Russia tells UN it wants vast expansion of cybercrime offenses, plus network backdoors, online censorship

And said entirely with a straight face, too


Russia has put forward a draft convention to the United Nations ostensibly to fight cyber-crime.

The proposal, titled "United Nations Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes," [PDF] calls for member states to develop domestic laws to punish a far broader set of offenses than current international rules recognize.

Russia, the ransomware hotbed whose cyber-spies were blamed for attacking US and allied networks, did not join the 2001 Budapest Convention on Cybercrime because it allowed cross-border operations, which it considers a threat to national sovereignty.

Russian media outlet Tass also said the 2001 rules are flawed because they only criminalize nine types of cyber offenses. The new draft convention from Russia, submitted last week, defines 23 cybercrimes for discussion.

Russia's proposed rule expansion, for example, calls for domestic laws to criminalize changing digital information without permission – "the intentional unauthorized interference with digital information by damaging, deleting, altering, blocking, modifying it, or copying of digital information."

The draft also directs members states to formulate domestic laws to disallow unsanctioned malware research – "the intentional creation, including adaptation, use and distribution of malicious software intended for the unauthorized destruction, blocking, modification, copying, dissemination of digital information, or neutralization of its security features, except for lawful research."

It would forbid "the creation and use of digital data to mislead the user," such as deep fakes – "the intentional unlawful creation and use of digital data capable of being mistaken for data already known and trusted by a user that causes substantial harm."

The proposal also contemplates a broader basis for extradition by stating that, where allowed by domestic law, the listed cybercrimes should not be considered "political offenses" (mostly exempt from extradition under current international conventions).

The United States looks forward to an open, transparent, and inclusive process for considering this new global treaty

The Biden administration has called for improved cybersecurity and, following the recent US-Russia Summit, may be inclined to engage with Russia at the UN to modify the language of the proposal so that it's compatible with US norms and policy goals.

“UN member states are beginning negotiations towards a new global treaty to combat cybercrime, which should take into account and preserve existing international agreements,” a US State Department spokesperson told The Register in an email.

“That process is still in a nascent stage and states only recently established the procedures and rules for treaty negotiations. The first negotiating session on the substance of a new treaty will take place in early 2022.”

“The United States looks forward to an open, transparent, and inclusive process for considering this new global treaty. This submission from the Russian Federation is one of many anticipated contributions by member states to this process.”

Via Twitter, Dr Lukasz Olejnik, independent cybersecurity researcher and consultant, noted that the draft convention disallows online communication calling for "subversive or armed activities directed towards the violent overthrow of the regime of another State," and requires service providers to provide "technical assistance," which generally means providing a backdoor for authorities.

"It's another attempt in the longer history of such projects attempted for submission by Russia," said Olejnik, a former cyberwarfare advisor at the International Committee of the Red Cross in Geneva.

Russia, he said, has been consistently submitting proposals of this sort for a while, pointing to a similar draft from 2011.

"This new proposal is particularly large, basically a complete proposal for a cybercrime or cybersecurity treaty," said Olejnik. "While it is clear that cybersecurity is among the top agenda items in domestic and international policy (think the recent Biden-Putin meeting in Geneva as a good example), the proposal has a number of contentious items that would be rather hard to swallow for many Western countries and societies, in particular clauses such as those that would potentially curb freedom of speech, expression or press."

Olejnik said the draft rules call for technical backdoors in network systems, network wiretapping capabilities, and potential technical censorship.

Where Western countries are concerned with "cybersecurity," he said, Eastern countries tend to focus on "information security," which often encompasses the press and social media.

"I don't think that the project stands a particularly significant chance, at least as of today, but with the political process of the UN, who knows what happens in a few months," said Olejnik. ®

Broader topics


Other stories you might like

  • Running Windows 10? Microsoft is preparing to fire up the update engines

    Winter Windows Is Coming

    It's coming. Microsoft is preparing to start shoveling the latest version of Windows 10 down the throats of refuseniks still clinging to older incarnations.

    The Windows Update team gave the heads-up through its Twitter orifice last week. Windows 10 2004 was already on its last gasp, have had support terminated in December. 20H2, on the other hand, should be good to go until May this year.

    Continue reading
  • Throw away your Ethernet cables* because MediaTek says Wi-Fi 7 will replace them

    *Don't do this

    MediaTek claims to have given the world's first live demo of Wi-Fi 7, and said that the upcoming wireless technology will be able to challenge wired Ethernet for high-bandwidth applications, once available.

    The fabless Taiwanese chip firm said it is currently showcasing two Wi-Fi 7 demos to key customers and industry collaborators, in order to demonstrate the technology's super-fast speeds and low latency transmission.

    Based on the IEEE 802.11be standard, the draft version of which was published last year, Wi-Fi 7 is expected to provide speeds several times faster than Wi-Fi 6 kit, offering connections of at least 30Gbps and possibly up to 40Gbps.

    Continue reading
  • Windows box won't boot? SystemRescue 9 may help

    An ISO image you can burn or drop onto a USB key

    The latest version of an old friend of the jobbing support bod has delivered a new kernel to help with fixing Microsoft's finest.

    It used to be called the System Rescue CD, but who uses CDs any more? Enter SystemRescue, an ISO image that you can burn, or just drop onto your Ventoy USB key, and which may help you to fix a borked Windows box. Or a borked Linux box, come to that.

    SystemRescue 9 includes Linux kernel 5.15 and a minimal Xfce 4.16 desktop (which isn't loaded by default). There is a modest selection of GUI tools: Firefox, VNC and RDP clients and servers, and various connectivity tools – SSH, FTP, IRC. There's also some security-related stuff such as Yubikey setup, KeePass, token management, and so on. The main course is a bunch of the usual Linux tools for partitioning, formatting, copying, and imaging disks. You can check SMART status, mount LVM volumes, rsync files, and other handy stuff.

    Continue reading

Biting the hand that feeds IT © 1998–2022