before the recognition of how privacy is a fundamental human right when it comes to digital issues,” he said.
When asked how likely it is that the treaty will pass in its current form, the advocates did not offer a straight answer, instead emphasizing that it is urgent to pressure the negotiating states to confront the draft treaty’s risks.
“These are not theoretical — these are risks that have been well documented,” Hassan said. “The big takeaway at this point in time is we need action … to ensure that we don't see this being bulldozed through.”
Suzanne Smalley
is a reporter covering privacy, disinformation and cybersecurity policy for The Record. She was previously a cybersecurity reporter at CyberScoop and Reuters. Earlier in her career Suzanne covered the Boston Police Department for the Boston Globe and two presidential campaign cycles for Newsweek. She lives in Washington with her husband and three children.