HomeInsightsUN Cybercrime Convention update


Pursuant to a 2019 UN resolution, proposed by the Russian Federation, an intergovernmental committee composed of experts and representatives of all regions was set up to draft a Convention on Countering the Use of Information Communications Technologies for Criminal Purposes. The Convention in its current draft seek to create a number of criminal offences such as unauthorised access to information and communications technology systems, unauthorised interception of non-public transmissions of electronic data to, from or within such systems, offences in relation to online child sexual abuse and child sexual exploitation material and money laundering. The draft proposes a framework for international cooperation on preventing and investigating such crimes and prosecuting criminals.

To date, member states have not reached consensus on the scope or terminology of the Convention. After several drafting sessions, the Convention was due to be finalised on 9 February 2024 with a view to presenting a draft to the UN General Assembly in September. On 8 February 2024, more than 40 organisations, including the International Chamber of Commerce, Human Rights Watch and the Cybersecurity Tech Accord, wrote a letter to the committee calling for a rejection of the Convention in its current form. Concerns were raised over the unclear and overly broad scope, vague criminalisation provisions and definitions, lack of meaningful human rights safeguards, missing protections for good-faith cybersecurity researchers and others acting in the public interest, and overly broad provisions for real-time interception of content and traffic data that go far beyond what can reasonably be justified to fight cybercrime. It appears that there is still no agreement over whether the Convention should address cybercrime or ICT for criminal purposes, the latter being much broader in scope.  The letter also raises concerns that that the draft Convention would authorise states to conduct intrusive cross-border data collection without prior judicial authorisation, without oversight, and in secrecy. Service providers would be unable to notify users or inform anyone about such data collection making it impossible to challenge it. All of this would have a chilling effect on free speech.

It is not clear yet if the vote took place on 9 February 2024 (there are procedural rules that would allow the Convention to be agree by majority vote) or whether it was postponed.

For more information click here and here.