Following the conclusion of the final scheduled session of the Ad Hoc Committee negotiating an international convention on cybercrime, ARTICLE 19 remains deeply concerned about a number of critical flaws in the latest draft text of the convention and its continuing incompatibility with international standards on freedom of expression. Despite numerous earlier calls to address serious human rights issues in the document, the Committee has not made meaningful changes. ARTICLE 19 joined a coalition of organisations in an open letter urging governments to consider withholding support for the treaty in its current incarnation. Read the full letter below.
Open letter to the Chair of the Ad Hoc Committee on Cybercrime
Your Excellency,
Our organisations – spanning civil society, industry, and the technical community – wish to urgently draw your attention to critical flaws in the latest draft of the UN cybercrime treaty. While we have diverse perspectives and often do not agree on a range of other policy issues, we share profound concerns over these critical shortcomings. As members of the multistakeholder community we could only support developing a treaty that would effectively address cybercrime and foster international cooperation in accordance with international human rights law and the rule of law in general. While we understand that the text is an attempt to synthesise the views of negotiating states, the result is a draft treaty that would make cyberspace less secure for everyone. The organisations signing this letter, who come from across the multistakeholder community, are deeply concerned by the adoption of such a flawed treaty without major changes.
Serious flaws of the latest draft include an unclear and overly broad scope, vague criminalisation provisions and definitions, lack of meaningful human rights safeguards and effective gender mainstreaming, missing protections for good-faith cybersecurity researchers and others acting in the public interest, and overly broad provisions for real-time interception of content and traffic data that go far beyond what can reasonably be justified to fight cybercrime.
Particularly concerning is that the draft treaty authorises states to conduct intrusive cross-border data collection without prior judicial authorisation, without oversight, and in secrecy. Service providers would be unable to notify users or inform anyone about data collection being ordered. Civil society and individuals would not know when their data is being accessed, making it impossible for them to challenge arbitrary requests and protect their privacy. Given these flaws, this process is at real risk of producing an instrument that can be used to conduct broad data collection on a global scale under the guise of fighting cybercrime.
If adopted without major changes – changes we have consistently advocated for throughout the process – the risks of this treaty far outweigh its potential benefits. Notably, some elements of the treaty do not include any human rights safeguards at all, while other provisions would allow states considerable latitude to implement these safeguards. Allowing individual states to arbitrarily define what activities fall under the treaty’s scope would also inevitably lead to human rights violations and criminalise legitimate activity. Individuals, including political dissidents, journalists, human rights defenders, and those at risk of discrimination on the basis of their personal characteristics would face the risk of being subjected to investigations leveraging the procedural measures of this proposed treaty without notice, potentially resulting in extradition and prosecution for exercising fundamental human rights while using digital technology. Such an outcome – facilitated by an instrument adopted by the UN General Assembly – would damage UN credibility and legitimise state behaviour that undermines the rule of law while eroding respect for human rights.
To make matters worse, the proposed treaty would weaken global cybersecurity and make both individuals and institutions less safe and more vulnerable to cybercrime, thereby undermining its very purpose. Expansive concepts of what activity may be subject to this treaty – and its significant procedural powers – create an unpredictable legal environment that will discourage critical security research. It may also subject good-faith security researchers, IT professionals, and journalists to criminal prosecution for cybersecurity work that keeps us all safer. The resulting environment would make it easier for malicious actors to create and exploit weaknesses in the digital ecosystem. This could, in turn, lead to an increase in the common harms suffered in connection with cyberattacks, such as unauthorised disclosure of personal information and the disruption of access to important networks and systems, including critical infrastructure.
Furthermore, the increased risk of this treaty facilitating broad government data collection without strong privacy, due process and human rights safeguards may deter individuals and groups from exercising their rights to free speech and expression. This climate of self-censorship will have a negative effect on democratic discourse and civic participation. In essence, instead of serving one of its goals, the protection of private personal information from cybercrime, the treaty would paradoxically increase the risk of such violations and undermine human rights in the process.
A UN treaty that authorises broad government data collection, creates an uncertain legal landscape for legitimate cybersecurity research, and facilitates greater online censorship, without sufficient guardrails as a global standard, is deeply concerning. Ultimately, such a treaty would significantly erode trust and cooperation among all stakeholders, whose joint efforts are essential to address the growing global scourge of cybercrime.
Given the broad-based and fundamental concerns from stakeholders, we urge governments to consider withholding support for the treaty in its current incarnation.
Submitted by non-governmental organisations participating under operative paragraphs 8 or 9:
Access Now
ARTICLE 19
Association for Progressive Communications (APC)
CyberPeace Institute (CPI)
Cybersecurity Tech Accord
Electronic Frontier Foundation (EFF)
Derechos Digitales – América Latina
Global Partners Digital (GPD)
Human Rights Watch (HRW)
International Chamber of Commerce (ICC)
Privacy International
Red en Defensa de los Derechos Digitales (R3D)
Reporters Without Borders (RSF)
United States Council for International Business (USCIB)
7amleh – The Arab Center for the Advancement of Social media
Additional signatories:
epicenter.works – for digital rights
Državljan D / Citizen D
IT-Pol Denmark
European Center for Not-for-Profit Law (ECNL)
Politiscope
International Press Institute (IPI)
Committee to Protect Journalists (CPJ)
Vrijschrift.org
Douwe Korff, Emeritus Professor of International Law, London Metropolitan University
Afghanistan Journalists Center (AFJC)(Afghanistan)
Freedom Forum (Nepal)
Free Media Movement – Sri Lanka
Media Watch Bangladesh
Mizzima (Global/Myanmar)
OpenMedia (Canada/United States)
South East Europe Media Organisation (SEEMO)
European Digital Rights (EDRi)
Föreningen för Digitala Fri- och Rättigheter (DFRI) – Sweden
Albanian Media Institute
Cartoonists Rights Network
PEN International
Somali Journalists Syndicate
TechMagTV
The Alliance of Independent Journalists
The Syrian Center for Media and Freedom of Expression (SCM)
Vigilance for Democracy and the Civic State
Zimbabwe National Editors Forum
Media Institute of Southern Africa (MISA) Mozambique
International Association of Women in Radio and Television (IAWRT) Kenya
Freedom Forum (Nepal)
IFOX/Initiative for Freedom of Expression-Turkey
Palestinian Center for Development and Media Freedoms (MADA)