Cybercrime
,
Fraud Management & Cybercrime
Leading Cybersecurity, Technology Companies ‘Gravely Concerned’ Over Cyber Treaty
Leading cybersecurity and technology firms in the West feel “abandoned” by the United States and Europe as talks for a United Nations cybercrime treaty near their end.
See Also: Webinar | Everything You Can Do to Fight Social Engineering and Phishing
Member nations resumed cybercrime treaty negotiations on Monday in New York as a coalition of more than 150 cybersecurity companies called for major changes to the draft text to prevent damage to global digital security, internet freedoms and privacy rights. Nick Ashton-Hart, head of the delegation for the Cybersecurity Tech Accord, which represents over 100 technology firms, told Information Security Media Group that the U.S. and European Union are “failing to take on board many of the key concerns of the private sector or civil society.”
Russia first proposed the initiation of negotiations for a cybercrime treaty under U.N. auspices in 2017. The General Assembly approved the opening of talks in December 2019 despite U.S. opposition and the existence of the Budapest Convention on Cybercrime, an international treaty in force since 2004 that’s been ratified by more than 50 countries, including most of Europe, North America, Japan, Australia and most of South America.
Experts called Russia’s proposal part of the Kremlin’s strategy to gain cyberspace dominance and influence international cybersecurity and internet governance standards.
But with a final round of talks set to conclude Aug. 9, outside groups now say that the U.S. isn’t doing enough to stop language in the final document that could have detrimental effects. American negotiators are “blocking any language that would ensure security researchers won’t face criminal charges for protecting the online environment relied upon by billions daily,” said Ashton-Hart. The U.S. delegation has also raised “strong concerns related to national security” throughout the negotiations, he added.
Experts say the current text of the treaty could allow children to be charged with distributing child sexual abuse materials for their selfies. They also warn that provisions that put security researchers at risk could leave journalists and their sources vulnerable to prosecution.
Human Rights Watch issued a joint statement along with over 100 international groups in January ahead of the last round of negotiations calling for the cybercrime convention to be rejected “absent meaningful changes.”
The draft treaty “fails to incorporate language sufficient to protect security researchers, whistleblowers, activists and journalists from excessive criminalization,” the statement says. It remains “over-broad in the scope of the range of the activities it requires states to criminalize.”
Following the surprise outcome of the December 2019 vote, the U.N. catalog established an intergovernmental committee to officially draft the treaty. The General Assembly must vote on a final version of the text.
According to the Cybersecurity Tech Accord, negotiators could yet narrow the scope of the text and refine the language to better focus on cybercrime. Negotiators should strengthen protections for cybersecurity researchers and penetration testers, Ashton-Hart said, while restricting government access to personal data and ensuring that the treaty addresses only the issues it aims to combat.
Otherwise, the association of technology firms vowed it will urge U.N. states not to ratify the treaty. Major tech companies such as Microsoft have issued their own submissions to the negotiations and said they “remain gravely concerned with the revised draft text” and are “disappointed” that many key concerns have not been addressed.
“After nearly three years of negotiations and with only one session remaining, states have not yet reached consensus on some of the most fundamental issues, including the very purpose and scope of the Convention,” the Microsoft statement says.
Experts say that existing international treaties, such as the U.N. Convention Against Organized Transnational Crime and the Council of Europe’s Budapest Convention, could be more strongly implemented globally to address the rising prevalence of cybercrime.
The Russian delegation has meanwhile pushed back on growing criticism from industry, arguing in a statement that “excessive attention to human rights provisions in the Convention is significantly detrimental to international cooperation and will in fact hinder the cooperation between law enforcement agencies of states.”