Why experts are sounding the alarm and what risks the Cybercrime Convention poses
In late December 2024, the United Nations (UN) General Assembly adopted a new convention to combat cybercrime. This landmark agreement is intended to strengthen international cooperation and, in particular, support developing countries in their efforts to combat cybercrime. Yet despite its ambitious goals, it has drawn heavy criticism from data protection experts, IT security specialists, and human rights organizations.
The Objectives of the Cybercrime Convention
The UN Convention on Cybercrime was shaped over a period of five years by UN member states such as Russia, China, and North Korea. Its aim is to combat cybercrime more effectively, in particular by:
- International cooperation: Better coordination among countries to combat cybercrime.
- Technical assistance: Providing support, particularly to developing countries, to help them build capacity.
- Protecting People and Rights Online: Promoting Safe Digital Spaces.
According to the UN General Assembly, the agreement represents a crucial step in the fight against crimes such as online fraud, money laundering, and sexual abuse on the internet.
Despite its good intentions, numerous experts and organizations have criticized the convention for serious shortcomings:
- Threat to human rights:
Internet activists and civil rights advocates warn that the convention allows governments to persecute dissidents, journalists, those with differing views, and activists. This threatens freedom of expression and digital rights. - Surveillance and Data Access:
States are granted broad powers, including:- Real-time monitoring
- Access to sensitive data, including by journalists and companies
- Covert data collection
- The danger of backdoors:
Security experts warn that manufacturers could be forced to build backdoors into their systems. However, these backdoors could also be exploited by cybercriminals. - Uncertain Approach to Security Research:
Measures such as penetration testing, reverse engineering, or the publication of research findings could be considered criminal offenses. This would significantly restrict the activities of white-hat hackers and security researchers.
Voices from the industry
There is strong opposition to the agreement. Here are some prominent voices:
- Chaos Computer Club (CCC):
“This agreement turns out to be a surveillance pact that tramples on human rights and puts IT security experts and journalists around the world at risk.” - Electronic Frontier Foundation (EFF):
The EFF sharply criticized the agreement and called for greater civil society involvement. “The Cybercrime Convention threatens human rights and digital freedoms.” - HackerOne:
The bug bounty platform warned of the implications for security research. “The convention could be used to censor and suppress security researchers.” - Maximilian Funke-Kaiser (FDP):
The member of the Bundestag expressed concerns about the risks to human rights and data protection.
Conclusion
The UN Convention on Cybercrime is an ambitious initiative designed to combat global cybercrime more effectively. However, serious concerns have been raised about its far-reaching surveillance powers, potential threats to human rights, and risks to IT security.
It remains to be seen whether the agreement will have the desired effect or whether it will do more harm than good. Companies and organizations should closely monitor developments and adjust their cybersecurity strategies accordingly to prepare for potential regulatory changes.