NEXT weekend – Oct 25 to Oct 26 – Hanoi, Vietnam, will host a raft of countries for the signing ceremony of the new Cybercrime treaty. Its full (and rather wordy) title is: the “United Nations Convention against Cybercrime; Strengthening International Cooperation for Combating Certain Crimes Committed by Means of Information and Communications Technology Systems and for the Sharing of Evidence in Electronic Form of Serious Crimes.”

Will this “Cybercrime Convention” be an epiphany for those who seek effective legal measures against online scams and other heinous cyber-malware wreaking havoc worldwide?

To discover the answer to that perplexing question, a glance at the background to transparent lawmaking is instructive. There was a precursor to this new treaty in the form of the 2001 Convention on Cybercrime, or “Budapest Convention,” evolved in Europe but open to ratification by countries beyond Europe. This Convention was generally seen as balanced for a number of reasons.

First, it provided a finite list of crimes to be outlawed, thus preventing arbitrary generalisation of online crimes at the national level based on too much discretion for the authorities. And second, it was a treaty closely linked with checks and balances premised on human rights and democracy.

Behind the drafting of the new treaty, those considerations were very much part and parcel of the contestation between democratic and non-democratic countries. This Convention provides a sense of balance to some extent, but it does not solve all the underlying problems.

On the positive side, the Cybercrime Convention provides a finite list of malpractices that need to be criminalised nationally, rather than a negative, generalised approach.

The list is based on the following: illegal access to cyber systems (such as computers); illegal interception of electronic data; interference with electronic data; interference with an information and communications technology system; misuse of such devices; related forgery; related theft or fraud; offences concerning online child sexual abuse or exploitation; solicitation or grooming for the purpose of committing a sexual offense against a child; and non-consensual dissemination of intimate images.

There are also provisions against money laundering and on the liability of legal persons, implying both individuals and companies. The jurisdiction for legal action at the national level under the Convention is broad, covering not only when the offense is committed on the territory of a member country; it can also be extended to cover offenses committed by a national of the member country, misdeeds against a national of the member country, or against the member country itself.

There are procedural safeguards for investigations and prosecutions, as well as protection and assistance for victims and witnesses. Expedited preservation of data is provided for, while promoting international cooperation to counter cybercrimes.

There is flexibility on several fronts to enable universality of membership by a large number of countries.

On the issue of child sexual abuse, a member country can exempt from criminalisation those cyber materials that are not based on a real child (for example, a pornographic manga not derived from an identified child). It can also exclude from criminalisation conduct by children for self-generated material depicting them.

The prohibitions against grooming and against non-consensual dissemination of intimate images are new for an international treaty. A gender perspective is much needed, as women have often been the victims of such breaches of privacy and harassment.

Interestingly, the new treaty does not delve into the sensitive area of misinformation and disinformation, which are at times the result of state propaganda. This grey area needs capacity-building and educational measures to enable the general public to “think before believing,” from a young age, in a democratised setting with a discerning mindset.

However, there are various stumbling blocks in relation to the Cybercrime Convention.

First, many provisions in this treaty defer to domestic law regarding the various prohibitions. Ironically, a government’s claim against a cybercrime domestically may, in fact, be an excuse to constrain the freedom of expression of individuals perceived to be antithetical to the regime in power.

National experience already indicates that it is easy for non-democratic countries to prosecute political dissidents allegedly engaged in cybercrimes, such as forgery or fraud, even though they might merely be exercising freedom to criticise in keeping with international law.

To be fair to the new treaty, there is an explicit provision advocating respect for human rights. However, the relationship between rights and freedoms and limits imposed in the name of criminalising cybercrimes is not totally clear.

In international human rights law, for instance, limits on the right to freedom of expression are only permissible if they fulfil a three-part test. First, the government of the country trying to limit that right must prove that there is a clear law on the subject rather than a measure based on broad executive discretion – the principle of “legality.”

Second, the authorities must prove that the limitation is necessary according to the risks and proportionate to the circumstances – the principles of “necessity” and “proportionality.”

And third, the limitation needs to have legitimate aims, such as to protect democracy or to shield children from abuse – the principle of “legitimacy.”

There are other dangers lurking. The new treaty opens the door to mutual legal assistance between member countries not only regarding the cybercrimes themselves but also in relation to “serious crimes” that are not necessarily cybercrimes.

The term “serious crimes” is defined by this treaty as “conduct constituting an offense punishable by a maximum deprivation of liberty of at least four years or a more serious penalty.” This could lead to more cross-border cooperation against political dissidents in the maelstrom area now known as “transnational repression.”

As a monitor of the implementation of the new treaty, a Conference of States Parties will take place periodically. While this will offer a check and balance against excesses by some countries to some extent, it is also incumbent on the international community, including UN human rights mechanisms, to keep watch over the situation.

The role of civil society and the business sector will also be important as vigilant sentinels to ensure that the criminalisation of cybercrimes is not a pretext to confirm or reinforce the mass of criminal laws, policies and practices existing in many countries that are used against political dissidents and non-governmental voices.

Beware – the shrinking space for individuals and communities in a world of increasing surveillance, AI prevalence and politicised, elitist predominance! — Asia News Network

Vitit Muntarbhorn is a professor emeritus at Chulalongkorn University and a UN Special Rapporteur.