State Department: UN cybercrime treaty must include human rights protections
On the eve of the kickoff of the final round of negotiations debating a United Nations cybercrime treaty, the U.S. State Department said Friday it is focused on ensuring the treaty protects human rights.
Along with 40 other U.N. member states, the U.S. signed off on a statement acknowledging the treaty’s potential to be “misused as a tool for acts of domestic and transnational repression and other human rights violations.” The statement comes amid substantial criticism of the draft agreement from human rights and digital freedom advocates.
The concluding session for negotiating the draft treaty began Monday and runs through August 9. Several prominent digital and human rights organizations banded together to publicly slam the draft treaty on Wednesday and a coalition of large technology companies has also expressed opposition.
The treaty potentially poses a threat to journalists, civil society and human rights defenders, as well as diaspora communities and “marginalized groups,” the newly issued statement signed by the State Department acknowledged Friday.
The U.S. is a founding member of the group behind the statement, known as the Freedom Online Coalition, which also highlighted the positive aspects of the draft treaty, saying it presents an opportunity to strengthen worldwide collaboration to prevent cybercrime. As written, the treaty allows for transnational cooperation in the gathering and sharing of electronic evidence for serious cybercrimes, they said.
The signatories said they are focused on making sure the finalized treaty can’t be used domestically or across borders to “facilitate the suppression of conduct protected by international human rights law.”
“Therefore, we will continue to strongly advocate for inclusion of robust human rights protections and other safeguards in the final treaty,” they said.
The draft treaty is also facing backlash from the technology industry. On Monday, the Cybersecurity Tech Accord, a coalition of dozens of tech companies, including Meta, Microsoft, Cisco and Mandiant, issued a press release condemning its human rights language while also raising significant concerns about how it addresses technology issues.
The treaty poses significant risks to corporate IT systems and empowers law enforcement to force citizens to give up their access credentials, unlock secure systems and “otherwise compromise corporate or even government systems and networks and provide the details to law enforcement, even if they are simply traveling on holiday in a third country,” the press release said.
It also creates criminal liability for cybersecurity researchers and penetration testers protecting cyber systems, the coalition said.
“As presently drafted, the Convention [treaty] presents grave risks to human rights and legitimate commerce,” Nick Ashton-Hart, head of the Cybersecurity Tech Accord delegation to the negotiations, said in a statement. “It risks undermining global cybersecurity, making it easier, not harder, for criminals to engage in cybercrime.”
“It will facilitate governments around the world sharing data of individual citizens in perpetual secrecy, which we think is simply inappropriate in a UN treaty,” the statement added.
At a press briefing on Wednesday, human rights and digital freedom leaders said the current draft treaty will lead to a marked uptick in the surveillance and criminalization of human rights activists, journalists, children and civil society leaders.
Tirana Hassan, executive director at Human Rights Watch, pointed to Middle Eastern and North African countries with cybercrime laws on the books which use the protection of computer systems as an excuse to go after dissidents, whistleblowers and journalists in a quest to silence them. A U.N. treaty that does not include protections against such abuses could give governments more cover to intensify these practices and cause new countries to adopt them, she suggested at the briefing.
The current version of the treaty would “fuel the rewriting of criminal laws around the world to establish new expansive police powers,” Hassan said.
Suzanne Smalley
is a reporter covering privacy, disinformation and cybersecurity policy for The Record. She was previously a cybersecurity reporter at CyberScoop and Reuters. Earlier in her career Suzanne covered the Boston Police Department for the Boston Globe and two presidential campaign cycles for Newsweek. She lives in Washington with her husband and three children.