UN Approves Cybercrime Treaty Despite Major Tech, Privacy Concerns

The treaty would allow any country to request technology firms to aid in cybercrime investigations and preserve data about their users — potentially imperiling penetration testers and security researchers, among others.

A United Nations committee has advanced the final draft of a treaty intended to combat cross-border cybercriminal organizations, but opponents warn that it contains few safeguards for human rights and could be used by repressive governments to prosecute journalists, cybersecurity researchers, and protesters.
If adopted by the UN General Assembly, the UN Convention Against Cybercrime would require any nation that signed the treaty to make it a criminal offense to access ... an information or communications technology (ICT) system without right or to intercept data or communications. In addition, the treaty would require that signatories have a mechanism to preserve stored data and some components of traffic data, according to the draft.
The treaty, passed on Aug. 8, will require a wide variety of companies — financial services, travel, technology, and telecommunications firms — not only to support domestic law enforcement, but to help with requests from treaty signatories, says Nick Ashton-Hart, head of the Cybersecurity Tech Accord delegation to the negotiations.
Unfortunately the draft adopted doesnt resolve any of the issues we raised, or that any other part of the private sector or civil society raised, he says. Security researchers and penetration testers — as well as investigative journalists, whistleblowers, and others — are at risk of criminal prosecution because of the poor and vague wording in the criminalization chapter.
The UN Convention Against Cybercrime
is not the first treaty to address the needs of nations who want to collaborate to fight cybercrime. The Council of Europes Convention on Cybercrime, often called
the Budapest Convention
, has provided a framework for cooperation since 2001. Most European countries, as well as the United States, Japan, and Brazil,
are among the more than 75 signatories
.
The UN treaty is not without its supporters. Russia
proposed the UN-based cybercrime convention in 2017
, and
Vietnam is a vocal proponent
— but both countries are not part of the Budapest Convention. There is no longer any way to edit the text of the treaty, which will be adopted by the General Assembly in the next session, which starts in September, says Ashton-Hart.
Its unlikely that the US or Europe will adopt the conventions legislation requirements, he says.
Because the convention allows all cooperation to take place in perpetual secrecy and has no oversight mechanism, the convention invites abusive requests for cooperation that can be used to undermine secure systems relied upon by billions of people and millions of enterprises each day, he says. Without [cooperation] from the US and EU, theres little value in anyone else joining this. They can join the Budapest Convention, which is working today, and get what they need instead.
Underscoring the situation, the section Article 24: Conditions and safeguards is left blank in the latest version of the treaty.
The US State Department stressed that while the fight against cybercrime is extremely important, without protections, the UN treaty could be used by governments to curtail freedom of speech and target journalist and protesters.
The United States will continue to strongly condemn and work to combat the persistent human rights abuses that we see around the globe by governments who misuse and abuse cybercrime laws and other cyber-related statutes and tools to target human rights defenders, journalists, dissidents, and others, State Department spokesman Matthew Miller
said in a statement
.
The US and technology companies are not the only opponents of the UN Convention on Cybercrimes language. The Freedom Online Coalition (FOC) — a group of 40 nations supporting human rights — opposed the current draft of the UN Convention Against Cybercrime, citing concerns that it could be used by repressive governments to undermine human rights. The FOC, established in 2011, includes the United States, Australia, the United Kingdom, European Union members states, and other nations, such as Mexico, Tunisia, and Japan.
The UN Convention Against Cybercrime is critical to enhancing collaboration between nations to combat and prevent cybercrime and to enable the collection of electronic evidence, but more safeguards need to be included,
the FOC stated in a July 26 statement
.
Ensuring broad and effective cooperation in this treaty requires concrete safeguards and human rights protections must be built into the treaty framework, the group said. Among these provisions, we particularly emphasize ensuring that the treaty cannot be used domestically or transnationally to facilitate the suppression of conduct protected by international human rights law.
The UN Convention Against Cybercrime moves to the general assembly, where it can be adopted by a yes vote of 40 members.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
UN Approves Cybercrime Treaty Despite Major Tech, Privacy Concerns