Negotiations for a UN treaty to counter cybercrime began at the end of February. The treaty could reduce impunity for cybercriminals, improve international cooperation, and facilitate cross-border data exchange.
The first Convention on Cybercrime, also known as the Budapest Convention on Cybercrime or the Budapest Convention, which was held on 23rd November 2001, was the first international treaty seeking to address Internet and computer crime (cybercrime) by harmonizing each nations laws, improving investigation techniques, and increasing cooperation and it’s treaty enforced in 2004. By December 2020, 65 states ratified the convention, while a further four states had signed the convention but not ratified it
Overall it’s hoped that a convention on cybercrime could have the potential of reducing impunity of cybercriminals by harmonizing national approaches to criminalization. Relatedly, the convention could play a crucial role in improving international cooperation by providing effective investigatory frameworks and facilitating countries exchanging data on cybercrime.
Moreover, the convention could help build the capacity of countries with less experience in tackling cybercrime and provide the basis for technical assistance.
Developing countries – including those represented by CARICOM – are optimistic about the
role this convention could play in fighting cybercrime, bridging the digital divide, and harnessing the potential of Information & Communication Technology – referred here as ICT.
Many delegations from developing countries expressed their urgent need for a practical legal tool to fight cybercrime, but first states need to agree on what cybercrime is.
Broadly, cybercrime can be described as having cyber-dependent offences, cyber-enabled offences such as online child sexual exploitation and abuse.
- Cyber-dependent crime requires an ICT infrastructure and is often typified as the creation, dissemination and deployment of malware, ransomware, attacks on critical national infrastructure (e.g. the cyber-takeover of a power-plant by an organised crime group) and taking a website offline by overloading it with data (a DDOS attack).
- Cyber-enabled crime is that which can occur in the offline world but can also be facilitated by ICT. This typically includes online frauds, purchases of drugs online and online money laundering.
- Child Sexual Exploitation and Abuse includes abuse on the clear internet, darknet forums and, increasingly, the exploitation of self-created imagery via extortion – known as “sextortion”.
Western countries want a convention that includes only cyber-dependent crimes and certain cyber-enabled crimes, and are also advocating for including certain cyber-enabled crimes to be included. These are traditional crimes where ICTs were used as an instrument, rather than as a target of the offence. The offences that they have argued to be included are the ones where the use of ICTs significantly increase the scope, speed, scale of the crime but also the anonymity of the perpetrator such as online child sexual exploitation, and computer fraud. They call for strong human rights safeguards to be embedded throughout the
The convention includes traditional crimes such as terrorist use of ICTs, the distribution of narcotic drugs, and arms trafficking, as well as content-related offences such as disinformation, coercion to suicide, hate speech, extremism and others.
The UN Human Rights Office stressed that a future convention on cybercrime should not criminalize content related to extremism, terrorism, public morals or hate speech.
The risk of no consensus is high because the debate on what should and should not be considered cybercrime is at least a decade old, and because most developed countries have systems, resources, expertise and capabilities in place to tackle cybercrime.
Some developing countries have ratified the Budapest Convention, but they lack the resources and capabilities to tackle cybercrime. A UN convention would help them tackle the challenge.
The United Nations Convention against Transnational Organized Crime (UNTOC) criminalized a specific set of core types of organized crime activity but included broad international cooperation provisions that can be applied to other types of serious crime committed.
There is a palpable eagerness amongst countries to have an instrument that can help them address the problem of cybercrime. It is difficult to say whether this convention will be successful.
The European Data Protection Supervisor published on 18 May 2022 its opinion concerning the EU’s participation in the United Nations’ negotiations for a Comprehensive International Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes (the future UN convention on cybercrime).
While reiterating support, in principle, to international cooperation in combatting cybercrime, the EDPS includes in its Opinion recommendations to ensure that the future UN convention upholds individuals’ data protection and privacy rights according to EU law.