Dissecting the UN Cybercrime Convention’s Threat to Coders’ Rights at DEFCON

This is Part V in EFF’s ongoing series about the proposed UN Cybercrime Convention. Read Part I for a quick snapshot of the ins and outs of the zero draft; Part II for a deep dive on Chapter IV dealing with domestic surveillance powers; and Part III for a deep dive on Chapter V regarding international cooperation: the historical context, the zero draft's approach, scope of cooperation, and protection of personal data.

The proposed UN Cybercrime Convention could shatter security, and harm political and social activists, journalists, security researchers, whistleblowers, and millions more around the world for decades to come, we told a packed house at DEFCON in Las Vegas on Thursday - but it’s not too late to stop this bad treaty from being adopted.

Delegations from Member States as well as observers from civil society will convene August 21 at UN Headquarters in New York City for a two-week negotiation session on the convention’s “zero draft.” The zero draft is the first full text, the result of State-led negotiations that began in February 2022. EFF will be there again this month to lobby Member States and provide expert opinion to ensure the protection of your rights.  If the Member States can’t reach total consensus on the text, it could go to a vote by the Member State governments in which a two-thirds majority would be required for adoption. A concluding session is scheduled for early next year in New York City.

At DEFCON, we highlighted the foremost dangers posed by the zero draft, and the direction in which negotiations seem to be headed. The proposed treaty features five chapters: criminalization, or the categorization of acts deemed a crime under this treaty; domestic and cross-border spying powers, for example, the powers and limits to conduct surveillance both within their borders and across international boundaries; and two additional chapters on technical cooperation and proactive measures.

Our DEFCON talk focused on the computer crimes that could potentially affect security researchers––those programmers and developers engaged in cutting-edge exploration of technology. Security and encryption researchers help build a safer future for all of us using digital technologies, but too many legitimate researchers face serious legal challenges that inhibit their work or prevent it entirely. EFF has long been fighting for coders’ rights––in courtrooms, congress and global policy venues. It’s a cause close to our heart.

The section on criminalization, for example, is extremely worrisome. It references a list of specific crimes, borrowing language from the flawed Budapest Convention. If the final text gets consensus approval, it could obligate 194 member states to incorporate these crimes into their domestic legislation. This will pave the way for nations to harmonize these core cybercrimes across the world and to easily assist others in surveillance on targets related to these crimes. While these core cyber crimes have been debated for years in the U.S., leading