Aside from enabling potentially increased government surveillance powers, the UN cybercrime treaty also lacks protections for surveillance targets and ethical hackers, according to Microsoft.
“We need to ensure that ethical hackers who use their skills to identify vulnerabilities, simulate cyberattacks, and test system defenses are protected. Key criminalization provisions are too vague and do not include a reference to ‘criminal intent,’ which would ensure activities like penetration testing remain lawful,” said Microsoft Associate General Counsel for Cybersecurity Policy and Protection Amy Hogan-Burney in a LinkedIn post.
However, such concerns for the treaty, which has been backed by both China and Russia, could still be addressed as negotiations continue until Sept. 1, said former U.S. cyber diplomat Chris Painter.
“In particular, the scope issue is critical as Russia and its allies want a very broad scope that risks criminalizing dissent and other things we believe should be protected. There isn’t really much of a middle ground here so this threshold issue (as well as others) is critical,” said Painter.