The UN Cybercrime Convention turns out to be a surveillance agreement that tramples on human rights and endangers IT security experts and journalists worldwide. This treaty must not be ratified in Europe.
Well over a hundred NGOs, human rights and journalist organizations and tech business associations warned against adopting the UN Cybercrime Convention proposed by Russia. But dozens of suggestions for improvement put forward by representatives of these organizations in the UN negotiation process were largely ignored.
The treaty text adopted on Thursday is a dangerous failure. It contains extensive surveillance provisions that would have to be implemented by the UN states, but without safeguarding these powers with minimum legal standards. Included are broad powers for real-time collection of telecommunications metadata and interception of communications.
The treaty is to be implemented worldwide, including in dictatorships, autocracies and other states whose human rights standards and data protection rights are below average. Many of these states do not have checks and balances on the use of surveillance powers, nor do they guarantee minimum standards for confidential information. The far-reaching surveillance practices of the Cybercrime Convention would become mandatory there – without human rights-respecting legal protection for those affected.
In the last round of UN negotiations, none of the Western states, which usually are prone to emphasize their commitment to human rights, made any attempts to avert these dangers. The treaty text does not contain minimum standards for data protection, but it does include an expansion of global cooperation with law enforcement agencies and intelligence services.
Spokesman for the Chaos Computer Club (CCC), Dirk Engling, demands: „Every state that is serious about respecting human rights and the right to privacy must reject this treaty. This surveillance madness must not be ratified in Europe.“
Criticism has been voiced for many months that IT security researchers, hacktivists, journalists and human rights activists are at risk due to the broad scope of the treaty. The Cybercrime Convention lacks clear definitions that would allow IT security researchers and journalists to work without fear of repression.
Journalists and activists are even particularly endangered by the treaty. This is because UN states could become complicit in the transnational repression of journalists, activists or dissidents by regimes by being obliged to hand over their data.
If the Cybercrime Convention is adopted by the UN General Assembly in September and becomes legally binding with the approval of forty states, potentates around the world can laugh up their sleeves: They would not have to worry about human rights and essential data protection principles or judges’ approval of surveillance before it happens, or ensuring the measure is legitimate, necessary and proportionate. This is because safeguards are not explicitly prescribed in this caricature of a treaty.
The risk of human rights violations and the risk of abuse of the far-reaching surveillance powers are therefore not only present, but programmed.