An impending global cybercrime agreement, slated for its last phase of discussions at the United Nations on Monday, faced severe criticism from civic groups. They argue that it threatens to outlaw cybersecurity research and encourage unchecked law enforcement monitoring.
The plan is expected to be cemented in February, with over 100 civic groups voicing their disapproval of its wording. They contend that it will prove detrimental rather than beneficial in the battle against cybercrime.
One of the critiques raised involves the allegation that the proposal inadequately defines the concept of cybercrime. The civil society organizations argued that security initiatives like bug bounty schemes and penetration testing are unfairly labeled as criminal activities under this proposal.
“There might be a possibility of legal action against activities done with good intentions, like security investigations. In the long run, this might serve as a considerable deterrent, weakening the safeguarding of online communications,” as stated by Tomaso Falchetta, the worldwide advocacy coordinator of Privacy International, during an interview with Information Security Media Group.
One common critique is that the agreement permits live monitoring of data flow and content, potentially mandating web-based intermediaries like instant messaging platforms to reduce their encryption strength.
The Cyber Peace Institute stated that the proposed action could diminish the current privacy standards that tech companies have put in place to safeguard online users.
In August 2023, the chief of cyber policy and defense at Microsoft voiced his disapproval for the proposal, characterizing it not as a means to pursue lawbreakers, but as a potent tool that might give autocratic regimes the power to quash opposition under the pretense of combating cybercrime.
The CEO of the Cyber Peace Institute, Stéphane Duguin, has stated that despite numerous discussions with advocates from civil society, the negotiators persist in ignoring their recommendations to enhance the treaty’s security.
Duguin suggests that rather than concentrating on a fresh proposal for cybercrime, nations should prioritize reinforcing the legal abilities of their policing bodies and depend on established protocols like the Budapest Convention, which currently has 68 member countries.
“Duguin expressed to ISMG his uncertainty about the treaty’s effectiveness in providing cyberattack victims with increased avenues for restitution and justice,”