Cybercrime , Fraud Management & Cybercrime
Tech Orgs: UN Cybercrime Treaty Will Worsen Global Security
Cybersecurity Tech Accord Urges Nations to Reject the TreatyA coalition of technology organizations said a draft United Nations cybercrime treaty would facilitate crime across the globe and is urging member nations to reject the treaty in its current form.
See Also: The Healthcare CISO’s Guide to Medical IoT Security
The Cybersecurity Tech Accord, representing more than 150 cybersecurity and technology firms worldwide, participated in talks after the U.N. established a committee to draft the treaty following the unexpected outcome of a December 2019 General Assembly vote instigated by Russia.
The committee on Aug. 8 adopted the treaty language "by consensus" - without a formal vote - despite opposition from human rights and tech organizations. The treaty now faces a vote before the General Assembly. It would enter into force after 40 member nations ratify it.
Experts have decried the negotiations and the United States and Europe for allegedly failing to push for language that would protect global digital security, internet freedoms and privacy rights (see: Tech Orgs Feel 'Abandoned' as UN Finalizes Cybercrime Treaty).
As the General Assembly prepares for a likely vote in the coming months, the Tech Accord warned that implementing the treaty could make the internet less secure and create significant challenges for security researchers and ethical hackers worldwide. Nick Ashton-Hart, the head of the tech delegation, told Information Security Media Group the convention "leads to making things worse, not better."
"A convention ostensibly dedicated to reduce cybercrime should not actually facilitate it," Ashton-Hart said Tuesday. The convention would permit governments to share personal information of citizens globally "in complete secrecy."
"The lack of a threshold of criminal intent for any criminal act means that the work of security researchers, journalists and whistleblowers amongst many others are at risk of prosecution in all countries that don't choose to specifically protect them," he added.
The U.S. opposed starting cybercrime negotiations when Russia first proposed the talks under U.N. auspices in 2017. The draft treaty requires nations to criminalize the intentional unauthorized access of information and communications technology systems and allows participants to request assistance from member nations in obtaining electronic evidence and data from internet service providers during serious crime investigations.
While the convention includes exceptions and allows members to decline to participate in certain data exchanges, critics said the draft remains "too flawed to adopt." Human Rights Watch, the Electronic Frontier Foundation and leading technology firms such as Cisco have all joined a growing chorus of detractors in recent weeks, urging the U.N. to reject the convention.
U.N. processes allow members to submit amendments after the finalization of a draft, though each proposal would be subject to debate and require approval by a majority vote to be included in the final version of the text. As is, Ashton-Hart said, members such as the U.S. will be "limited to supporting implementation through capacity building and technical assistance."
"The best option now is for a majority of the U.N.'s member states to decide not to adopt the convention at all," he said.