THE WASHINGTON FOREIGN PRESS CENTER, WASHINGTON, D.C.
MODERATOR: Good morning, and welcome to the Washington Foreign Press Center briefing. My name is Leah Knobel, and I am the moderator for this briefing.
Today we are joined by Ambassador Deborah McCarthy, senior advisor for the Bureau of International Narcotics and Law Enforcement Affairs at the Department of State. Ambassador McCarthy will brief on the UN Cybercrime Treaty negotiations in her capacity as the lead negotiator for the United States to the ad hoc committee to elaborate a UN Cybercrime Convention.
This briefing is on the record, and a transcript and video will be posted to our website, fpc.state.gov, later today. Journalists joining us, please take a moment now to rename your screen name with your name and outlet.
And with that, I am going to turn it over to Ambassador McCarthy for her opening remarks.
AMBASSADOR MCCARTHY: Thank you, Leah. And thank you all that are joining us today to talk about this somewhat technical and complicated issue, but which affects citizens across the globe who were affected by cyber crime.
For the key element in these discussions at the United Nations, which have been going on for two years, is define mechanisms so that our law enforcement can cooperate to go after cyber criminals. We’ve gone, as I noted, through two years of discussions, and we’re poised to enter the last round of negotiations at the end of July and early August. And we’ve made significant progress, although not all elements are agreed to.
A key objective of the United States is to find a narrow, practical criminal justice instrument that, obviously, will respect human rights and provide for safeguards, but also provide – and also provide – excuse me – a means to have electronic evidence for serious crimes, and gives tools to the experts who will be implementing this agreement.
Negotiating the agreement is part of a critical element also as part of our Cyberspace and Digital Policy Strategy, our new, International Cyberspace and Digital Policy Strategy. We want to focus on establishing an instrument, as I note, that will help our law enforcement, but also provide another critical element, which is capacity building across the globe. The United States provides enormous capacity building as part of its efforts across – on cyberspace, both on cyber crime, cyber security, and also bridging digital divides. And that is an element which is important to many of the countries that are negotiating this instrument.
We also need to think of the other critical elements of this instrument as we go into the last round, and that is to remain within a narrow scope, as I mentioned at the beginning, of cyber-dependent crimes, a very limited amount of cyber-enabled crimes, specifically those that affect children, on which we could agree, and to add elements that are very practical in this instrument.
We emphasized the issue of human rights and safeguards, for in giving powers to law enforcement to work across national boundaries we are very conscious of the fact that these powers can be abused, and they need to be caveated. Therefore, in our negotiations, a key element, working with a lot of the like-minded countries, is to have significant human rights provisions and safeguards which, effectively, in simple terms, allow countries to turn down requests for information or for cooperation in cases of discrimination for political belief, as an example, and in other cases where it is clear that the request is based on an attempt to silence someone or to pursue them for political reasons.
As I note, seven rounds and a last one at the end of July. We have worked closely with partners across the globe, and those engaged in the negotiations include both foreign affairs professionals and prosecutors, which has been a great addition to the process, for they’re the ones who will be implementing this process.
This instrument is part of a broader set of tools that the United States has to pursue cyber criminals. As many of you know, we already have the Budapest Convention, but we also have other instruments that we use. We have often pursued cyber criminals under the UNTOC agreement, under the UNCAC agreement. We also have bilateral agreements with a number of countries. We also have, with a number of countries, extradition treaties. And we’ve also worked through other UN instruments, such as the CCPCJ.
But this instrument will add a sort of a global dimension to these efforts to have all UN member states participate. We are seeking to work with the chair and member states to have this adopted by consensus. That still remains very much a goal of the United States. And we will enter this last round looking carefully at key elements of the text, to include a couple of additional things that I think are important to add, which is we think this treaty should be – should be come to agreement, should be implemented by member states, and begin to operate before we have discussions, as has been suggested in drafts, to immediately start talking about amending the instrument to include additional crimes. And also we think that we very much need to focus and have this instrument be clearly understood by the practitioners by having a very simple title to the agreement, so when reference is made it’s clear what it is and what it is not.
So I think I’ll stop at that and open it up to questions, because I’d rather have a back and forth on what your interests are and your particular views on it. But thank you.
MODERATOR: Thanks, Ambassador, for those remarks. We’ll now turn to some questions.
Journalists joining us, please click on the hand icon at the bottom of the screen if you have a question. When I call on you, please unmute yourself, turn on your camera to ask your question, and also introduce yourself and your media outlet.
Okay. Song with Yonhap News, go ahead, please.
QUESTION: Can you hear me?
MODERATOR: We can hear you.
QUESTION: Oh, thank you. Thank you for this opportunity. As a South Korean, we always have concern about North Korean cyber threats. So do you have any expectation vis-à-vis how this treaty would affect North Korea’s malicious cyber activities? And how do you assess progress in international efforts to identify and disrupt North Korea-related cyber activities? Thank you.
AMBASSADOR MCCARTHY: Thank you for your question. I need to note at the outset that we’re operating under at the UN and are focusing on law enforcement’s ability to exchange information and to cooperate together. This is not an instrument that seeks – as is being done in other instruments and other discussions in the first committee of the UN – to examine – excuse me – to develop rules of the game, so to speak, for state-sponsored cyber activity. So that’s a clear distinction in this effort.
It is clear that some countries will be cooperating more effectively than others. And there is not necessarily great expectations of exchanges of information, and that is why in particular it is critical that we have certain key human rights and safeguards in this particular instrument. But as I note, this is not an instrument that seeks to develop rules for state-sponsored cyber activity.
MODERATOR: Thank you. We’ll turn to a pre-submitted question now. Mohamed Maher from Al-Masry Newspaper in Egypt asks: “Which Middle East countries are actively participating in the UN Cyber Crimes Treaty negotiations? Can you elaborate on any collaborative efforts between the United States and Middle Eastern countries to address cyber crime under the new treaty framework?”
AMBASSADOR MCCARTHY: Thank you for the question. In fact, many countries in the Middle East have been quite active in these negotiations. I note Yemen, Jordan, Qatar, Saudi Arabia, UAE, Israel, but almost all have been quite active. And I note that the chair, in the effort to come out with a global instrument, has been looking at regional instruments that already exist, including the Arab League Convention on Cyber Crime.
With regards to the negotiations, there have been areas of convergence with many of the countries in the Middle East, and there have been areas where we have differences. I would say, to better understand the dynamics, the issues of convergence is that we have agreed to a narrow list of cyber-dependent crimes. We’ve also agreed on the sharing of electronic evidence for serious crimes. We also very much agree on the need for capacity building, and we also agree that certain categories of citizens are vulnerable, such as children.
Where we have some differences is we are not covering all cyber-enabled crimes – in other words, traditional crimes that are facilitated through the use of the internet. And we are not – and the U.S. cannot agree to language which has been proposed by some for obligatory transfer of technology. We believe there – it should be done through discussions between member states. And we’ve also had some differences on levels of safeguards for cooperation, but we’re – we’ve been working through those. And then there’s some technical differences between prosecutors, where a definition in one country doesn’t apply to another, and we have to come up with some common language.
But it has been very useful, as I noted in the beginning, to have the practitioners in the room who can sometimes untie these knots that we run into to come up with language that can be clearly understood by those who would implement this instrument should we get to a – excuse me – a final agreement.
MODERATOR: Thank you. Again, if anyone has a question, please raise your virtual hand and I’ll call on you. For now we’ll take another pre-submitted question: “What are the U.S. goals for this upcoming concluding negotiation session at the end of the summer?”
AMBASSADOR MCCARTHY: Well, as we approached this last round – and I note that the mandate given by the General Assembly will terminate after this session, so the pressure is on in the last two weeks of negotiating – we have a draft of the final agreement, and we see that the chair has done incredible work in trying to bridge some differences. And this rev three, as we’re calling it, is moving in the right direction.
We want to ensure as – one of our key goals is to ensure that the human rights provisions and the safeguards that we and others have proposed remain in the instrument, and we’re seeing some good language in this latest version. We also believe that we need to continue to be focused on a narrow set of cyber-dependent crimes and note that the draft language of an accompanying resolution calls for immediate – almost immediate discussions of adding many cyber-enabled crimes when the initial instrument will not have been ratified, let alone put into practice. And that is something that we are concerned about.
And related to that, a lot of countries, the small countries, have devoted a lot of resources to these negotiations. And at the prospect of continuing in another format to keep adding crimes onto it, that’s quite a daunting task for most of them. And then last but not least, there’s the issue of the proper title, which I mentioned earlier.
We also see this last round as also an opportunity to have a more in-depth discussion about capacity building, which is so badly needed by so many states. And I note that we have a number of programs – there are other large donors that have a number of programs – but we also have the private sector that through directly or through associations also engages in a lot of capacity building, and that, we think, is important. Obviously, the government efforts are the ones that are enfolded in this instrument.
And then a couple of other things that are important as we go into it. Multi-stakeholders – that is, companies, human rights groups, associations that follow many elements in cyberspace – have been really, really important in this process. They’ve given us valuable input, and also we believe that this instrument should include their continued role in the future in any review of the instrument. Because the technical ability lies with, frankly, the private sector, and most of our critical infrastructure is in the hands of the private sector. They suffer from cyber crime, and therefore we need their input as to how technology has changed, how they – criminals have used new and different methods, et cetera. And then we also need a lot of – excuse me – the human rights community to be sort of the watchdogs, as I call them, on how this instrument is being applied by law enforcement. As one of our partner nations said, they need to apply it properly, and that will be a role that they will play.
So these are all elements that are very important. And all this is also taking place in the context of other elements that – where the United States is playing a leadership role, and that is on the Ransomware Initiative, the Declaration on the Future of the Internet, the Freedom Online Coalition. So this is also echoing in those areas, which I think is important and where we have great partners in the effort of both management of cyberspace and also of bridging digital divides and fostering digital solidarity. That’s another key element that I think is important to underline.
MODERATOR: Thank you. We have another pre-submitted question: “What will the benefit to governments be of joining this treaty?”
AMBASSADOR MCCARTHY: A number of elements. One – I’ll point out two critical things, which is for the first time there will be in an international instrument at a global level the ability to share electronic evidence and avoid the old-fashioned way of submitting things with (inaudible) through embassies, in paper, et cetera. So that is – that is a big advancement.
The other thing is – is clear rules for cooperation. When requests come in, the treaty has done quite a good job of outlining what the rules are, what the key elements of cooperation should be. And particularly for countries that have limited resources, it is – it’ll be crystal clear what they can ask for, what assistance they can get, where cooperation can take place, and including – for example – a 24/7 network so they know clearly who to go to when they need information quickly, for that is always – that is always a challenge.
And then another important element is also delineating when cooperation is not possible and where a country can decide not to cooperate for certain standards have been not adhered to in the request or the purposes for the request. And so that is also very much an important element. And as I keep repeating, since those who are going to implement the instrument are often part of the negotiating teams, they’ve made sure that we have kept as clear a language as we possibly can.
MODERATOR: Well, thank you so much, Ambassador. Seeing no other questions. This ends the Q&A portion of our briefing. Do you have any final remarks or thoughts you’d like to share?
AMBASSADOR MCCARTHY: To wrap up just a couple of key points, which is this is an opportunity to have an international – a global instrument – I note there’s many regional instruments, and it is the first cut at trying to do this. All delegations have worked very hard to bridge divides, and I think we are in a relatively good place. We can’t forget the purpose, which is to enable our governments and our law enforcement to fight prevalent cyber crime that affects all our citizens and particularly vulnerable groups, and that is an element that is also contained within this instrument. So it’s a very serious effort.
The U.S. is committed. We hope we come out with a rights-respecting instrument that we can adhere to and have ratified by Congress, and we are going to pursue working with allies and partners to ensure that the level, the quality of the instrument is very high.
MODERATOR: Great. Well, thank you so much to you, Ambassador McCarthy, for sharing your time with us this morning, and thank you to all the journalists who joined us. This concludes our briefing this morning. Thank you very much.