Trust and Security digest (January 2023)

26 Jan 2023

This extract is taken from the January 2023 issue of The digest, GPD’s newsletter. Sign up here.


The UN’s proposed cybercrime convention: what’s the latest?

Last week, GPD’s cyber team were in Vienna for the fourth meeting of the UN Third Committee’s Ad Hoc Committee on Cybercrime (AHC), which is currently discussing a proposed convention on cybercrime.

At this meeting, states had their first opportunity to negotiate the text of the first three chapters (on criminalisation, procedural measures and general provisions).

Ahead of the meeting, GPD and other organisations had flagged a range of concerns about the convention from a human rights perspective—making three key recommendations:

  1. Focusing the convention narrowly on core cyber-dependent crimes
  2. Excluding cyber-enabled offences and particularly the content-related offences (which risk capturing the lawful expression and legitimate activities of human rights defenders, whistleblowers, security researchers, and others)
  3. Stronger safeguards to limit the scope of procedural and investigate powers, and ensuring these powers apply only to core cybercrimes

We’ll be providing a fuller analysis of the meeting in a blog next week. But on first impressions, the picture was mixed.

A minority of states (Russia, Iran, Singapore and others) remain strongly opposed to the inclusion of a dedicated human rights safeguards provision. It was also concerning to hear some states questioning the applicability of agreed principles of proportionality and necessity to the use of states’ investigative powers.

More positively, we were pleased to hear other states make clear that their support for the convention would be contingent on the inclusion of a dedicated safeguards provision. As it’s a consensus-based process, this could present a major roadblock for passage of the convention—which is not necessarily a bad outcome. As we’ve said elsewhere, we’re unconvinced by the necessity of the convention; and a global convention without the requisite safeguards would be very bad news.

Certain states pressed for the inclusion of a range of content-related offences, while others (including EU states) spoke on the need to narrow the scope. Troublingly, it seems some of these offences are likely to remain in the next version of the text.

Much will depend on whether the most rights-harming aspects of the current draft received sufficient condemnation for the chair to exclude them from the ‘zero’ draft in August this year. The zero draft is a fairly advanced stage of the treaty and negotiations over its contents will be even more politicised. We’ll be keeping a watchful eye on the process and continuing to advocate for a treaty which respects, protects and fulfils human rights.

Other cyber news

Back in December, the Open Ended Working Group (OEWG)’s Chair shared a calendar for upcoming meetings, including the two main substantive sessions of the OEWG (March and July 2023).

The call for NGO registration for the March session (6-10 March) has since been released, with a deadline of 3 February. No information regarding the informal consultations in March have been shared, but—based on previous discussions—these will likely be hybrid and open to all stakeholders (not just those accredited).

It’s likely that states who supported the Programme of Action will continue consultations and discussions on how to advance that proposal, but the main focus will continue to be the establishment of a UN Points of Contact Directory, a specific ‘confidence building measure’ designed to address escalation of tension.