UN: ARTICLE 19’s recommendations for the proposed UN Cybercrime Convention

UN: ARTICLE 19’s recommendations for the proposed UN Cybercrime Convention - Digital

Ahead of the planned deliberation of the Ad Hoc Intergovernmental Committee, ARTICLE 19 published a statement offering its recommendations on the proposed development of an international Convention on Cybercrime (the UN convention). While we do not believe that there is a need for such a convention, we remain concerned that its adoption will have negative impacts on human rights. We have previously raised concerns about existing cybercrime laws that are open to abuse due to their vague terminology and lack of sufficient redress mechanisms. Therefore, we believe that an international convention could replicate several of those concerns. In our briefing, we stress that any proposed convention should put human rights at its centre in order to avoid a lopsided application and implementation of the convention down the line.

In 2019, the UN General Assembly first established an open-ended Ad Hoc Intergovernmental Committee to explore the development of a comprehensive international convention on ‘countering the use of information and communications technologies for criminal purposes’, commonly referred to as cybercrime. The committee’s objective is to draft an international cybercrime convention to be presented to the General Assembly at its seventy-eighth session. A draft proposal was submitted to the Committee by the Russian Federation and the EU and its Member States also presented a draft position. ARTICLE 19 has previously commented on the Russian Proposal for the Convention.

ARTICLE 19 has closely followed the process and has, over the years, had the opportunity to analyse several proposed and existing cybercrime laws. We have noted that these laws often follow the same trends and each of them raises human rights concerns. The application of these cybercrime laws has been used to criminalise ordinary activities, whether that be legitimate expressive activities involving computers or sharing passwords for academic or personal use. Additionally, the terms used in these laws are routinely vague and subject to abuse. This allows for an overbroad application of the laws, making them a dangerous tool for governments to use to crack down on freedom of expression. Finally, procedural provisions can be implemented in ways that undermine human rights protections for privacy and due process. Anonymity, especially online, is a key factor of freedom of expression as people will tend to express themselves less freely if they know they can be identified and potentially ‘tracked’.

These concerns should not be taken lightly, especially in an international context. The trends listed above should not be replicated in an international convention as they would cause chaos on a national and regional level and give standing to other laws that blatantly violate human rights standards. The only way for this potential UN Convention to achieve its goal is to break the current pattern when dealing with cybercrime issues and carefully consider the fundamental rights implications of its adoption.

For this reason, ARTICLE 19 has compiled the following list of recommendations:

  • The Scope of the Convention should be narrow and cybercrime must not be used as a pretext to prosecute content-based offences;
  • Criminal sanctions in cyberspace must be strictly limited in number, scale and scope;
  • A public interest defence must be provided to ensure the protection of legitimate expressive activities;
  • ‘Unauthorised access’ offences must be defined by specifying the scope of what is meant by ‘authorised’ and who determines that authorisation;
  • Cybercrime must hinge on state of mind rather than the specific technologies used;
  • The use of encryption and anonymity must not be criminalised;
  • Information and communication technology providers must not be forced to become extensions of public authorities;
  • Mutual legal assistance and extradition obligations must preserve international, regional and national due process safeguards;
  • Interference by public authorities with non-government computer systems or equipment should be presumptively prohibited;
  • Meaningful participation of all stakeholders in the drafting process, including civil society, must be ensured;

Read full briefing