On Monday 6 March, the UN in Vienna was addressing cybersecurity issues even before a sunrise greeted the beginning of the 67th CSW conference at the UN in New York.
When it comes to cybercrime, there have always been wide divisions in views on how it should be addressed and investigated. These divisions have largely mirrored an ongoing dispute at the UN which placed those who have historically supported an open, free, and secure internet against countries like Russia and China who advanced a more authoritarian model with expanded state control.
The Budapest Convention(2004) was originally thought to be the first treaty which dealt with crimes committed via the Internet and other computer networks, dealing particularly with infringements of copyright, computer-related fraud, child pornography and violations of network security. But based on meetings which have extended to March 6-7, 2023, the world’s first cybercrime treaty may not only face an update, it may be shown the exit door.
Why is this the case? By 2023, the world faced a borderless realm of cyberspace in which there is a high level of anonymity in the digital space that enables criminals including those belonging to organised crime groups to commit crimes without being easily detected. This is compounded by the exponential growth in Internet usage, cloud computing, and the digital revolution. These hurdles have also created significant obstacles for law enforcement and for law enforcement as – more often than not- a range of electronic evidence relevant to the investigation and prosecution of crime ranging from basic subscriber information used to identify particular perpetrators to the content of emails can be stored in a different countries from the one where the original crime occurred or is being investigated. In many cases the perpetrators of these crimes, their victims and witnesses may be located in multiple jurisdictions throughout the world. Moreover, even when law enforcement knows where to go to request that data, and have countries who are cooperative, officers may have to go through bureaucratic “hoops” in order to access the data. This may also lead to lengthy delays. In other cases, when creating a search warrant or other tools for its investigation, law enforcement may not even have any idea where the data or entity with possession and control of the data is located and therefore be unable to create or serve a search warrant to obtain this information.
In February of 2022, negotiations for a UN treaty to counter cybercrime began. This is has been described by experts such as Joyce Hakmeh, as being significant for several reasons. To begin with, this is not only the first time states are negotiating a binding UN instrument on cybercrime, it is also the first time states are negotiating a binding instrument on any cyber issue. The convention also has “the potential of reducing impunity of cybercriminals by harmonising national approaches to criminalisation” and “could play a crucial role in improving international cooperation by providing effective investigatory frameworks and facilitating cross-border data-exchange. Moreover, the convention could also help build the capacity of countries with less experience in tackling cybercrime and provide the basis for technical assistance.”
But in order to successfully create such a convention, states need to agree on key issues such as what is a cybercrime and what should be included in the scope of the treaty. It is regarding the scope of such a treaty that should cause us to monitor these negotiations with great interest. Why? Experts such as Isabella Wilkinson and Amrit Swali acknowledge that “vulnerable and marginalised groups offline face newfound, rapidly evolving, and ill-defined threats online” and that most states agree that “provisions for protecting vulnerable groups are important.” However, they also observe that there is a “continued disagreement on defining and protecting vulnerable groups which has resulted in tension, particularly in discussions around gender considerations, combatting child sexual abuse materials (‘CSAM’) and victim and witness protection. These tensions are the product of divergences in national cultural norms, political values, and existing anti-cybercrime frameworks.”
We have been warned of existing tensions. As such we must take steps to support states which seek to ensure that any cyber treaty includes concrete and effective mechanisms to protect vulnerable groups including those who are frequently victims of cybercrimes such as women and children. To do otherwise is to allow a treaty and legacy which is doomed to fail.