As a designated committee of experts prepares to draft a new treaty to combat the use of information and communications technologies in cybercrime at the UN in January 2022, it is paramount that other stakeholders oversee these discussions to avoid violating human rights on the Internet.

This initiative was kickstarted by a 2019 resolution led by Russia and endorsed by other countries considered by many to behavior controversially on cybersecurity matters, such as China, Venezuela, Cambodia, North Korea, and others. But even countries considered human rights defenders are touting dangerous plans with serious consequences for our civil liberties. As Human Rights Watch’s Deborah Brown notes: “Efforts to improve international cooperation on cybercrime often aim to make it easier for law enforcement to access data”, and “efforts to speed up cross-border access to data for criminal investigations (...) often involve measures that bypass or weaken due process protections or erode the right to privacy”. This is also the case of the Budapest Convention of the Council of Europe, which Brown says has been “criticized (...) for lacking strong privacy safeguards and placing few limits on law enforcement data collection”.

Firstly, the resolution has raised concerns from interest groups since the beginning. The Association for Progressive Communications (APC) published an open letter to the UN General Assembly in November 2019, after the experts committee included the resolution on its agenda. APC urged the delegation to vote against the Russian-led document, identifying numerous problems and even questioned the necessity of a treaty on cybercrime at all, suggesting that such laws are being used to “criminalise access to and use of secure digital communications (through, for example, the use of encryption), which are vital to the work of civil society, human rights defenders (HRDs) and journalists, as well as public and private institutions that rely on a stable and secure internet”. Now that the resolution was approved, on November 18, 2021, it is our responsibility to ensure that the new convention will not undermine Internet users’ rights and freedoms.

Secondly, there is good reason to fear the effects of the proposed convention, as countries around the world are constantly accused of: autocratic practices in digital spaces, condoning criminal practices, inciting the decline of freedom of expression, restricting on investigative journalism, research and whistleblowing and violating individual privacy. Hence, leaving countries unsupervised could provide them the possibility to compromise core values of the Internet, including a decentralized management of its infrastructure, a multistakeholder approach and a neutral, general-purpose network.

Still, international cooperation is important for combatting cybercrime and providing security to the Internet’s 4.66 billion (and counting) users, and some propositions have been made referring to ways of addressing cyber criminality, such as the Oxford University statements recommending regulatory approaches. In the fifth, the text prescribes legal requirements based on human rights, such as “legitimate purpose, legality, necessity, proportionality and non-discrimination”, that could be discussed within the UN works.

Moreover, what can be done to improve our chances of overseeing the expert committee’s treaty-building work? Human Rights Watch has proposed recommendations to enable multistakeholder participation, including “accrediting all interested nongovernmental groups”, “providing for written contributions and oral interventions” from NGOs, “providing for webcasting, remote participation, interpretation services, and online consultations” and “maintaining an up-to-date, dedicated webpage with relevant information” about the process, contributions and outcomes.

The new treaty will play an important role in the future of human rights on the Internet. Therefore, it is crucial for interested parties to voice their views on what that regulation should look like.