- If ChatGPT produces AI-generated code for your app, who does it really belong to?
- The best iPhone power banks of 2024: Expert tested and reviewed
- The best NAS devices of 2024: Expert tested
- Four Ways to Harden Your Code Against Security Vulnerabilities and Weaknesses
- I converted this Windows 11 Mini PC into a Linux workstation - and didn't regret it
Why the UN Convention Against Cybercrime Requires a Second Look
Cybercrime is escalating globally. Criminal groups are leveraging advanced technology to operate across borders, necessitating that law enforcement agencies have the capabilities to prevent, investigate, and prosecute these crimes while also protecting human rights. Effective international cooperation is essential to combat these threats and uphold shared values. However, the recently adopted UN Convention against Cybercrime falls short and requires more attention before ratification by member states.
Concerns for human rights and liberal democracies values in the UN Convention against Cybercrime
Given the power of networks to transform how we live, work, learn, and play, it is natural that criminal groups also use more advances in technology to operate more efficiently than in the past without regard for national borders. In response, we need to ensure law enforcement agencies have the necessary capabilities to prevent, investigate, and prosecute transnational cybercrimes. We must also uphold and protect the importance of basic human rights and the rule of law.
Unfortunately, the UN Convention, as it stands, does not sufficiently protect basic human rights and poses risks to the rule of law.
Rather than specifically focusing on hacking and cybercrimes, it broadly aims at the misuse of computer networks to disseminate objectionable information. This represents a misalignment with the values of free speech in liberal democracies, which should be addressed via an amendment before the Convention is taken up by member states for adoption.
As providers of foundational products and services vital to economic growth and stability, technology leaders like Cisco have our own responsibilities to drive adoption of concrete practices that improve the safety and security of the shared network we increasingly rely upon. It is, therefore, natural that we would be concerned about the impacts of a cybercrime treaty that potentially undermines cherished societal values.
We share concerns about how best to enable governments, law enforcement, and national security officials to protect their citizens against crime and terror even as the necessary information requires the assistance of other governments. At the same time, our societies must effectively balance the legitimate needs of governments to pursue cybercriminals across borders with our shared values and long-standing commitments.
More alignment with existing international law enforcement frameworks needed
We should also not forget the importance of the original cybercrime agreement. The Budapest Convention, sometimes referred to as the Council of Europe Cybercrime Treaty, has been around for 20-plus years. This existing agreement should be more widely adopted, and it is regrettable that the new UN agreement does not align more tightly with existing international law enforcement frameworks, which reflect carefully negotiated balances between competing equities.
For example, the Budapest Convention ensures that signatory nations have a 24/7 point of contact that can be reached in the event of an emergency. The agreement serves as a default framework for cross-border cooperation where there is no existing mutual or bilateral legal assistance treaty. Importantly it allowed the US government to not sign on to parts of it that would have required the prosecution of crimes that would violate the First Amendment of the US Constitution. Even if we need a separate UN treaty, it should parallel previously agreed norms of governmental behavior.
Capacity building effort: a welcome addition to the fight against cybercrime
The UN treaty includes an important capacity building effort that is not contemplated by the Budapest Convention. That’s a welcome addition to international cybercrime conversations. Training and education can help establish a common understanding about the types of information available and how to investigate and prosecute crimes.
These programs also help ensure that there is not only education but also resources to be able to do those kinds of things. The result will be greater confidence, agreement, and certainty about what kinds of acts are criminal, assuming the challenges about the scope I outlined above are addressed.
Finding the right balance for the pursuit of cybercrime while protecting human rights and due process
There is certainly a path forward where the capabilities of an effective tool for cross border tool pursuit of cyber criminals is combined with capacity building resources for developing and emerging economies within a framework that honors shared values and prior commitments to protect human rights and due process.
Cisco stands ready to partner with governments on getting the answer to these tough questions right. We urge UN member states to take a careful look at the text of the UN Convention and consider how to better align it with the authorities and protections already in the Budapest Convention before proceeding to ratify its current version.
Share: