EFF is attending this week and next a new round of negotiations over the proposed UN Cybercrime Treaty to raise concerns that draft provisions now on the table include a long list of content-related crimes that pose serious threats to free expression, privacy, and the legitimate activities of journalists, whistleblowers, activists, and others.

In talks starting today and running through January 20 in Vienna, we will fight for users to ensure that detailed human rights are embedded in the treaty, and that proposed criminal offenses are
narrow in scope, limited to core cybercrimes, and exclude content-based crimes and crimes that are considered “cyber” just because technology was used to commit them. We will also be fighting against the inclusion of overbroad and undefined concepts that could potentially authorize surveillance measures such as government hacking, as well as any provision that could undermine encryption.

EFF and Privacy International
articulated these concerns in a joint submission, delivered to Member States last month, that includes detailed observations and recommendations to limit the scope of the proposed treaty, including limiting criminal conduct to only offenses in which information and communications systems are the direct objects and instruments of the crimes. You can read the full submission here.

Moreover, in a
letter released today to the UN Ad Hoc Committee facilitating the negotiations, EFF and more than 74 digital and human rights organizations in more than 45 countries and regions, expressed grave concerns that the draft text released by the committee on November 7 calls for Member States to treat various kinds of speech—much of which would be fully protected under international human rights law—as a criminal offense. The text includes a long list of crimes that interfere with protected speech and fail to comply with permissible restrictions on free expression established by international human rights standards.

The letter is part of
our year-long push, along with Privacy International, Human Rights Watch, ARTICLE 19, Access Now, Derechos Digitales, and many other allies, to ensure that human rights are baked into the proposed UN treaty, so it’s not used as a tool to censor legal speech, conduct illegal surveillance, violate privacy rights, or stifle free expression.

The proposed
UN Cybercrime Treaty has the potential to rewrite criminal laws and procedures  around the world, adding new offenses and creating new police powers for both domestic and international investigations, implicating the rights of billions of people worldwide.

Today’s session,
the fourth of seven such meetings that started last February, marks the beginning of a critical phase in the negotiations. In three sessions last year, Member States exchanged views on the convention’s objectives, scope, and structure, and proposed what they believe should be key elements of the treaty. This work culminated in the “consolidated negotiating document (CND),” a summary of Member State’s submissions that will serve as a basis for negotiating, starting today, the treaty’s final text.

The session will focus on criminalization provisions, general provisions, and procedural measures and law enforcement. In three final negotiating sessions scheduled over the course of this year, the parties will seek agreement to finalize and approve the draft and send a resolution on it to the UN General Assembly for consideration and adoption in early 2024.

As it stands, the CND contains many troubling provisions. We are particularly concerned that the draft includes such content crimes as “extremism-related offences” (Article 27),  “denial, approval, justification or rehabilitation of genocide” (Article 28),
and “terrorism-related offences” (Article 29). Distributing material online “motivated by political, ideological, social, racial, ethnic or religious hatred”should be struck from the proposed text. Further, “the spreading of strife, sedition, hatred or racism” via information and communications technologies a crime should also be excluded.

These overly broad, undefined, and subjective terms will undoubtedly sweep up legitimate expression, news reporting, protest speech, and more. We are not alone in these concerns. ARTICLE 19 points out in its
comments on the CND text that several content-based Articles do not comply with freedom of expression standards, and the CND  conflates “cybercrime” with privacy and data protection concepts, muddying legal frameworks that have been historically and deliberately separated at the national level. ARTICLE 19 urged Member States to seriously reconsider their efforts and make sure the CND does not include provisions that violate human rights standards the CDN text claims to prioritize.

Broad and undefined concepts such as “terrorism” and “extremism” should not be used as a basis to restrict freedom of expression. As we explained in our letter to the committee, there are no uniform definitions of these concepts in international law, and many States take advantage of this ambiguity to justify human rights abuses, such as politically motivated arrests and prosecutions of civil society members, independent media, and opposition parties, among others.

Over the next two weeks, EFF and its allies are committed to working on behalf of users to ensure that any new draft CND to emerge from this session is aligned with the principles and standards that are crucial to protect fundamental rights, including free expression, of those who will be subject to the treaty for decades to come.