Aug 30, 2023 - Technology

Microsoft's pitch for the UN cybercrime treaty

Illustration of a globe on top of a pillar

Illustration: Sarah Grillo/Axios

As the United Nations wraps up the latest negotiation session this week for a highly anticipated cybercrime treaty, Microsoft is worried the final product won't hit the mark.

Driving the news: The company published a LinkedIn post Tuesday detailing its concerns about the current treaty draft member states are discussing and called on members to limit the scope of certain provisions, incorporate human rights safeguards and more.

Why it matters: Few tech companies have weighed in on the impact of the ongoing UN cybercrime treaty as it approaches its final stages.

  • The treaty, once adopted, will inspire a wave of new laws around the world to crack down on online cybercrime.

The big picture: The development of a UN cybercrime treaty has faced strife from the beginning, when the Russian delegation requested the UN develop a new agreement.

  • Many human rights groups have argued the cybercrime treaty isn't needed since the 2001 Budapest Convention covers many of the same issues already.
  • The latest versions of the treaty have done little to assuage those concerns — the current version includes a definition of cybercrime that goes beyond traditional computer hacking and has provisions that authoritarian states could abuse.

What they're saying: "States need to adopt a treaty that strengthens the fight against cybercrime," Amy Hogan-Burney, associate general counsel for cybersecurity policy at Microsoft, wrote in the post.

  • "It should not provide an avenue for authoritarian states to criminalize online content, introduce new surveillance powers, expand cross-border government access to personal data, or potentially criminalize common security practices because of ambiguity in the text," she added.

Details: Microsoft is calling on UN members to consider criminalizing only "core cybercrime offences" like illegal hacking and to avoid "expanding the definition of cybercrime," per the post.

  • Microsoft would like to see provisions in the final treaty that would protect security researchers and limit government access to private data, the post said.

Between the lines: Microsoft's proposals mirror some of the provisions that human rights advocates have been requesting during negotiations.

What's next: The UN committee negotiating the treaty is set to wrap up its current negotiation session Friday, and the group will conclude negotiations at the next session in early 2024.

  • The U.S. State Department told The Record last week that its officials are optimistic they're moving toward a narrower definition of cybercrime.

Sign up for Axios' cybersecurity newsletter Codebook here

Go deeper