Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Tech companies call for changes to draft UN Cybercrime Convention

The Cybersecurity Tech Accord would like to see stronger protections for researchers, pen-testers, and journalists and greater restrictions on access to personal data.

user icon David Hollingworth
Tue, 30 Jul 2024
Tech companies call for changes to draft UN Cybercrime Convention
expand image

More than 150 tech companies have come together to urge the United Nations to make a raft of revisions to the current final draft of the UN Cybercrime Convention.

According to the Cybersecurity Tech Accord, the current language of the convention could lead to human rights abuses and criminalising the work of penetration testers, ethical hackers, security researchers, and journalists.

UN member states are currently convening the final round of negotiations on what will eventually become the first global treaty on cyber crime, with talks running from 29 July to 8 August. The current draft was published on 23 May, and the Tech Accord is pleased with the changes already made but is calling for more work to be done.

============
============

A key concern of the Tech Accord is a need for more transparency in the convention as written.

“Eight articles of the draft treaty require keeping aspects of cooperation ‘confidential’ even when this is no longer necessary for an investigation or prosecution,” the Tech Accord said in its 29 July submission to the convention’s concluding session.

“To make matters worse, while states are free to implement procedural law protections … none would be obligated to do so.”

There are also concerns that the personal information of “persons of interest” could be shared between nations, and even if not charged with any offence, those individuals may never know how that data is being used, “rendering them unable to defend their rights”.

“In its present form, the convention will result in more individuals’ private information being shared with more governments around the world, with no requirement that state parties allow legal challenges to problematic requests and without any transparency or accountability mechanisms,” the Tech Accord said.

The Tech Accord’s submission also notes that while the work of ethical hackers is vital to modern cyber security, the convention’s wording could leave them open to criminal liability, given their work often involves some form of ‘unauthorised’ access to networks and systems. The Tech Accord feels that anything that might restrict or suppress the work of ethical hackers could unintentionally lead to a less cyber secure environment and a greater risk of cyber attacks.

“Last but not least, the issues with the intent in the criminalisation articles could also allow the activities of journalists, their sources and whistleblowers to be criminalised,” the Tech Accord said.

Another key concern is how the convention treats child sexual abuse material. For example, children taking “naked or sexually suggestive selfies” could find themselves liable to criminal charges under the convention’s current draft wording.

“The adoption of provisions that facilitate the criminalisation of children in articles which are supposed to protect them from harm should be unacceptable to everyone,” the Tech Accord said.

Speaking to the Security Media Group, Nick Ashton-Hart – the Tech Accord’s head of delegation – said that tech firms were feeling “abandoned” by the UN.

Ashton-Hart said that the EU and the US were “failing to take on board many of the key concerns of the private sector or civil society”.

The Cybersecurity Tech Accord’s signatories include Cisco, Avast, Cloudflare, Dell, and Meta.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.