Human rights concerns over UN Cybercrime Treaty raised at IGF 2024

A panel discussion at the Internet Governance Forum (IGF) raised serious concerns over the UN Cybercrime Treaty and its potential to undermine human rights. Experts from organisations such as Human Rights Watch and the Electronic Frontier Foundation criticised the treaty’s broad scope and lack of clear safeguards for individual freedoms. They warned that the treaty’s vague language, particularly around what constitutes a ‘serious crime,’ could empower authoritarian regimes to exploit its provisions for surveillance and repress dissent.

Speakers such as Joey Shea from Human Rights Watch and Lina al-Hathloul, a Saudi human rights defender, pointed out the risks posed by the treaty’s expansive investigative powers, which extend beyond cybercrimes to any crimes defined by domestic law. Flexibility like this one could force countries to assist in prosecuting acts that are not crimes within their own borders. They also highlighted the treaty’s weak privacy protections, which could jeopardise encryption standards and further harm cybersecurity researchers.

Deborah Brown from Human Rights Watch and Veridiana Alimonti of the Electronic Frontier Foundation shared examples from Saudi Arabia and Latin America, where existing cybercrime and anti-terrorism laws have already been used to target journalists and activists. The panelists expressed concern that the treaty could exacerbate these abuses globally, especially for cybersecurity professionals and civil society.

Fionnuala Ni Aolain, a former UN Special Rapporteur on counterterrorism and human rights, emphasised that the treaty’s provisions could lead to criminalising the vital work of cybersecurity researchers. She joined other experts in urging policymakers and industry leaders to resist ratification in its current form. They called for upcoming protocol negotiations to address these human rights gaps and for greater involvement of civil society voices to prevent the treaty from becoming a tool for transnational repression.

Starlink inactive in India, Musk confirms

Elon Musk confirmed that Starlink satellite internet is inactive in India, following recent seizures of Starlink devices by Indian authorities. Musk stated on X that Starlink beams were “never on” in the country, addressing concerns raised after a device was confiscated during an armed conflict operation in Manipur and another during a major drug bust at sea.

In Manipur, where ethnic conflict has continued since last year, the Indian Army seized a Starlink dish believed to be used by militants. Officials suspect it was smuggled from Myanmar, where rebel groups reportedly use Starlink despite the company’s lack of operations there.

Earlier this month, Indian police intercepted a Starlink device linked to smugglers transporting $4.2 billion worth of methamphetamine. Authorities believe the internet device was used for navigation, prompting a legal request to Starlink for purchase details.

Starlink is currently seeking approval to operate in India and is working to resolve security concerns as part of the licensing process.

Netflix fined for failing to inform customers about data usage

The Dutch Data Protection Authority (DPA) has imposed a €4.75 million ($4.98 million) fine on Netflix for not adequately informing its customers about how their personal data was being used between 2018 and 2020. The fine follows a detailed investigation that began in 2019, which revealed that Netflix’s privacy statement was insufficiently clear regarding the company’s data practices. Specifically, the DPA found that the streaming giant did not provide customers with enough information on how their data was being processed or used.

The investigation also uncovered that when customers sought to understand which personal data Netflix was collecting, they did not receive clear answers. This lack of transparency was deemed a violation of the General Data Protection Regulation (GDPR), which sets strict requirements on companies to protect user privacy and ensure clear communication about data usage.

In response to the findings, Netflix has since updated its privacy statement and improved how it informs customers about its data collection practices. Despite these changes, the company has objected to the fine, though it did not provide a comment when approached by the press.

This fine highlights the increasing scrutiny on companies to comply with GDPR and underscores the importance of clear, transparent data handling practices, especially for tech giants like Netflix that handle vast amounts of personal information.

TP-Link faces US ban amid cybersecurity concerns, WSJ reports

US authorities are weighing a potential ban on TP-Link Technology Co., a Chinese router manufacturer, over national security concerns, following reports linking its home internet routers to cyberattacks. According to the Wall Street Journal, the US government is investigating whether TP-Link routers could be used in cyber operations targeting the US, citing concerns raised by lawmakers and intelligence agencies.

In August, two US lawmakers urged the Biden administration to examine TP-Link and its affiliates for possible links to cyberattacks, highlighting fears that the company’s routers could be exploited in future cyber operations. The Commerce, Defence, and Justice departments have launched separate investigations into the company, with reports indicating that a ban on the sale of TP-Link routers in the US could come as early as next year. As part of the investigations, the Commerce Department has reportedly subpoenaed the company.

TP-Link has been under scrutiny since the US Cybersecurity and Infrastructure Agency (CISA) flagged vulnerabilities in the company’s routers, that could potentially allow remote code execution. This comes amid heightened concerns that Chinese-made routers could be used by Beijing to infiltrate and spy on American networks. The US government, along with its allies and Microsoft, has also uncovered a Chinese government-linked hacking campaign, Volt Typhoon, which targeted critical US infrastructure by taking control of private routers.

The Commerce, Defence, and Justice departments, as well as TP-Link, did not immediately respond to requests for comment.

US sanctions UAE individuals and companies linked to North Korean illicit digital assets

The US Treasury’s Office of Foreign Assets Control (OFAC) has imposed sanctions on two individuals and a company based in the United Arab Emirates (UAE) for allegedly aiding North Korea’s use of digital assets in illegal activities.

The sanctions target Lu Huaying and Zhang Jian, along with Green Alpine Trading, LLC, a front company linked to a broader scheme of money laundering. These actions aim to disrupt a network that, according to US authorities, funnels millions of dollars to North Korea’s nuclear weapons and missile programs.

North Korea has a history of using digital assets and cybercrimes to fund its military efforts, employing IT workers and hackers to generate funds that are often obscured through complex laundering operations. The sanctions focus on Sim Hyon Sop, a representative of North Korea’s state-run Korea Kwangson Banking Corporation, who has been previously sanctioned. Sim is accused of using a mix of cryptocurrency cash-outs and money mules to move funds back to the regime for its military projects.

Under the new sanctions, any property owned by the designated individuals or entities in the US is blocked, and US citizens and companies are prohibited from engaging in transactions with them. Non-compliance could lead to further enforcement actions, even against those outside the US. The move reflects a coordinated effort with the UAE to combat North Korea’s destabilizing activities. It highlights the importance of international cooperation in tackling illicit financial networks that exploit new technologies, including cryptocurrencies.

Meta data breach leads to huge EU fine

Meta has been fined €251 million by the European Union’s privacy regulator over a 2018 security breach that affected 29 million users worldwide. The breach involved the ‘View As’ feature, which cyber attackers exploited to access sensitive personal data such as names, contact details, and even information about users’ children.

The Irish Data Protection Commission, Meta’s lead EU regulator, highlighted the severity of the violation, which exposed users to potential misuse of their private information. Meta resolved the issue shortly after its discovery and notified affected users and authorities. Of the 29 million accounts compromised, approximately 3 million belonged to users in the EU and European Economic Area.

This latest fine brings Meta’s total penalties under the EU’s General Data Protection Regulation to nearly €3 billion. A Meta spokesperson stated that the company plans to appeal the decision and emphasised the measures it has implemented to strengthen user data protection. This case underscores the ongoing regulatory scrutiny faced by major technology firms in Europe.

Musk faces scrutiny over national security concerns

Elon Musk and his company SpaceX are facing multiple federal investigations into their compliance with security protocols designed to protect national secrets. According to reports, the reviews were initiated by the US Air Force, the Department of Defense Inspector General, and the undersecretary for intelligence and security. Concerns include Musk’s alleged failure to disclose meetings with foreign leaders and his reported contacts with Russian officials, including President Vladimir Putin.

The investigations follow longstanding concerns about Musk’s security practices. A previous review by the Pentagon was prompted in 2018 when Musk appeared on a live podcast and smoked marijuana, raising questions about his security clearance. Recently, the Air Force denied Musk high-level security access, citing potential risks.

SpaceX and Musk have declined to comment on the investigations. However, Pentagon officials emphasised the confidentiality of such probes, stating that the inquiries aim to protect the integrity of the process and those involved. National security concerns surrounding Musk have also been echoed by US allies and lawmakers.

Parliamentary panel at IGF discusses ICTs and AI in counterterrorism efforts

At the 2024 Internet Governance Forum (IGF) in Riyadh, a panel of experts explored how parliaments can harness information and communication technologies (ICTs) and AI to combat terrorism while safeguarding human rights. The session, titled ‘Parliamentary Approaches to ICT and UN SC Resolution 1373,’ emphasised the dual nature of these technologies—as tools for both law enforcement and malicious actors—and highlighted the pivotal role of international collaboration.

Legislation and oversight in a digital era

David Alamos, Chief of the UNOCT programme on Parliamentary Engagement, set the stage by underscoring the responsibility of parliaments to translate international frameworks like UN Security Council Resolution 1373 into national laws. ‘Parliamentarians must allocate budgets and exercise oversight to ensure counterterrorism efforts are both effective and ethical,’ Alamos stated.

Akvile Giniotiene of the UN Office of Counterterrorism echoed this sentiment, emphasising the need for robust legal frameworks to empower law enforcement in leveraging new technologies responsibly.

Opportunities and risks in emerging technologies

Panelists examined the dual role of ICTs and AI in counterterrorism. Abdelouahab Yagoubi, a member of Algeria’s National Assembly, highlighted AI’s potential to enhance threat detection and predictive analysis.

At the same time, Jennifer Bramlette from the UN Counterterrorism Committee stressed the importance of digital literacy in fortifying societal resilience. On the other hand, Kamil Aydin and Emanuele Loperfido of the OSCE Parliamentary Assembly cautioned against the misuse of these technologies, pointing to risks like deepfakes and cybercrime-as-a-service, enabling terrorist propaganda and disinformation campaigns.

The case for collaboration

The session spotlighted the critical need for international cooperation and public-private partnerships to address the cross-border nature of terrorist threats. Giniotiene called for enhanced coordination mechanisms among nations, while Yagoubi praised the Parliamentary Assembly of the Mediterranean for fostering knowledge-sharing on AI’s implications.

‘No single entity can tackle this alone,’ Alamos remarked, advocating for UN-led capacity-building initiatives to support member states.

Balancing security with civil liberties

A recurring theme was the necessity of balancing counterterrorism measures with the protection of human rights. Loperfido warned against the overreach of security measures, noting that ethical considerations must guide the development and deployment of AI in law enforcement.

An audience query on the potential misuse of the term ‘terrorism’ further underscored the importance of safeguarding civil liberties within legislative frameworks.

Looking ahead

The panel concluded with actionable recommendations, including updating the UN Parliamentary Handbook on Resolution 1373, investing in digital literacy, and ensuring parliamentarians are well-versed in emerging technologies.

‘Adapting to the rapid pace of technological advancement while maintaining a steadfast commitment to the rule of law is paramount,’ Alamos said, encapsulating the session’s ethos. The discussion underscored the indispensable role of parliaments in shaping a global counterterrorism strategy that is both effective and equitable.

DR Congo sues Apple subsidiaries over alleged use of conflict minerals, challenges ethical sourcing claims

The Democratic Republic of Congo (DRC) has filed criminal complaints against Apple’s subsidiaries in France and Belgium, accusing the tech giant of indirectly benefiting from conflict minerals sourced from the region. The DRC, a major supplier of tin, tantalum, and tungsten — essential components in electronic devices — alleges that minerals smuggled through its conflict zones fuel violence and atrocities, including mass rapes and killings, often perpetrated by armed groups.

While Apple claims to audit suppliers and maintain a transparent supply chain, international lawyers representing the Congolese government argue the company relies on minerals pillaged from Congo. The legal filings accuse Apple of covering up war crimes, handling stolen goods, and misleading consumers about the integrity of its supply chain. The complaints also criticise the industry-funded ITSCI certification scheme, claiming it falsely legitimises minerals sourced from conflict zones.

Belgium’s historical role in the exploitation of Congo’s resources was highlighted by Congolese lawyers, who called on Belgium to support their legal efforts. Both France and Belgium are seen as jurisdictions that emphasise corporate accountability. Judicial authorities in these countries will decide whether to pursue criminal investigations against Apple and its subsidiaries.

This legal action reflects Congo’s broader struggle to end the illicit trade of its resources, which has contributed to decades of violence. Millions have died or been displaced due to conflicts linked to mineral exploitation, underscoring the urgent need for stricter enforcement of ethical supply chain practices.

TikTok appeals to Supreme Court to block looming US ban

TikTok and its parent company, ByteDance, have asked the Supreme Court to halt a US law that would force ByteDance to sell TikTok by 19 January or face a nationwide ban. The companies argue that the law violates the First Amendment, as it targets one of the most widely used social media platforms in the United States, which currently has 170 million American users. A group of TikTok users also submitted a similar request to prevent the shutdown.

The law, passed by Congress in April, reflects concerns over national security. The Justice Department claims TikTok poses a threat due to its access to vast user data and potential for content manipulation by a Chinese-owned company. A lower court in December upheld the law, rejecting TikTok’s argument that it infringes on free speech rights. TikTok maintains that users should be free to decide for themselves whether to use the app and that shutting it down for even a month could cause massive losses in users and advertisers.

With the ban set to take effect the day before President-elect Donald Trump’s inauguration, TikTok has urged the Supreme Court to decide by 6 January. Trump, who once supported banning TikTok, has since reversed his position and expressed willingness to reconsider. The case highlights rising trade tensions between the US and China and could set a precedent for other foreign-owned apps operating in America.