Amy Hogan-Burney, Associate General Counsel, Cybersecurity Policy & Protection at Microsoft, has voiced concerns about a Russia-led United Nations (UN) cybercrime treaty.
As the global menace of cybercrime gains sophistication and extends its reach, a united front is crucial to effectively combat these digital threats. Concerted cooperation between law enforcement agencies, governmental bodies, international partners, and private corporations is required.
However, a formidable challenge stands in the way: the lack of consensus on the definition and parameters of cybercrime, impeding seamless cross-border coordination and collaboration.
At the forefront of this ongoing discourse, the UN has entered the 6th round of negotiations, seeking to navigate the complexities of cybercrime through a potentially transformative cybercrime treaty.
The draft treaty (PDF) – originally proposed by Russia, with support from countries including China and North Korea – aims to establish shared definitions that foster global cooperation in tackling cyber threats while shaping international law.
Hogan-Burney highlights that its ambiguous language may yield unintended consequences, potentially transforming it from a weapon to fight cybercrime into an instrument enabling intrusive data access and surveillance. This, in turn, could inadvertently empower authoritarian regimes to exploit the treaty’s provisions under the guise of counteracting cyber threats.
To ensure that the treaty aligns with its intended purpose of bolstering cybersecurity efforts, nations must come together to forge a treaty that avoids enabling the misuse of power. It should prevent authoritarian states from misusing the treaty to censor online content, expand surveillance powers, grant unbridled access to personal data across borders, or criminalise essential security practices due to vague wording.
One of the major concerns surrounding the draft treaty is its wide-reaching provisions concerning government access to personal data, including real-time surveillance. This could potentially be executed without notifying the subjects under investigation or even the nation in which they reside, leading to significant privacy and human rights infringements.
This expansion of surveillance capabilities could clash with global data protection norms and initiate jurisdictional disputes, undermining rather than enhancing global efforts against cybercrime.
Moreover, there’s a call to safeguard legitimate cybersecurity endeavours that contribute to a secure digital landscape. Hogan-Burney’s insights emphasise the need to address vague criminalisation provisions that lack the inclusion of “criminal intent.” This omission puts activities like penetration testing, a critical cybersecurity practice, in jeopardy.
In a LinkedIn post, Hogan-Burney explains:
“The text also does not contain language protecting lawful cybersecurity work that keeps the digital ecosystem secure. We need to ensure that ethical hackers who use their skills to identify vulnerabilities, simulate cyberattacks, and test system defenses are protected.
Key criminalisation provisions are too vague and do not include a reference to “criminal intent”, which would ensure activities like penetration testing remain lawful.
In other words, unless these issues are addressed, the treaty could create the ideal conditions for cybercrime to thrive.”
The ongoing 6th session of UN negotiations is marked by slow progress, as nations grapple with the treaty’s content. The outcome remains uncertain.
As member states gather to deliberate on the next treaty draft, they are urged to adopt clear standards that strike a balance between safeguarding human rights and combating cybercrime effectively.
Key recommendations by Hogan-Burney include:
- Align the treaty with existing data protection standards to prevent conflicts and confusion.
- Criminalise core cybercrime offences while avoiding an overly broad definition of cybercrime.
- Incorporate human rights safeguards, such as oversight and effective redress mechanisms.
- Prevent the criminalisation of ethical hackers and cybersecurity researchers.
- Increase transparency in data requests and strengthen extradition measures to prevent safe havens for cybercriminals.
Microsoft’s efforts in this domain exemplify the potential of collaborative actions between governments, the private sector, and civil society to combat cyber threats. Hogan-Burney’s insights underscore the importance of a well-structured treaty, anchored in precise definitions and a commitment to human rights.
Such a treaty could serve as a powerful tool in the ongoing battle for a secure digital world. The stakes are high, and the outcome of these deliberations will have a major and lasting impact on global cybersecurity.
(Photo by Mathias Reding on Unsplash)
See also: Russian hackers suspected of cyberattack exposing data of 40M citizens
Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The event is co-located with Digital Transformation Week.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.