The UN is trying to define cybercrime
Over the next two weeks, a group of nations is trying to answer one of the most basic questions in cybersecurity: What exactly is considered cybercrime?
Driving the news: A United Nations committee — whose members include delegates from the U.S., China and Russia — is meeting throughout this week and next to continue negotiations for a new international cybercrime treaty.
Why it matters: The finished UN cybercrime treaty will jumpstart a wave of new laws around the world based on the agreed-upon principles in the document.
The big picture: Unlike past meetings, where members mostly shared answers to previously determined discussion questions, this latest meeting features a rough negotiating treaty draft up for debate.
- However, the wide-reaching, 21-page document includes most of the provisions requested by each member nation, including the U.S. and the rest of the West, as well as Russia, China and other authoritarian states.
- At the latest meeting, member nations will focus solely on the provisions about what actions should be criminalized and the law enforcement mechanisms surrounding them.
Between the lines: The current negotiating draft paints an overly broad picture of cybercrime.
- Right now, the document defines it as "the use of information and communications technologies for criminal purposes," prompting provisions on everything from the proliferation of child sexual abuse materials to online posts inciting political revolts or terrorist activities.
- But human rights and civil society groups argue the definition should be limited solely to crimes that target another computer or internet-enabled device, such as data breaches and other hacks.
- The U.S. State Department said in a statement Monday it plans to push for a "narrowly focused criminal justice instrument" in the treaty.
The intrigue: A broad definition of what cybercrime is and how prosecutors should approach it could open the door for governments to use the treaty as cover for surveilling journalists, political dissidents and other at-risk groups, human rights organizations argue.
- In a letter to the UN committee released Monday, more than 80 nongovernmental groups warned the panel that several provisions are "drafted in a way that does not uphold human rights law, in substance or in process."
- The groups are pushing the UN panel to add more protections from prosecution for reporters, researchers and whistleblowers, and to place limits on the investigative powers laid out in the treaty.
Catch up quick: The current treaty negotiations have faced political strife from the very beginning, when the Russian delegation requested the UN create such a pact in the first place.
- Meanwhile, Russian state and criminal hackers have been behind some of the most prolific cyberattacks in recent years, including the SolarWinds hack and the Colonial Pipeline ransomware attack.
- Many human rights groups argue the cybercrime treaty isn't needed since the 2001 Budapest Convention covers many of these issues already.
What they're saying: "The stakes are high, so we need to ensure a potential cybercrime treaty is narrow in scope, including a narrower, crime-related focus," Katitza Rodriguez, policy director for global privacy at the Electronic Frontier Foundation, tells Axios.
- "The potential treaty should not become a tool for states to impose broader controls on the internet," she says.
What's next: The committee is scheduled to meet again in April and September before presenting its final draft to the full UN early next year.
Sign up for Axios’ cybersecurity newsletter Codebook here.