UN Cybercrime Convention. What does it mean and how will it impact all of us? Online Session Report
22 Oct 2024 12:00h - 13:15h
UN Cybercrime Convention. What does it mean and how will it impact all of us? Online Session Report
Session at a Glance
Summary
This discussion focused on the recently adopted UN Cybercrime Convention, exploring its contents, implications, and potential impact. Experts from various countries provided insights into the convention’s key aspects and addressed concerns raised by different stakeholders.
The panelists highlighted that the convention is the first globally binding legal instrument on cybercrime, representing a significant achievement in international cooperation. They emphasized that it builds upon existing frameworks like the Budapest Convention while providing a more universal platform for addressing cybercrime.
A major point of discussion was the convention’s approach to human rights and data protection. The experts stressed that the treaty includes robust safeguards and explicitly upholds existing human rights standards. They also addressed concerns about broad definitions, explaining that the convention should be read in its entirety to understand the checks and balances in place.
The discussion touched on the convention’s provisions for international cooperation, including mutual legal assistance and capacity building. Panelists noted the importance of these elements, particularly for developing countries, in effectively combating cybercrime.
Experts also discussed the convention’s potential impact on domestic legislation, with many countries expected to update their laws to align with the treaty. The role of civil society and private sector involvement in the negotiation process and future implementation was highlighted as crucial.
The panelists acknowledged that while the convention is not perfect, it provides a baseline for trust and cooperation in combating cybercrime on a global scale. They emphasized the importance of effective implementation and adherence to make the convention truly impactful in addressing the evolving landscape of cyber threats.
Keypoints
Major discussion points:
– Overview of the UN Cybercrime Convention and its key provisions
– How the UN Convention will coexist with other cybercrime treaties like the Budapest Convention
– Human rights protections and safeguards in the Convention
– Technical assistance and capacity building aspects of the Convention
– Implementation challenges and potential need for additional protocols
The overall purpose of the discussion was to provide an overview and analysis of the newly adopted UN Cybercrime Convention from the perspective of experts involved in the negotiations. The goal was to help explain the contents, implications, and next steps for this landmark global cybercrime treaty.
The tone of the discussion was generally positive and optimistic about the achievement of agreeing on a global cybercrime convention, while also being analytical and acknowledging areas for improvement or further work. The experts provided balanced perspectives, highlighting both the strengths of the Convention as well as ongoing challenges. The tone remained consistent throughout as a constructive examination of the treaty from multiple national and stakeholder perspectives.
Speakers
– Anastasiya Kazakova: Cyber Diplomacy Knowledge Fellow at DiPLO Foundation, moderator
– Jovan Kurbalija: Executive Director at DiPLO
– Briony Daley Whitworth: Assistant Secretary at the Cyber Affairs and Critical Technology Branch of the Department of Foreign Affairs and Trade in Australia
– Irene Grohsmann: Political Affairs Officer at the Arms Control, Disarmament and Cybersecurity at the Federal Department of Foreign Affairs of Switzerland
– Catalina Vera Toro: Alternate Representative at the Permanent Mission of Chile to OAS at the Ministry of Foreign Affairs Chile
– Andrew Owusu-Agyemang: Deputy Manager at the Cybersecurity Authority of Ghana
– Bojana Kovac: Researcher at DiPLO
Additional speakers:
– Asoke Mukerji: India’s former ambassador to the UN in New York, chaired India’s national multiple stakeholder groups on recommending cyber norms for India in 2018
Full session report
Expanded Summary of UN Cybercrime Convention Discussion
Introduction
This discussion, moderated by Anastasiya Kazakova, Cyber Diplomacy Knowledge Fellow at DiPLO Foundation, focused on the recently adopted UN Cybercrime Convention. The panel brought together experts from various countries to provide insights into the convention’s key aspects, implications, and potential impact.
1. Overview and Significance of the UN Cybercrime Convention
Jovan Kurbalija, Executive Director at DiPLO, emphasized the convention’s significance as the first globally binding legal instrument on cybercrime. He highlighted its development aspect, noting the risk of criminalizing wider populations and the need for capacity building. The convention builds upon existing frameworks like the Budapest Convention while providing a platform for universal participation.
Irene Grohsmann, Political Affairs Officer at the Swiss Federal Department of Foreign Affairs, explained how the UN Convention would coexist with other instruments. She noted that it provides a legal basis for global cooperation against cybercrime while allowing states to maintain their existing commitments under regional conventions.
Andrew Owusu-Agyemang, Deputy Manager at the Cybersecurity Authority of Ghana, highlighted how the convention complements existing regional instruments like the Malabo Convention, addressing gaps and enhancing cooperation across different regions.
2. Human Rights Protections and Safeguards
Briony Daley Whitworth, Assistant Secretary at the Australian Department of Foreign Affairs and Trade, stressed the convention’s robust human rights protections. These include safeguards for freedom of expression, protection against gender-based violence, and an explicit statement that nothing in the convention can be interpreted to permit the suppression of human rights.
Catalina Vera Toro, Alternate Representative at the Permanent Mission of Chile to OAS, elaborated on the safeguards against misuse of powers and the incorporation of protections for children.
3. Cross-Border Cooperation and Data Access
The convention provides for international cooperation, including mutual legal assistance. Briony Daley Whitworth explained the different types of data covered (electronic, subscriber, traffic, and content) and how they are treated in the convention. Catalina Vera Toro noted that Article 27 allows for ordering data production within a state’s territory while emphasizing sovereignty and formal cooperation channels.
4. Technical Assistance and Capacity Building
Andrew Owusu-Agyemang highlighted the central role of technical assistance and capacity building in implementing the convention. He suggested specific examples, such as Memoranda of Understanding (MOUs) and exchanges between countries. This aspect was noted as particularly important for developing countries to effectively combat cybercrime.
Asoke Mukerji, India’s former ambassador to the UN, raised concerns about challenges remaining around technology transfer, highlighting the need for further discussion on how developing countries can fully benefit from and implement the convention.
5. Future-Proofing and Updating the Convention
Irene Grohsmann explained that the convention uses technology-neutral language to remain relevant as technology evolves. It allows for amendments and supplementary protocols, providing flexibility for future updates. However, there was some disagreement on the timing of supplementary protocols, with Switzerland preferring to focus on implementation first due to resource constraints.
6. Implementation Challenges and Next Steps
The experts discussed the potential impact on domestic legislation, with many countries expected to update their laws to align with the treaty. They emphasized the importance of effective implementation and adherence to make the convention truly impactful in addressing evolving cyber threats.
Key next steps identified include:
– Presenting the draft convention to the UN General Assembly for formal adoption
– State ratification, with 40 ratifications required for the convention to enter into force (timeline mentioned by Asoke Mukerji)
– Countries updating their domestic cybercrime legislation
– Establishing a Conference of State Parties to discuss implementation and potential updates
7. Multi-stakeholder Participation and Public-Private Partnerships
Several speakers highlighted the role of civil society and multi-stakeholder participation in the negotiation process. The importance of public-private partnerships in implementing the convention was also emphasized during the Q&A session.
Conclusion
The UN Cybercrime Convention represents a significant step forward in international cooperation against cybercrime. While not perfect, it provides a baseline for trust and cooperation on a global scale. The discussion highlighted both the strengths of the Convention as well as ongoing challenges, presenting a balanced examination of the treaty from multiple perspectives. The overall tone was positive and optimistic, while maintaining an analytical approach to its implementation and future evolution.
Session Transcript
Anastasiya Kazakova: My name is Anastasiya Kazakova. I’m a Cyber Diplomacy Knowledge Fellow at DiPLO Foundation, and I will be moderating today’s panel. My colleagues, Vladimir Radunovic, Director of Cyber Security and E-Diplomacy Programs, and Bojana Kovac, a researcher at DiPLO, are also joining today’s discussion. After three years of negotiations, which were initiated by Russia in 2017, the UN Member States and the Ad Hoc Committee adopted the draft of the first globally binding legal instrument on cybercrime. This convention will now be presented to the UN General Assembly for formal adoption. In July, we at DiPLO Foundation invited experts from various stakeholder groups to discuss their expectations before the final round of the UN negotiations, and also to review the draft treaty. The adoption has proceeded despite significant opposition from human rights groups, civil society, technology companies, who have also raised concerns about this. But today, we hope that the discussion will help us understand the contents of the agreed draft convention and its practical implications for all of us. And we have incredible speakers, representatives of states participating in these negotiations to help us better understand the contents and different nuances. Specifically, we would like to look at how will the UN Cybercrime Convention impact the security of users in the cyber environment? What does this legal instrument actually say about cross-border cooperation in the way how states will address cybercrime? And what human rights protections and safeguards does it provide? Before I introduce our speakers, I’d like to also invite Jovan Kurbalja, Executive Director at DiPLO, for opening remarks to set the stage for our discussion. So Jovan, please.
Jovan Kurbalija: Thank you, Anastasia. Dear colleagues and friends, it’s my great honor to welcome you on behalf of Diplo and to put a few notes that may add to the substantive discussion. Anastasia, Bojana and Vlad are working very hard on following the developments and you will be hearing from them in more details about what Diplo can contribute to this important discussion. Let me just focus on a few good news and some challenges, not necessarily bad news. First good news is that states agreed about this draft convention. With all critical points, it is a great achievement at a time where member states of the UN have difficulties reaching consensus or compromise on many issues. There is no need to mention what’s going on around us. Therefore, this is the first point. The fact that the text was adopted is an achievement. The second point is that cybercrime has a development connotation. We compare inputs from the, let’s say, African countries to two processes, open-ended working group and cybercrime, ad hoc negotiation on cybercrime between first and third committee. You can see clearly that there is much more interest for the question of cybercrime and it is not surprising because cybercrime is directly affecting social fabric on many countries worldwide, but in particular in developing world. Therefore, the second good news is that by having discussion and adoption of the cybercrime convention, we are adding to this, let’s say, development aspect of the global and digital governance. The third good news is that we didn’t start from the scratch. The Council of Europe, so-called Budapest Convention, was the first codification of cybercrime and first sort of development of cybercrime norms with a lot of impact worldwide in the regional instruments and national instruments. My colleagues, Anastasiya and Bojana, just completed a study comparing two conventions, but what I’ve been getting from diagonal look is that UN Convention build on the Budapest Convention a lot. Those are three news. Fact that convention exists, second development aspect, and third one, building on existing thinking, regulatory and diplomatic processes, not reinventing the wheel, which unfortunately is happening in many diplomatic and policy processes. We don’t know what we know. We don’t know that we discussed the same issues 10, 15, 20 years ago. Let me just focus on a few challenges. For me personally, the main challenge is potential criminalization of the wider population due to specific nature of cybercrime. What I am referring to, committing traditional crime requires more personal, emotional, and other engagement, planning. It’s not just easy to commit traditional crime. Cybercrime lower the level of potential criminals from their bedrooms, studying rooms, just click away. And this is a problem because we have a cybercrime, but we don’t have a cyber jails. Therefore, there is a risk of criminalization of wider population, their rights, human rights, their dignity, and the social status. Therefore, it is always. extremely important where we deal with cybercrime, to handle with care that risk for individuals. That can be done by introducing necessary check and balances, transparency, and mechanisms that can ensure that individual user is protected, while real criminals are punished. This is going to be the main challenge. I know that there were many concerns about draft, and especially this aspect. This is not just a concern, a regular concern. It’s a concern about risk for social fabric. Because if we criminalize wider parts of population, that can destabilize societies worldwide. In this context, we at Diplo aim to raise awareness about positive developments around the convention, and also challenges. And I’m sure that today’s discussion will add to this informed, inclusive, impartial, and impactful coverage of cybercrime in general, and UN Cybercrime Convention in particular. I wish you a lot of success in your deliberation today, and in the follow-up activities.
Anastasiya Kazakova: Thank you so much, Jovan. Thank you also for providing some of the overview of the positive aspects of the achievements, for sure, but also some of the areas that worth discussing further, with different also stakeholder groups that are interested in these discussions. And I’m also sure that you provided us with several really good points, which hopefully speakers will be interested to follow up probably later in the interventions. So now I’m happy to introduce our experts. We have four incredible experts representing different countries. And hopefully, we will have also geographically diverse perspectives to this aspect. So first, Briony Daley Whitworth with Assistant Secretary at the Cyber Affairs and Critical Technology Branch of the Department of Foreign Affairs and Trade in Australia. Please also welcome Irene Grohsmann, Political Affairs Officer at the Arms Control, Disarmament and Cybersecurity at the Federal Department of Foreign Affairs of Switzerland. Then also please welcome Catalina Vera Toro, Alternate Representative at the Permanent Mission of Chile to OAS at the Ministry of Foreign Affairs Chile. And we also have with us today Andrew Owusu-Agyemang, Deputy Manager at the Cybersecurity Authority of Ghana. Welcome, everyone. We have several questions to focus on, to hopefully also cover different aspects of the contents. So I’d like to start probably with the first question and address probably to Irene and maybe other speakers will be interested to follow up. And the question is mainly about overview of the treaty for those who are not following the negotiations and less familiar with the contents. Irene, maybe you would, could you please clarify what we should expect? What kind of the changes we could expect once the UN Conventions formally is adopted and further comes into effect?
Irene Grohsmann: All right. Thank you very much. Well, first of all, for those who are not familiar with the content, just in a nutshell, the convention contains provisions on criminalization. It contains provisions on procedural matters and it contains provisions on cooperation. There are probably a few things that are going to change once the convention comes into force. And at the same time, there are things that we don’t expect to change. So first, what will probably change? So once the UN Cybercrime Convention comes into force, and that will happen after 40 states have ratified it. Then it will be the first global legal instrument at UN level that allows cooperation amongst states against cybercrime transnationally. And that is one of the main goals of the convention, to improve cooperation against cybercrime amongst states. The convention will then be new in a sense that it provides a legal basis for the first time at UN level for a potentially global circle of states to request mutual legal assistance from each other and other cooperation measures. It will also provide for the first time a global legal basis for further harmonization of criminal legal provisions regarding cybercrime between those future states parties to the convention. And what harmonization could entail, for example, is necessity to change national legislations around cybercrime to fit to the convention. At the same time, as I mentioned, the convention will not change everything and as Johan said, it will not reinvent the wheel. This is because substantial parts of the UN Cybercrime Convention, they are inspired or they are very similar to existing instruments, such as the Budapest Convention at regional level or at UN level, the UNTOC convention, the UCOC. And the convention also widely refers to national laws. This means, for example, that the cybercrime convention, it will not completely change the currently applicable standards for fighting cybercrime in the context of law enforcement or cooperation measures. For example, based on the convention, it is explicitly clear that safeguards and standards such as human rights standards, human rights safeguards, we’re going to be talking about those later also, but then also data protection, that those standards are and remain relevant for international cooperation against cybercrime. The new UN Convention against Cybercrime does not change those existing standards, but it rather upholds those standards. So while the convention will allow for a potentially global group of states, global circle of states to cooperate, to support each other in their fight against cybercrime, it will not change those existing standards, it will build on the standards that exist to fight cybercrime.
Anastasiya Kazakova: Thank you so much, Irene. I think you also highlighted really many important points, and I also would like to invite other speakers if they want to add additional aspects regarding the overview and possible expecting changes that might come after the UN Convention comes into effect. But the other question, Irene, you also touched on other instruments, and I would like to also continue on this. So you mentioned the Budapest Convention, which is considered sort of the gold standard in this area, and it’s two protocols which provide quite a comprehensive legal framework for states to cooperate to address cybercrime. The other regional instruments, such as Malabar Convention, also exist, so question, how would the UN Convention, again, once it’s formally adopted and it comes into effect, and these existing legal instruments coexist?
Irene Grohsmann: Yes, thank you. Yes, I mean, they will co-exist because the UN Cybercrime Convention, it will not exclude the application of other existing international or regional instruments, and it will also not take precedence over them. So the UN Convention will exist side by side to other relevant conventions. The Convention itself states this explicitly in the preamble, but also in Article 60 of the Convention. I’m just gonna, I don’t want to be too boring, but I’ll just cite what Article 60 says. It says that if two or more states parties have already concluded an agreement or treaty on the matters dealt with in this Convention, or have otherwise established their relations on such matters, or should they in the future do so, they shall also be entitled to apply that agreement or treaty. So this is an important point because regional conventions are usually more concrete than a UN Convention could be, and that means they remain very relevant for those member states in their fight against cybercrime and in their cooperation. And in practice, this would mean, for example, where states are members both to a regional instrument and a UN Convention, they would, in a situation where the regional Convention provides more specific legal basis for cooperation, for example, then those states would be able to apply the regional Convention, because that Convention also remains applicable between those states. There are a couple of principles that states can then look into when deciding which Convention to use in cases where states have ratified more two or multiple conventions, there are the one important element is the specificity, the concreteness, and there’s another principle around favorability, so where a convention would be more favorable to the person concerned than the other one, then states parties could tend to use that convention over the other. But in a nutshell, yes, they will coexist. The UN Convention does not cancel out any of the existing instruments.
Anastasiya Kazakova: Yes, indeed. And now I see that the UN Convention sort of provides more options for states to choose different instruments to cooperate more effectively to address these matters. And that actually quite helpfully clarifies a lot how different instruments will be further coexisting with each other. And I also would like to invite Andrew to probably also share remarks and the view coming from the Africa and African perspective. Whether, Andrew, also would you agree with this view which you ran short with us, or maybe you would add further remarks. So, Andrew, please.
Andrew Owusu-Agyemang: Thank you, Anastasiya , for the opportunity and welcome to your listeners who have joined into this conversation. Now, flowing from what Irene has said very extensively, I also do believe that the existing instruments can coexist. And this is why the existing instruments we have to tackle cybercrime all sort of focus on separate thematic areas. So, when you take the Malabo Convention on data protection and cybersecurity, that instrument is very specific and broadly speaks about data protection and cybersecurity. So, the instrument gives us instruments and gives us provisions related to the establishment of of National Data Protection Authorities. It speaks about the establishment of the National Cybersecurity Policy and National Cybersecurity Strategy, the development of the National Legislation of Cybersecurity. All these things seem to be very high-level ways by which the Malibu Convention approaches cybersecurity and data protection. However, when you come to the Convention on Cybercrime, known as the Budapest Convention, this is a more criminal justice-centric treaty. And so it approaches cybercrime in three dimensions. First of all, it criminalizes a broad range of offenses committed by computer systems or against computer systems. It also provides extensive procedural powers through which law enforcement agencies and criminal justice players can prosecute and investigate cybercrime, especially relating to electronic evidence. And finally, it also gives us a chance to ensure effective international cooperation. What I see is that the Budapest Convention covers, to a very large extent, the shortfalls of the Malibu Convention in terms of procedural powers and international cooperation. And as I noted earlier on as well, when you take the draft UN Convention on Cybercrime, it’s greatly mirrored elements of the Budapest Convention. However, the novelty in the UN Cybercrime Convention is the fact that the convention introduces the criminalization of the non-consensual dissemination of intimate images. And that is a very good development we see in our international law. And this is a position Dana really advocated for during the negotiations, because this particular provision is criminalized in our domestic law.
Anastasiya Kazakova: I guess we have lost Andrew for sure.
Andrew Owusu-Agyemang: I have actually some complimentary in the chat.
Anastasiya Kazakova: Yes, we lost you for a few seconds.
Andrew Owusu-Agyemang: Sorry about that. So I was making the point that these instruments are complementary in nature. and they are not a form of polarization, meaning to say where one instrument falls short, the other instrument provides adequate procedural powers and adequate substantive law to cater for the issue of cyber security and cyber crime. And so, a country that has acceded to the Malabo Convention, for example, Ghana has acceded to the Malabo Convention. It gave Ghana the political version to tackle cyber security from a very high level. Ghana has also acceded to the Budapest Convention. Now, it has given Ghana the opportunity to tackle cyber crime and cyber security on a very specific level related to procedural powers and international cooperation. And so, I’ve made the point that I believe that all these treaties can coexist because they are very complementary in nature and did not polarize each other.
Anastasiya Kazakova: Thank you so much, Andrew, also for giving this more specific point of how the UN Convention now complements the existing regional instruments, which other aspects does it provide? And I’d like to probably focus more on the international cooperation components of this treaty, and particularly speak more about the cross-border cooperation. There are several articles in a separate chapter which does provide more powers to law enforcement agencies of states to more effectively, hopefully, cooperate in these matters. And the question is more specific to the Article 27, which provides that a state can order a person in its territory to submit specified electronic data in that person’s possession or control that are stored in an ICT system or an electronic data storage medium. The article does seem to provide the means for the trans-border access without the authorization of another state, which probably those who are really deep in this topic remember, that this caused concerns among countries such as Russia with regard to to the Budapest Convention and a few others. So the question, does the convention also address this concern with regard of how to effectively speed up the cross-border cooperation without violating the sovereignty, the state’s sovereignty, and overall whether the article also ensures the protection of human rights, which was also highlighted as concerning by several civil society groups. I’d like to address this question first to Catalina and then Brioni and also invite Irene and Andrew to comment if they have further remarks. So Catalina.
Catalina Vera Toro: Thank you Anastasia and good morning from my part to everybody. I would like to thank the Tipler Foundation for the invitation and having Chile share their views on this panel and also I feel very honored to be sharing this space with Irene, Andrew, and of course Brioni as experts on this convention and part of the negotiations. I just wanted to address very briefly in regards to what Andrew and Irene said. This convention and some of what Jovan said at the beginning, I thank you, you put out like the positives of this because it was a very tricky and contagious negotiation. So the fact that we have a convention is also a positive note of what diplomacy actually does and multilateralism as a whole. And also to just point that this convention helps bridge between other conventions and bring in new countries that are not part of those instruments so it can eventually become an instrumental cybercrime instrument. So that’s a positive aspect as well. In regards of your particular question on article 27, of course indeed covers issues of compelling a person as is drafted as a person to produce electronic data stored within their territory. This also includes national service providers. This data of course might be physically stored in another jurisdiction if the person has access to it, maybe through cloud storage or remote service. So there is a concern, as you mentioned, about transborder access without the authorization of another state. And this has been one of those contentious points in regards of international cybercrime discussion and also how it’s drafted currently in the Budapest Convention and also in regards of this current UN Cybercrime Convention. To address the concerns that many countries have pressed, we all know, in regards of this drafting, allowing certain cross-border actions, the UN Cybercrime Convention attempts to navigate those sensitivities by emphasizing the sovereignty and jurisdictional rights of states. It also includes certain provisions that stress the importance of international cooperation and mutual legal assistance, rather than permitting solely unilateral actions across borders. States are expected to use the cooperation mechanism to request access to the data stored in another country rather than accessing it directly without authorization. This means that while Article 37 allows a state to order individuals within its own territory to produce electronic data, it does not explicitly provide a mechanism for a state to compel data access across borders without the consent of the other state involved. Instead, as I said, it encourages states to rely on those former challenges for cross-border cooperation. And I think that’s one of the key more structural elements, positive elements within the Convention. This approach obviously aims to alleviate those concerns regarding sovereignty infringement that were very prominent when we compare it to the Budapest Convention. And of course, that convention and its negotiations have geopolitical elements, other elements that come into place. So the exact language of Article 27 can still be interpreted as allowing access to data across borders, through the cooperation of individuals, for instance, which remained and will remain a sensitive area of debate as we analyze it. Some states are concerned of this provision could bypass the needs of formal cooperation processes like MRA, allowing a certain backdoor to access to data without the consent of the other state that is physically located. Because there is this such structural element of cooperation, I think in some way it can be resolved. So those are like, I cannot completely say that it eliminates the concern raised, but it tries to provide certain balances in this approach with effective enforcement and respecting state boundaries. Thank you.
Anastasiya Kazakova: Well, this is so helpful. Thank you so much. While reading for the first time the article, I understand we actually with colleagues understand that it should be read together with other articles, but still the language is so broad and you provided some important clarifications. Briony, would you also agree with what Catalina shared? Or maybe you would have other points to share? And maybe you would also be able to address the question that the article doesn’t provide explicit mechanism. Does it mean that we, as an international community, may expect further more clarification in the form of additional protocols or any other form? after the convention comes into effect.
Briony Daley Whitworth: Thank you so much Anastasiya and thank you everyone for having me here. It’s a delight to see a couple of very familiar faces and names on this very important panel because I think it’s really key for us all to understand what this convention is doing and what we are intending it to do as well. So thank you so much for the introductory remarks though. I think Irene and Catalina and I all actually also work on advancing responsible state behaviour in cyberspace, the OEWG, so I was quite sad Jovan when you said that that wasn’t as exciting or important as the AHC but I do take the point that we are contributing to global governance across a broad spectrum of topics and this is one of the biggest things that we have done in the last few years across that digital governance mechanism particularly in the UN. But to your point and your question Catalina on article sorry Anastasia on article 27, I think Catalina gave some really good input on the sort of context of where this article sits. We did have some very interesting discussions and you’re reminding me of some fascinating discussions we had around negotiating some of these articles and the point you made around some of the questions from Russia in the Budapest Convention negotiations around the location of data. We did explore some very strange hypothetical scenarios that came up with some strange outcomes when you sort of started adding in things like territoriality and the location of data into some of these articles. So you will see for those who are sort of in the weeds of this that this article is very very similar to that of the Budapest Convention and there are a lot of reasons for that. But as Catalina says this article really needs to be read in context of the entire convention. mention, and in the context of the articles that do apply very specifically to the Procedural Measures chapter. So first of all, noting that this is an article in the Procedural Measures chapter, not in the International Cooperation chapter. So it really is about law enforcement powers to investigate cybercrime on their territory. And it’s very particularly in that chapter and not in the International Cooperation chapter, which is about sharing data across borders. So first of all, the location of the article is very important. And then reading it in the context of things like the article, we have a chapter on jurisdiction that sets out the jurisdiction that the treaty provides for investigation of cybercrimes under this convention. So it’s very important to think about this article on a production order applying to the crimes that are set out in the jurisdiction chapter, which is the crimes in the convention and other serious crimes that meet that threshold, but also crimes that are linked in some way to the territory of each state party. And then as Catalina also mentioned, the sovereignty article, which is in our general provisions article, is also really key here because that does set out law enforcement jurisdiction, which is another international law concept and really does provide very strict requirements around what law enforcement can and can’t do around where they can exercise law enforcement powers and where they can’t. And so that’s very much set out in the sovereignty article as well. And then we read it in the context of the scope article, which sets out the scope of the procedural measures chapter. And also there’s an article that provides conditions and safeguards very particularly for the procedural measures. And this includes things like judicial review mechanisms, grounds for application of these measures, and things like making sure that things are very specific. So you’re asking for specific. data. All that to say, when you look at the article itself, when you read it on the face outside of that context, yes, it says a person should submit specified electronic data in their possession or control that’s in a stored device, computer, whatever we want to call it. The definitions were very difficult to agree, but we won’t go into that now. But when you pull that apart, you pull apart the actual words there, we’re talking about specified electronic data. So we have to be very clear about what it is we’re asking for. We’re talking about a person’s possession or control over that data. And so that can mean that it’s actually physically located is on my laptop that I’m talking to you from right now, it is on my phone, and you’re asking for something that’s stored there, or that I have control over. So maybe not possession, but control. And very particularly here, it’s important to think about what a person is. And here we’re talking about legal persons as well, not just individuals. And so I may not, as Briony, have actual control over things that are stored on my Gmail account, that in fact, may be under the control of Google, not Briony. And so the Australian Federal Police, who would be the ones issuing a warrant for that data, may in fact have to go to the United States to go to Google, rather than coming to me for that data if I do not have particular control, as an example. And finally, the final point I will make is that this is very much based on the Budapest Convention. And you did say sort of, Anastasia, the point about more clarification coming. And I think it’s really important for us to look at the corpus of jurisprudence, and of interpretation that’s already taken place in internationally around the Budapest Convention version of this article, because that provides guidance on how at least 76 countries have interpreted this to work so far. And that provides really good guidance for how it could potentially be interpreted, and probably will, at least by those 76 countries, to be interpreted to be used under this convention. And that very much does not allow for cross-border access to data without the state knowing about it. Thanks.
Anastasiya Kazakova: Thank you so much, Bob. That’s, again, a lot of points to follow up. I want to just briefly touch on two aspects with regard to the person. The article, indeed, does say that a state can order, but if a person wants to challenge that particular request coming from the state, from a law enforcement agency, would the convention in some way provide clarification how persons and also legal entities can challenge such requests from states, whether there would be such an opportunity for doing so? And the other question I would like to also address to Catalina and you, Briony, would you say then that since the convention indeed introduces this threshold of the serious offenses, would you say that the convention narrows down the scope for the international corporations or actually expands it, compared to the Budapest Convention and two protocols?
Briony Daley Whitworth: I’m happy to start, if you’d like, and then we can go. I’ll pass over to others, because there’s a lot in there. There’s so much detail in this convention, and it’s been absolutely fascinating to get into the weeds. When you talk about challenging an order, under all the procedural measures, we were very firm that we needed to have really clear conditions and safeguards and guardrails around how these powers should and can be used by law enforcement, because these powers we’re talking about across the entire chapter, we have preservation of data, we have interception of communications in real time, we have all sorts of things that can be, in certain circumstances, quite intrusive. And so what you need to have in order to provide these powers for law enforcement, which are really needed for cybercrime investigations, is the trust and the confidence that they’re going to be used in a way that is consistent with human rights, and that really respects the individual, individual’s rights and are only used in a way that can be justified. So reasonable, proportionate, legitimate, lawful, sort of all of these measures have to be very clear around that. And so we created a new article for these procedural measures, in particular, setting out conditions and safeguards for those. And some of those conditions and safeguards, first of all, they say that all of the use of these powers must be consistent with the protection of human rights and international human rights law. But it also says that you need to have in the domestic law of each state, mechanisms for people to look at review of these powers. So we have, for example, some sort of ways that you could have judicial or other independent review. So if someone is subject to an order, they can go to a judge and say, I don’t think that this is appropriate. You have rights to an effective remedy in cases where this power may be exercised in a way that’s, in fact, not the way it should be exercised. When these powers are used, the law enforcement entities have to have grounds just why. So you need to think about, for example, when I’ve seen warrants issued, like really setting out exactly the reasons why this warrant should be issued, and then limitations around scopes around duration, around who’s being targeted, around what information is needed there. And so that really provides a lot of rights and opportunities for those who may be subject to these orders to really think through whether or not they actually should submit to those orders. That being said, all of this has to be reflected in domestic legislation. So a treaty text is not the same as legislation text. It’s very high level. And the proof is in the pudding when we see countries actually turn this into legislation. And we have these guidelines around what that legislation has to do. But at the end of the day, that legislation will be much more specific than the treaty text itself.
Catalina Vera Toro: Yeah, and if I can add to that very simply, because Briony explained it very, very well. And of course, I loved how she defined the structure of this convention, because I think it’s very key, as she mentioned, to how you can actually understand the fullness of the convention and the different elements that come within it. You cannot read a single article as a standalone, because there are check and balance here and there. It was a balancing act, you could say. Also, in regards to the safeguards and where to put them. I mean, you probably analyze the convention, and those safeguards were in different chapters, precisely because of that balancing act between the different articles and the scope and elements that were within the convention. I would just like to say that in regards to the protection or the reasons of refusal from an individual, of course, this will come back into legal frameworks, national legal frameworks. as well. So when it comes to within state, you could say, and within internal frameworks, especially in regards, I could say, in the case of Chile, we have certain checks and balances, and the safeguard of human rights at a very high level. So the rights of individuals have different resources where they can actually enforce them in regardless of what this convention states. So, yes, I mean, and you can see it throughout the test, the text within itself, that the local the domestic law also comes into place at how this will come to life, you could say, especially in regards of the provisions of human rights and rights of individuals. I just wanted to add that because I think it’s a very, very important element. When we see this convention, as I said, come to life after countries have signed and ratified, but also present reserves to it, and their interpretive notes when ratifying and then incorporated within the national frameworks.
Anastasiya Kazakova: Thank you very much. And I also wanted to a little bit stay on this area more and talk as well about really contested areas, which is our human rights and also the definitions and also pass some of the feedback that we heard from civil society organizations at the previous webinar that we organized. So particularly we heard concerns with broad definitions such as the electronic data, which may refer to any data stored, processed, or transmitted electronically, regardless of whether it has been communicated to anyone. And it may include documents saved on personal computers, but also further personal identifiable information. And the concern that we heard that unlike content, or traffic data, the electronic data has lower protections in the UN treaty and can be compelled to the preservation, production and seizure. So the question is that maybe you would help us to better understand whether this assessment is correct and noted that many of these articles would be further clarified within domestic legislations but the question is though do you see the risk that once the domestic legislations are adopted there might be some conflicts in the way how this broad treaty is interpreted and further transposed at the national level the question is the same to Catalina and Brioni but I also invite Yvonne and Andrew to share further remarks I don’t know if I go first well I worked previously joining MFA I worked
Catalina Vera Toro: in the regulator of telecommunications in Chile so the regulatory exercise especially when it comes to terminology of these technical elements it’s all always very tricky it needs to be revisioned and it’s always you know it could be better but Brioni touched on this very briefly when in her previous intervention in regards of terminology for instance that was a very very tricky negotiation it took a lot of time you would you would have thought that this wouldn’t be as tricky since most of us most of the countries you know have some sort of legislation regarding certain of the elements that are you know touched upon within the convention but it was because we have differences on how we interpret certain elements that are key for instance for cyber crime so that’s one of the points also yes I mean we that interpretation also comes into place when it comes to bringing this convention to our legal frameworks we have differences that come to basic elements like us being democracies and other countries not being democratic countries, you know, we have different provisions and interpretations in regards, for instance, of human rights and how we enforce them, different structures for checks and balances, you know, so all those elements come into place in regards of your question and human rights and how they’re going to be, you know, respected and promoted also within this convention as it comes to light. One of the main concerns, I mean, I looked it up and tried to structure the elements like taking a step back as a state and just looking at it as a regulator, you could say, technical person. Of course, the definition of electronic data drafted in the convention as referred and as drafted as it is, is that definition that encompass all types of data stored in a digital service, you could say, and even if that data has not been communicated to anyone, it’s still part of the package, you could say. It also includes like personal documents, photos, notes, smartphones, and so on and so forward. In regards of whether it has a lower threshold on provisions and production or seizure, of course, the process for accessing that electronic data generally involves, you could say, a lower threshold compared to the access of procedures for content data that is also being, you know, defined in the terminology article of the convention, and of traffic data. And those have different definitions, but you could say electronic data is sort of the package of the whole. And you could see that differences being made throughout the convention. So this means that states can more easily request or compel individuals. to provide access to electronic data in some sense, even if it contains certain private information that was not meant to be shared, for example, but then again, you have the legal domestic framework and other provisions that are within the convention that kind of come into place to protect and safeguard the human rights aspects of this, you know, so it’s not as standalone as was in the previous question, you could say. In regards to privacy and human rights, of course, we are very close to civil society, you know, and multi-stakeholders as a country, we see great value on their specific, you know, expertise, because this is multi-stakeholders, whether it’s private sector, academia, you know, or human rights organizations, we see great value and throughout the process, their inputs were key for states like us, you know, when we don’t have those huge teams and expertise, I just like to have that put out there for developing countries, the job that civil society does is structural, is monumental, and can help us envision different dimensions of what we are negotiating when we don’t have all those experts with us in the room, so, but of course, we know that they express concerns in regards to certain provisions that might enable certain overreach by law enforcement and the potential to undermine individual privacy, that maybe authorities could gain access to intimidate or intimate or the personal information without meeting the higher standards that are typically required for assessing maybe more sensitive or personal types of data, when we talk about content data or personal data, those elements are within the convention and you can see it. throughout and certain dispositions. I think Briony can explain it a lot more better, but there are differences within it. In regards to potential misuse, of course, there are concerns, the broader definition and the lower protections could eventually make it easier for states to justify access to personal private information. But of course, there are certain elements when we do these negotiations that Briony, I think it’s the one structural element that Briony touched upon in regards to trust. If we, these sort of conventions depend on that when we have like a universal instrument and cooperation between states. There needs to be trust that we are all looking for the betterment of our countries, but also the whole system and the protection and promotion of human rights over our own nationals. We trust on that. But of course, we know there can be certain misuse and therefore their safeguards and certain elements are within the convention. I just want to summarize by saying that this electronic data and how it’s drafted, it could undermine international standards for protection of freedoms of expression and privacy that are enshrined in other international frameworks, such as the International Committee on Civil and Political Rights. And this is something that we touch upon within the negotiations. That’s why it was incorporated explicitly. And we fought very hard to have those safeguards. If you follow the negotiations, those were one of the contagious issues. And as a region, the Latin American region, we fought for this because this is very structural for us. If we didn’t have those elements in there, of course, that certain like, basic elements of what a UN convention should have, was not gonna, it wasn’t gonna fly, what you could say. I mean, this is something very, very structural when we’re talking about a UN convention, it’s different, maybe from regional conventions, or bilateral, or from some subset of countries, when we’re talking about a UN convention, those human rights and structural provisions and safeguards need to be there. So I think that throughout the text, you will see it, and it can cover, in some sense, those worries. We know we cannot cover all of them, but we did try very, very hard to have those checks and balances within the convention itself.
Anastasiya Kazakova: Thank you so much for addressing this quite complex question, and also you made many important aspects. I’d like to pass the floor to Briony first, before moving to other questions. So Bryony, please.
Briony Daley Whitworth: Thank you, Anastasiya. I will try to be brief and hit on three of my favourite things to talk about. The first is to very strongly emphasise Catalina’s point around civil society, and the really important engagement that we have had from civil society, from industry, from human rights organisations. We read everything with great interest, and if I haven’t had the chance to talk to my delegation about what we think about something, sometimes we will plagiarise. So it is really helpful to have all of that engagement throughout the whole of the negotiations. My second point that I really want to make around this question, because you’ve sort of focused it around the concept of electronic data, and I think one of the things that came up, as Catalina mentioned, is this idea of definitions. So I think it’s really important to be clear about what we’re talking about when we’re talking about electronic data and to talk about why that is different to the other types of data that this convention also deals with. So it also deals with subscriber information, traffic data and content data. Those three are all around communication. So they are all around things going across networks, whereas when we’re talking about electronic data, this is what we was the compromise word that we used. But the definition is actually taken directly from computer data from the Budapest Convention. And so when we’re talking about electronic data, we’re usually talking about a broader set of data, but mainly we’re thinking about stored data rather than things transitioning over networks, which is where we’re talking about subscriber traffic and content information. And I think that the question around whether human rights are somehow at a lower level or whether there are less protections around electronic data is a really interesting one. As Catalina mentioned, human rights protections were really at the forefront of a lot of the negotiations over the last couple of years. And one of the things that I’m most proud of is setting a really, really high bar in the general provisions on human rights protections. Uniquely high bar, in fact, for a UN convention and particularly for a criminal convention, because we have this article that doesn’t just say that human rights apply, but it says that nothing in the convention can be interpreted to permit the suppression of human rights. And it goes on to list some of the rights that are most at risk of being suppressed or violated through some of these measures, free of expression, conscience, opinion, religion, belief. Assembly and association. And we also have unique for a UN convention, crime convention. an article on the protection of personal data, and that’s around personal data protections when you’re transferring information between countries. And so when you look at this convention objectively against other UN conventions, it really does have more numerous and more robust safeguards. And that’s because we do have these powers and articles that provide for the preservation, the disclosure of electronic data and other types of data. And if they’re used in a manner that’s not consistent with human rights, that’s not reasonable, necessary, proportionate, then they could indeed actually be incompatible with something like the right to privacy. So that’s why in creating and agreeing to these powers in this convention and the way that electronic data is preserved, produced, seized in this convention, we’re really focused on providing those clear limitations, those guardrails around those powers to make sure that they are consistent with human rights. And just to sort of go to Catalina’s final point, the convention is not perfect. I don’t think any of us would say that. There are many things in this convention that I would have liked to see do better. There are a lot of things missing out of this convention that I would have liked to have seen in there. But what I think it does do is it does provide that baseline to create the trust that we need in order to combat cybercrime. Catalina mentioned democracy is using this convention. I don’t think you necessarily need to be a democracy for this convention to be rights respecting. But I do think one of the priorities we came to with this convention was making sure that this convention does not legitimise bad actions. I recognise that there is no way through this convention that we can stop bad actors from doing bad things, but what we can do is make sure that this convention helps us combat that and doesn’t legitimise any of that action, and I think we have achieved a lot of that through the Human Rights Protections. Thanks.
Anastasiya Kazakova: Thank you so much. That’s indeed an achievement in the way how the Treaty is a first example how all states manage to agree on many contested issues, even though, as I mentioned, in July we gathered many stakeholders and I just remember we asked what are the predictions before the final round. I guess a few people actually believed that state would manage to agree on this, which was a miracle to many. But thank you so much, Briony. That was really also important notes. I’d like to also move on and focus on the other aspect which relates to technical assistance capacity building, which I think is a really important element of the UN Treaty and makes it a bit different from the other regional legal frameworks. Maybe you would disagree with me, but I’d like to turn to Andrew as a representative of Ghana and African perspective, because that was a really important issue for many developing countries to include those provisions that would facilitate the technical assistance, capacity building and technology transfer. So the question is, Andrew, how does the adopted draft convention solve this and how would it be used to facilitate technology transfer?
Andrew Owusu-Agyemang: Well, I think, Anastasiya, so as you said, I believe that technical assistance and capacity building is very central to the implementation of this convention. Now you realize that cybercrime has had a very high proliferation globally and globally we have felt the effects of its damage and the extent of what you can do in terms of theft. So I think it’s important that treaties like these are developed and established to enable developing countries to accede to them and start their fight against cybercrime. Central, however, is the issue of technical assistance. And I’m glad to report that Ghana has enjoyed some extent of sexual assistance and capacity building by being a member of the Budapest Convention. So for example, through the Council of Europe Clarity Plus Program, a lot of our Ghanaian jurists and judges and prosecutors and law enforcement agents have received training in electronic evidence handling and the prosecution of cybercrime, which has played very helpful roles in the prosecution of cybercrime in Ghana. You’d realize that the Supreme Court judges currently in Ghana, almost half of them have undergone electronic evidence handling training, and this plays out in the way they handle a lot of cases, including election petition cases and typical cybercrime cases. Now, looking at how the UN treaty, the draft UN treaty has couched their provisions on technical assistance, I think one key way we can implement this is by way of MOUs. So the various articles in the technical assistance chapter of the draft UN convention provide that parties to the convention may enter multilateral or bilateral agreements to implement relevant provisions in the convention. And so I think that this can be done practically by way of MOUs, Memorandum of Understanding. Countries may enter into bilateral or multilateral agreements, whichever they deem fit, to enable the development of one capacity of law enforcement agents, of judges and jurists, and of prosecutors to ensure that cybercrime is prosecuted right. Another way that this convention will solve the issue of technical assistance is by way of personal exchange and exchange programs. And so by way of an MOU, two countries or two states parties to this convention can decide that as national authorities, be it cyber security authorities in the country or the Office of the Attorney General in the country, they can engage in personal exchanges whereby technical expertise from one country can be seconded to developing countries to aid the technical competencies of the offices in that developing country. So, for example, Ghana may have an MOU. with a country such as Australia, where Australia, the Australian government may second some technical staff to the Ghanaian Cyber Security Authority to aid the Ghanaian Cyber Security Authority in building its competence in the fight against cybercrime. Another way we can look at this also is by way of the organization of conferences and seminars to promote common discussions and cooperation on implementing certain provisions in this draft treaty and convention. And so parties to this convention can, at their own will, organize certain seminars to sort of facilitate a forum to engage and discuss these matters that pertains to implementation of this treaty. And so practically, these are some of the ways I think that the UN Cybercrime Treaty provides for technical assistance and capacity building.
Anastasiya Kazakova: Excellent, thank you so much. That was really structured and comprehensive of you and it helps a lot. And one of the last questions that I also have is to maybe also follow up on the questions that I see in the chat. Also, thanks so much to those who addressed them. And to turn to Iran, basically to speak more specifically on the implementation and additional protocols of the convention. At the last session, we saw that some states shared views whether additional protocols would be required soon, in particular to further negotiate the list of offenses and maybe to provide more specifications to some of the broad areas in the draft. While other group of states said that it’s too early to say implying that states should firstly focus on the implementation of the currently adopted draft. Iran, maybe could you please unpack a little bit this issue and also help us to understand further which mechanisms in general the text has to keep up with the pace of technological developments as well. Protocols, we understood one of the such instruments. to make sure that the conventions stay up-to-date to the way how technology develops, but maybe there are other elements that we are currently missing.
Irene Grohsmann: Yes, thank you very much. So on the first question, the supplementary protocol discussion. Yes, indeed. So at some point during the negotiations, it became clear that there are certain topics that require further and more extensive discussion among all the member states. But it was just not possible to deal with those topics in a satisfactory manner within the time constraints of the AHC. So at some point it was decided to move those discussions to a later stage. And as you mentioned, Anastasia, this specifically came up when we discussed which crimes and which offenses to include in the criminalization chapter. So which offenses should be included in a convention and which ones should not be included? And there were a group of states, my country included, that had advocated for a very limited and focused catalog of offenses to be included in the convention that would entail mostly so-called cyber-dependent crimes. And then other groups of states, they found that the catalog should be more broad and include, in addition to the cyber-dependent ones, it should also include cyber-enabled crimes. From the perspective of those countries that called for a more focused catalog, they were not in favor of having an extensive catalog and therefore saying, well, implementation of the draft convention should be prioritized, therefore also giving opportunity to see whether or not elements are missing that might need to be addressed at a later stage. while, as I mentioned, others had different views on that. For us, as Switzerland, as a small state, this discussion also had to do a lot with resources. In our opinion, it would have been preferable to focus on implementation first, because resources need to be used for the ratification process, implementation process, and at the same time use the same resources to negotiate a supplementary protocol. It’s just going to make it very difficult and challenging to make real effort and real progress in implementation work. At some point, the resolution is clear. At some point, we’re going to be looking at discussing a supplementary protocol. At this stage, in our opinion, it’s too early to say what will be the exact content, what will be the topics that we will need to discuss in those negotiations. At some point, we will see what’s going to happen and how this topic will evolve. On the second question, you asked how can the convention be future-proof, how can we make sure that it will not be outdated very soon. The approach that was taken when drafting the convention was to use technology-neutral language as much as possible to make the convention as timeless as possible. The convention focuses more on behavior rather than listing specific technology. This is the same approach that was used for the Budapest Convention. And that was quite successful. The Budapest Convention was adopted in 2001 and now 23 years later it is still very useful and very practical and not outdated. So hopefully the same will be true for the UN Convention. You mentioned that there’s always an opportunity for supplementary protocols. Absolutely. The Convention also provides the opportunity of or the possibility of amendments. So once the Convention comes into force and the Conference of State Parties is established, that Conference of State Parties will be a venue for states parties to the Convention to discuss whether or not there are topics that are not covered by the Convention or not sufficiently covered by the Convention. And then they can decide how to address those issues. And one tool could be to amend the Convention. This can be done five years after entry into force. States parties could decide to to make amendments to the Convention if they deem those necessary. But the technology neutral approach should really be the one instrument that ensures that the Convention can stand the test of time, which we are very hopeful that it does.
Anastasiya Kazakova: Thank you very much, Irene. We’re also very honoured to have with us Ambassador Ashok Mukherjee, India’s foreign ambassador to the UN in New York, who also chaired India’s national multiple stakeholder groups on recommending cyber norms for India in 2018. I also wanted to use this opportunity and have more perspective coming from India and also invite Ambassador Mukerji to share maybe some of the views on what we already discussed with our experts.
Asoke Mukerji: Thank you. Anastasiya, I first of all would like to welcome the discussion that we’ve had today, because it, in a sense, vindicates the idea of having an international legal framework for cyberspace. When people like us, after understanding this issue, wrote about it in 2017, 2018, 2019, the feedback at that time was negative. Everybody told us, as practitioners, that you are proposing something that the lawyers will never agree on. But I’m glad that today, people who are in the panel have shown that with trust and commitment, we can actually get an international legal framework for one part of cyberspace, which is cybercrime. As Johan said, the negotiations took place against a very difficult global environment, and I think that that’s something that our participation from India proved to be useful, because it showed that countries like ours, which are committed to a functional multilateral system, can also get something from the multilateral system, which impacts on us and on our objectives of international cooperation through multilateralism. The second point that that was remarked upon in India was the effectiveness of multiple stakeholder participation in a domain such as cyberspace. This is something that has evolved over the past 15 years in India, and I think the convention and the way the convention was negotiated with multiple stakeholder participation vindicates our choice to use this model for meeting the new challenges that multilateralism faces. There were five issues which India looked at in the negotiations, and these are in the public domain, but I am very grateful to my colleague, the current Indian legal advisor in New York, Maithili, who was part of the Indian delegation and who shared these five issues with me. These include the scope of the convention, the list of crimes, the safeguards proposed for human rights, the provisions for mutual legal assistance, and when will this convention be ratified and come into force. So on these five areas, we are happy with the scope because as the chair sent in her note on the 3rd of September, the scope of the convention is a broad scope and that is contained in the word cybercrime itself. It’s not disaggregated to limit the scope. On the list of crimes, the current list, which is in article 17 and the discussions we’ve just had on additional protocol or additional supplementary protocol meet the perspective that we have of not locking in something, but allowing the convention to have the flexibility to bring in an updated list of crimes while giving primacy to the domestic legal framework, which has to support the convention. In our Indian system, the constitution commits us to implementing the treaties which we enter into. That has an effect on also the kind of domestic laws that we need to have in place. And as I speak, India’s new cyber legislation is again being discussed and in the process of being updated. So the convention comes at a good time for this process for us. On human rights safeguards, we in India have, while not being part of the Budapest Convention, have actually tried to take a lot of the Budapest Convention into our national legislation. And I think the fact that as your panelists pointed out, The UN Convention incorporates a lot of the Budapest Convention provisions in its text is a matter that gives us satisfaction. Although I must also add the point that Catalina was mentioning that the role of civil society in India in keeping track of this and in making sure that this is going to be part of the convention cannot be understated. Civil society has played a very, very important role in the evolution of cyber crime discussions and legislation in our country and through that in the UN framework as well. Mutual legal assistance is something that is very important. I have had an opportunity of dealing with mutual legal assistance for countering terrorism. And I know how difficult it has been to harmonize the work of different jurisdictions as well as to bring in the availability of new technologies, for example, for electronic mutual legal assistance agreements. And I think that the UN Cybercrime Convention, if it fleshes out the MLA principles and provisions and shows that you can use new technologies to actually expedite cooperation for mutual legal assistance, then it will have not only a significant impact on cyber crime, but also on other crimes that are waiting to be addressed through this new dynamism and trust and technology in mutual legal assistance. Transfer of technology is, of course, an issue of great importance for enabling and empowering populations to use this convention properly. But there is, if I may say, a cloud on the horizon and on the 7th of October, those of you who follow the UN General Assembly. Assembly would have heard a very important set of statements by a major technology power and one of the leaders of the United Nations, which basically sought to restrict any effort for the transfer of technology, except on what the article itself in the convention says, mutually agreed terms. Now that throws up issues for developing countries of flexibilities. We have negotiated them in the environmental world, in the CBDR. We have negotiated them in the trade world, in the special and differential treatment provisions. So we were expecting something similar in the digital world, but perhaps it will have to wait for another day. And finally, for us, the fact that the threshold of ratifications was kept at 40, and that a two-year period has been indicated for completing this process, which means by December 2026, the ratification should have been done, and the convention would come into force, is a matter of great satisfaction. So these are the points that I have sort of brought together after interacting with my colleagues here, and I wanted to share them with you. Thank you, Anastasia, for giving me this opportunity.
Anastasiya Kazakova: Thank you so much as well for sharing many important points. I just want to probably specifically highlight one of them, is that the convention hopefully will also influence many participating states to amend, improve existing legislations, but also adopt new ones, and hopefully to enhance the organization in the way how different law enforcement agencies tackle cybercrime. I’d like to invite my colleague Bojana, because I see a lot of going on in the chat, and maybe to sum it up on the main issues that the audience shared with us.
Bojana Kovac: Thank you, Anastasiya, and thank you to our speakers for their interesting points. on this topic. So there are quite a few questions and points raised in the chat. One interesting point is the fact that since the UN Convention will be used as a complementary instrument, maybe that would lead into kind of a cherry-picking between the states on which convention will be more beneficial to them. So that is an interesting point and raises a lot of questions in regards to the legal aspect and the enforcement of the Convention. Now with regards to the questions, there are quite a few but I will pick two and if we have time we will continue with them. So the first one is for the speakers and what role do you see for public-private partnerships in enhancing the effectiveness of the Convention? And the second question is how can the Convention foster international collaboration in research and development of predictive technologies to stay ahead of evolving
Anastasiya Kazakova: cyber threats? So yeah, over to you Nastya. Thank you so much Bojana. So I’d like to turn again to all our incredible panelists and invite them to share probably the final words and maybe to include some of the final messages to the audience. And if you also like to address the questions that Bojana also raised, so please do. But overall, on concluding notes, what would be the main message to the audience? And I’d like to start first with Irene and then to turn to Briony, Catalina and Andrew. So Irene, please. Yes, well thank you very much.
Irene Grohsmann: Thank you very much for organizing this very interesting discussion. I also found it very helpful. I feel like there’s always more to learn on this Convention each day even if you participated in negotiations and it’s going to be very interesting to to see where this journey takes us in terms of ratifying and supplementary protocol. Maybe a couple of points that my co-panelists mentioned earlier is the point on safeguards, human rights specifically, and that this convention needs to be read in its entirety. I think for us, one of the main reasons why we also were in a position to support this final product that all UN member states extensively discussed over many, many hours, was exactly the fact that it reaffirms that human rights standards and safeguards are essential to international cooperation against cybercrime. So there really is no way around it. It is conditio sine qua non for my country and many other countries that participated in these negotiations. And the other point, and that alludes a little bit to the first question on public-private partnerships, is the essential role of civil society and NGOs, private sector actors, in supporting states against the fight against cybercrime. In our perspective, the AHC, it provided an important space for those actors to voice their opinions, to speak from the floor. We also, like Bryony said for Australia, the same for us, we read all the submissions. We are inspired by them, copy pasting sometimes. So that is really important, and that should be an important factor going forward when the convention is being ratified and being implemented. So those actors must have a space to contribute their excellent and very necessary expertise. And this will be a discussion point, you know, when we talk about the rules of procedure for the conference of state parties, which we will definitely keep an eye out to make sure that those actors can be involved as much as possible.
Anastasiya Kazakova: Thank you so much, Irene. Indeed, this process was really unprecedented in the way how multistakeholders could participate in the negotiations and share their remarks. I think that was also a great achievement for the multistakeholder participation. Briony, please, over to you.
Briony Daley Whitworth: Thanks, Anastasiya. This has been absolutely fascinating, and it’s really lovely to hear so many different perspectives from those in the room and those who are sort of looking at it from outside as well, because sometimes we do get a little bit lost in the weeds in those UED basements. But I think going to the couple of questions that were asked around public private partnerships and capabilities. One thing that I think we have to be really cognisant of with this convention is it’s only as effective as it is its implementation and adherence. And so in order for it to be effective in combating cybercrime, it needs to be implemented. And that does require public private partnerships, because I think we’re all here because we know that that threat landscape of cybercrime is just absolutely exponential. We’re seeing scope, scale, the effects of all of these crimes proliferate to a really great extent. And the idea of additional capabilities, cyber capabilities that we’re seeing, malware, spyware, the use of AI, really expanding that attack surface and that threat landscape. So the importance of public private partnerships, not only to help us look at the threat and understand the threat as states, but also to help us combat and uplift the cyber security, the resilience. And really work on that prevention side of things as well, I think, is one of the really core things that public private partnerships are absolutely essential for. And really thinking about the way that capability development, it’s not about the tools, it’s about their use. And so making sure that we’re criminalising criminal use, but also finding pathways to use these tools in ways that do help us combat cybercrime and other malicious cyber activity. I will finish with probably a cheeky remark. I don’t think this is the first international legal framework in the UN that governs cyberspace. We’ve been working in other groups for a long time to look at how we, in fact, already have a convention that governs state behaviour in cyberspace. And that’s the UN Charter. And so everything that we do derives from that. Thanks.
Anastasiya Kazakova: Thank you so much, Catalina.
Catalina Vera Toro: Well, thank you. Thank you for the opportunity. I saw some of the questions in the chat that were great. Please keep in chat, in contact. You have our contact. I would love to hear from the people that have further questions. In regards of like final messages, just to say that there are certain elements of human rights that were not touched upon that I think are very important and structural within the convention. In regards, for instance, for gender based violence, for certain type of crimes that are included within this convention. I think those are like very important wins, you could say, that those languages are incorporated and those provisions are incorporated within this convention. Also, the notion and the direct linkage of the convention on the right of the child. You know, there are certain like buildage that this convention in particular, I wanted to highlight because I think it’s a very positive approach and a way of buildage within the UN framework of other conventions that come into place. And I think it’s a result of how cyberspace and particularly cyber crimes of cyber enabled crimes are like ever expanding and should have those like elements that make it future proof. And I think the convention, how it’s drafted kind of takes that in into itself. In regards to other elements, of course, capacity building is key for developing countries. So therefore, private public partnerships are like essential. I think one of the important things that should be highlighted with this convention is the universal nature. Of course, we need to have it adopted, come into place and obviously ratified for a very important number of countries. That’s the only way this is going to be successful and useful for everybody, of course. But it gives a platform for countries that are not part of other conventions to come into place and to be part of the dialogue, you know, the conversation. There were countries that were being left out. So this provides an opportunity for all of us to come together, to raise our standards, to learn from each other, to have cooperation, you know, instruments and obviously to make a virtual world out of it and protect our nationals and our people when it comes to those more prevalent crimes. And some are very, very harmful. So I just wanted to say that. And in regards to this being a cherry picking exercise, I don’t think so. I think it’s going to be another instrument. that it’s going to be that layer, that dome, that is going to be provided so that everybody becomes a player and we have that interconnectedness between each other. Cyber is a global dimension, a new dimension, and therefore it only makes sense for us to have a UN convention when it comes to cyber crimes, because it’s a global phenomenon. Thank you.
Anastasiya Kazakova: Thank you so much, Catalina. Andrew, over to you.
Andrew Owusu-Agyemang: All right, thank you very much. So flowing from Catalina’s cultural remarks, I’d also like to highlight certain wins I think are big wins in this draft UN treaty. To begin with, as I mentioned earlier, the Article 15 on criminalization of the solicitation of children for sexual offence, I think it’s a big win that has been included in the draft UN convention, especially for developing countries where we see more of these cyber crimes being manifested. I also do believe that Article 16 on the criminalization of the non-consensual dissemination of intimate images is also an important win that needs to be recognized as part of the draft UN treaty. Also, as the other panelists have extensively spoken about, the conditions and safeguards in this draft treaty are very impressive and extensive for that matter. We’ve also spoken about the respect for human rights, procedural guarantees, conditions and safeguards, as well as the protection of personal data. These are very elaborate conditions and safeguards that will ensure that even as law enforcement agents investigate and prosecute cyber crime, the human rights of offenders and victims alike are also protected. And I think this is a very big win that we need to commend the drafters of the treaty on. The last area I’d like to highlight is on the procedural powers. Now, although many other instruments such as the Budapest Convention, the UNCTAD and the UNCTAD criminalize and provide powers for other things, the UN draft treaty provides procedural powers mainly on witness protection. And I think that this should be highlighted and commended as well. It’s a big win that we need. to realize and recognize. Now, drawing the curtains on the discussion so far, I think one thing I’d like to highlight in terms of public-private partnership, as I intimated earlier, will be the development of MOUs so there can be a moment of understanding between public sector organizations and private sector organizations to engage and commune and see how capacity building, exchange programs, and cooperation can be used as tools to fight cybercrime and enhance cybersecurity. So thank you very much for this opportunity, and it’s been a great learning curve for me as well.
Anastasiya Kazakova: Thank you so much. I do also hope that the discussion was also helpful to our audience, and please join me in thanking our incredible experts for helping us better understand the treaty, tackling all our complex questions, our million-dollar questions, and sharing the results of your success agreeing on this first global cyber treaty. To me personally, it was incredibly helpful because we’ve been, with our colleagues, trying to understand and unpack the contents of the convention for the past month. So thank you so much again. And to learn more about this convention, international frameworks, and how public-private partnerships can also help drive solutions in this evolving technological landscape, so if you’re interested, please enroll in Deeple’s interactive online course, which starts in November later this year. I see that my colleague Bayana also already shared the information, so again, thank you so much to everyone. It was a really great pleasure. We will share the recording from the session and also a short summary of the discussion, and let’s stay in touch to discuss this better. Thank you everyone.
Anastasiya Kazakova
Speech speed
145 words per minute
Speech length
2501 words
Speech time
1028 seconds
First globally binding legal instrument on cybercrime
Explanation
The UN Cybercrime Convention is the first legally binding global instrument addressing cybercrime. It was adopted after three years of negotiations initiated by Russia in 2017.
Evidence
The convention will be presented to the UN General Assembly for formal adoption.
Major Discussion Point
Overview and Impact of the UN Cybercrime Convention
Agreed with
Irene Grohsmann
Andrew Owusu-Agyemang
Catalina Vera Toro
Agreed on
UN Cybercrime Convention as first global legal instrument
Jovan Kurbalija
Speech speed
118 words per minute
Speech length
641 words
Speech time
323 seconds
Builds on existing frameworks like Budapest Convention
Explanation
The UN Cybercrime Convention builds upon existing frameworks, particularly the Budapest Convention. It does not start from scratch but incorporates elements from previous regulatory and diplomatic processes.
Evidence
A study comparing the two conventions shows that the UN Convention builds on the Budapest Convention significantly.
Major Discussion Point
Overview and Impact of the UN Cybercrime Convention
Irene Grohsmann
Speech speed
0 words per minute
Speech length
0 words
Speech time
1 seconds
Provides legal basis for global cooperation against cybercrime
Explanation
The UN Cybercrime Convention will be the first global legal instrument at UN level allowing cooperation among states against cybercrime transnationally. It provides a legal basis for mutual legal assistance and other cooperation measures.
Evidence
The convention will come into force after 40 states have ratified it.
Major Discussion Point
Overview and Impact of the UN Cybercrime Convention
Agreed with
Anastasiya Kazakova
Andrew Owusu-Agyemang
Catalina Vera Toro
Agreed on
UN Cybercrime Convention as first global legal instrument
Reaffirms human rights standards in cybercrime cooperation
Explanation
The convention reaffirms that human rights standards and safeguards are essential to international cooperation against cybercrime. It upholds existing standards rather than changing them.
Evidence
The convention explicitly states that safeguards and standards such as human rights and data protection remain relevant for international cooperation against cybercrime.
Major Discussion Point
Human Rights Protections and Safeguards
Agreed with
Catalina Vera Toro
Briony Daley Whitworth
Agreed on
Importance of human rights protections
Uses technology-neutral language
Explanation
The convention uses technology-neutral language to make it as timeless as possible. It focuses more on behavior rather than listing specific technologies.
Evidence
This approach was also used for the Budapest Convention, which has remained useful and practical for 23 years.
Major Discussion Point
Future-Proofing and Updating the Convention
Allows for amendments and supplementary protocols
Explanation
The convention provides opportunities for future amendments and supplementary protocols. This allows for addressing new issues or topics not sufficiently covered by the current convention.
Evidence
Amendments can be made five years after the convention’s entry into force. The Conference of State Parties can discuss and decide on addressing new issues.
Major Discussion Point
Future-Proofing and Updating the Convention
Agreed with
Asoke Mukerji
Agreed on
Flexibility for future updates
Andrew Owusu-Agyemang
Speech speed
166 words per minute
Speech length
1425 words
Speech time
513 seconds
Complements existing regional instruments
Explanation
The UN Cybercrime Convention complements existing regional instruments like the Malabo Convention and Budapest Convention. It fills gaps in procedural powers and international cooperation.
Evidence
The UN Convention introduces new elements like criminalization of non-consensual dissemination of intimate images.
Major Discussion Point
Overview and Impact of the UN Cybercrime Convention
Agreed with
Anastasiya Kazakova
Irene Grohsmann
Catalina Vera Toro
Agreed on
UN Cybercrime Convention as first global legal instrument
Central to implementation of convention
Explanation
Technical assistance and capacity building are crucial for implementing the UN Cybercrime Convention. It enables developing countries to effectively combat cybercrime.
Evidence
Ghana has benefited from technical assistance through the Council of Europe Clarity Plus Program, which provided training in electronic evidence handling and cybercrime prosecution.
Major Discussion Point
Technical Assistance and Capacity Building
Can be implemented through MOUs and exchanges
Explanation
The technical assistance provisions in the UN Cybercrime Convention can be implemented through Memorandums of Understanding (MOUs) and exchange programs. This allows for bilateral or multilateral agreements to develop capacities of law enforcement, judges, and prosecutors.
Evidence
Countries can engage in personnel exchanges, seconding technical experts to aid in building competencies in developing countries.
Major Discussion Point
Technical Assistance and Capacity Building
Catalina Vera Toro
Speech speed
142 words per minute
Speech length
2542 words
Speech time
1068 seconds
Provides platform for universal participation
Explanation
The UN Cybercrime Convention offers a platform for countries not part of other conventions to participate in the global dialogue on cybercrime. It provides an opportunity for all countries to come together, raise standards, and learn from each other.
Evidence
The universal nature of the convention allows countries previously left out to be part of the conversation and cooperation instruments.
Major Discussion Point
Overview and Impact of the UN Cybercrime Convention
Agreed with
Anastasiya Kazakova
Irene Grohsmann
Andrew Owusu-Agyemang
Agreed on
UN Cybercrime Convention as first global legal instrument
Article 27 allows ordering data production within state’s territory
Explanation
Article 27 of the UN Cybercrime Convention allows a state to order individuals within its territory to produce electronic data. This includes data that might be physically stored in another jurisdiction if the person has access to it.
Evidence
The article covers issues of compelling a person to produce electronic data stored within their territory, including national service providers.
Major Discussion Point
Cross-Border Cooperation and Data Access
Emphasizes sovereignty and formal cooperation channels
Explanation
The UN Cybercrime Convention emphasizes the sovereignty and jurisdictional rights of states. It stresses the importance of international cooperation and mutual legal assistance rather than permitting unilateral actions across borders.
Evidence
States are expected to use cooperation mechanisms to request access to data stored in another country rather than accessing it directly without authorization.
Major Discussion Point
Cross-Border Cooperation and Data Access
Provides safeguards against misuse of powers
Explanation
The UN Cybercrime Convention includes safeguards and checks and balances to protect against potential misuse of powers. These safeguards are distributed throughout different chapters of the convention.
Evidence
The convention incorporates human rights protections and safeguards at a high level, which were fought for during negotiations.
Major Discussion Point
Human Rights Protections and Safeguards
Agreed with
Irene Grohsmann
Briony Daley Whitworth
Agreed on
Importance of human rights protections
Incorporates protections for children and against gender-based violence
Explanation
The UN Cybercrime Convention includes important provisions related to gender-based violence and child protection. These are considered significant wins in the convention’s language.
Evidence
The convention makes direct linkages to the Convention on the Rights of the Child and incorporates language on gender-based violence.
Major Discussion Point
Human Rights Protections and Safeguards
Briony Daley Whitworth
Speech speed
156 words per minute
Speech length
2689 words
Speech time
1032 seconds
Must be read in context of entire convention
Explanation
Article 27 of the UN Cybercrime Convention must be read in the context of the entire convention. It is part of the Procedural Measures chapter, not the International Cooperation chapter, and is subject to various conditions and safeguards.
Evidence
The article is limited by the jurisdiction chapter, sovereignty article, scope article, and conditions and safeguards article.
Major Discussion Point
Cross-Border Cooperation and Data Access
Builds on Budapest Convention jurisprudence
Explanation
The UN Cybercrime Convention’s Article 27 is very similar to that of the Budapest Convention. The existing jurisprudence and interpretation of the Budapest Convention provide guidance on how this article could be interpreted in the UN Convention.
Evidence
At least 76 countries have interpreted and used a similar article in the Budapest Convention, providing a corpus of jurisprudence.
Major Discussion Point
Cross-Border Cooperation and Data Access
Sets high bar for human rights protections
Explanation
The UN Cybercrime Convention sets a uniquely high bar for human rights protections in a UN convention, particularly for a criminal convention. It includes an article stating that nothing in the convention can be interpreted to permit the suppression of human rights.
Evidence
The convention lists specific rights at risk of being suppressed or violated, including freedom of expression, conscience, opinion, religion, belief, assembly, and association.
Major Discussion Point
Human Rights Protections and Safeguards
Agreed with
Irene Grohsmann
Catalina Vera Toro
Agreed on
Importance of human rights protections
Includes article on protection of personal data
Explanation
The UN Cybercrime Convention includes a unique article on the protection of personal data, which is unusual for a UN crime convention. This article focuses on personal data protections when transferring information between countries.
Major Discussion Point
Human Rights Protections and Safeguards
Asoke Mukerji
Speech speed
138 words per minute
Speech length
1000 words
Speech time
434 seconds
Challenges remain around technology transfer
Explanation
While the UN Cybercrime Convention addresses technology transfer, there are challenges in implementing this aspect. Recent statements by major technology powers suggest restrictions on technology transfer except on mutually agreed terms.
Evidence
Statements made at the UN General Assembly on October 7th indicated potential restrictions on technology transfer.
Major Discussion Point
Technical Assistance and Capacity Building
Flexibility to update list of crimes
Explanation
The UN Cybercrime Convention allows for flexibility in updating the list of crimes. This approach prevents locking in a fixed list and allows for future updates to address emerging cyber threats.
Evidence
The convention gives primacy to domestic legal frameworks, which can be updated to support the convention.
Major Discussion Point
Future-Proofing and Updating the Convention
Agreed with
Irene Grohsmann
Agreed on
Flexibility for future updates
Agreements
Agreement Points
UN Cybercrime Convention as first global legal instrument
Speakers
Anastasiya Kazakova
Irene Grohsmann
Andrew Owusu-Agyemang
Catalina Vera Toro
Arguments
First globally binding legal instrument on cybercrime
Provides legal basis for global cooperation against cybercrime
Complements existing regional instruments
Provides platform for universal participation
Summary
The speakers agree that the UN Cybercrime Convention is a significant achievement as the first globally binding legal instrument on cybercrime, providing a legal basis for international cooperation and complementing existing regional frameworks.
Importance of human rights protections
Speakers
Irene Grohsmann
Catalina Vera Toro
Briony Daley Whitworth
Arguments
Reaffirms human rights standards in cybercrime cooperation
Provides safeguards against misuse of powers
Sets high bar for human rights protections
Summary
The speakers emphasize the importance of human rights protections in the UN Cybercrime Convention, highlighting the inclusion of safeguards and the high standards set for protecting human rights in cybercrime investigations and cooperation.
Flexibility for future updates
Speakers
Irene Grohsmann
Asoke Mukerji
Arguments
Allows for amendments and supplementary protocols
Flexibility to update list of crimes
Summary
The speakers agree that the UN Cybercrime Convention provides flexibility for future updates, allowing for amendments, supplementary protocols, and updates to the list of crimes to address emerging cyber threats.
Similar Viewpoints
Both speakers emphasize that the UN Cybercrime Convention builds upon existing frameworks and uses a technology-neutral approach to ensure its longevity and effectiveness.
Speakers
Jovan Kurbalija
Irene Grohsmann
Arguments
Builds on existing frameworks like Budapest Convention
Uses technology-neutral language
Both speakers highlight the importance of the UN Cybercrime Convention in providing opportunities for developing countries to participate in global cybercrime efforts and benefit from capacity building and technical assistance.
Speakers
Andrew Owusu-Agyemang
Catalina Vera Toro
Arguments
Central to implementation of convention
Provides platform for universal participation
Unexpected Consensus
Importance of civil society and private sector involvement
Speakers
Irene Grohsmann
Briony Daley Whitworth
Asoke Mukerji
Arguments
Reaffirms human rights standards in cybercrime cooperation
Sets high bar for human rights protections
Challenges remain around technology transfer
Explanation
Despite representing different countries and perspectives, all three speakers emphasized the crucial role of civil society and private sector involvement in the development and implementation of the UN Cybercrime Convention, which was not an initially expected area of consensus.
Overall Assessment
Summary
The speakers generally agree on the significance of the UN Cybercrime Convention as a global legal instrument, its importance in protecting human rights, and its flexibility for future updates. There is also consensus on the need for technical assistance and capacity building, especially for developing countries.
Consensus level
High level of consensus among the speakers, suggesting broad support for the UN Cybercrime Convention across different countries and stakeholders. This consensus implies that the convention has successfully balanced various interests and concerns, potentially facilitating its adoption and implementation on a global scale.
Disagreements
Disagreement Points
Timing of supplementary protocols
Speakers
Irene Grohsmann
Asoke Mukerji
Arguments
For us, as Switzerland, as a small state, this discussion also had to do a lot with resources. In our opinion, it would have been preferable to focus on implementation first, because resources need to be used for the ratification process, implementation process, and at the same time use the same resources to negotiate a supplementary protocol. It’s just going to make it very difficult and challenging to make real effort and real progress in implementation work.
The current list, which is in article 17 and the discussions we’ve just had on additional protocol or additional supplementary protocol meet the perspective that we have of not locking in something, but allowing the convention to have the flexibility to bring in an updated list of crimes while giving primacy to the domestic legal framework, which has to support the convention.
Summary
Switzerland prefers to focus on implementation before discussing supplementary protocols, while India sees value in the flexibility to update the list of crimes through additional protocols.
Overall Assessment
Summary
The main areas of disagreement were minor and focused on the timing and approach to supplementary protocols and the emphasis on different aspects of balancing international cooperation with state sovereignty.
Disagreement level
The level of disagreement among the speakers was relatively low. Most speakers presented complementary views on the UN Cybercrime Convention, highlighting different aspects of its strengths and potential challenges. This low level of disagreement suggests a generally positive reception of the convention among the participating experts, which bodes well for its potential implementation and effectiveness in addressing global cybercrime issues.
Partial Agreements
Partial Agreements
The speakers agree on the importance of balancing international cooperation with state sovereignty and human rights protections in the convention. However, they emphasize different aspects of how this balance is achieved in the convention’s text and structure.
Speakers
Irene Grohsmann
Catalina Vera Toro
Briony Daley Whitworth
Arguments
The UN Cybercrime Convention attempts to navigate those sensitivities by emphasizing the sovereignty and jurisdictional rights of states. It also includes certain provisions that stress the importance of international cooperation and mutual legal assistance, rather than permitting solely unilateral actions across borders.
Article 27 of the UN Cybercrime Convention must be read in the context of the entire convention. It is part of the Procedural Measures chapter, not the International Cooperation chapter, and is subject to various conditions and safeguards.
The convention explicitly states that safeguards and standards such as human rights and data protection remain relevant for international cooperation against cybercrime.
Similar Viewpoints
Both speakers emphasize that the UN Cybercrime Convention builds upon existing frameworks and uses a technology-neutral approach to ensure its longevity and effectiveness.
Speakers
Jovan Kurbalija
Irene Grohsmann
Arguments
Builds on existing frameworks like Budapest Convention
Uses technology-neutral language
Both speakers highlight the importance of the UN Cybercrime Convention in providing opportunities for developing countries to participate in global cybercrime efforts and benefit from capacity building and technical assistance.
Speakers
Andrew Owusu-Agyemang
Catalina Vera Toro
Arguments
Central to implementation of convention
Provides platform for universal participation
Takeaways
Key Takeaways
The UN Cybercrime Convention is the first globally binding legal instrument on cybercrime, providing a legal basis for international cooperation.
The convention builds on existing frameworks like the Budapest Convention while allowing for broader participation.
It includes strong human rights protections and safeguards against misuse of powers.
The convention uses technology-neutral language to remain relevant as technology evolves.
Technical assistance and capacity building provisions are central to implementation, especially for developing countries.
The convention aims to balance effective law enforcement with respect for state sovereignty in cross-border data access.
Resolutions and Action Items
The draft convention will be presented to the UN General Assembly for formal adoption.
States will need to ratify the convention, with 40 ratifications required for it to enter into force.
Countries may need to update their domestic cybercrime legislation to align with the convention.
A Conference of State Parties will be established to discuss implementation and potential updates.
Unresolved Issues
Exact content of potential supplementary protocols to be negotiated in the future
Specific mechanisms for technology transfer to developing countries
How states will choose between different conventions in practice when multiple apply
Details of how public-private partnerships will be structured to support implementation
Suggested Compromises
Using technology-neutral language to balance future-proofing with specificity
Allowing flexibility to update the list of crimes through supplementary protocols
Emphasizing formal cooperation channels while still allowing some cross-border data access
Balancing comprehensive crime coverage with a focused approach to avoid overbroad criminalization
Thought Provoking Comments
For me personally, the main challenge is potential criminalization of the wider population due to specific nature of cybercrime. What I am referring to, committing traditional crime requires more personal, emotional, and other engagement, planning. It’s not just easy to commit traditional crime. Cybercrime lower the level of potential criminals from their bedrooms, studying rooms, just click away. And this is a problem because we have a cybercrime, but we don’t have a cyber jails.
Speaker
Jovan Kurbalija
Reason
This comment highlights a unique challenge of cybercrime legislation – the potential for overcriminalization due to the ease of committing cybercrimes compared to traditional crimes. It raises important questions about proportionality and societal impacts.
Impact
This set the stage for later discussions on human rights protections and safeguards in the convention. It prompted speakers to address how the convention balances effective enforcement with protecting individual rights.
The UN Convention will not change everything and as Johan said, it will not reinvent the wheel. This is because substantial parts of the UN Cybercrime Convention, they are inspired or they are very similar to existing instruments, such as the Budapest Convention at regional level or at UN level, the UNTOC convention, the UCOC.
Speaker
Irene Grohsmann
Reason
This comment provides important context on how the new convention builds on existing frameworks rather than starting from scratch. It helps frame expectations about the convention’s impact.
Impact
This led to further discussion of how the UN Convention will coexist with and complement existing regional instruments, rather than replacing them.
Uniquely high bar, in fact, for a UN convention and particularly for a criminal convention, because we have this article that doesn’t just say that human rights apply, but it says that nothing in the convention can be interpreted to permit the suppression of human rights.
Speaker
Briony Daley Whitworth
Reason
This highlights a key strength of the convention in terms of human rights protections, which addresses earlier concerns raised about potential overreach.
Impact
This comment shifted the tone to emphasize the robust safeguards in the convention, leading to further discussion of specific protections and how they compare to other international instruments.
The approach that was taken when drafting the convention was to use technology-neutral language as much as possible to make the convention as timeless as possible. The convention focuses more on behavior rather than listing specific technology.
Speaker
Irene Grohsmann
Reason
This insight into the drafting approach explains how the convention aims to remain relevant despite rapid technological change.
Impact
This prompted discussion of how the convention can remain flexible and adaptable over time, including the potential for future amendments or protocols.
Overall Assessment
These key comments shaped the discussion by highlighting unique challenges of cybercrime legislation, contextualizing the new convention within existing frameworks, emphasizing its strong human rights protections, and explaining its technology-neutral approach. The discussion evolved from initial concerns about overreach to a more nuanced understanding of how the convention balances effective enforcement with safeguards and adaptability. The speakers provided valuable insights into the negotiation process and design choices that informed the final text.
Follow-up Questions
How will domestic legislations interpret and implement the broad definitions in the UN Cybercrime Convention?
Speaker
Catalina Vera Toro
Explanation
This is important to understand how the convention will be applied in practice and whether there may be conflicts in interpretation between different countries.
What will be the exact content and topics to be discussed in potential supplementary protocol negotiations?
Speaker
Irene Grohsmann
Explanation
This is crucial for understanding how the convention may evolve and be updated in the future to address new challenges or areas not fully covered in the initial text.
How can the convention foster international collaboration in research and development of predictive technologies to stay ahead of evolving cyber threats?
Speaker
Audience member (via chat)
Explanation
This is important for ensuring the convention remains effective against rapidly changing cybercrime tactics and technologies.
What role do public-private partnerships play in enhancing the effectiveness of the Convention?
Speaker
Audience member (via chat)
Explanation
Understanding this is crucial for implementing the convention effectively, given the significant role of private sector actors in cybersecurity.
How will the UN Cybercrime Convention coexist with and complement existing regional instruments like the Budapest Convention?
Speaker
Anastasiya Kazakova
Explanation
This is important for understanding how different legal frameworks will interact and be applied in practice.
How can the convention address the potential risk of criminalizing wider populations due to the lower barrier to committing cybercrimes?
Speaker
Jovan Kurbalija
Explanation
This is crucial for ensuring the convention doesn’t lead to unintended consequences or over-criminalization of minor infractions.
How will the transfer of technology provisions in the convention be implemented, given potential restrictions from major technology powers?
Speaker
Asoke Mukerji
Explanation
This is important for understanding how developing countries will be able to benefit from and implement the convention effectively.
Disclaimer: This is not an official record of the session. The DiploAI system automatically generates these resources from the audiovisual recording. Resources are presented in their original format, as provided by the AI (e.g. including any spelling mistakes). The accuracy of these resources cannot be guaranteed.
Related topics
Related event
UN Cybercrime Convention: What does it mean and how will it impact all of us?
22 Oct 2024 12:00h - 13:15h
Online