UN: Draft cyber­crime convention

One of the UN Gene­ral Assem­bly appoin­ted in Decem­ber 2000 ad hoc com­mit­tee has appro­ved the draft of a new Con­ven­ti­on against cyber­crime (Draft UN Con­ven­ti­on Against Cyber­crime) was adopted:

The Gene­ral Assem­bly is expec­ted to adopt this draft in 2024. The con­ven­ti­on would 90 days after the 40th rati­fi­ca­ti­on come into force.

The con­ven­ti­on is aimed at the respec­ti­ve legis­la­tors and would be the first “glo­bal­ly legal­ly bin­ding instru­ment” to com­bat cyber­crime. The “Cyber­crime Con­ven­ti­on” (CCCThe Buda­pest Con­ven­ti­on is a Coun­cil of Euro­pe agree­ment that has been rati­fi­ed by 64 states.

The UN Con­ven­ti­on is pri­ma­ri­ly inten­ded to Enab­ling mutu­al legal assi­stance bet­ween count­riesthat have not yet con­clu­ded mutu­al legal assi­stance trea­ties (MLATs). The Elec­tro­nic Fron­tier Foun­da­ti­on the­r­e­fo­re fearsthat repres­si­ve regimes that were pre­vious­ly exclu­ded from MLATs due to their human rights situa­ti­on, for exam­p­le, would also be able to bene­fit from legal assi­stance. One point of con­ten­ti­on at the hea­ring was appar­ent­ly also which cri­mi­nal offen­ses could be grounds for mutu­al legal assi­stance – sta­tes such as Rus­sia, Chi­na, Nige­ria, Egypt, Iran and Paki­stan appar­ent­ly deman­ded an expan­si­on of the cata­log, while the EU and the USA in par­ti­cu­lar had deman­ded a rest­ric­tion to cyber­crime and a few other cri­mi­nal offenses.

Within the scope of the offen­ses cover­ed, the Con­ven­ti­on pro­vi­des that rati­fy­ing sta­tes may, inter alia, com­mit the fol­lo­wing Means of coer­ci­on can be used:

  • ensu­re cer­tain elec­tro­nic data, inclu­ding con­tent and meta­da­ta stored or in transit,
  • order the dis­clo­sure of elec­tro­nic data if the per­son or pro­vi­der con­cer­ned has pos­ses­si­on or con­trol over it,
  • search IT systems and data car­ri­ers loca­ted on their ter­ri­to­ry, and
  • Inter­cept and record traf­fic and con­tent data or force a pro­vi­der to do the same within the scope of its tech­ni­cal capabilities.

Against this back­ground, it is pro­ba­b­ly even more dif­fi­cult to descri­be the access opti­ons under the US Stored Com­mu­ni­ca­ti­on Act as con­tra­ry to public policy.