Civil society groups from around the world, including Media Rights Agenda (MRA), and some experts have called on the state delegations participating in the concluding session of the United Nations (UN) Ad Hoc Committee to ensure that the proposed Cybercrime Convention is narrowly focused on tackling cybercrime, and not used as a tool to undermine human rights.
In a statement issued on January 23, 2024, the groups noted that they have contributed time and expertise to improve the draft and ensure that it fully aligns with existing human rights law and standards, the principles of the UN Charter and the rule of law, as well as best practices to provide legal certainty in efforts to improve cybersecurity.
They raised concerns about the proposed text of the Convention which is informed by their experience and human rights advocacy around the world.
They added that national and regional cybercrime laws are regrettably too often misused to unjustly target journalists and security researchers, suppress dissent and whistleblowers, endanger human rights defenders, limit free expression, and justify unnecessary and disproportionate state surveillance measures.
According to the statement, throughout the negotiations over the last two years, civil society groups and other stakeholders have consistently emphasized that the fight against cybercrime must not come at the expense of human rights, gender equality, and the dignity of the people whose lives will be affected by this Convention.
The group further noted that the Convention should not impede security research and thereby resulting in insecurity
They also pointed out that robust and meaningful safeguards and limitations are essential to avoid the possibility of abuse of relevant provisions of the Convention that could arise under the guise of combating cybercrime.
Regrettably, the group highlighted that the latest draft of the proposed Convention, which is due to be finalized by February 2024, fails to address many of the significant concerns.
They believe that if the text of the Convention is approved in its current form, the risk of abuses and human rights violations will increase exponentially and result in a less secure internet.
They identified specific concerns with the latest draft which include:
- Over-broad scope, risking the criminalization of legitimate online expression.
- Inadequate protection for security researchers, whistleblowers, activists, and journalists.
- Insufficient references to human rights law and weak domestic safeguards.
- Lack of effective gender mainstreaming.
- Proposals for information monitoring and sharing that undermine trust in secure communications.
They recommended that the Convention should only move forward if it pursues a specific goal of combating cybercrime without endangering the human rights and fundamental freedoms of those it seeks to protect nor undermining efforts to improve cybersecurity for an open internet.
The groups agreed that the present draft text falls far short of this goal and these basic minimum requirements, and must be comprehensively revised, amended, or rejected.
Therefore, they called on state delegations to:
- Narrow the scope of the whole Convention to cyber-dependent crimes specifically defined and included in its text;
- Make certain the Convention includes provisions to ensure that security researchers, whistleblowers, journalists, and human rights defenders are not prosecuted for their legitimate activities and that other public interest activities are protected;
- Guarantee that explicit data protection and human rights standards – including the principles of non-discrimination, legality, legitimate purpose, necessity and proportionality – are applicable to the whole Convention. Specific, explicit safeguards, such as the principle of prior judicial authorization, must be put in place for accessing or sharing data, as well as for conducting cross-border investigations and cooperation in accordance with the rule of law;
- Mainstream gender across the Convention as a whole and throughout each article in efforts to prevent and combat cybercrime;
- Limit the scope of application of procedural measures and international cooperation to the cyber-dependent crimes established in the criminalization chapter of the Convention;
- Avoid endorsing any surveillance provision that can be abused to undermine cybersecurity and encryption.
The recommendations were submitted by the non-governmental organizations participating under operative paragraphs 8 or 9.
The full list of signatories supporting the statement is available at https://bit.ly/3StMXZ7.