Posted on 02 Feb 2023
An evolving UN treaty on online crimes is advancing in negotiations, but while the scope of the potential treaty is heavy on detail, it is light on vision, and a renewed focus on the ultimate purpose of the document is needed.
In January, UN member states convened in Vienna for the fourth meeting of the Ad Hoc Committee (AHC) mandated to negotiate a new treaty on the ‘criminal misuse of information and communications technology (ICT)’.
On paper, the negotiations are proceeding in line with the agreed workplan, with a first reading of a consolidated negotiating document completed. In this latest meeting, member states focused on the draft’s first set of issues: criminalization, general provisions, and procedural measures and law enforcement cooperation. However, as negotiations advanced, the contours of the treaty have become less clear.
Although member states have found common ground on some technical matters, there remains a lack of collective purpose regarding the overall aim of the treaty: are states discussing a treaty on the misuse of ICT for criminal purposes; cybercrime; government control of ICT? The absence of a clear vision can be seen in an ever-widening scope for cooperation as the text evolves. This, coupled with a lack of coherence across positions, could create an open-ended cyber treaty that achieves political aims far beyond combatting cybercrime – with negative consequences for human rights and freedom of expression.
Ever-widening scope spells danger for rights
The direction towards an expansive scope is partially the product of a kitchen-sink draft and the speed with which the text has been updated. However, this also began with an early consensus by member states to open law enforcement and procedural measures to all crimes, rather than crimes specified in a future convention. As we have noted previously in our coverage of the negotiations, a wide scope for cooperation would counteract a chapter defining crimes under the treaty and allow for widespread collaboration on any criminal activity. In some ways, the push for a broad scope comes from those states that have consistently campaigned for this, but it is also an early compromise from states that initially opposed the treaty or called for a narrow scope.
The risks, however, remain very real, and non-governmental stakeholders voiced their concerns about the expanding reach of the emerging treaty during the meeting. Efforts towards expansion are reflected in China’s new request to the AHC to include an entire article on the ‘dissemination of false information’, criminalizing the creation or spread of information that could ‘result in serious social disorder’. This runs alongside still-debated language on content crimes, including incitement, extremism and terrorism-related offences (being discussed in private by governments). Debriefings from those sessions informed the larger group that incitement and terrorism are still key issues of concern for several states, although views are divergent.
Anti-terrorism laws have been used the world over to target political opponents and NGOs. Domestic cyber laws used to target journalists and activists or to block websites often employ threats to national security, public order or defamation as their reasoning. The inclusion of these types of crimes would rubber-stamp cross-border cooperation to target civil society in an unprecedented way if approved by the multilateral system. Yet, as we have noted, even if these crimes are not expressly written into the treaty, with cooperation remaining wide open on all crimes for technical matters, the treaty may not have the mechanisms needed to prevent the threat to human rights and freedom of expression.
Despite the pace of drafting and the ambitious timetable, attention needs to be paid to the strategic vision for a future treaty.
An international criminal justice treaty without legal safeguards?
As states edited the section on law enforcement and procedural measures in the plenary, the main issue was the inclusion of legal safeguards. Governments largely agreed on the procedural measures, many of which were shaped by earlier conventions, such as the Budapest Convention. They sent several articles to (informal) private government meetings for further debate, including statements on real-time collection of content data and traffic data, as well as issues relating to jurisdiction. Therefore, in the plenary, the most glaring disagreement arose over the safeguards article.
There was widespread support from Western and Latin American states, and others such as Japan, Pakistan, and Senegal, to retain the safeguards language, with some even recommending strengthening it. However, others disagreed. Some member states (including Egypt, Singapore and Iran) posited that having safeguards in a criminal justice treaty is an imposition of a regional perspective imposed on the rest of the world. CARICOM, representing 20 countries in the Caribbean and South America, was particularly strong in its stance against safeguards. CARICOM cautioned against privacy and personal data protections and the legal principle of necessity being listed in the safeguards article, later questioning where necessity and proportionality can be found in international law.
A criminal justice treaty with authority to criminalize online activity, a very broad scope for cooperation between states and no legal safeguards essentially would give carte blanche to governments to control and surveil online activity across borders. Moreover, such a document, were it to be eventually agreed to, would be supported by the UN, despite the organization’s human rights mandates and obligations.
Of course, many governments do not want this and have no intention of cooperating with governments that they deem to have substandard records on rights and freedoms. But if the treaty were to empower other states to cooperate with one another, those states would have enabled and emboldened others to do so through the compromises made in this negotiation. It will be up to them to tame this draft as it goes forward.
What lies ahead?
One year into the convention process, underlying tensions remain visible. Of particular concern is the issue of what types of crimes should be included, as well as how this treaty could be used to enhance government control over the internet and thereby legitimize state abuses of rights through cybercrime legislation under a UN flag.
It is likely that the speed of the process, and the fact that member states are already drafting a lengthy outline, will mean that big-picture issues will only be revisited once a zero draft is submitted in August for delegates in New York to consider.
Before that, states will convene in Vienna in April to finish a first reading of the remaining topics from the complete draft – namely, international cooperation, preamble, implementation mechanism, technical assistance and prevention. Delegates are expecting a similar meeting to the one in January, with collegial discussions masking lack of consensus and the absence of progress on key issues of disagreement. But the international cooperation and technical assistance sections will again provide risky opportunities for compromise on the scope of the treaty.
What the zero draft resulting from these two meetings looks like will in August could create a dramatic shift in approach from the delegations. This will be the time to take stock of how far many are willing to go down this road on which they have set out, whether the current ambitious timeframe is still realistic and whether it is already time to invoke the voting modalities and thereby make non-consensus-based decisions. The January meeting has provided states with a reality check on how difficult and drawn out these negotiations can be, and it has provided observers with a clear sense of the ongoing risks to rights and freedoms that the negotiations entail.
This article is supported by the Swiss Permanent Mission to the United Nations in Vienna. The views expressed do not necessarily reflect the views of the Swiss government.