US to attend UN cybercrime treaty signing in Hanoi despite industry concerns

U.S. State Department officials will be in Hanoi this weekend alongside counterparts from around the world for the signing of the landmark UN cybercrime convention, an agency spokesperson confirmed. 

The Convention against Cybercrime was adopted without a vote and by consensus in December, after five years of negotiations and significant backlash from the world’s biggest tech companies, as well as human rights advocates. The treaty will now be opened for signing in Hanoi on Saturday and Sunday and will take force 90 days after being ratified by at least 40 countries.

A spokesperson for the State Department told Recorded Future News the U.S. will attend the proceedings but said it is still reviewing the treaty when asked whether the U.S. will be one of the first signatories.

Marc Knapper, the U.S. ambassador to Vietnam, and representatives from the U.S. Mission to Vietnam will attend the signing. UN Secretary General António Guterres and at least five heads of state will be at the signing, a source connected to the negotiations told Recorded Future News. 

The convention lays out a new framework for how law enforcement agencies in different countries coordinate on cybercrime investigations and is being touted by the UN as a way to reduce the number of safe havens for cybercriminals and to help developing nations better protect their citizens from digital crimes.

A source close to the negotiations said about 30 to 36 countries are likely to sign the treaty in Hanoi, with several others indicating they may sign it later. Multiple countries are conducting political and legal reviews of the treaty so that it can be ratified domestically after being signed. 

Dozens of organizations, including Human Rights Watch and Access Now, signed a letter on Friday condemning the treaty, writing that it obligates states to establish broad electronic surveillance powers to investigate and cooperate on a wide range of crimes, including offenses that don’t involve information and communication systems. 

It also creates legal regimes to monitor, store and allow cross-border sharing of information without specific data protections.

“The signing ceremony in Hanoi is taking place against the backdrop of an intensified crackdown by the Vietnamese government on dissent to punish people simply for raising concerns or complaints about government policies or local officials, including online,” Human Rights Watch noted.

“All delegations should use their voices in Hanoi to speak out about digital repression by the Vietnamese government. They should also name other governments that routinely engage in digital repression, including those that have been driving forces behind the convention.”

Access Now’s Raman Jit Singh Chima told Recorded Future News that at the outset the organization was involved in the negotiation process but its view now is that member states have “chosen to settle on a deeply flawed treaty – which insufficiently protects human rights and risks undermining cybersecurity – rather than concede on having no treaty.” 

“States are now at a crucial juncture. Those proceeding to sign the convention must clearly articulate how they will only implement it in a human rights respecting way and push back on states who will seek to justify cyber authoritarianism at home and transnational repression across borders under the garb of the convention,” he said. 

Any countries ratifying the treaty risk “actively validating cyber authoritarianism and facilitating the global erosion of digital freedoms, choosing procedural consensus over substantive human rights protection.” 

“We urge states to reject this path," he added. 

This week, the UN published a lengthy defense of the convention, arguing that despite global use of the internet, there had until now been “no globally negotiated and adopted convention text on cybercrime.”

“But under the new Cybercrime Convention, responses to cybercrime will be quicker, better coordinated and more effective – making both our digital and physical worlds safer,” the UN argued.

“The Cybercrime Convention governs the access and exchange of this electronic data to facilitate investigation and prosecution. States Parties will also have access to a 24/7 network to help facilitate urgently needed cooperation.

Governments can also use the 24/7 network to request cooperation on investigations and prosecutions, extraditions and the seizure of criminal proceeds.

A long road

The American delegation initially opposed the treaty when it was introduced by Russia in 2019, and dozens of countries expressed concerns that it would be used to justify human rights violations, extraterritorial surveillance, the harassment of tech company employees and the abuse of people’s privacy. 

Human rights activists, cybersecurity experts and tech giants like Microsoft, Meta, Oracle, Cisco came out against the treaty as well, slamming it for endangering cybersecurity researchers and opening them up to potentially thorny data requests that could be issued by governments through the treaty. 

Efforts to add human rights and privacy language into the treaty failed during negotiations last summer. Few changes were made to the treaty, but the outcry did not stop the Biden administration from pushing forward with the effort even after six Democratic senators sent a letter to the White House expressing alarm over the finalized agreement’s treatment of privacy rights, freedom of expression, cybersecurity and artificial intelligence safety.

The convention cleared its final hurdle in November after both the U.S. and U.K. decided to support the Russia-introduced convention. 

Biden administration officials made a range of arguments to defend their about-face on the treaty. They pledged to demand accountability of any government that misused the treaty and urged signatories to pass their own domestic laws that would protect human rights and privacy locally. 

The White House later told reporters they felt they had to back the treaty now in order to make changes to it later and shape how it was implemented globally. They also said it would likely expand the number of countries that will respond to warrants issued by the U.S. related to cybercrime. 

But the administration continued to have concerns about the treaty even after its signing. A State Department spokesperson told Recorded Future News in December that they shared the concerns about the potential for misuse of the convention but believed language in the document about human rights, freedom of expression, peaceful assembly and religious liberty was enough to assuage worries.