Cybercrime is growing and evolving every day. Although something needs to be done, it shouldn’t be at the expense of fundamental human rights. A new United Nations’ (UN) process threatens, however, to do just that. Today, industry and civil society are coming together, under the Multistakeholder Manifesto on Cybercrime, to put forward a set of principles that will help governments to protect our rights and freedoms online during their negotiations.
Every day there are headlines about large scale cyberattacks. Ransomware in particular has emerged as the criminals’ method of choice, threatening to destroy, sell or release sensitive data unless a ransom is paid. The sums that criminals pocket are becoming unimaginable. Worse still is that critical infrastructure, our hospitals and government institutions, our energy networks and transport systems, are being actively targeted because victims believe they have no choice but to pay.
Urgent demands for action are understandable and negotiations on a new United Nations Convention on Cybercrime are scheduled to start in January. However, not all the proposed solutions will be effective and some should not be taken at face value. Should we give up our rights and freedoms online in the name of effective action against cybercrime? Should we end the innovation, creativity and productivity that has come with our open and free internet? Should we create tools to tackle cybercrime that will become instruments of repression for authoritarians? No, we should not. This is why over 50 civil society and industry representatives, assembled under the leadership of the CyberPeace Institute and the Cybersecurity Tech Accord, are publishing the Multistakeholder Manifesto on Cybercrime.
The principles outlined in the Manifesto can guide the drafting of any cybercrime legislation, but their immediate focus is on the impending negotiations of the UN Convention on ‘Countering the Use of Information and Communication Technologies for Criminal Purposes’.
For example, the Manifesto directly tackles the clear threats posed by expanding definitions of cybercrime to include content-based ‘crimes’, e.g. writing something critical of a government or a public official.
The Manifesto also takes on challenges inherent in the negotiation process as set out by the United Nations General Assembly resolution 74/247. It calls on governments to establish processes that will ensure multistakeholder participation, so that industry can help provide technical expertise and civil society can highlight the consequences for individuals and their rights. In short, the Manifesto makes clear that negotiating the Convention on Cybercrime cannot take place behind closed doors. It has to be as transparent and consensus-led as possible and cannot be used to promote the interest of the few.
Moreover, the Manifesto reinforces the notion that for any international law against cybercrime to be effective, it needs to focus on the victims and provide them with effective tools of redress. Also, it stresses that a new treaty mustn’t be used to undermine existing international legal obligations. Instead, it should focus on building accountability associated with those obligations and on enforcing international cooperation. Last but not least, it must also preserve the open internet by not providing any justification or pretext for non-democratic regimes to further endanger it by closing off their digital borders. We at the CyberPeace Institute and the Cybersecurity Tech Accord look forward to working with partners during the negotiation process. We will endeavor to uphold the values that we have all fought for since the inception of the internet. And, together, we will ensure an inclusive, multistakeholder approach that addresses and defends the interests of individuals and civil society around the world.
Klara Jordan – Chief Public Policy Officer, CyberPeace Institute
Annalaura Gallo – Head of Secretariat, Cybersecurity Tech Accord
© Copyright: The concepts and information contained in this document are the property of the CyberPeace Institute, an independent non-governmental organization headquartered in Geneva, unless indicated otherwise from time to time throughout the document. This document may be reproduced, in whole or in part, provided that the CyberPeace Institute is referenced as author and copyright holder.