UN cybercrime treaty enables authoritarian regimes, top think tank argues

The Foundation for Defense of Democracies said Thursday that the U.S. government should oppose a United Nations cybercrime treaty set for approval in Hanoi next week, on grounds that it will enable authoritarian governments to suppress dissent and target opposition voices.

The pact has been in the works for years and has the potential to rethink how countries prosecute cybercriminals. But the treaty has become a lightning rod for debate among Western officials and human rights groups amid fears that it will empower foreign adversaries to abuse the treaty’s cross-border policies for domestic repression.

For at least a year now, U.S. national security officials have been debating whether the treaty should get American approval, amid concerns the convention lays out broad definitions of cybercrime and surveillance without strong protections for individual users in their home nations. 

At the heart of the pact is a commitment to cross-border data sharing to help prosecute cybercriminals, but that could incidentally force the U.S. and allies to track people deemed dangerous to foreign adversaries, including those deemed criminal for just criticizing their governments.

“The treaty’s overly broad yet still vague definition of cybercrime and its emphasis on mutual assistance mean Russia could potentially use its terms to force Washington to acquiesce to or even assist Moscow’s own trumped-up criminal prosecutions,” an FDD blog released Thursday argues.

Ivana Stradner, the report’s co-author, told reporters this week that the treaty has “very little to do with cybercrime” and instead adds legal obstacles for Western democracies that already follow the rule of law, while countries like Russia and China are unlikely to hold themselves to the same standards.

Vietnam, a one-party communist nation where the pact will be signed, has arrested 40 people this year for crimes involving criticism of its government, Human Rights Watch said in a blog post this week. 

The lead-up to the treaty signing has had a long, complex history. Russia and China have long sought to replace the 2001 Budapest Convention — the leading global cybercrime treaty emphasizing privacy and free expression — with a UN-backed alternative that gives governments broader control over online content. That view has faced strong opposition from democracies that warn any vaguely written definitions of “cybercrime” could legitimize censorship and criminalize dissent under the guise of combating disinformation or extremism.

Last year, U.S. senators wrote a letter opposing U.S. involvement in the pact. 

Countries under the proposed treaty must adopt laws or procedures that permit their authorities to demand access to computer systems or stored data. The senators warned this could erode access to encrypted communications services and give broad jurisdiction back to a country’s own legal standards.

“In Iran, for example, the lack of such requirements could provide international legal cover for the regime’s efforts to promote the widespread surveillance and policing of women and girls. Likewise, the Convention compels countries to collect and share private internet user data with other countries regarding a wide range of crimes,” they wrote at the time.

But the pact could also help the U.S. coordinate better with allies when tracking criminal hackers, nation-state cyber threats or targets involved in egregious crimes like the possession and distribution of child sexual abuse material, a former U.S. official said last year.

The White House and Department of Justice did not immediately return requests for comment.