UN Cybercrime Treaty must protect Human Rights
The United Nations have initiated a process to negotiate an international treaty on cybercrime (more specifically, a comprehensive international convention on countering the use of information and communications technologies for criminal purposes). An open-ended, ad hoc intergovernmental committee of experts (Ad Hoc Committee) was established to conduct the negotiations which are expected to continue until at least the end of 2023. The Ad Hoc Committee shall convene at least six sessions, of 10 days each, to commence in January 2022, as well as a concluding session in New York, and conclude its work in order to provide a draft convention to the General Assembly at its seventy-eighth session (i.e. in 2024).
PI believes that cybercrime can pose a threat to the enjoyment of human rights. At the same time, we are concerned that cybercrime laws, policies and practices are currently being used to undermine human rights. This is why we are actively participating in the UN negotiations to ensure that any proposed cybercrime treaty includes human rights safeguards applicable to both its substantive and procedural provisions.
What is the problem?
There is currently no consensus on how to tackle cybercrime at the global level or a common understanding or definition of what constitutes cybercrime. At national level expansive cybercrime laws often simply add penalties, due to the use of a computer or device, in the commission of an existing offense. The laws become particularly problematic when they include content-related crimes. Vaguely worded cybercrime laws, purporting to combat misinformation and online support for or glorification of terrorism and extremism, can be misused to prosecute journalists, activists, researchers, LGBTQ communities, and political opponents, and can have a chilling effect on society more broadly. Even laws that seek to focus more narrowly on cyber-dependant crimes can used to undermine rights. Laws criminalizing unauthorized access to computer networks or systems have been used to target digital security researchers, whistleblowers, activists, and journalists. Too often, security researchers, who help keep everyone safe, are caught up in vague cybercrime laws and face criminal charges for identifying flaws in security systems. Some States have also interpreted unauthorized access laws so broadly as to effectively criminalize any and all whistleblowing.
Why it matters?
Cybercrimes laws often give law enforcement, as well as intelligence and security agencies broad investigative powers, including for interception of private communications and other forms of surveillance, without adequate limitations and human rights safeguards. The Office of the UN High Commissioner for Human Rights noted that “the common use at national levels of cybercrime laws and policies to restrict freedom of expression, target dissenting voices, justify Internet shutdowns, interfere with privacy and anonymity of communications, and limit the rights to freedom of association and peaceful assembly.”
What are the solutions?
Any future cybercrime convention should:
- be narrow in scope and only focus on crimes that target information and communications technologies (ICTs);
- detail robust procedural and human rights safeguards that govern criminal investigations pursued under such a convention;
- ensure that any interference with the right to privacy complies with the principles of legality, necessity, and proportionality, including by requiring independent judicial authorization of surveillance measures.
What PI is doing
PI is actively participating in the negotiations of the UN cybercrime treaty by:
- making written submissions to the Ad Hoc Committee ahead of its negotiating sessions;
- attending the sessions of the Ad Hoc Committee and making statements under relevant agenda items;
- participating in national and regional consultations around the UN cybercrime treaty;
- coordinating advocacy and campaign activities with other civil society organisations.