Russia Is Commandeering the U.N. Cybercrime Treaty
The last international agreement on digital crime was in 2001. Why are experts so worried about this one?
Negotiations over a U.N. cybercrime treaty have evolved into a diplomatic proxy war between democracies and their authoritarian rivals over competing future visions of the internet, technology, and human rights in the digital age, pitting the United States and its allies yet again against Russia and China at the United Nations.
Over the past 10 days, delegates from around the world have convened at the United Nations headquarters in New York for a sixth round of negotiations on the draft text of a first-ever U.N. convention combating cybercrime.
Negotiations over a U.N. cybercrime treaty have evolved into a diplomatic proxy war between democracies and their authoritarian rivals over competing future visions of the internet, technology, and human rights in the digital age, pitting the United States and its allies yet again against Russia and China at the United Nations.
Over the past 10 days, delegates from around the world have convened at the United Nations headquarters in New York for a sixth round of negotiations on the draft text of a first-ever U.N. convention combating cybercrime.
The aim of the treaty, at least on paper, is to make it easier for countries to share information on the astronomical rise of digital criminal activities like ransomware, denial-of-service attacks, and the exploitation of children online. A bulk of countries involved in the negotiations are hard at work in marathon closed-door negotiating sessions to do just that, according to diplomats and experts tracking the negotiations.
But a group of authoritarian governments is seeking to advance its own agenda through the U.N. treaty—and the consequences could be dire if it is successful.
The treaty, Western officials, experts, and human rights advocates say, could be used as a pretext to extend state repression into the digital realm—if autocratic governments in Russia, China, Iran, and elsewhere have their way on the final text. One risk is that the treaty could expand the scope of cybercrimes and allow states to crack down on political dissent, free media, or online content in general.
“You could end up in a situation where a treaty intended to boost global cooperation on cybercrime becomes a means for authoritarian states to surveil their populations, access and share personal data of their citizens, and criminalize online content and behaviors they don’t like,” said Megan Roberts, interim managing director of the Digital Innovation and Democracy Initiative at the German Marshall Fund think tank.
The treaty, and its evolution, is steeped in arcane U.N. processes and technocratic language: The formal name for the negotiation rounds is the “Ad Hoc Committee to Elaborate a Comprehensive International Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes.” Negotiators are fighting over a 72-page document, with tracked changes from countries suggesting different words, phrases, and priorities.
But how these negotiations play out will determine whether the axes of democracies or autocracies will win out in their vision of global governance in the digital age.
A U.N. treaty, even if not every country in the world signs on, would set a major marker for how national governments and regional blocs could establish their own practices on cybercrime and digital rights in the future. “The top-level thing is just to remember that a treaty is still a massive signaling force,” said Raman Jit Singh Chima, senior international counsel and Asia Pacific policy director at the digital rights group Access Now. “Even if the implementation can be spotty, it’s going to have a massive impact on the design of cybercrime laws for the next 20, 30 years.”
Get the treaty right, experts argue, and it could help countries go after cybercriminal networks much more efficiently, while also setting the standard for future international agreements on cyber issues without eroding human rights. Get it wrong, however, and it could be a major win for autocratic regimes looking to normalize and justify their repression on the net.
“Imagine a lot of cross-border geopolitical surveillance,” said Katitza Rodríguez of the Electronic Frontier Foundation (EFF), a digital rights advocacy group. The problem, Rodríguez said, is the potential for collaboration between authoritarian regimes. “You’re legitimizing their activities by providing these powers [a way] to be legitimized under a U.N. umbrella treaty.”
Western countries are pushing back against efforts to do just that, said Deborah McCarthy, the lead U.S. diplomat negotiating the treaty, in an interview. “We’re working to make sure there is strong language for human rights safeguards and grounds for refusal of cooperation” on sharing digital information if it pertains to political persecution or repression.
McCarthy said that, on the other hand, if the treaty negotiations are successful, it would help countries collaborate much more efficiently on tackling transnational cybercrime networks, paving the way for closer law enforcement cooperation across borders and lending resources and expertise on cybercrime to developing countries.
For the past two decades, global cybercrime has been largely governed by an agreement called the Budapest Convention, named after the Hungarian capital where it was first adopted in 2001 by more than 60 countries—mostly from the West. The Budapest Convention is widely seen as the gold standard because it is viewed as the most comprehensive multilateral cybercrime treaty to date, but outside experts “have long criticized it for not having stronger safeguards for human rights,” according to Deborah Brown, a senior researcher at the nonprofit advocacy organization Human Rights Watch.
The idea of the new treaty was a brainchild of Russia and some other not-so-democratic countries in a bid that digital rights experts suspect was aimed at supplanting the Budapest Convention with a newer framework that could have more of the Kremlin’s influence in its design. (The Budapest Convention was widely viewed as a Western-created and Western-oriented convention in a way that rankled Moscow, even given its shortfalls on human rights protections. Neither Russia nor China is a signatory to the Budapest Convention.)
In 2019, Russia and over a dozen other countries including Belarus, Cambodia, China, and Nicaragua, passed a U.N. resolution to establish an international convention on cybercrime. The first negotiating session occurred in February and March of 2022, overshadowed by Russia’s full-scale invasion of Ukraine that dominated the U.N. agenda. The aim in this sixth round of negotiations is to wrap things up and present a finalized treaty in New York at the U.N. General Assembly in 2024, which is actually a tight deadline by laboriously bureaucratic U.N. standards. But digital rights advocates say the stakes are too high not to get it right. “I think rushing consensus without really working out the details would pose a big risk,” Brown said.
One big hang-up in the treaty negotiations now is the scope of the treaty and definition of cybercrimes. The United States, European countries, and others want to ensure cybercrime is narrowly defined to “cyber-enabled crimes” while Russia, China, and its bloc of allies want to expand the definition to any crime in which technology is used. “Because this is a criminal instrument, making it a crime [based on] vague definitions of all uses of devices is something that we cannot accept, because it is an open door to considering many things as crimes,” McCarthy said. (As one example, China in January proposed adding “dissemination of false information” as a cybercrime in the U.N. convention text, a pitch that was immediately opposed by Western countries that feared Beijing would use it as a pretext to go after anyone spreading information critical of the Chinese government.)
Meanwhile, other cybersecurity experts and digital rights advocates worry that the private sector and civil society groups are being shut out of the negotiating process for this treaty. Service providers like Microsoft are increasingly nervous about their obligation to cooperate and engage with authoritarian governments when it comes to data access and surveillance.
“There are some non-state actors who have a role here, unlike in most treaty negotiations, and yet this one is proceeding like any treaty negotiation,” said Richard Salgado, a lecturer at Stanford Law School who is also a former director of law enforcement and information security at Google.
The treaty negotiations represent the latest clash between the United States and geopolitical rivals such as Russia and China at the United Nations. China has in the past routed U.S. efforts to curb its influence in the U.N. system, though the United States notched a significant win when its top candidate, Doreen Bogdan-Martin, was tapped to lead the U.N.’s most important and oldest tech agency, the International Telecommunication Union. Bogdan-Martin defeated Russia’s candidate with 139 out of 172 votes cast.
Western diplomats and many experts are hopeful that Russia and China will be outmaneuvered again in negotiations over the U.N. cybercrime treaty. But others say not to discount Moscow’s history of using wily tactics at the United Nations to advance its agendas.
“Russia is a critical player, and I’d hesitate to say they’re not influential, because I think the problem is people underestimate them, and they’re very good at U.N. procedure and parliamentary practices and throwing a curveball in,” Chima said.
“If the treaty process breaks down, immediately Russia, China, and many others will rush … to say, ‘Look, this has broken down, we’re going to create something else,’ either in the U.N. or elsewhere. It’ll cause more chaos.”
Other experts following the negotiations say it could come down to the wire as 2024 approaches and the draft of the treaty remains inundated with red ink. “You’re about to finish a treaty—your screen should have a few track changes in red. Now it’s all red,” Rodríguez said of the current state of the document. “Nothing is agreed until everything is agreed.”
Correction, Sept. 1, 2023: A quote from Deborah Brown was incorrectly transcribed in a previous version of this piece. It has been fixed.
Rishi Iyengar is a reporter at Foreign Policy. X: @Iyengarish
Robbie Gramer was a staff writer at Foreign Policy from 2016-2024. X: @robbiegramer
Anusha Rathi is an editorial fellow at Foreign Policy. X: @anusharathi_
More from Foreign Policy
What Trump’s Win Means for U.S. Foreign Policy
He is poised to bring back hallmarks of his first term, from a China trade war to hostility toward multilateralism.
Why She Lost
Despite a platform focused on winning back the working class, Kamala Harris and her party had lost too many of them already.
Trump’s Foreign-Policy Influencers
Meet the 11 men whose worldviews are shaping the 2024 Republican ticket.
The 10 Foreign-Policy Implications of the 2024 U.S. Election
What to think about Trump 2.0.
Join the Conversation
Commenting on this and other recent articles is just one benefit of a Foreign Policy subscription.
Already a subscriber?
.Subscribe Subscribe
View Comments
Join the Conversation
Join the conversation on this and other recent Foreign Policy articles when you subscribe now.
Subscribe Subscribe
Not your account?
View Comments
Join the Conversation
Please follow our comment guidelines, stay on topic, and be civil, courteous, and respectful of others’ beliefs.