UN CYBERCRIME TREATY NEGOTIATIONS

JUNE 2023

UN CYBERCRIME

TREATY NEGOTIATIONS

STILL

POLES

APART

Summer Walker

POLICY BRIEF

No part of this publicaon may be reproduced or transmied

in any form or by any means without permission in wring from

the Global Iniave.

Cover: © Planet Observer/Universal Images Group via Gey Images

Please direct inquiries to:

The Global Iniave Against Transnaonal Organized Crime

Avenue de France 23

Geneva, CH-1202

Switzerland

www.globaliniave.net

ACKNOWLEDGEMENTS

This report was made possible with generous core support from the Government of

Norway. Thank you to Ana Paula Oliveira and Darren Brookbanks for their review of the

research and to Ian Tennant and Mark Shaw for their thoughtful input.

ABOUT THE AUTHOR

Summer Walker is the GI-TOC’s Head of Multilateral Affairs in New York. She leads

projects and provides research and analysis on international policy, with issues ranging

from drug policy to cybercrime. She has worked with the UN and international NGOs,

development agencies and research institutes.

CONTENTS

Summary.......................................................................................................................................................................2

Divided we vote

.......................................................................................................................................................3

Pole posions

............................................................................................................................................................5

Cooperate rst, queson later states ............................................................................................................... 5

The safeguard states ............................................................................................................................................. 7

The h session .....................................................................................................................................................8

Internaonal cooperaon .................................................................................................................................... 8

Technical assistance.............................................................................................................................................10

Prevenve measures ...........................................................................................................................................12

Implementaon mechanism ..............................................................................................................................13

Preamble .................................................................................................................................................................14

Final provisions .....................................................................................................................................................14

The January meeng .........................................................................................................................................15

Conclusion

................................................................................................................................................................17

Notes ..............................................................................................................................................................................18

SUMMARY

he UN Ad Hoc Commiee negoang a treaty on Countering the Use of Informaon and

Communicaons Technologies for Criminal Purposes (henceforth ‘AHC’) has completed its

deliberaons on a negoang text before a zero dra treaty will be provided to states in June

2023. In January the AHC covered proposed chapters on criminalizaon, procedural measures and

law enforcement, and general provisions. The most recent session, in April, reviewed the proposed

chapters on internaonal cooperaon, technical assistance, prevenon, implementaon mechanism,

nal provisions and the preamble. States and mul-stakeholders will now look ahead to debang a

full zero dra at the next meeng in August 2023.

This brief analyzes the state of the negoaon process. It focuses on the h session, which ended

in April 2023, with specic aenon given to the chapters on internaonal cooperaon and technical

assistance, which are seen by many member states as the key aims of the future convenon. It also

provides an overview from the January meeng, where criminalizaon and procedural measures

were addressed, focusing on the areas where the widest divergence was seen. The negoaons have

been extremely detailed, resulng in a lengthy dra, so not all issues are summarized here. This brief

outlines the types of negoang groupings that governments have divided into, demonstrates how

this plays out in negoaons and shows some of the underlying and overt areas of disagreement

that will have to be somehow bridged in the August meeng. That meeng is meant to be the last

in-person negoaon of the zero dra before a nal dra treaty is adopted in early January 2024, so

this is a crical moment to look at where the process is.

DIVIDED WE VOTE

ollowing the April meeng, states are sll no closer to agreeing on the convenon’s key points.

Therefore, in August delegates are likely to make decisions on some of the key issues. This

even includes terminology to be used. For instance, the choice between using ‘cybercrime’

versus ‘use of informaon and communicaons technologies for criminal purposes’ has not been

made yet.

Other topics include the scope of crimes to be criminalized; the scope of internaonal

cooperaon under the treaty; and whether safeguards around human rights and data protecon will

be incorporated, and to what extent. The August meeng could be the moment when decisions are

taken to a vote if consensus sll cannot be reached at that stage.

As has been seen since the early meengs,

states are broadly grouped into two opposing poles or

camps on the issues of scope of cooperaon, and legal and human rights safeguards. And during the

April session this paern connued, with the two groups on either end of the spectrum espousing

two very dierent visions for this future treaty. The rst group, which includes several key regional

blocs (the African Group, CARICOM (the Caribbean Community) and the Arab Group), wants a broad

range of acvity with limited-to-no guardrails restricng this. This camp argues that specic language

on safeguards, privacy rights and human rights will constrain the treaty’s eciency. The second group,

primarily Western European and Others Group states, and Budapest Convenon

member states –

such as Japan, the Philippines, Chile, Czechia, Slovenia and Slovakia – have called for a limited scope

of acvies to be criminalized and for adequate safeguards on the treaty’s applicaon. These states

claim safeguards will strengthen the prospects for cooperaon, although early on in negoaons

they also took a liberal stance on allowing the cooperaon provisions to be applied to a wider scope

of crimes than those criminalized under the treaty. Then there are states that do not fall into either

pole but who align with elements of each, seeking wide cooperaon but simultaneously supporng

safeguards for human rights, for example. These perspecves are demonstrated in country posions

in the text of the treaty and form the basis of many major disagreements in the negoaons.

Thus far, the AHC meengs have, aside from tough exchanges on the Ukraine war, maintained a con-

strucve approach, despite disagreements on substance. But how will states tackle these dierences

once the zero dra has been completed and they need to make decisions? This is how it may pan out.

Under the rules of the AHC, states are able to take decisions by vote, though they seek to negoate

by consensus and, technically, vong should not happen unl eorts to reach consensus have been

exhausted.

Decisions by vote must achieve two-thirds majority, so a simple majority negoang

strategy will not work. States with divergent posions will have to make a strong eort to make their

case or bring down their expectaons to arrive at two-thirds.

One chapter of the dra treaty that could provide incenves for compromise is technical assistance

and the funding needed to achieve it. Both of the two main groups have powerful, technologically

advanced states that can oer both funding and knowledge for technical assistance, such as China

on one side and the United States on the other. How this might play out is unclear but the secon

below on technical assistance shows that a number of states feel this is their key priority, so leverage

in this chapter could become important.

Eorts to bridge divisions between the opposing poles will be needed. States seeking a permissive

treaty have already staked posions as far to their side as possible, and received some compromise

from the other group, such as on scope of crimes for which electronic evidence can be collected.

This may give them leverage once the dra is completed, as nding middle ground could lean in their

favour. For the other group, dispelling the false dichotomy between a narrow focus with safeguards

and eciency in implementaon should be a key priority through outreach and in negoaons.

In the end, vong may be the tool that tempers posions that are camped on opposite ends of the

spectrum. Yet there is sll a risk that, out of this, two compeng treaes may emerge for internaonal

cybercrime cooperaon: a wide-ranging, permissive treaty administered by the UN for one group of

countries, and the Budapest Convenon used as the mechanism for the others.

View of the 11th meeng of the rst session of the Ad Hoc Commiee to Elaborate a Comprehensive

Internaonal Convenon on Countering the Use of Informaon and Communicaons Technologies for

Criminal Purposes.

POLE POSITIONS

Cooperate rst, queson later states

Broadly, this group is seeking to extract as much as possible in terms of enhanced cooperaon,

procedural capabilies and technical assistance. At the same me many of these countries have been

opposed to the inclusion of human rights and legal safeguards, including those related to due process,

data protecon and references to human rights obligaons (such as the right to privacy). Many argue

that these would limit the opportunies for cooperaon and the eciency – or expediency – of the

convenon. In general, this group includes Russia, China, Iran, Singapore, India, the African Group,

CARICOM and the Arab Group.

For some of these states, this debate is framed by opposing views among the world’s governments

on an open internet and digital rights, and the inherent challenges in trying to accommodate those

fundamental dierences within this treaty. Some governments plainly do not agree with the concept

of an open internet that is not under state supervision or control, and this posion is most clearly set

out in the statements and negoang posions of Russia, China and Iran.

Other states in this broad group are not taking a stance on open internet principles but are seeking

expediency. They are not opposed to some principles of digital rights and open access, but at this stage

in the treaty negoaons are pung these aside in search of expansive powers and the improved

operaonal capability that can be achieved through this convenon. They seek the widest opons

available to increase their cross-border cooperaon and to improve domesc tech capabilies that

are lacking. For many, technical assistance is the most important secon of the dra, as is the part

dealing with enhanced invesgave capabilies. On technical assistance, the African Group has been

outspoken about removing wording they think would bind them to condions on accessing assistance,

including language around transparency and accountability. CARICOM has echoed this posion, and

it is also reected in Brazil’s posions.

Some countries negoang against safeguard provisions have used the UNTOC and UNCAC as

juscaon, saying they are not opposed to human rights and data protecon, but that these two

predecessor convenons hardly refer to human rights. Egypt and Iran have been parcularly strong

proponents of this posion. For instance, Tanzania drew aenon to this regarding a minimum pen-

alty threshold for extradion. This tacc is oen used when language derives from the Budapest

Convenon rather than UNTOC and UNCAC. Although the two UN treaes have informed some of

the language used in this dra, they were draed over 20 years ago, in more trusng and opmisc

mes for mullateralism, and those are not cybercrime-focused treaes. As can be seen below,

relying on language used in these older convenons can raise specic concerns in this new context.

A cybercrime treaty is a parcularly delicate internaonal instrument in terms of rights and respon-

sibilies, and therefore has to be formulated from a unique perspecve, rather than by replicang

earlier convenons.

SCOPE OF TREATY

NARROW WIDE

WEAK STRONG

Wide scope,

limited safeguards

■

Russia

■

China

■

Belarus

■

Burundi

■

Mali

■

Nicaragua

■

Tajikistan

Wide scope,

limited safeguards

■

CARICOM

■

African Group

■

Arab Group

■

India

■

Singapore

■

Thailand

Wide scope

and safeguards

■

Cameroon

■

South Africa

■

Malaysia

■

Brazil

Wide scope

and safeguards

■

A r g e n  n a

■

Mexico

■

Peru

■

Colombia

■

Uruguay

■

Dominican Republic

■

Guatemala

Limited scope,

strong safeguards

(open to wider scope

of crimes for some

coopera on)

■

Western and Other

Group (WEOG)

■

EU member states

from Eastern

European Group

(EEG)

■

Japan

■

Chile

Limited scope,

strong safeguards

(limit scope to crimes

in conven on)

■

Canada

■

Costa Rica

■

The Philippines

■

New Zealand

SAFEGUARDS

FIGURE 1 On a spectrum: States’ posions in the dra treaty.

The safeguard states

At the other end of the spectrum is a group of states that have been vocal about the need to limit the

powers that will be conferred in this convenon through safeguards that are in line with states’ human

rights obligaons, including digital rights, data privacy and procedural rights, and which are designed

to protect people from polical persecuon. They have varying perspecves on data protecon

clauses and scope of cooperaon, such as the range of applicable crimes for collecng e-evidence,

but all call for strong safeguards to be included. This group includes the EU countries, Chile, UK, US,

Switzerland, Canada, South Korea, Japan, Australia, New Zealand, Norway, the Philippines, Ecuador,

Uruguay and Georgia, among others. There are others who are negoang for a wider scope, but are

not opposed to including safeguards, such as Colombia, Uruguay and Peru.

This group also reects regional and country-level perspecves on issues such as an open internet

and digital rights. For instance, the EU is known to have the strongest set of data privacy regulaons

(embodied in its General Data Protecon Regulaon), and has emphasized how a convenon must

not override their standards if they are to accede. In general, on the issue of rights and safeguards,

this group has encompassed countries that are largely already able to cooperate with one another

under exisng mechanisms, such as the Budapest Convenon, as members and observer countries.

However, some dierences within this other wise broadly homogeneous group are evident. On scope,

the group in favour of safeguards had given ground on the extent of cooperaon at the fourth session

in January, by agreeing that broader cooperaon on some measures could be granted through the

treaty alongside a narrow scope of criminalized acvies. However, at the h session in April a small

group of countries emerged as vocal supporters to limit cooperaon, arguing that it is an issue of

over-stretching capacity for day-to-day cooperaon if a treaty were agreed upon (see ‘internaonal

cooperaon’ below).

There are also disagreements on data protecon in the treaty. In parcular, the US and the EU are not

aligned on data protecon details. The EU’s proposals are based on its own high levels of protecon

provided for in EU regulaons, while the US has never adopted this level of privacy safeguards. The

US sees the EU’s data protecon proposals as unworkable under the American criminal jusce system,

parcularly on retaining data on criminal proceedings for the purposes of future appeal hearings. At the

same me, others, such as Australia and the UK, voiced more nuanced concern over the EU proposals,

stang that this should not be a data protecon treaty, as this would be dicult to agree upon.

THE FIFTH SESSION

Internaonal cooperaon

Regarding the internaonal cooperaon chapter, ongoing debates are both technical and overarching.

Technical language choices, which will have major implicaons for scope, connue, as do debates over

how expansive (and invasive) cooperaon should be.

In terms of language, states connued to debate whether cooperaon should encompass ‘informaon

and communicaons technology’ and ‘informaon’ rather than ‘computer systems’ and ‘computer

data’. The former is favoured by those seeking an expansive treaty, whereas the language of the laer

seeks to limit the scope of cooperaon. Using ‘informaon’ rather than ‘computer data’ is a tacc to

cast a much wider net on what can be criminalized under this treaty, advancing an agenda that certain

informaon itself can be illegal.

A disagreement on safeguards connued to present itself. Some states advocated for the removal of

references in this chapter to Arcle 42, the chapeau arcle on safeguards as it currently stands in this

treaty. These included Malaysia, CARICOM, the African Group and the US. Some argued that Arcle

42 applies across chapters, so does not need to be referred to. The issue is that this is not actually

clear in the dra, since this arcle sits in a parcular chapter – Chapter III: Procedural measures and

law enforcement – with dra language that only applies to the measures in that chapter.

On the scope of sharing electronic evidence, a small group of countries within the ‘safeguards States’

group emerged as vocal supporters of liming cooperaon, including cooperaon on collecon of

electronic evidence to crimes listed in this convenon (narrow scope). These included Canada, Costa

Rica, Guatemala, New Zealand, the Philippines and Peru. Some argued that from a praccal standpoint

a wide scope will inhibit cooperaon, possibly making the treaty unworkable. Canada and Italy, for

instance, raised the concerns over capacity challenges in implementaon for a treaty that covers

‘all crimes’ or ‘all serious crimes’. Canada said the bulk of requests they receive are for data for an

undened range of crimes, and they spend resources dealing with these requests, including explaining

to partner countries how to meet their threshold for data sharing. Canada argued that if the treaty has

a wide scope, it would be dicult to implement in reality and could impede concluding the convenon.

Italy likewise noted cooperaon for all crimes commied using ICT would cause budgetary constraints.

A number of other countries connued to voice support for a wider scope on cooperaon for collecng

e-evidence, such as crimes in the convenon and serious crimes, including the EU, US, China, Mexico,

Nigeria, Norway and Switzerland. The African Group did not take a rm posion on the scope of

crimes for collecon of e-evidence, yet called for the widest measure of mutual legal assistance for

collecng e-evidence for invesgaons and prosecuons.

The middle ground among the three choices for scope of crimes seems to be crimes included in the

convenon and serious crimes, which also arose in the context of mutual legal assistance. The issue

here is, how does one dene serious crimes? Mexico suggested using the denion of serious crime

from UNTOC: ‘“Serious crime” shall mean conduct constung an oence punishable by a maximum

deprivaon of liberty of at least four years or a more serious Penalty’. The EU also voiced openness

to wider cooperaon, saying it would have to have a clear threshold, and also seng out punishment

by four years (inspired by UNTOC). The UK voiced the need to think carefully about the implicaons

of this chapter, saying that it is open to the convenon being used for sharing of e-evidence more

widely, but only if robust human rights provisions were in place, which is a dierent approach from

a me-bound requirement.

Using a me-based approach, which has been used in previous treaes, warrants further consideraon,

as it would sll allow for a very wide scope of cooperaon. This is also a relevant queson for extra-

dion arcles. The Bangkok Post reports that 69 countries prohibit homosexuality and in 11 countries

it is punishable by death.

A convenon with this denion could allow for data sharing to be used to

persecute, imprison and put to death people for their sexual preference by using their online data if

punishment in that country for such an ‘oence’ is at least four years. Clearly, this risk also includes

polical and social persecuon carried out through other laws, such as counter-terrorism measures,

Indian police recover SIM cards and other items in a crackdown on a call centre syndicate running a scam.

naonal security and even exisng cyber-laws. The death penalty is applied in some countries for

oences such as drug tracking, whereas in others certain drugs have legal markets. Allowing this

convenon to establish a norm through the UN by which cyber-cooperaon allows for cultural, social

and polical persecuon is therefore a real risk.

A clause on protecon of data (Arcle 57), which is very specic to this type of criminal jusce

treaty, was debated. Singapore and the CARICOM group asked to remove it. The EU set a high

bar, saying that the arcles will need to respect the EU Charter of Fundamental Rights and data

protecon regulaons as a condion of it acceding to the treaty, suggesng using language in the

recent Second Addional Protocol to the Cybercrime Convenon on enhanced co-operaon and

disclosure of electronic evidence (CETS No. 224). Argenna voiced concern over its ability to comply

with some of the requirements, while Ecuador supported strengthening the principles of Arcle 57.

Technical assistance

All states support the inclusion of technical assistance in the treaty and recognize that there are large

dierences in terms of the capacity of countries to combat cybercrimes. For some states, this is the

key chapter and they want it listed as one of the objecves of the treaty, as stated by the African

Group in the plenary. This group seeking technical assistance through the treaty includes a wide

range of Global South countries that do not align across issues. They call for tailor-made (in the case

of the African Group) or beneciary-driven technical assistance. Many agree on increasing types of

technical assistance, but do not align on other issues, such as human rights and gender mainstreaming

training, removing language on transparency, or the inclusion of civil society and relevant stakeholders

in the process. Another main objecve was to request removal of language they thought could hinder

access to assistance, which was led by the African Group and CARICOM primarily.

Costa Rica’s government has faced crippling cyber aacks. Here an accountant is compelled to sort inventory

manually to complete a tax declaraon. © Ezequiel Becerra/AFP via Gey Images

There was limited support for adding a reference to technology transfer in technical assistance. For

instance, Pakistan suggested adding that technical assistance may include transfer of equipment,

surveillance and other material support, with special focus on developing countries in Arcle 86.

Other supporters of including technology transfer in the chapter included Iran, Ecuador, Dominican

Republic, Venezuela and China (a likely provider of support). Others, such as Thailand, Uruguay and

Costa Rica, supported adding a reference to providing ‘nancial support’ in addion to material

support.

For many states who would most likely be funders or providers of technical assistance found the

general principles for the chapter too vague, and requested clearer, more focused language. These

governments also want it made clear that the treaty should reect the voluntary nature of assistance

and does not place any mandatory responsibilies on providers of such assistance. The US in parcular

said it would not support a UN-funded mechanism, calling for a more exible approach for donors

and recipients. Australia suggested taking from agreed-upon language for capacity building principles

developed by the UN Open-ended Working Group on security of and in the use of informaon and

communicaons technologies, and many states suppor ted this idea. Many in this camp do not support

the request to include technology transfer, including the UK, Canada, Japan, Norway, Sweden and the

US. Here, China is a major excepon and expressed support for transfer of technology where possible.

Transparency and accountability

There were clear dividing lines over the inclusion of references to transparency and accountability.

These are currently spelled out in the guiding principles (Arcle 86), which call for an approach

that ‘ensures sustainability, transparency and accountability’, and in Arcle 89, which calls for state

pares to provide and receive assistance while giving due consideraon to the ‘principles of shared

responsibility, ownership, sustainability, transparency and accountability’, and ensuring that assis-

tance is ‘subject to appropriate and transparent monitoring and evaluaon processes to assess their

eecveness (89.10)’.

The countries in support of these arcles should have the upper hand in negoaons because they

are already in the text, meaning there will have to be compelling arguments to remove them. Many

potenal donor countries from the WEOG and Budapest groups voiced support for retaining these

points.

In its statement, the African Group quesoned whether references to transparency and accountability

would create obstacles to assistance in pracce. In country statements, some African states took

dierent posions. For instance, South Africa supported Arcle 89, which includes several references

that are quesoned by other members of the African Group. Cameroon, in its country statement,

echoed support for transparency and accountability. Jamaica, speaking on behalf of CARICOM, noted

the full text of Arcle 89 para 2 is too prescripve, which includes principles of naonal ownership

and sustainability. CARICOM also wanted to remove 89.10, calling for monitoring and evaluang of

technical assistance as a potenal obstacle to receiving it.

1212

Partnerships for technical assistance

Included in this chapter are references to who would help support technical assistance besides states

themselves. Listed are ‘relevant stakeholders (main stakeholders), UNODC, civil society, the private

sector, other internaonal and regional organizaons, and relevant exper ts’. There was general support

for the inclusion of mul-stakeholders, with some recommendaons to adjust the references and

streamline the terminology used. It was requested to remove the term ‘relevant stakeholders’ from

the guiding principles, as it gave the impression that relevant stakeholders could receive technical

assistance, which is for states.

While no countries quesoned the relevance of the UNODC in providing technical assistance, some,

including Japan, Colombia and Sweden, quesoned the need to establish its pre-eminence in this

chapter. For instance, Japan, Colombia and France quesoned paragraph 9, which ‘entrusts’ the

UNODC with coordinang and providing technical assistance, saying the language goes beyond

previous convenons and that a coordinang role is outside the UNODC’s mandate. Some, including

Indonesia and the UK, noted that the UNODC is menoned several mes, and that only one reference

is needed. Others, including Pakistan and Iran, called for the inclusion of INTERPOL, which is not

there currently.

Prevenve measures

In this chapter there was a general call for streamlining content. A number of states also noted that

some references on nancial proceeds of crime and other details are taken from the UNCAC and do

not have a clear role in this text. The UK proposed merging lengthy Arcles 90 to 93 into a general

principles secon on prevenon, which a number of governments supported or voiced an interest in

considering. The Netherlands proposed adding a prevenon measure to work with potenal oenders

to steer them towards lawful pursuits, which many countries voiced support for.

In January 2023, the US Jusce Department announced that the FBI had seized the website of Hive,

China and Russia focused on the need to include obligaons and responsibilies of service providers,

including placing requirements on them. They suggested including new language on adopng legislaon

that would require reporng to authories, and that service providers adopt technology measures to

monitor and record network operaon status and retain related informaon for no less than six months.

Russia doubled down on China’s proposal, supporng it and saying that standards for the private sector

are needed along with penalizaon if standards are not followed.

The proposal was largely ignored by

most other delegates. Only a couple supported this addion, such as Eritrea, while Australia and New

Zealand opposed it and Singapore said applying obligaons on the private sector would be untenable.

Implementaon mechanism

There is some irony in the fact that states have formed the most consensus around how a treaty that

lacks consensus should be implemented. This was largely due to a working group led by the Swiss

ambassador in Vienna and the Nigerian vice chair of the AHC to try to forge agreement across the

three opons laid out in the negoang document.

The resulng outline consists of applying the UNTOC and UNCAC-style Conference of Pares to this

treaty with the UNODC as the secretariat. This was preferred to the two other opons presented –

placing the Conferences under the UN Commission on Crime Prevenon and Criminal Jusce (CCPCJ)

(as proposed by the US) and a second, which included a permanent internaonal technical commission

parally led by the Internaonal Telecommunicaons Union (as proposed by Russia). In presenng the

new opon, the co-facilitators claried that they did not nd broad suppor t for opons two and three,

but idened pieces of each proposal that some states were interested in bringing into the new opon.

Those supporve of opon one (the Conference of Pares approach) felt it would allow for inclusivity

of member states that rafy the treaty and that it is a tested model that works. It was also noted that

improvements could be made, including a number of states for whom inclusivity for mul-stakeholders

is key, and prefer the working methods of the AHC itself for this. The new proposed mechanism

maintains the opon for subsidiary bodies such as working groups without baking in a permanent

commission.

While it contains references to cooperaon with relevant stakeholders, it does not lay down any

rules for operaon, leaving that to a future Conference of Pares to decide on. Nor does it explicitly

reference a review mechanism but includes the types of informaon that should be shared, including

lessons learned and eorts made to implement the convenon. With regard to the more dicult

elements on civil society access, funding and detailed modalies, states seem in favour of negoang

this later, opening up risks to the delays and restricted civil society access of the kind seen in the

UNTOC and UNCAC models.

Preamble

As CARICOM pointed out, the preamble can be used as a tool to interpret the convenon, so its

nal contents are paramount. At the same me, a number of governments, including South Africa,

Canada and Australia, expressed that it was too early in the process to hammer out the details of the

preamble unl it is known what the chapters of the convenon will nally hold. For instance, there

are mulple ways crimes are referenced in the preamble, which will be resolved – hopefully – once

states choose the terminology for the rest of the convenon. There were also calls from China, the

US and the UK, and others to streamline this secon more generally. Similar paerns played out, with

calls to remove references to human rights and data protecon from one side of the spectrum and

calls for their inclusion from the other.

Final provisions

On nal provisions, there was disagreement on how many pares would be needed before the treaty

could enter into force. Primarily Budapest Convenon member countries requested a higher number of

signatories (70) before ‘entry into force’ of the treaty than Russia, China, Pakistan, Iran, India, Tanzania,

Chad and Peru, who all proposed 30 signatories. While some states noted that past convenons such

as the UNCAC went into force aer 30 racaons, the exisng regional convenon, the Budapest

Convenon, has 68 pares and 20 observer countries.

Singapore, which is neither a member nor

observer to this convenon, also agreed the UN convenon should have higher racaon than

Budapest, while some Budapest members and observers suggested a lower number, such as Japan

and South Africa, so the dierences were not a straight line. Some states aempted to nd a middle

ground. Thailand, for example, voiced support for 40 to 50 states, emphasizing the importance of

rapid applicaon, as Thailand is not party to any exisng agreement. Mexico suggested it should be

adopted with two-thirds majority, which aligns with the rules of the AHC process.

THE JANUARY MEETING

n January 2023, states convened to discuss chapters on criminalizaon, general provisions, and

procedural measures and law enforcement cooperaon. The meeng was similarly characterized

by the two poles: those seeking wide state powers and few safeguards, and those seeking to limit

the types of criminal acvies covered in the treaty and binding them by safeguards. The polarity

was evident in discussions on the breadth of crimes to include in the treaty, scope for cooperaon

on electronic evidence, the range and scope of procedural measures, and eorts to both slim down

and remove language on safeguards and human rights, and, conversely, eorts to strengthen them.

On criminalizaon, there was a general agreement on the inclusion of cyber-dependent crimes, but

dierent perspecves on the inclusion of other types of crimes. Certain secons in the negoang

dra had no basis for consensus and were moved into government informal meengs, where they

are discussed behind closed doors.

This included the enre secon on crimes such as incitement, extremism-related oences, terrorism-

related oences and cyber-enabled crimes, which are found in other treaes, such as arms or drugs

tracking. There was vigorous opposion to including most of these sorts of crimes in the treaty

(primarily brought by the WEOG states), while there was strong support for them from others, such as

Russia and China. The current public working dra

has only added to the text, with other crimes such

as prohibion to incitement to violence, fake news and tracking in persons. There is no indicaon in

the text of deleon requests, yet given the posions of governments, this will no doubt come up again.

Mexico and South Africa have introduced paragraphs that recognize the need to address cyber-enabled

crimes within the relevant exisng instruments (outside this dra treaty), which appears to avoid

duplicaon while sll recognizing the relevance. This approach could avoid a list of duplicave crimes

in this treaty and exisng mechanisms.

Topics that moved to informals also included the thorny issue of terminology, such as dening

computer data, which will eventually need to be decided upon and made consistent throughout the

treaty. Several arcles relang to online sexual exploitaon, which broadened the topics, such as

incitement to suicide, were also moved to private negoaons, as were arcles on identy-related

oences, violaon of personal informaon and infringement of copyright.

President Biden said that a Russian-based group was behind the ransomware aack that forced the shutdown

Several issues under the chapter on procedural measures and law enforcement were also moved to

informals, including jurisdicon, intercepon of content data, real-me collecon of trac data, and

admission of electronic/digital evidence. In these it appears progress has been made on updang

the language, but besides jurisdicon, there are sll two sizeable lists calling for the full deleon or

retenon of the arcles.

CONCLUSION

he August 2023 meeng, intended to be the nal in-person negoaon of the zero dra

before a nal dra treaty is adopted in early January 2024, will be a crical juncture in the

development of this potenal treaty. There are likely to be three main ways the negoaons

might come together. One would be an aempt to usher states into one orbit or the other by oering

incenves, such as in technical assistance. The second would entail eorts to bridge perspecves

between the opposing poles by creang a treaty that it is believed can be both ecient and at the

same me tempered by building in human rights safeguards. In the end, however, it is more likely that

we will see a third scenario emerge: some key decisions will come down to a vote.

Alternavely, if none of these scenarios materialise, states might decide to kick the can down the road.

Without movement on some of these issues, the AHC’s current meline, which requires adopon of a

treaty in early 2024, will be in doubt and the AHC may have to make procedural decisions to migate

that and extend the negoaons.

1 In this brief, we use the term ‘cybercrime’ for the reason

that it is a recognized phrase, is shorter and sll captures

the general framing of the treaty, even though precise

terminology has not yet been seled.

2 Summer Walker and Ian Tennant, Wood for the trees,

GI-TOC, 2 February 2023, hps://globaliniave.net/

analysis/internaonal-convenon-ict-crime-ahc-un/.

3 The Budapest Convenon on Cybercrime is a Council of

Europe Convenon with 68 pares and 20 observers or

signatories.

4 UN General Assembly, Resoluon adopted by the General

Assembly on 26 May 2021, UN Doc. A/RES/75/282, 1 June

2021.

5 States within regional groups oen take the oor with more

specic and nuanced posions. Regional group inputs are

where consensus is found among states in the group.

6 Being gay: Where it can lead to prison or even death,

Bangkok Post, 29 November 2022, hps://www.bangkokpost.

com/life/social-and-lifestyle/2449144/being-gay-where-it-

can-lead-to-prison-or-even-death.

7 Fih session of the Ad Hoc Commiee, 11–21 April 2023,

Vienna.

8 Consolidated negoang document on the preamble, the

provisions on internaonal cooperaon, prevenve measures,

technical assistance and the mechanism of implementaon

and the nal provisions of a comprehensive internaonal

convenon on countering the use of informaon and

communicaons technologies for criminal purposes, UN Doc.

A/AC .291/19.

9 For an understanding of how capacity building could lead

to misuse by states, see Cyber Policy Team, How can the

cybercrime convenon adopt a strategic approach to

cybercrime capacity building and protect against potenal

harms and misuses? Chatham House, April 2023.

10 Fih session of the Ad Hoc Commiee, 11–21 April 2023,

Vienna.

11 Council of Europe, Pares/Observers to the Budapest

Convenon and Observer Organisaons to the T-CY, hps ://

www.coe.int/en/web/cybercrime/pares-observers.

12 Compilaon document for Group B (status: 18 January

2023), working documents, fourth session of the Ad Hoc

Commiee, UNODC, hps://www.unodc.org/unodc/en/

cybercrime/ad_hoc_commiee/ahc_fourth_session/main.

html.

13 Working document for Group D (status: 18 January

2023), working documents, fourth session of the Ad Hoc

Commiee, UNODC, hps://www.unodc.org/unodc/en/

cybercrime/ad_hoc_commiee/ahc_fourth_session/main.

html.

NOTES

ABOUT THE GLOBAL INITIATIVE

The Global Iniave Against Transnaonal Organized Crime is a

global network with over 600 Network Experts around the world.

The Global Iniave provides a plaorm to promote greater debate

and innovave approaches as the building blocks to an inclusive

global strategy against organized crime.