By Alina Clasen | Euractiv Est. 4min 09-02-2024 (updated: 13-02-2024 ) Content-Type: News News Based on facts, either observed and verified directly by the reporter, or reported and verified from knowledgeable sources. “While the negotiations have addressed some important problems in the text, many very significant issues remain unresolved, including transparency,” Nick Ashton-Hart, senior director at APCO Worldwide and head of delegation of the Cybersecurity Tech Accord, told Euractiv. [kckate16 / Shutterstock] Euractiv is part of the Trust Project >>> Languages: DeutschPrint Email Facebook X LinkedIn WhatsApp Telegram Updates*Story updated with a comment from the EU Commission. The Russia-initiated United Nations Cybercrime Convention was due to conclude on Friday (9 February) but lack of consensus on the scope and terminology has prompted civil society to call for the rejection of the Convention in its current form. Amid considerations to reschedule the final meeting for July, the text may not be put to vote on Friday. The Convention on Cybercrime was the brainchild of Russia and was initially rejected by Western liberal democracies. Friday marks the final day of the concluding session that started on 29 January. “The fight against cybercrime is a priority for the EU,” an EU Commission spokesperson told Euractiv. If the convention is adopted by the UN General Assembly, “it would be the first UN legal framework for international cooperation on preventing and investigating cybercrime and prosecuting cybercriminals,” the spokesperson added. Until now, the UN member states have not reached a consensus on the scope and terminology, they only managed to agree on a few points. This implies that the final decision is likely to be reached by vote if no agreement by consensus can be reached. Civil society and industry actors consider the current form unacceptable. Therefore, more than 40 organisations called on Thursday in an open letter addressed to the Convention’s chair to reject its current form. Signatories include the International Chamber of Commerce and the Cybersecurity Tech Accord, which represent major tech companies like Microsoft, Meta, and PayPal. Industry and civil society, which often disagree, are both concerned about the shortcomings of the current text, which include a broad scope and vague provisions such as for real-time interception of content and data. Another concern is the lack of protection for human rights and good-faith cybersecurity researchers, the letter reads. Since states would be entitled to carry out cross-border data collection without prior legal authorisation, all signatories consider that the text is not in line with international human rights law and the rule of law in general. “While the negotiations have addressed some important problems in the text, many very significant issues remain unresolved, including transparency,” Nick Ashton-Hart, senior director at APCO Worldwide and head of delegation of the Cybersecurity Tech Accord. Given the lack of agreement, there are also ongoing considerations to suspend the meeting, with the final session to recommence in July. This ‘suspension’ would not require a new UN General Assembly resolution or any changes to the modalities. A potential suspension would also reduce pressure on UN member states, allowing them to hold another session in July instead of adopting the current draft by agreement or through a vote. However, this could also mean that states are less likely to make concessions during the negotiations and find a middle ground on the last day. UN Cybercrime Convention calls EU values into question, civil society warns With the last negotiating session approaching next month, the private sector and civil society are increasingly questioning the compatibility of the UN Cybercrime Convention draft text with EU values and human rights standards. Content of the Convention With a new compromise package on the scope and safeguards shared with delegations on Thursday evening, negotiations are still in progress on the scope, as well as its implications. A consensus still needs to be reached on whether the convention addresses cybercrime or ICT for criminal purposes. The latter would be a much broader scope. “The text still allows any government to pass the personal information of citizens to other states in perpetual secrecy,” Ashton-Hart said. “There has not been a single proposal to address this glaring flaw.” At the same time, the text also lacks human rights safeguards, an issue also pointed out in Thursday’s open letter. While liberal democracies insist on human rights protection, member states that rejected any safeguards include Russia, Egypt, and Iran. The EU Commission, on behalf of the EU, clarified that its objectives include ensuring a high level of human rights protection and fundamental freedoms. “This includes maintaining full control of EU Member States’ authorities over all requests for cooperation,” the spokesperson added. According to a source close to the negotiations, Arab countries, led by Egypt, are using their position on the prevention of child sexual abuse material (CSAM) to remove human rights safeguards from the convention. “It also remains true that cybersecurity researchers, whose activities are fundamentally important to securing the digital world against cybercrime, remain unprotected from prosecution,” Ashton-Hart added. [Edited by Zoran Radosavljevic] West clashes with China, Russia over UN Cybercrime Convention The United Nations Cybercrime Convention is becoming a battleground between the EU and other Western countries on the one hand, China, Russia and other authoritarian regimes on the other. Read more with Euractiv TikTok and Meta sue EU Commission over DSA, Gigabit Infrastructure Act deal foundWelcome to Euractiv’s Tech Brief, your weekly update on all things digital in the EU.
