TAG: GS 2: INTERNATIONAL RELATIONS
THE CONTEXT: The draft of the United Nations Cybercrime Convention which has been under negotiation for the past three years, was unanimously approved by UN members at the end of a two-week session in New York, US, on August 9.
EXPLANATION:
- It is the first-ever, 41 page-long draft UN cybercrime treaty which proposes a legislative framework to boost international cooperation among law enforcement agencies.
- It offers technical assistance to countries that lack adequate infrastructure for combating cybercrime.
- It also contains provisions addressing illegal interception, money laundering, hacking, and online child sexual abuse material.
- Now, the draft cybercrime treaty is headed to the United Nations General Assembly (UNGA) for a vote that could take place next month.
- If adopted, the treaty will have to be signed and ratified by at least 40 countries in order to take effect; even as its detractors call for UN member States to abandon the legally-binding agreement altogether.
What does the UN cybercrime treaty entail?
- Based on the outline of the draft text, the treaty requires member States to bring in legislation that criminalises certain activities as cybercrimes while giving them flexibility to narrow down the application of the law.
- By signing the draft treaty, countries would be agreeing to introduce a law that makes the interception of non-public data transmissions illegal.
- Similarly, it paves the way for the unauthorised damage, deletion, deterioration, alteration, or suppression of data to become illegal.
- UN member States are further required to bring in laws that prohibit the production, import, sale, or purchase of devices that are primarily built or used to commit cybercrimes.
- The sale or purchase of passwords and login details to hack into Information and communications technology (ICT) systems shall also be made illegal, as per the treaty.
- Governments are required to classify as a cybercrime essentially any attempt to spread, store or view child sexual abuse material.
- It is defined as written, audio, or visual material that “depicts, describes or represents any person under 18 years of age engaging in real or simulated sexual activity; in the presence of a person engaging in any sexual activity; whose sexual parts are displayed for primarily sexual purposes; or subjected to torture or cruel, inhumane or degrading treatment or punishment and such material is sexual in nature.
- Making online arrangements to commit a sexual offence against a child and sharing intimate images or videos of a person online without their consent are also required to be treated as cybercrimes.
What are the proposed powers for authorities?
- Under conditions and safeguards laid out in Article 24 of the treaty, governments are required to ensure that the powers granted to law enforcement agencies are in accordance with international human rights obligations and are proportional in nature.
- Some of these powers would allow authorities to preserve data if they believe that it can be modified or lost, order people to preserve data up to 90 days, and ask service providers to share sufficient traffic data so that they can trace the path of a transmitted communication.
- Traffic data is defined as any data from an ICT system that “ formed a part in the chain of communication, indicating the communication’s origin, destination, route, time, date, size, duration or type of underlying service.”
- Images, text messages, voice messages, audio recordings, and video recordings are defined under content data and subscriber information entails “any information that is held by a service provider, relating to subscribers of its services.”
- Article 30 of the treaty requires States to legally empower authorities to collect and record content data in relation to a range of serious criminal offences.
- The treaty defines serious crime as conduct constituting an offence punishable by a maximum deprivation of liberty of at least four years or a more serious penalty.
- Meanwhile, Article 36, which deals with protection of personal data, states that governments are required to transfer personal data to other governments only if it is in accordance with its domestic laws.
- It also states that governments may revise domestic laws in order to fulfill requests from other countries for personal data.
What are the key concerns with the draft treaty?
- Digital rights advocacy groups like Access Now and Electronic Frontier Foundation (EFF) are concerned that the UN cybercrime treaty contains broad definitions of cybercrimes and could end up criminalising legitimate online activity.
- The treaty leaves a lot of loopholes which allow States at the national level to criminalise an entire range of activities as potentially being a cybercrime.
- And many of those activities that States could criminalise would be protected areas of activities such as journalism or legitimate security research.
- Back in 2022, the Indian government’s submissions on the UN cybercrime treaty contained measures similar to the controversial Section 66A of the the Information Technology Act, 2000, which was struck down by the Supreme Court as being “unconstitutional”.
- However, India’s proposal asking countries to make it illegal to share “offensive messages” on social media did not find any support at the global forum.
- The current text of this convention weakens human rights standards protecting privacy in a digital age, undermining rights protected under India’s constitution as proclaimed by our Supreme Court in its Puttaswamy ruling in 2017.
- Activists are also concerned that the treaty could enable cross-border surveillance leading to human rights abuses by authoritarian regimes.