UN cybercrime treaty passes in unanimous vote

The United Nations passed its first cybercrime treaty on Thursday in a unanimous vote supporting an agreement first put forward by Russia.

The passage of the treaty is significant and establishes for the first time a global-level cybercrime and data access-enabling legal framework. 

The treaty was adopted late Thursday by the body’s Ad Hoc Committee on Cybercrime and will next go to the General Assembly for a vote in the fall. It is expected to sail through the General Assembly since the same states will be voting on it there.

The agreement follows three years of negotiations capped by the final two-week session that has been underway. 

Russia also supported the draft treaty, which was a surprise given earlier concerns raised by the country’s representative.

Opponents of the treaty include human rights organizations and big tech companies.

Both factions have concerns over text that says authorities investigating crimes in any nation  are entitled to obtain electronic evidence  from other nations as well as ask internet service providers to hand over data.

There were disagreements on just a couple of parts of the latest text voted on Thursday, but the final outcome is a treaty that does not significantly change earlier, controversial versions of the draft agreement, said Raman Jit Singh Chima, the Asia Pacific Policy Director at the digital freedoms organization Access Now.

Chima, who was in the room during Thursday’s debate and final vote, said every attempt to tweak the final draft text was defeated. 

In an interview with Recorded Future News following the vote, he cited concerns that have been echoed by several other human rights and digital freedoms organizations.“We think this convention text that has advanced is insufficient in its human rights commitments,” Chima said. 

“It does not have strong safeguards to prevent misuse of digital investigation and digital evidence powers in the 21st century,” he added. “It, in fact, would enable more surveillance and enable data access in a way that undermines people's trust in computers and in digital technology and directly puts people at risk.”

Like other human rights and digital freedoms proponents, Chima characterized the agreed upon treaty as the result of UN member states believing a “bad treaty is better than no treaty.”

While there are other existing treaties on cybercrime which emanate from regional bodies — and some that are slightly more international, such as the 23-year-old Budapest Convention — there has previously been no legal framework which has been debated and accepted by consensus among all UN member states.

The Budapest Convention was not signed by China, Russia, India or Brazil — countries that are home to significant internet-based criminal organizations.

“One of the complaints about the Budapest convention, or the Council of Europe treaty, was that it was negotiated by Europeans, and there wasn't any involvement from the global south or others,” Jim Lewis, director of the Strategic Technologies Program at the Center for Strategic and International Studies, said in an interview Thursday. “They have always said we can't possibly sign a convention that we didn't help to negotiate.”

“Now we have a global compact that nations have agreed to that lets us move forward on cybercrime,” Lewis, a former diplomat, added. “This is a global problem that needs to be addressed so if it can move us forward even a couple feet, it's progress.”

Ambassador Deborah McCarthy, a career diplomat, represented the U.S. in the negotiations.