Cisco calls for United Nations to revisit cyber-crime convention
Echoes human rights groups' concerns that it could suppress free speech and more
Networking giant Cisco has suggested the United Nations' first-ever convention against cyber-crime is dangerously flawed and should be revised before being put to a formal vote.
The document that Cisco dislikes is the United Nations convention against cyber-crime [PDF]. The convention took five years to create and was drafted by a body called the Ad Hoc Committee to Elaborate a Comprehensive International Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes.*
The purpose of the convention is to "enhance international cooperation, law enforcement efforts, technical assistance, and capacity-building relating to cyber crime," in recognition that digital technology has become a big enabler of transnational mischief.
As The Register reported after the committee agreed on a draft text, Russia was a big driver of the document, and human rights groups don't like it.
Human Rights Watch, for example, criticized the convention as overly broad, while the Electronic Frontier Foundation has labelled the convention "too flawed to adopt."
Those two orgs, and others, worry that the convention doesn't offer a narrow definition of cyber-crime, and could give signatory nations legal cover to target citizens who share views they dislike. They also worry about secrecy provisions in the document that would allow nations to demand info from service providers, without the individuals targeted by such requests being informed or having recourse.
British human rights org Article 19 has also warned the convention's broad language could stymie legitimate infosec research, by creating a legal environment in which cyber-boffins don't feel safe to ply their trade for fear of being labelled crims.
In a Wednesday post, Cisco's senior director for technology policy Eric Wenger backed some of those arguments.
"Rather than specifically focusing on hacking and cyber crimes, it broadly aims at the misuse of computer networks to disseminate objectionable information," he wrote. "This represents a misalignment with the values of free speech in liberal democracies, which should be addressed via an amendment before the Convention is taken up by member states for adoption."
Note that reference to "liberal democracies." Remember that Russia was a prime mover of this convention, and that in 2022 Cisco quit Moscow.
- Tech luminaries warn United Nations its Digital Compact risks doing more harm than good
- UN unanimously adopts ambitious AI resolution, sans teeth
- Hong Kong promises its latest national security law is not a ban on social media
- ICANN reserves .internal for private use at the DNS level
Wenger wrote that Cisco isn't opposed to a UN cyber-crime convention, and argued that "we need to ensure law enforcement agencies have the necessary capabilities to prevent, investigate, and prosecute transnational cyber crimes."
But he argued Cisco's position is that such instruments "must also uphold and protect the importance of basic human rights and the rule of law.
"Unfortunately, the UN Convention, as it stands, does not sufficiently protect basic human rights and poses risks to the rule of law."
Wenger wants the convention amended. But in early August the UN enthused about its likely passage as-is later this year, and the Biden administration reportedly thinks the document strikes an appropriate balance between human rights and the need for international collaboration to crimp cyber-crime. ®
Bootnote
* No, we're not going to use the acronym "AHCTEACICOCTUOIACTFCP." Referring to it as "the Committee" will be easier for all concerned.