The United Nations Cybercrime Convention is becoming a battleground between the EU and other Western countries on the one hand, China, Russia and other authoritarian regimes on the other.
National representatives are currently gathered in Vienna for the fifth treaty negotiation session of the ad hoc committee on the UN Cybercrime Convention. The ten-day long session is ending on Friday (21 April).
This session was dedicated to the chapter on international cooperation and the Convention’s implementation.
The idea for a convention on this subject originates from Russia. In late 2017, Moscow penned a letter to the UN secretary-general proposing a draft for the new Convention on combatting cybercrime.
Two years later, Russia tabled a draft resolution with the support of Belarus, Cambodia, China, North Korea, Myanmar, Nicaragua, and Venezuela. The resolution was adopted on November 2019 despite the opposition of EU countries, the United States and other democracies.
After the current fifth session, a consolidated document, known as a zero draft, will be drafted by the ad hoc Committee and presented in the summer. It will then go through two final rounds of negotiations later this year and will be presented to the UN General Assembly in January 2024.
“While states are listening, we need to wait to see how these sections end in the text. The relevance of all negotiations happening in this session lies in the zero-draft of the convention,” Paulina Gutiérrez, Senior Legal Officer for ARTICLE 19‘s told EURACTIV.
UN backing of controversial cybercrime treaty raises suspicions
Certain UN members may have been ‘bought off’ by proponents of a controversial UN resolution on cybercrime in exchange for support on the plans, an official from the Council of Europe who deals with cybersecurity has told EURACTIV.
Points of contention
According to a consolidated negotiation document dated 20 April, the clash between the two camps is reflected in the ongoing discussions.
The chapter on international cooperation is particularly sensitive as it covers issues such as the transfer of personal data, extradition, mutual legal assistance, joint investigations, cross-border access, and special investigative techniques.
The declared intent is to prosecute cybercrimes that “undermine democratic institutions and values, as well as justice, and adversely affects the rule of law and the increasing vulnerability of states to such crime.”
However, the EU and its member states are pushing back on wording such as the “need to strengthen international cooperation on all levels” and “assistance in criminal investigations”.
In particular, Europe wants to add references that cooperation under the Convention must be within the borders of international law, respect fundamental freedoms, and protect human rights, formulations Russia and China aim to delete.
Beijing is also against a clause that would exempt the obligation of extradition or mutual legal assistance when there are “substantial grounds” indicating that the charges are based on gender, race, religion, nationality, ethnic origin, and political opinions, or if there is a risk of the death penalty.
Russia, meanwhile, is against phrases like “the right to the protection of the law to arbitrary or unlawful interference with the privacy and for the right to a fair trial”.
Moscow also aims for the Convention to potentially cover any criminal offence, whilst the EU wants to narrow that down to serious offences that, in both jurisdictions, can lead to sentences of a maximum period of at least four years.
At the same time, the European bloc is advocating for safeguards on personal data, emphasising the need to only process data relevant and in adequate scope by an independent public authority, to guarantee effective oversight and respect safeguards. China is trying to kill this provision.
By contrast, the EU is pushing against watering down the evidentiary requirements for extradition.
There is also a tendency for the EU to be against articles on maintaining electronic databases, the power of diplomatic missions to serve documents on their own citizens, emergency mutual legal assistance, and public-private partnerships to disclose electronic evidence.
Based on the consolidated document dated 20 April, the EU has not positioned itself against articles on joint investigations, special investigative techniques, and mechanisms for the recovery of property through confiscation.
Cybercrimes & abuses
Back in 2019, in an open letter to the UN General Assembly, a number of NGOs expressed their concerns about the threat to human rights online.
Human rights organisations feared the Convention would result in law enforcement authorities being able to access personal data without independent or judicial oversight and use electronic surveillance to interfere with the rights to privacy.
“It creates over thirty new cybercrime offences, including half a dozen that would make it a crime to send or post legitimate content protected by international law,” said Barbora Bukovska, a senior director at ARTICLE 19, an international human rights organisation that works to defend and promote freedom of expression and information.
These concerns over implications for human rights seem also to be shared by the European Commission.
“The provisions to be negotiated may lead to interferences with e.g. the right to a fair trial, the right to privacy and the right to the protection of personal data,” reads the explanatory memorandum the Commission sent to member states when asking for a mandate to negotiate the Convention on behalf of the EU.
[Edited by Luca Bertuzzi/Zoran Radosavljevic]
More on the same topic…
Tech Brief: rules for foundation AI, Chips Act dealWelcome to EURACTIV’s Tech Brief, your weekly update on all things digital in the EU.
Source: euractiv.com