The Russia-initiated United Nations Cybercrime Convention was due to conclude on Friday (9 February) but lack of consensus on the scope and terminology has prompted civil society to call for the rejection of the Convention in its current form.
Amid considerations to reschedule the final meeting for July, the text may not be put to vote on Friday.
The Convention on Cybercrime was the brainchild of Russia and was initially rejected by Western liberal democracies. Friday marks the final day of the concluding session that started on 29 January.
Until now, the UN member states have not reached a consensus on the scope and terminology, they only managed to agree on a few points. This implies that the final decision is likely to be reached by vote if no agreement by consensus can be reached.
Civil society and industry actors consider the current form unacceptable. Therefore, more than 40 organisations called on Thursday in an open letter addressed to the Convention’s chair to reject its current form.
Signatories include the International Chamber of Commerce and the Cybersecurity Tech Accord, which represent major tech companies like Microsoft, Meta, and PayPal.
Industry and civil society, which often disagree, are both concerned about the shortcomings of the current text, which include a broad scope and vague provisions such as for real-time interception of content and data. Another concern is the lack of protection for human rights and good-faith cybersecurity researchers, the letter reads.
Since states would be entitled to carry out cross-border data collection without prior legal authorisation, all signatories consider that the text is not in line with international human rights law and the rule of law in general.
“While the negotiations have addressed some important problems in the text, many very significant issues remain unresolved, including transparency,” Nick Ashton-Hart, senior director at APCO Worldwide and representative of the Digital Trade Network (DTN) and UK Delegate to the ITU meetings, told Euractiv.
Given the lack of agreement, there are also ongoing considerations to suspend the meeting, with the final session to recommence in July. This ‘suspension’ would not require a new UN General Assembly resolution or any changes to the modalities.
A potential suspension would also reduce pressure on UN member states, allowing them to hold another session in July instead of adopting the current draft by agreement or through a vote. However, this could also mean that states are less likely to make concessions during the negotiations and find a middle ground on the last day.
Content of the Convention
With a new compromise package on the scope and safeguards shared with delegations on Thursday evening, negotiations are still in progress on the scope, as well as its implications. A consensus still needs to be reached on whether the convention addresses cybercrime or ICT for criminal purposes. The latter would be a much broader scope.
“The text still allows any government to pass the personal information of citizens to other states in perpetual secrecy,” Ashton-Hart said. “There has not been a single proposal to address this glaring flaw.”
At the same time, the text also lacks human rights safeguards, an issue also pointed out in Thursday’s open letter.
While liberal democracies insist on human rights protection, member states that rejected any safeguards include Russia, Egypt, and Iran.
According to a source close to the negotiations, Arab countries, led by Egypt, are using their position on the prevention of child sexual abuse material (CSAM) to remove human rights safeguards from the convention.
“It also remains true that cybersecurity researchers, whose activities are fundamentally important to securing the digital world against cybercrime, remain unprotected from prosecution,” Ashton-Hart added.
[Edited by Zoran Radosavljevic]
Read more with Euractiv