Harvard ALI Social Impact Review

View Original

We Can’t Do It Without You: Multi-Stakeholders and the Fight Against Cybercrime

The 193 Member States of the United Nations (UN) are poised to finish negotiating a new global cybercrime treaty. For the past two and a half years, diplomats and justice officials have been hammering out an agreement to improve and modernize the investigation and prosecution of cybercriminals around the world. Throughout this process, American and other international multi-stakeholders – comprising the private sector, civil society, non-governmental organizations (NGOs), and academic institutions – have been in the negotiating room and in the hallways of the UN, advocating for the consideration of the treaty’s effects on individual human rights, service providers, and security researchers. As both victims of cybercrime and sources of valuable expertise, these stakeholders bring important viewpoints and have made significant contributions. Going forward, they will play a key role in the treaty’s implementation, and their input will help assess its effectiveness. Governments cannot fight cybercrime without them.

Why?

1.     The Private Sector’s Role is Critical

The private sector, not governments, holds the data, such as subscriber information as well as the content of communications, that foreign governments seek to prosecute cybercriminals for crimes committed in their jurisdictions. The draft treaty outlines a list of agreed-upon crimes and the kinds of evidence requests that can be made. However, authoritarian states such as the Russian Federation and the People’s Republic of China firmly believe that many other “actions” taken via computer systems are “criminal,” such as online speech critical of the government or the use of social media to organize political activity. These governments want a treaty they can use to ask other governments to request data from service providers for possible use in repressive investigations and prosecutions of individuals. Service providers and other data holders, therefore, have a critical stake in the outcome of these negotiations, as they bear the burden of complying with government requests. The private sector also possesses much of the technical knowledge needed to protect computer systems, which will be essential to guide governments’ implementation of the treaty.

2.     Civil Society Serves as Human Rights Watchdogs

Civil society, including human rights NGOs and others, will play a crucial role in monitoring the impact of the treaty’s implementation on human rights. The draft treaty equips law enforcement authorities with new tools to tackle cybercrime more swiftly and effectively. With those tools comes an increased level of responsibility, necessitating safeguards to prevent abuse. For instance, governments should have the right to deny law enforcement requests for evidence in cases of discrimination or political persecution. NGOs and other stakeholders have worked with the United States government and its partners to add strong human rights provisions to the draft treaty, including language recognizing the important work of legitimate cybersecurity researchers. However, in an equally vigorous manner, authoritarian states are lobbying to dilute or eliminate the safeguards, falsely claiming that democratic states are trying to block cooperation on fighting cybercrime. These countries seek to gain all the benefits of cooperation under the draft treaty while using it to advance authoritarian goals and leaving use of powerful tools free from scrutiny. Multi-stakeholders will be important in ensuring accountability and contributing their expertise and experience to the treaty’s application.

3.     Multi-Stakeholders’ Participation in UN Cyber Deliberations is Here to Stay

Multi-stakeholders are now integral to the UN deliberative process. Article 71 of the UN Charter allows the UN Economic and Social Council to consult with NGOs, and there are established procedures for organizations to be accredited to provide advice. For several years, for example, multi-stakeholders have been actively engaged across the UN in addressing cyber and technology issues in the multilateral space. In the case of the UN cybercrime treaty talks, over 200 registered organizations – including companies, law firms, human rights groups, and law schools – participate as observers. Despite these precedents, there is a deliberate campaign by authoritarian countries to reduce, or even eliminate, the role of the multi-stakeholder community in reviewing this treaty. Yet their participation is now more crucial than ever, particularly as these countries are trying to negotiate a protocol to the treaty soon after the General Assembly approves it, to extend the list of covered “cybercrimes” to any perceived “crime” committed online. Through this mechanism, they blatantly seek to assert greater state control over the Internet and stifle freedom of expression online.

The multi-stakeholder community has made significant and positive contributions during the treaty negotiations. As we approach the final session this summer and possible treaty implementation, we rely on stakeholders to keep us informed and accountable. Together, the multi-stakeholder community and responsible governments must continue to be the guardians of a free and open Internet.


About the Author:

Ambassador (Ret.) Deborah McCarthy is the lead U.S. negotiator to the UN Ad Hoc Committee on Cybercrime and a Senior Advisor to the Department of State. She is also a 2020 Harvard Advanced Leadership Initiative Fellow and current Senior Editor for the Harvard ALI Social Impact Review, Democracy, Law and Human Rights domain. Previously, she served for over 30 years in the U.S. Foreign Service. She is a non-resident Fellow at the Atlantic Council and at the Finnish Institute for International Affairs and a member of the National Advisory Board of Keep Our Republic.