Cybercrime is escalating globally. Criminal groups are leveraging advanced technology to operate across borders, necessitating that law enforcement agencies have the capabilities to prevent, investigate, and prosecute these crimes while also protecting human rights. Effective international cooperation is essential to combat these threats and uphold shared values. While the recently adopted UN Convention against Cybercrime addresses important issues around the need for increased cyber capacity building, it raises concerns around the protection of shared rights and values, and requires more attention before ratification by member states.
Concerns for human rights and liberal democracies values in the UN Convention against Cybercrime
Given the power of networks to transform how we live, work, learn, and play, it is natural that criminal groups also adapted their tactics to operate more efficiently than in the past without regard for national borders. In response, we need to ensure law enforcement agencies have the necessary capabilities to prevent, investigate, and prosecute transnational cybercrimes. We must also uphold and protect the importance of basic human rights and the rule of law.
Unfortunately, the UN Convention, as it stands, does not sufficiently protect basic human rights and poses risks to the rule of law.
Rather than specifically focusing on hacking and cybercrimes, the UN Convention broadly aims at the misuse of computer networks to disseminate objectionable information. This represents a misalignment with the values of free speech in liberal democracies, which should be addressed via an amendment before the UN Convention is taken up by member states for adoption.
As providers of foundational products and services vital to economic growth and stability, technology leaders like Cisco have our own responsibilities to drive adoption of concrete practices that improve the safety and security of the shared network we increasingly rely upon. We also share concerns about how best to enable governments, law enforcement, and national security officials to protect their citizens against crime and terror even as the necessary information requires the assistance of other governments. At the same time, our societies must effectively balance the legitimate needs of governments to pursue cybercriminals across borders with our shared values and long-standing commitments to protect fundamental rights.
More alignment with existing international law enforcement frameworks needed
We should also not forget the importance of the original cybercrime agreement. The Council of Europe Cybercrime Treaty, sometimes referred to as the Budapest Convention, has been around for 20-plus years. This existing agreement should be more widely adopted, and it is regrettable that the new UN agreement does not align more tightly with such existing international law enforcement frameworks, which reflect carefully negotiated balances between competing equities.
For example, the Budapest Convention ensures that signatory nations have a 24/7 point of contact that can be reached in the event of an emergency. The agreement also serves as a default framework for cross-border cooperation where there is no existing mutual or bilateral legal assistance treaty. Importantly, the U.S. government was able to reject text that would have required criminal prosecution of protected free expression. Even if we need a separate UN treaty, it should parallel previously agreed limits on governmental authority.
Capacity building effort: a welcome addition to the fight against cybercrime
The UN treaty includes an important capacity building effort that is not contemplated by the Budapest Convention. That’s a welcome addition to international cybercrime conversations. Training and education can help establish a common understanding about the types of information available and how to investigate and prosecute crimes.
These programs also help ensure that there is not only education but also resources to be able to do those kinds of things. The result will be greater confidence, agreement, and certainty about what kinds of acts are criminal, assuming the challenges about the scope I outlined above are addressed.
Finding the right balance for the pursuit of cybercrime while protecting human rights and due process
There is certainly a path forward where governments develop effective new tools for cross border tool pursuit of cyber criminals and expand access to capacity building resources for developing and emerging economies while also establishing protections for shared values, human rights, and due process.
Cisco stands ready to partner with governments on getting the answer to these tough questions right. We urge UN member states to take a careful look at the text of the UN Convention and consider how to better align it with the authorities and protections already in the Budapest Convention before proceeding to ratify its current version.