What is the UN Convention Against Cybercrime?

Image of lights out of space - Destination Certification

Last week, the final draft of the United Nations Convention Against Cybercrime was released. However, the treaty still needs to be ratified by forty countries before it can enter into force. So, what is the UN Convention Against Cybercrime, and what will happen if it does get approved?

The treaty is aimed at:

Strengthening international cooperation for combating certain crimes committed by means of information and communications technology systems and for the sharing of evidence in electronic form of serious crimes.

In other words, it is focused on enhancing collaboration between countries in relation to cybercrime. Its purposes include:

  • Promoting measures to effectively combat and prevent cybercrime.
  • Strengthening international cooperation to combat and prevent cybercrime.
  • Facilitating capacity building and technical assistance to combat and prevent cybercrime, with a focus on aiding developing countries.

Why do we need a treaty on cybercrime?

One of the main issues that we face with cybercrime is that the malicious actors are often outside of the jurisdiction where a crime was committed. If your company is US-based and it gets hacked by someone in the US, it’s much more straightforward to prosecute them than if the hacker is in another country.

These problems are especially difficult to solve if the hacker is in an unfriendly country—or is an unfriendly country. You can’t just send the FBI to a hostile state on the other side of the world and expect the local authorities to hand over the perpetrator.

One of the central issues is that the Internet enables international attacks, but our legal systems aren’t great at dealing with them—we need more international cooperation if we want to be able to minimize the impacts of cybercrime. The treaty aims to smooth over some of these issues. However, as with many aspects of international law, the treaty is going to be far from a perfect solution to the problems.

What types of cybercrime does the treaty address?

Among the provisions of the treaty, countries will need to establish laws that criminalize:

  • Unauthorized access to information communication technology (ICT) systems.
  • Unauthorized interception of non-public data.
  • Unauthorized interference or tampering with data.
  • Unauthorized interference with information communication technology systems.
  • Obtaining, producing, selling, procuring, importing or distributing devices (including software) that are primarily designed for committing any of the four above-mentioned offenses.
  • Data forgery.
  • The unauthorized modification of data, interference with ICT systems, or deception through ICT systems, which results in the loss of property to victims.
  • Producing or distributing child sexual exploitation material.
  • Using ICT systems for the purpose of committing a sexual offense against a child.
  • Laundering the proceeds of crime.

Are there downsides to the treaty?

Many organizations have expressed their concerns about human rights issues in the wording of the treaty draft. While these issues should be taken seriously, as cybersecurity educators, they are a little outside of our wheelhouse. If you want knowledgeable opinions on these human rights concerns, you should check out what the EFF, Human Rights Watch, and others have to say.

What happens now that the United Nations Convention Against Cybercrime draft has been finalized?

The treaty must get ratified by at least forty countries before it will take effect, so at the moment, nothing is set in stone. It could take substantial time for it to get passed and for the provisions to be implemented in each country. Even if it does get implemented, it’s hard to ascertain how it will impact the cybercrime landscape at this stage. We can hope that the treaty will make it far easier to crack down on international cybercrime, but we will have to wait and see.

Image of the author

Cybersecurity and privacy writer.

Would you like to receive the DestCert Weekly via email?

Your information will remain 100% private. Unsubscribe with 1 click.

Page [tcb_pagination_current_page] of [tcb_pagination_total_pages]