UN General Assembly adopts controversial cybercrime convention

Largely unnoticed by the Christmas celebrating public, the UN General Assembly adopted the highly controversial United Nations Convention on Cybercrime on Christmas Eve. The resolution containing the agreement was approved by the 193 members of the body without a vote. This was made possible after a specially established UN committee unanimously endorsed the draft convention in August.

The initiative had been controversial for years after Russia and China gave the go-ahead in 2017. Until recently, the main points of contention included regulations on cross-border access to personal data, for example in cloud services (e-evidence), extradition procedures, legal assistance and the liability of service providers. Civil rights activists and tech companies railed against the project for years. They also criticized the result as a "surveillance treaty" that could be used for repressive purposes, despite corrections having been made.

"This agreement is a threat to privacy, journalism, IT security and freedom of expression", criticized Philippe (Pipo) Burger, Co-Vice President of the Swiss Pirate Party, after the decision on New Year's Eve. His fellow campaigner Pasqual Fouquet complained that waving through such a far-reaching surveillance pact during the Christmas break was "hard to beat in terms of perfidy towards democracy and fundamental rights". According to the Pirate Party, the international agreement provides for far-reaching requirements for member states to spy on users in real time and to exchange data, "while weakening the protection and status of human rights worldwide".

Opening the door to abuse

In mid-December, the US civil rights organization Electronic Frontier Foundation (EFF) and its partners once again pointed out that the treaty "grants unlimited powers to gather evidence for crimes that bear little relation to cybercrime". At the same time, the convention contains only "minimal safeguards and restrictions". Significant are "disturbing provisions and omissions that are incompatible with international human rights standards". These leave the implementation of protective measures to the discretion of the member states. Many of them had a poor human rights record. They had national laws that did not protect privacy but criminalized freedom of expression, for example.

The US government and the German Foreign Office have recently stated that they are committed to firmly anchoring human rights standards and guarantees. As a result, the risk of misuse has been significantly reduced. The USA has emphasized that it is determined to prevent abuse through national laws and cybercrime instruments that target journalists and activists, for example. Critics consider this to be an empty promise.

Philémon Yang, President of the UN General Assembly, emphasized the importance of the new convention: "We live in a digital world in which information and communication technologies have enormous potential for the development of societies, but also increase the potential threat of cybercrime." By adopting the convention, the member states would have the tools at their disposal "to strengthen international cooperation in preventing and combating cybercrime and to protect people and their rights online". The convention will be opened for signature at an official ceremony in Hanoi (Vietnam) in the coming months. It will enter into force 90 days after ratification by the 40th state.

(nie)