A possible global treaty to address cybercrime risks legitimizing abusive practices and could be used as an excuse to silence government critics and undermine privacy in many countries, Human Rights Watch said today. Governments will kick off the process for a global cybercrime treaty, first proposed by the Russian government, at the United Nations on May 10, 2021.
Several national cybercrime laws in various parts of the world already unduly restrict rights and are being used to persecute journalists, human rights defenders, technologists, opposition politicians, lawyers, religious reformers, and artists. Instead of a treaty, governments should prioritize reforming these abusive laws to conform with international human rights standards. Any effort to address cybercrime needs to reinforce, not undermine, freedom of expression and other human rights.
“Cybercrime poses a real threat to people’s human rights and livelihoods and efforts to address it need to protect, not undermine, rights,” said Deborah Brown, senior digital rights researcher and advocate at Human Rights Watch. “Governments should oppose overbroad and aggressive cybercrime measures that threaten rights.”
The negotiating process for a possible treaty should be open and transparent, and human rights groups should be consulted every step of the way, Human Rights Watch said.
The term “cybercrime” is typically used to describe both actions taken against the confidentiality, integrity, and availability of computer data or systems and traditional offenses committed through the internet and communications technology. In recent years, there has been a surge in cybercrime laws around the world, some of which are overly broad and criminalize online expression, association, and assembly.
Pakistan’s Prevention of Electronic Crimes Act, as just one example, authorizes blocking websites deemed critical of officials and requires service providers to retain or provide authorities with access to copious amounts of people’s data, which is open to abuse. Other laws, like Egypt’s Anti-Cyber and Information Technology Crimes Law, have been used to prosecute people for using secure digital communications, which are crucial to keeping people safe online.
If UN member states choose to pursue a global treaty, they should bolster protections for freedom of expression and other fundamental rights, Human Rights Watch said.
The upcoming UN meeting will focus on key procedural matters, such as who can participate in future negotiations, where negotiations will occur, and whether the process will be based on consensus.
Ahead of the treaty negotiations, Human Rights Watch analyzed the key risks to freedom of expression and privacy posed by national legislation and international cooperation to address cybercrime, based on Human Rights Watch reporting on cybercrime for at least a decade. In March and April of 2021, Human Rights Watch also conducted phone and email interviews with cybercrime experts.
Governments have obligations under international human rights law to protect people from harm resulting from criminal activity carried out through the internet. For example, part of governments’ obligation to protect women’s human rights includes combating gender-based violence online, such as the nonconsensual distribution of intimate images online. But government responses to cybercrime are often ineffective or disproportionate, and can undermine rights.
Investigating and prosecuting crime increasingly requires international cooperation. Data is physically stored and processed in multiple countries, often different from where the criminal prosecution takes place, even when referring to data in the “cloud.” Governments try to access data stored outside their jurisdictions through legislative, informal, and coercive measures that can erode the right to privacy. Governments, sometimes with the support of major companies, have tried to speed up cooperation to share data for criminal investigations through measures that can bypass or weaken due process protections.
So-called morality clauses have led to arrests and prosecutions of women and LGBT people for expressing themselves online. A new treaty risks legitimizing and normalizing these practices. The UN General Assembly has expressed grave concern that cybercrime laws are “in some instances misused to target human rights defenders or have hindered their work and endangered their safety in a manner contrary to international law.”
Cybercrime laws have also been used to crack down on critical voices. For example, the prominent Philippines journalist Maria Ressa was convicted of “cyber libel” in 2020 and faces up to seven years in prison. The renowned Emirati human rights defender Ahmed Mansoor is serving a 10-year sentence for cybercrimes and other vague offenses related to his human rights work.
The risks of proceeding with a global treaty – particularly one that has been championed by some of the world’s most repressive governments – are considerable, Human Rights Watch said. A global treaty would set the standard for countries around the world that are still developing their approaches to addressing cybercrime at the national level. It could also significantly influence how law enforcement shares data across borders.
A treaty is most likely unnecessary, and efforts would be better spent improving mutual legal assistance processes and providing more resources and training for law enforcement officials engaged in cross-border requests for data to ensure timely responses that do not infringe on people’s rights.
“Delegations should think long and hard about whether the world actually needs a cybercrime treaty,” Brown said. “They should also ensure that nongovernmental groups have a seat at the table, as so many advocates have been targeted by abusive cybercrime laws and have relevant expertise on what safeguards are needed.”