The Biden administration must fix several provisions threatening human rights and cybersecurity in the United Nations cybercrime convention that is heading to the General Assembly for a vote, six Democratic senators said in a letter sent to administration officials Tuesday.
The letter to Secretary of State Antony Blinken, Secretary of Commerce Gina Raimondo, Attorney General Merrick Garland and national security adviser Jake Sullivan expressed alarm over the finalized agreement’s treatment of privacy rights, freedom of expression, cybersecurity and artificial intelligence safety.
The United States “must not align itself with repressive regimes by supporting a Convention that undermines human rights and U.S. interests” under the guise of improving cybersecurity, the letter said. Instead, the senators argued, the administration should work with allies for a more “rights-respecting approach.”
It will be difficult, however, for the treaty to be easily revised now that it has passed out of the U.N.’s Ad Hoc Committee on Cybercrime with the signature of the U.S.’s lead negotiator, Amb. Deborah McCarthy.
The letter — signed by Tim Kaine (D-VA), Jeff Merkley (D-OR), Ed Markey (D-MA), Chris Van Hollen (D-MD), Ron Wyden (D-OR) and Cory Booker (D-NJ) — is a notable public condemnation by U.S. senators of a treaty championed by the State Department.
The convention requires a two-thirds vote of support in the Senate or the U.S. won’t be able to participate.
Formally known as the United Nations Convention Against Cybercrime, the treaty will be voted on by the U.N.’s General Assembly (UNGA) as soon as December. The senators’ letter noted that it was originally proposed by Russia in 2017, which they suggest is telling.
“We fear the Convention will legitimize efforts by authoritarian countries like Russia and China to censor and surveil internet users, furthering repression and human rights abuses around the world,” the senators wrote.
The senators acknowledged that while the administration tried to improve the treaty, they made clear that it hasn’t done enough.
The criticism is not new — human rights activists and technology industry leaders have been decrying the treaty for months. Advocates have warned that as written the treaty can be used by authoritarian governments to crush political dissent and silence independent reporting documenting repression.
Under the treaty, countries will have to put laws in place that allow local law enforcement to force individuals and companies to give them access to computer systems and stored electronic data.
The treaty enables surveillance and trashes individual’s right to privacy, according to the letter, which noted that the U.N.’s own human rights commission has warned the treaty could promote “surveillance without judicial authorization and directly threaten the global availability of encrypted communications and encrypted services.”
The senators acknowledged that the treaty includes “certain limited safeguards,” but says they are inadequate because they significantly defer to domestic laws.
Using Iran as an example, the senators said that the lack of an explicit requirement to uphold democratic principles could give the regime “international legal cover” to mass surveil women and girls.
The agreement forces countries to collect and share private internet user data with other nations, including many authoritarian regimes.
There is “nothing to prevent the sharing of data collected under abusive methods, legitimizing dangerous collaboration between authoritarian regimes,” the letter said.
Cybersecurity is also threatened by the treaty because the convention’s provisions mandate that countries make it a crime to access computer systems without permission, but do not create exceptions protecting security researchers and journalists who report on vulnerabilities, the letter said.
“Without this important work, authoritarian regimes and non-state actors could find it easier to exploit vulnerabilities to breach sensitive data sets and spread malware, making internet users in the United States and around the world decidedly less safe,” the letter said.
Recorded Future
Intelligence Cloud.
No previous article
No new articles
Suzanne Smalley
is a reporter covering privacy, disinformation and cybersecurity policy for The Record. She was previously a cybersecurity reporter at CyberScoop and Reuters. Earlier in her career Suzanne covered the Boston Police Department for the Boston Globe and two presidential campaign cycles for Newsweek. She lives in Washington with her husband and three children.