Cybercrime , Fraud Management & Cybercrime , Government
Civil Society Sounds Alarms on UN Cybercrime Treaty
Final Round of Negotiations Set to Begin on MondayA draft international cybercrime treaty set to enter a final round of negotiations at the United Nations Monday drew condemnation from civil society groups that said it will criminalize security research and promote indiscriminate police surveillance.
See Also: Live Webinar | Endpoint Security: Defending Today's Workforce Against Cyber Threats
U.N. members have been working on an international cybercrime treaty following the surprise outcome of a 2019 General Assembly vote authorizing negotiations. Critics, including the U.S. government, said the Russia-backed proposal was unnecessary given the existence of more than five dozen signatories to the long-standing Convention on Cybercrime, more commonly known as the Budapest Convention.
The proposal is set to be finalized in February, and more than 100 civil society organizations criticized its language, arguing that it will be counterproductive in the fight against cybercrime.
Among their criticisms is a claim that the proposal gives a poor definition of what constitutes a cybercrime. Security research such as bug bounty programs and pen testing would be deemed a criminal offense, the civil society organizations said.
"This could lead to the criminal prosecution of acts carried out with beneficial intent, such as security research. Ultimately, it could act as a significant chilling factor, undermining the security of digital communications," Tomaso Falchetta, global advocacy coordinator of Privacy International, told Information Security Media Group.
Another criticism is that the treaty allows for real-time interception of traffic and content data, which could require internet intermediaries, such as instant messaging apps, to weaken encryption.
The measure would weaken existing privacy protocols adopted by technology providers to ensure the safety of internet users, the Cyber Peace Institute, said.
In August 2023, Microsoft's cyber policy and protection head criticized the proposal, describing it as a tool "not for prosecuting criminals" but rather a "weapon" that could allow authoritarian governments to "suppress dissent under the guise of fighting cybercrime."
Despite holding multiple conversations with civil society proponents, negotiators continue to avoid their suggestions to make the treaty more secure, said Stéphane Duguin, CEO of the Cyber Peace Institute.
Duguin said that instead of focusing on a new cybercrime proposal, states should focus on strengthening the legal capacities of their law enforcement agencies and rely on existing measures, such as the Budapest Convention, to which 68 countries are currently signatories.
"If the treaty aims to make victims of a cyberattack have much more access to redress and justice, then I'm not sure the current text achieves this," Duguin told ISMG.