weerapat1003 - stock.adobe.com

Developing nations need the UN cyber crime treaty to pass

The UN cyber crime treaty is flawed but represents a move in the right direction for developing nations seeking greater digital sovereignty

After three years of ideological wrangling, the United Nations (UN) committee tasked with creating a new global cyber crime pact finally approved a draft framework on August 9 . The treaty represents an imperfect solution to a wicked problem of worldwide importance. The UN General Assembly will vote on it in this autumn, requiring support from 40 member states to be ratified.

A 2019 Russia-sponsored resolution initiated the committee’s process. But Moscow and other illiberal regimes now argue the proposed treaty is undermined by a straitjacket of human rights protections. Some liberal voices meanwhile claim it will usher in a new era of pervasive state surveillance. The truth is likely in the middle. And getting lost in the rhetoric are the interests of developing nations.

The total cost of cyber crime this year is forecast to eclipse $9tn. Were it a country’s economy, it would be the world’s third largest. It’s poised to grow too — especially in the Global South, where digital literacy rates are lower and authorities lack the cybersecurity resources and expertise to mitigate online threats.

The committee’s draft text gives a roadmap for dealing with issues such as money laundering, fraud and child pornography through legally binding procedures, norms and requirements around international cooperation. It contains detailed stipulations for information sharing between governments and access to digital evidence by law enforcement agencies. This includes explicit safeguards for free expression.

However, some Western actors insist the treaty is a stealth means to legitimise digital authoritarianism under the guise of combatting crime. They have zeroed in on aspects of convention that permit states to request data from internet service providers and foreign authorities. In essence, this boils down to facilitating an expansion of cyber sovereignty – a national government asserting greater control over its domestic cyber space.

The nascent accord is “effectively a legal instrument of repression,” says the deputy director of Human Rights Watch. A policy director from the Electronic Frontier Foundation, a digital watchdog, called it a “blank check for surveillance abuses”. The head of an alliance of large tech companies posted on X (formerly Twitter) that global business want it abandoned.

It’s true: there is a real risk autocracies attempt to misuse the convention to monitor citizens, arrest opposition figures and silence dissent. Liberal democracies – including the United States, which has welcomed the treaty – must use the mechanisms enshrined within the accord to resist sharing data on human rights defenders, journalists, persecuted minorities and dissidents with regimes that will weaponise that information.

In a statement released in the final stages of negotiation prior to the treaty’s approval, Russia’s delegation to the talks criticised how human rights provisions embedded in five separate articles of the treaty could provide “legitimate options” to deny international requests from law enforcement agencies to share data and information.

The statement specifically highlights Article 24, which spells out restrictions to prevent law enforcement agencies from abusing their authority. A written submission from the British government provided to the UN committee during its second concluding session notes how “in the spirit of compromise”, the UK chose to support the treaty “on the basis of robust human rights safeguards that balance the Convention’s broad scope of international cooperation and intrusive procedural powers”.

As evidence, it points to Articles 6, 24 and 40 of the text, which respectively assert parties must maintain respect for human rights, adhere to obligations under existing international law and follow certain principles and procedures as it relates to mutual legal assistance. 

Invoking the authoritarianism versus democracy paradigm is therefore unhelpful. It is also hypocritical and paternalistic. After all, many intelligence agencies in liberal democracies have been keen users of commercial spyware technology. And such sentiment negates the interests of low- and middle-income countries that seek greater digital sovereignty to support their nation-building efforts.

By far, most of the 2.6 billion people that still lack internet access reside in the Global South. But more citizens and devices in developing nations come online every day. As these jurisdictions invest in connectivity infrastructure and gain internet users, valuable new data is generated that can turbocharge service delivery. Useful insights can be drawn from this information to solve development issues and improve people’s lives.

However, data access remains a problem. Possession and stewardship over it is still predominantly ringfenced by foreign tech companies. It’s reasonable to wonder if this might have influenced why so many of these firms oppose the treaty.

Because of their lack of state capacity, developing nations also require more robust information-sharing mechanisms between foreign governments and domestic law enforcement agencies. Indeed, South Africa’s representative celebrated the treaty for how it would provide technical assistance and capacity building in countries with less developed cyber infrastructures.

In its latest Global risks report, the World Economic Forum points to how more advanced cyber defences in the industrialised world are already redirecting criminal operations to prey on less digitally literate populations reliant on less secure infrastructure and systems. The report predicts that cyber crime, already prevalent in Latin America, “will continue to spread to parts of Asia and West and Southern Africa, as affluency grows and internet connectivity brings large swathes of the global population online”.

Developing nations need external support to properly defend against cyber crime within their jurisdiction. Bolstering local capacities in the Global South will improve domestic and regional economic resilience. It is also necessary to provide reassurance to support the creation of more equitable rules of digital trade.

And action is long overdue. The treaty’s creation represents a huge leap forward from the Budapest Convention, a framework to mitigate cyber crime devised by Europe in 2001. While commendable for its principles and concepts, critics – especially in the developing world – dismissed it as another attempt by the West to impose its values on developing nations.

“One of the complaints about the Budapest convention, or the Council of Europe treaty, was that it was negotiated by Europeans, and there wasn’t any involvement from the Global South or others,” Jim Lewis, the director of the Strategic Technologies Program at the Washington-based Center for Strategic and International Studies think tank, told tech media outlet The Record the day the new UN cyber crime treaty was approved at the committee level.

“Now we have a global compact that nations have agreed to that lets us move forward on cyber crime,” he added. “This is a global problem that needs to be addressed so if it can move us forward even a couple feet, it’s progress.”

Yes, the cyber crime treaty is flawed – yet still represents an improvement on the status quo. It should be ratified by the international community rather than torpedoed out of political rigidity. Developing countries deserve better.

Read more about cybersecurity

Read more on Diversity in IT