Later this year, the UN will vote on a treaty that aims to establish standards for combating cybercrime; the Biden administration is concerned about whether or not to join.
Russia, Iran, and China are among the countries that have voiced concerns that the treaty could be used by these nations to conceal their extensive surveillance programs and the suppression of their citizens’ digital rights from the United Nations.
These hostile states, identified by the Cybersecurity and Infrastructure Security Agency as the leading state sponsors of cybercrime, may find it easy to assume leadership roles in future cyber affairs if the United States opts not to support the treaty. Also, other countries have spent years attempting to negotiate the global treaty with competing interests in mind, and the United States might anger them if it quits now.
The treaty will not be voted on during this week’s United Nations General Assembly, but it has been a hotly debated subject at last week’s meetings in New York City and at committee meetings scheduled for next month after the global leaders leave.
“We want to affirmatively, definitely do things to drive international partnership on cybercrime,” stated Anne Neuberger, deputy national security adviser for cyber and new technology. We need to weigh the pros and cons and ask, “What’s the right approach here?” if these factors are causing us concern.
There were problems with the deal from the start. After Russia proposed a cybercrime convention, the United states approved in late 2019 to begin drafting it, over opposition from the United States and other Western states. Some nations were concerned that Russia might try to use it as a replacement for the Budapest Convention, a cybercrime treaty run by the Council of Europe that none of the three countries—Russia, China, and Iran—have signed.
Amid a surge in ransomware assaults around the world, the United Nations has launched a new initiative that might provide Iran, Russia, and China with an opening to reshape the cybercrime convention according to their own standards, something that the West is hell-bent on avoiding.
According to Nick Ashton-Hart, the U.N. treaty has always been a Russian horse and has never been a Trojan horse. The Cybersecurity Tech Accord, which includes over a hundred cyber and tech groups like Meta, Oracle, Salesforce, and Microsoft, is led by him as its delegate to the United Nations cybercrime convention.
To avoid being sidetracked by Russia, China, and others, the United States has voluntarily been more involved in the treaty negotiations, holding a number of sessions in Vienna and New York City over the past three years.
U.S. negotiator and chief of the Justice Department’s Computer Crime and Intellectual Property Section, John Lynch, stated at a forum this week at American University’s Washington College of Law, “It’s not whether it’s needed or not, it exists as a thing that was negotiated and countries are going to join it.”.
The United States was a part of a unanimous vote that approved the treaty’s final draft in August; Neuberger said that this was because the country pushed to include civil liberties provisions. But few in the business world and the nonprofit sphere are pleased with the current version of the text.
Some worry that the agreement’s wording could be twisted or misused in a number of ways, including making it easier to spy on people’s internet activities, criminalizing the work of journalists and security researchers, or granting signatory nations the right to request data on other nations’ potentially serious crimes.
The proposed treaty’s “weak” human rights measures “create a patchwork of protections” that are insufficient, according to Katitza Rodriguez, the Electronic Frontier Foundation’s policy director for global privacy. The current accord has been characterized as “flawed” by both the U.S. Chamber of Commerce and the International Chamber of Commerce. The EFF was one of nearly twenty groups that issued an open letter in July expressing grave concerns about the cybercrime convention, which the committee had already passed.
Rodriguez warned that nations with laxer legal systems could utilize shared data for political repression and other non-cybercrime-related goals, which could undermine trust and impede international collaboration.
However, these worries are not shared by those who were involved in drafting the treaty. The Dominican Republic’s cyber ambassador and U.N. Ad Hoc Committee vice chair, Claudio Peguero Castillo, stated that the nation cannot conduct surveillance on its own citizens without a court order and claimed that “no single provision in the convention” would authorize such actions.
Lessening the threat from cybercrime is the goal of this treaty. The criminal, not the other state, is our enemy, Peguero Castillo declared. “To combat this crime, we must work together.”
According to individuals involved in the treaty negotiations, the United States will have to decide how to vote on the document when it is considered later this year, most likely between Thanksgiving and Christmas. Some worry that the United States’ credibility would take a major hit and that unfriendly states would have free reign to manipulate the wording to their advantage if they see the United States vote nay or abstain.
“The Russians and the Chinese will use this to amend the convention and the protocol if we walk away… we decide to just give up this process,” Lynch said, arguing that the United States should join.
Christopher Painter, who served as the State Department’s cybersecurity coordinator under Obama’s and Trump’s administrations, was present during the talks. Although he acknowledged that the pact has its flaws, he maintained that the Russians could have easily added wording that would have made the text worse in subsequent revisions.
As Painter put it, “if… only non-democratic countries like Russia, Cuba, Syria, and Iran—if they’re the core group in the beginning, they get to shape what might be the second protocol or the first protocol,” meaning that these countries do not have to immediately ratify the treaty in their Congress. “That implies they either obtain all the things they were unable to get the first time or attempt to sneak in.”
Calls to rush a treaty through when major issues persist are not universally supported. One of the negotiators, Raman Jit Singh Chima of the digital rights organization Access Now’s Asia Pacific policy division, cautioned that “this is not a win by preventing an even worse treaty.”
He warned that the proposed international standard will “poisone the design of national cybercrime laws for decades to come” and provide nations a reason to continue their current policies of repression.