Introducing the new cybercrime treaty

This month, October, a key Asean country will be host to a raft of countries for the signing ceremony of the new cybercrime treaty. Its full (and rather wordy) title is: the “United Nations Convention against Cybercrime; Strengthening International Cooperation for Combating Certain Crimes Committed by Means of Information and Communications Technology Systems and for the Sharing of Evidence in Electronic Form of Serious Crimes”.
Will this cybercrime convention be an epiphany for those who seek effective legal measures against online scams and other heinous cybermalwares wreaking havoc worldwide?
First, it provided a finite list of crimes to be outlawed, thus preventing arbitrary generalization of online crimes at the national level based on too much discretion for the authorities. And second, it was a treaty much linked with checks-and-balances premised on human rights and democracy. Behind the drafting of the new treaty, those considerations were very much part and parcel of the contestation between democratic countries and nondemocratic countries.
On the positive side, the cybercrime convention provides a finite list of malpractices which need to be criminalized nationally, rather than a negative, generalized approach. The list is based on the following: illegal access to cybersystems (such as computers); illegal interception of electronic data; interference with electronic data; interference with an information and communications technology system; misuse of such devices; related forgery; related theft or fraud; offenses concerning online child sexual abuse or exploitation; solicitation or grooming for the purpose of committing a sexual offense against a child; and nonconsensual dissemination of intimate images.
There are then provisions against money laundering and on the liability of legal persons, implying both individuals and companies. The jurisdiction for legal action at the national level under the convention is broad, covering not only when the offense is committed on the territory of a member country; it can also be extended to cover offenses committed by a national of the member country, misdeeds against a national of the member country, or against the member country itself.
Interestingly, the new treaty does not delve into the sensitive area of misinformation and disinformation which are at times the result of state propaganda. This gray area needs capacity-building and educational measures to enable the general public to “think before believing,” from a young age, in a democratized setting with a discerning mindset.
However, there are various stumbling blocks in relation to the cybercrime convention. First, many provisions in this treaty defer to domestic law in relation to the various prohibitions. Ironically, a government ’s claim against a cybercrime domestically may, in fact, be justifying an excuse to constrain the freedom of expression of individuals perceived to be antithetical to the regime in power.
To be fair to the new treaty, there is an explicit provision advocating respect for human rights. However, the relationship between rights-cum-freedoms and limits imposed in the name of criminalizing cybercrimes is not totally clear. In international human rights law, for instance, limits on the right to freedom ofexpression are only permissible if they fulfill a three-part test. First, the government of the country trying to limit that right must prove that there is a clear law on the subject rather than a measure based on broad executive discretion—the principle of “legality. “Second, the authorities must prove that the limitation is necessary according to the risks and proportionate to the circumstances—the principles of “necessity” and “proportionality. “And third, the limitation needs to have legitimate aims, such as to protect democracy or to shield children from abuse—the principle of “legitimacy.”
As a monitor of the implementation of the new treaty, a Conference of States parties will take place periodically. While this will offer a check-and-balance against excesses by some countries to some extent, it is also incumbent on the international community, including UN human rights mechanisms, to keep watch of the situation.
The role of civil society and the business sector will also be important as vigilant sentinels to ensure that the criminalization of cybercrimes is not a pretext to confirm or reinforce the mass of criminal laws, policies, and practices existing in many countries which are used against political dissidents and nongovernmental voices. Beware—the shrinking space for individuals and communities in a world of increasing surveillance, artificial intelligence prevalence, and politicized-elite predominance!
—————-
Vitit Muntarbhorn is a professor emeritus at Chulalongkorn University in Thailand.He has helped the United Nations as a UN special rapporteur, independent expert, and member of UN Commissions of Inquiry on Human Rights.
Drawing the line between influencers and journalists