In the past year, cybercrime has grabbed headlines like never before. Cyberattacks have increased in frequency, scale, sophistication and, most importantly, impact on society. Ransomware attacks, in particular, have emerged as a global scourge, bringing down essential services like hospitals, city administrations, and oil and gas pipelines. It’s no wonder the international community regards these events with great concern and is eager to find solutions. However, as with any attempt to restrict criminal behavior, efforts to address escalating cybercrime must be carefully balanced alongside protections for fundamental freedoms and human rights online. Unfortunately, negotiations over a proposed new cybercrime treaty at the United Nations (UN), beginning early next year, have raised concerns that these rights and freedoms are being put at risk in the name of preventing cybercrime.
With these considerations in mind, today, the Cybersecurity Tech Accord joined the CyberPeace Institute and over 60 other private sector and civil society organizations in launching a Multistakeholder Manifesto on Cybercrime. The Manifesto is built around a set of principles, for both the negotiating process and the resulting content of any new cybercrime treaty. This ensures it reflects the voices of non-governmental stakeholders and safeguards human rights online as well as a free, open and secure internet. These principles should be recognized and embraced by all UN member states participating in the upcoming treaty negotiations.
In November 2019, the UN Third Committee passed a resolution, led by Russia, on “Countering the use of information and communications technologies for criminal purposes,” which was later adopted by the General Assembly. This resulted in a mandate to “elaborate a comprehensive international convention on countering the use of information and communication technologies for criminal purposes.” Negotiations are scheduled to commence in January 2022 and continue over a multi-year process. Unfortunately, the rights and freedoms we have come to expect online seem particularly at stake in these upcoming cybercrime treaty negotiations.
While there is certainly a need for greater international engagement and cooperation to combat rising cybercrime, it is not clear that these negotiations are a necessary or a good faith effort to do so. To begin with, some countries adamantly pushing for a new treaty are simultaneously tolerating cybercriminals operating within their own borders. Moreover, we should question a country’s motives in proposing a new international instrument rather than leveraging existing tools. While much of the world has adopted the Budapest Convention as the cornerstone of international cooperation on cybercrime, the proponents of a new treaty claim it needs to be replaced. However, they do not seem to propose any solutions that would increase cooperation on cybercrime in the place of the Budapest Convention.
While negotiations have yet to begin, the proponents of a new treaty seek to dramatically expand the current definition of “cybercrime” to include any content online that might threaten national interests. Such a change in definition would reshape law enforcement’s access to data and have significant implications for the technology industry to comply. In practical terms, it would undermine privacy protections, criminalize certain forms of free expression, and fundamentally change the role of governments in regulating content on the internet.
We need to do more, together, to prevent cybercrime, but this need not – indeed must not – mean sacrificing freedoms online. The truth is that, when it comes to cybercrime, a new treaty will not be a magic bullet, and real progress will be made by better implementing the expectations and best practices we already have for stopping criminal behavior online. This means building up the capacities of law enforcement agencies everywhere to uphold laws online, improving international cooperation across sectors in doing so, and requiring countries to exercise due diligence in preventing international cybercriminals from finding a safe haven within their borders. Perhaps most importantly though, we can all help combat cybercrime by making it harder for the criminals by diligently implementing the security best practices we already know.
The Cybersecurity Tech Accord is a global coalition of over 150 technology firms committed to four basic cybersecurity principles – better defense, no offense, capacity building and collective action. Ensuring we are able to work together across borders and stakeholder groups in tackling cybercrime is at the core of our mission. We hope states use the Manifesto we are releasing today to guide the drafting of any new instruments on cybercrime. A new treaty should not be used to undermine existing international legal obligations but focus on building up accountability and promoting international cooperation. We also call on others to join this cause and support the Manifesto to demonstrate that a multistakeholder approach is needed, desired and vital to address the transnational challenges of malicious use of information and communication technologies (ICT). Negotiations over the proposed treaty should be as transparent as possible, and we stand ready to engage.
Multistakeholder Manifesto on Cybercrime Signatories :
If your organization would like to add its name in support of the Multistakeholder Manifesto, please reach out to the Secretariat of the Cybersecurity Tech Accord here.
- 7amleh-The Arab Center for Social Media Advancement
- Africa Freedom of Information Centre
- Anne-Marie Slaughter – Bert G. Kerstetter ’66 University Professor Emerita of Politics and International Affairs, Princeton University
- Asia Internet Coalition
- Atlantic Arc of Cybersecurity & Digital Landscape
- Atlassian
- The Azure Forum for Contemporary Security Strategy
- Big Cloud Consultants
- Castroalonso LET
- Center for Democracy and Technology
- The Centre for Internet and Society
- Christopher Painter – President of The Global Forum on Cyber Expertise Foundation
- CIPESA
- Cris Thomas (Space Rogue) – Security Researcher
- Cyber Governance and Policy Center at the University of Oklahoma
- Cyber Project at the Belfer Center
- Cyber Threat Alliance
- CyberPeace Foundation
- CyberPeace Institute
- Cybersecurity Advisors Network (CyAN)
- Cybersecurity Coalition
- Cybersecurity Tech Accord
- CyberSolace Limited
- Cyberspace Cooperation Initiative at Observer Research Foundation America
- Derechos Digitales
- Digital Peace Now
- Diplowomen
- Dragos
- Eneken Tikk – Senior Advisor, Cyber Policy Institute
- ESET
- Fergus Hanson – Director, International Cyber Policy Centre
- FIRST
- F-Secure
- Fundación Karisma
- G DATA CyberDefense AG
- GitHub
- HackerOne
- Hitachi
- Identity Valley
- Institute for Security and Technology
- International Service for Human Rights (ISHR)
- Internet Sans Frontieres
- Javvad Malik, Security Professional
- Jokkolabs Banjul, Gambia
- Katie Moussouris – Founder and CEO, Luta Security
- Luca Belli – Director of the Center for Technology and Society at Fundação Getulio Vargas
- Luta Security
- Marc Rogers – Founder, CTI League
- Media Matters for Democracy
- Microsoft
- Myanmar Center for Responsible Business
- NetApp
- Ostrom Workshop Program on Cybersecurity and Internet Governance, Indiana University
- Packet Clearing House
- Paradigm Initiative
- Rapid7
- Ranking Digital Rights
- Redes Ayuda
- R Street’s Cybersecurity & Emerging Threats
- Samuelson-Glushko, Canadian Internet Policy and Public Interest Clinic (CIPPIC), University of Ottawa
- SAP
- Silverado Policy Accelerator
- Stiftung Neue Verantwortung (SNV)
- Swiss Digital Initative
- Tech Policy Design Centre, Australian National University
- USM Technology
- Vinton G. Cerf – Vice President and Chief Internet Evangelist, Google
- Wisekey
- World Wide Web Foundation, via The Contract for the Web