ARTICLE 19 joined a coalition of civil society organisations and experts in a statement calling on the state delegations participating in the United Nations Ad Hoc Committee to Elaborate a Comprehensive International Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes (the UN Ad Hoc Committee) to ensure that the proposed Cybercrime Convention is narrowly focused on tackling cybercrime and not used as a tool to undermine human rights.
Use the button at the bottom of the page to view all signatories.
Joint Statement on the Proposed Cybercrime Treaty Ahead of the Concluding Session
23 January, 2024
We, the undersigned organizations and individual experts call on the state delegations participating in the concluding session of the United Nations (UN) Ad Hoc Committee to ensure that the proposed Cybercrime Convention (the Convention) is narrowly focused on tackling cybercrime, and not used as a tool to undermine human rights. Absent meaningful changes to address these shortcomings, the Convention should be rejected.
Civil society groups have contributed time and expertise to improve the draft and fully align it with existing human rights law and standards, the principles of the UN Charter and the rule of law, as well as best practices to provide legal certainty in efforts to improve cybersecurity. Our concerns about the proposed text of the Convention are informed by our experience and human rights advocacy around the world. National and regional cybercrime laws are regrettably far too often misused to unjustly target journalists and security researchers, suppress dissent and whistleblowers, endanger human rights defenders, limit free expression, and justify unnecessary and disproportionate state surveillance measures.
Throughout the negotiations over the last two years, civil society groups and other stakeholders have consistently emphasized that the fight against cybercrime must not come at the expense of human rights, gender equality, and the dignity of the people whose lives will be affected by this Convention. It should not result in impeding security research and making us all less secure. Robust and meaningful safeguards and limitations are essential to avoid the possibility of abuse of relevant provisions of the Convention that could arise under the guise of combating cybercrime. Regrettably, the latest draft of the proposed Convention, which is due to be finalized by February 2024, fails to address many of our significant concerns. We believe that if the text of the Convention is approved in its current form, the risk of abuses and human rights violations will increase exponentially and leave us with a less secure internet.
We are particularly concerned that the latest draft of the Convention:
- Remains over-broad in the scope of the range of the activities it requires states to criminalize. It includes cyber-enabled offenses and other content-related crimes and creates legal uncertainty through an open-ended reference to crimes under other “applicable international conventions and protocols.” This overbroad scope gives rise to the danger that the Convention will be used to criminalize legitimate online expression, which is likely to create discriminatory impacts and deepen gender inequality;
- Fails to incorporate language sufficient to protect security researchers, whistleblowers, activists, and journalists from excessive criminalization;
- Contains insufficient references to states’ obligations under international human rights law, includes weak domestic human rights safeguards in its criminal procedural chapter, and fails to explicitly incorporate robust safeguards applicable to the whole treaty to ensure that cybercrime efforts provide adequate protection for human rights and are in accordance with the principles of legality, non-discrimination, legitimate purpose, necessity, and proportionality;
- Lacks effective gender mainstreaming which is critical to ensure the Convention is not used to undermine people’s human rights on the basis of gender;
- Proposes to create legal regimes to monitor, store, and allow cross-border sharing of information in a manner that would undermine trust in secure communications and infringe on international human rights standards, including the requirements for prior judicial authorization and the principles of legality, non discrimination, legitimate purpose, necessity, and proportionality;
- Permits excessive information sharing for law enforcement cooperation, beyond the scope of specific criminal investigations and without specific, explicit data protection and human rights safeguards.
The Convention should only move forward if it pursues a specific goal of combating cybercrime without endangering the human rights and fundamental freedoms of those it seeks to protect nor undermining efforts to improve cybersecurity for an open internet. The present draft text falls far short of this goal and these basic minimum requirements, and must be comprehensively revised, amended, or rejected.
Therefore, we call on all state delegations to:
- Narrow the scope of the whole Convention to cyber-dependent crimes specifically defined and included in its text;
- Make certain the Convention includes provisions to ensure that security researchers, whistleblowers, journalists, and human rights defenders are not prosecuted for their legitimate activities and that other public interest activities are protected;
- Guarantee that explicit data protection and human rights standards – including the principles of non-discrimination, legality, legitimate purpose, necessity and proportionality – are applicable to the whole Convention. Specific, explicit safeguards, such as the principle of prior judicial authorization, must be put in place for accessing or sharing data, as well as for conducting cross-border investigations and cooperation in accordance with the rule of law;
- Mainstream gender across the Convention as a whole and throughout each article in efforts to prevent and combat cybercrime;
- Limit the scope of application of procedural measures and international cooperation to the cyber-dependent crimes established in the criminalization chapter of the Convention;
- Avoid endorsing any surveillance provision that can be abused to undermine cybersecurity and encryption.
As the UN Ad Hoc Committee convenes its concluding session, we call on state delegations to redouble their efforts to address these critical gaps in the current draft. The final outcome of the treaty negotiation process should only be deemed acceptable if it effectively incorporates strong and meaningful safeguards to protect human rights, ensures legal clarity for fairness and due process, and fosters international cooperation under the rule of law. The proposed Convention must not serve as a validation of intrusion and surveillance practices harmful to human rights.
Absent these minimum requirements, we call on state delegations to reject the draft treaty and not advance it to the UN General Assembly for adoption.