On August 7, 2024, after three years of negotiation, the United Nation’s Ad Hoc Committee to Elaborate a Comprehensive International Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes unanimously adopted the Convention Against Cybercrime. The Convention now goes to the General Assembly, where it is expected to be adopted. If ratified by 40 member states, the Convention will enter into force.
The Convention Against Cybercrime establishes a comprehensive framework to combat cybercrime globally, requiring states to implement various legislative, enforcement and cooperation measures. A key aspect of the Convention is the requirement for countries to adopt legislation criminalizing specific cyber activities. These include illegal access to information and communications technology systems, illegal interception of data, data interference, system interference, and the misuse of devices intended for committing cyber offenses. States are also expected to address cybercrime-related issues such as computer-related fraud and forgery, identity theft, and the production, distribution or possession of child sexual abuse material.
The Convention also mandates that countries create procedures for law enforcement to access stored electronic data necessary for investigations of cybercrime offenses. This includes enabling law enforcement agencies to obtain data from service providers quickly and efficiently, particularly when there is a risk that the data might be lost or modified. Additionally, the Convention requires countries to facilitate the real-time collection and interception of traffic and content data when such measures are necessary for the investigation of serious crimes. These provisions are designed to ensure that law enforcement agencies have the tools needed to effectively investigate and prosecute cybercrime offenses.
In terms of international and cross-border access to data, the Convention provides a framework for mutual legal assistance and cooperation among states. Countries are required to establish points of contact available 24/7 to provide immediate assistance with criminal investigations and the collection of electronic evidence. The Convention also emphasizes the importance of expedited preservation of electronic data and facilitates the exchange of data between states to support ongoing investigations. This includes the use of international cooperation mechanisms for the collection and sharing of evidence in electronic form.
Technical assistance and capacity-building are other crucial components of the Convention, and a key objective of developing countries. Overall, these measures aim to enhance the ability of states to prevent, detect and respond to cybercrime. The Convention encourages states to provide technical assistance to each other, including the development and implementation of training programs for law enforcement and judicial authorities, the exchange of expertise, and the sharing of best practices. The Convention also promotes the use of modern technology and techniques to improve the capabilities of states in combating cybercrime.
Detractors of the Convention — primary civil society organizations — have expressed concern about the potential for some governments to abuse the Convention to commit human rights abuses. While the Convention states that countries must ensure that measures taken to combat cybercrime are consistent with their obligations under international human rights law, including the protection of privacy, freedom of expression and the right to a fair trial, human rights advocates fear that governments will seek data under the auspices of thwarting cybercrime to gain insights into its critics.
Overall, the UN Convention Against Cybercrime represents a significant step forward in the global effort to address the challenges posed by cybercrime. By requiring countries to adopt robust legal frameworks, facilitate international cooperation and provide technical assistance, the Convention aims to create a coordinated and effective response to cybercrime while ensuring the protection of human rights and fundamental freedoms.
The material contained in this communication is informational, general in nature and does not constitute legal advice. The material contained in this communication should not be relied upon or used without consulting a lawyer to consider your specific circumstances. This communication was published on the date specified and may not include any changes in the topics, laws, rules or regulations covered. Receipt of this communication does not establish an attorney-client relationship. In some jurisdictions, this communication may be considered attorney advertising.