Why the UN Convention Against Cybercrime Requires a Second Look

Cybercrime is escalating globally. Criminal groups are leveraging advanced technology to operate across borders, necessitating that law enforcement agencies have the capabilities to prevent, investigate, and prosecute these crimes while also protecting human rights. Effective international cooperation is essential to combat these threats and uphold shared values. While the recently adopted UN Convention against Cybercrime addresses important issues around the need for increased cyber capacity building, it raises concerns around the protection of shared rights and values, and requires more attention before ratification by member states.

Concerns for human rights and liberal democracies values in the UN Convention against Cybercrime

Given the power of networks to transform how we live, work, learn, and play, it is natural that criminal groups also use more advances in technology to operate more efficiently than in the past without regard for national borders. In response, we need to ensure law enforcement agencies have the necessary capabilities to prevent, investigate, and prosecute transnational cybercrimes. We must also uphold and protect the importance of basic human rights and the rule of law.

Unfortunately, the UN Convention, as it stands, does not sufficiently protect basic human rights and poses risks to the rule of law.

Rather than specifically focusing on hacking and cybercrimes, it broadly aims at the misuse of computer networks to disseminate objectionable information. This represents a misalignment with the values of free speech in liberal democracies, which should be addressed via an amendment before the Convention is taken up by member states for adoption.

As providers of foundational products and services vital to economic growth and stability, technology leaders like Cisco have our own responsibilities to drive adoption of concrete practices that improve the safety and security of the shared network we increasingly rely upon. We share concerns about how best to enable governments, law enforcement, and national security officials to protect their citizens against crime and terror even as the necessary information requires the assistance of other governments. At the same time, our societies must effectively balance the legitimate needs of governments to pursue cybercriminals across borders with our shared values and long-standing commitments.

More alignment with existing international law enforcement frameworks needed

We should also not forget the importance of the original cybercrime agreement. The Council of Europe Cybercrime Treaty, sometimes referred to as the Budapest Convention, has been around for 20-plus years. This existing agreement should be more widely adopted, and it is regrettable that the new UN agreement does not align more tightly with existing international law enforcement frameworks, which reflect carefully negotiated balances between competing equities.

For example, the Budapest Convention ensures that signatory nations have a 24/7 point of contact that can be reached in the event of an emergency. The agreement serves as a default framework for cross-border cooperation where there is no existing mutual or bilateral legal assistance treaty. Importantly it allowed the US government to not sign on to parts of it that would have required the prosecution of crimes that would violate the First Amendment of the US Constitution. Even if we need a separate UN treaty, it should parallel previously agreed norms of governmental behavior.

Capacity building effort: a welcome addition to the fight against cybercrime

The UN treaty includes an important capacity building effort that is not contemplated by the Budapest Convention. That's a welcome addition to international cybercrime conversations. Training and education can help establish a common understanding about the types of information available and how to investigate and prosecute crimes.

These programs also help ensure that there is not only education but also resources to be able to do those kinds of things. The result will be greater confidence, agreement, and certainty about what kinds of acts are criminal, assuming the challenges about the scope I outlined above are addressed.

Finding the right balance for the pursuit of cybercrime while protecting human rights and due process

There is certainly a path forward where the capabilities of an effective tool for cross border tool pursuit of cyber criminals is combined with capacity building resources for developing and emerging economies within a framework that honors shared values and prior commitments to protect human rights and due process.

Cisco stands ready to partner with governments on getting the answer to these tough questions right. We urge UN member states to take a careful look at the text of the UN Convention and consider how to better align it with the authorities and protections already in the Budapest Convention before proceeding to ratify its current version.

Public link

Please use the above public link if you want to share this noodl on another website.