Trust and Security digest (August 2021)

9 Sep 2021

This extract is taken from the August 2021 issue of The digest, GPD’s newsletter. Sign up here.


UN cybercrime treaty discussions: an important development

A new Ad Hoc Committee (AHC) at the UN’s Third Committee will soon be holding negotiations around a treaty on cybercrime. The end of July saw an important development on this front, with Russia putting forward its proposal for a draft Convention.

Its lengthy and detailed proposal suggests including 23 cybercrimes— from malware research to content-related offences related to ‘terrorism’ and ‘extremism’ and the ‘creation and use of digital data to mislead users’. This is very concerning from a human rights perspective. By vastly increasing the number of cybercrimes covered in the only existing multilateral cybercrime convention (the Budapest Convention, which lists nine), and leaving a very wide scope to state parties to define the means of investigating and prosecuting these crimes, the new text would open the door to almost unfettered law enforcement access to data.

Russia has been spearheading the initiative to develop a new Convention and so it is unsurprising they have so far been the most proactive and detailed in their input. However, this is only the beginning of the treaty process—other UN member states are free to put forward their own counter proposals. They’ve been asked by the AHC Chair to give their views on the scope and aims of the Convention by 29 October—a great opportunity for states engaging in the AHC to reach out to civil society and other non-state actors, and ensure that their crucial input is meaningfully included in the process. We know from the modalities adopted in May that NGOs with ECOSOC status will be able to register to take part in the negotiations, beginning with the first meeting taking place from January 17-28. Non-ECOSOC NGOs may also be able to participate—although this will depend on no state objecting to their participation.

NGO engagement will be critical to ensuring that the treaty does not become a means to encode dangerous new standards at the international level that could negatively impact human rights. As has been noted recently, there is already much that states can do to address cybercrime in a rights-respecting way—from promoting strong security standards to investing in rights-respecting capacity building for law enforcement.

In other news

  • Over at the First Committee, July saw the release of the GGE’s final report, along with a compendium of state views on the application of international law in cyberspace (an advance version was released in May without this list). This should serve as an important resource both for fostering a collective understanding of how international law applies in cyberspace, and holding states to account for their actions.
  • As part of the Global Encryption Coalition, we signed onto a joint letter calling on Apple to abandon its (now postponed) plans to build surveillance capabilities into iPhones, iPads and other Apple products, which we discuss above in more detail.


Listening post

Your monthly global update, tracking relevant laws and policies relating to the digital environment.

On the trust and security side, a few updates on laws relating to cybersecurity and cybercrime:

  • Zimbabwe’s Cybersecurity and Data Protection Bill has been recommitted to the Senate.
  • Cuba published a series of decrees on telecommunications, including the internet and radio, and also a resolution on cybersecurity.
  • Barbados is working on cybercrime legislation in line with the Budapest Convention.
  • The government of Papua New Guinea is also holding an online consultation on its draft National Cyber Security Policy.