Technology companies call for changes to the draft UN Convention on cybercrime
The Cybersecurity Tech Accord would like to see stronger protections for researchers, penetration testers and journalists and greater restrictions on access to personal data.
More than 150 technology companies have come together to urge the United Nations to make a series of revisions to the current final draft of the United Nations Convention against Cybercrime.
According to the Cybersecurity Tech Accord, the convention’s current language could lead to human rights abuses and criminalize the work of penetration testers, ethical hackers, security researchers and journalists.
UN member states are currently convening the final round of negotiations on what will eventually become the first global cybercrime treaty, with talks taking place from July 29 to August 8. The current draft was published on May 23, and Tech Accord is pleased with the changes already made, but calls for more work to be done.
A key concern of the Tech Deal is the need for greater transparency in the convention as written.
“Eight articles of the draft treaty require keeping aspects of cooperation ‘confidential’ even when they are no longer necessary for an investigation or prosecution,” the Tech Accord said in its July 29 presentation at the convention’s final session.
“To make matters worse, while states are free to implement due process protections…none would be required to do so.”
There are also concerns that the personal information of “persons of interest” could be shared between nations, and even if they are not charged with a crime, those people may never know how that data is used, “making them unable to defend their rights.” .
“In its current form, the convention will result in more private information of individuals being shared with more governments around the world, without any requirement that state parties allow legal challenges to problematic requests and without any transparency or accountability mechanism. “said the Technology Agreement. .
The Tech Accord presentation also notes that while the work of ethical hackers is vital to modern cybersecurity, the convention’s wording could leave them open to criminal liability, given that their work often involves some form of “unauthorized” access. “to networks and systems. The Tech Accord believes that anything that could restrict or suppress the work of ethical hackers could unintentionally lead to a less secure cyber environment and an increased risk of cyber attacks.
“Last but not least, issues with the intent of criminalization articles could also allow the activities of journalists, their sources and whistleblowers to be criminalized,” the Tech Accord said.
Another key concern is how the convention treats child sexual abuse material. For example, children who take “nude or sexually suggestive selfies” could be exposed to criminal charges under the current draft of the convention.
“Adopting provisions that facilitate the criminalization of children in articles that are supposed to protect them from harm should be unacceptable to everyone,” the Tech Deal said.
Speaking to the Security Media Group, Nick Ashton-Hart, head of the Tech Deal delegation, said tech companies felt “abandoned” by the UN.
Ashton-Hart said the EU and the United States were “not taking on board many of the key concerns of the private sector or civil society.”
Signatories to the Cybersecurity Tech Accord include Cisco, Avast, Cloudflare, Dell and Meta.