+44 (0)20 7353 6000
18 Jan 2024

Anna Rothwell writes for Solicitors Journal on the misuse of INTERPOL and UN cybercrime policies

Anna Rothwell explains how certain government exploit these mechanisms for  political repression, threatening global security and free expression

In recent years, there have been concerns about the use by authoritarian regimes of INTERPOL notices as a tool to target dissidents, journalists, refugees and opponents abroad  for political gain or revenge. The use of INTERPOL notices as a form of transnational  repression has been reported upon by the US Congress, European Parliament, journalists,  academics and human rights campaigners such as Bill Browder, who has written about his  arrest by Spanish police pursuant to an INTERPOL diffusion notice issued at the request of  the Russian government.

While concerns about the abuse of INTERPOL channels are finally receiving the attention they deserve (even if a solution seems a distant prospect), there are growing fears that a new  UN cybercrime treaty could provide authoritarian states with another tool with which to  extend their reach overseas to silence or target their opponents. However, despite the  potentially enormous consequences of the new treaty, it has received little attention in the British press.

There is a very real and worrying danger that provisions in the proposed UN Cybercrime  Convention, the aim of which is to provide a global legal framework for international  cooperation on preventing and investigating cybercrime and the prosecution of cybercriminals, could in fact be abused in a similar fashion to INTERPOL; used to repress human rights and online freedom of speech. Without a clearly defined scope and sufficient  safeguards in place, the treaty could legitimise intrusive investigations and grant unhindered  law enforcement access to personal information, providing states with a means to surveil and  target individuals and undermine their privacy. The initial sponsors of the convention – Russia, China, and Cambodia – have already introduced repressive domestic cybercrime  laws.

In light of these fears, the UN Cybercrime Convention is currently in the midst of contentious  negotiations. The UN General Assembly adopted a resolution in December 2019, originally  proposed by Russia, establishing an Ad Hoc Committee to elaborate a “comprehensive  international convention on countering the use of information and communications  technologies for criminal purposes”. Negotiations began in May 2021. In September, the  committee concluded its sixth session in New York, with the aim of finalising its negotiations  at the next session in February 2024. However, as states head to the concluding session, there  is a notable lack of consensus on fundamental issues such as the treaty’s scope and what  constitutes a cybercrime. It is anticipated that, given the lack of consensus about such  important aspects of the treaty, it will be required to be put to a two-thirds majority vote  before the General Assembly before it can come into force.

Some states, including the US, UK, Brazil, Canada, Switzerland and Norway, are in favour of  a narrow and focused definition of what amounts to a cybercrime, covering “core  cybercrimes,” such as illegally gaining access to, intercepting, or interfering with computer  data and systems. However, many other states want the treaty to go further and cover “cyber enabled crimes” i.e. where the use of information and communication technologies (ICTs) play a significant role in crimes by facilitating the reach of the crime or speeding it up. This  would significantly expand the proposed treaty’s surveillance scope by covering practically  any offence involving a computer, both domestically and abroad.

Of most concern, and causing particular alarm amongst NGOs and organisations such as the  Committee for the Protection of Journalists (CPJ), are the proposals to include content-based  crime. This would expand the scope of the treaty to cover so-called “morality-based crimes”, which can put journalists and others, including members of LGBTQ+ communities, at risk  even if they do not explicitly criminalise speech. Laws against disinformation and hate  speech are already being used in domestic proceedings to criminalise journalists, human  rights defenders and members of the LGBTQ+ communities. One high-profile example  among many is the conviction of the Nobel Prize winner Maria Ressa for criminal libel under  the Philippines Cybercrime Prevention Act 2012. Another example is Pakistan’s Prevention  of Electronic Crimes Act, which authorises the blocking of websites deemed critical of  officials and requires service providers to retain or provide authorities with access to large  amounts of people’s data. The inclusion of disinformation and hate speech provisions in an  international treaty (disinformation provisions having been proposed by China, Indonesia,  and India and hate speech provisions by Pakistan, Kuwait, China and Jordan respectively),  would extend this reach and surveillance abroad.

In the last draft of the convention, Article 35 permits each country to define its own crimes  under domestic laws when requesting assistance from other nations in cross-border policing  and evidence collection. In certain countries, such laws may be based on subjective moral  judgments that are not criminal and considered a matter of free expression elsewhere.

For example, across the Middle East and North Africa, cybercrime laws have been used in Egypt, Jordan and Saudi Arabia to prosecute LGBTQ+ people, and in Tunisia and the United  Arab Emirates to prosecute human rights defenders. In March 2022 a court in Egypt charged  singers Omar Kamal and Hamo Beeka with “violating family values” for dancing and singing  in a video uploaded to YouTube. While the draft convention allows countries to refuse a  request for assistance if the activity in question is not a crime in its domestic regime (the  principle of “dual criminality”), given the current strain on the MLAT system, there is a fear  that requests, even from countries with contentious laws, could slip through the checks and  result in increased cross-border monitoring and repercussions for individuals (as has been  seen in the rampant abuse of the INTERPOL notice system).

These fears are not only being expressed by NGOs. Concerns have also been raised by  organisations including Microsoft, the International Chamber of Commerce and the  Cybersecurity Tech Accord, as well as some states such as Canada. In a statement to the Ad  Hoc Committee in September 2023, the Canadian delegation said that the relentless push to  expand the scope of the treaty had turned it into a general criminal Mutual Legal Assistance  treaty, leaving it completely in the hands of any state to decide what conduct constitutes a  “crime” or “a serious crime” and opening up a menu of measures to crack down on these self defined crimes:

“This represents the potential, and indeed inevitability, for Orwellian reach and control by  those states who will choose to abuse this instrument… Criticizing a leader, innocently  dancing on social media, being born a certain way, or simply saying a single word, all far exceed the definition of serious crime in some States. These acts will all come under the  scope of this UN treaty in the current draft.”

Unfortunately, organisations monitoring the negotiations, such as the Electronic Frontier  Foundation (EFF), have reported that some of the most concerning criminal offences and  surveillance measures that had not made it into the zero-draft introduced at the start of the latest session in New York have been reintroduced into the text. A new draft text is expected  at the end of November 2023.

While the draft Convention may incorporate some procedural safeguards, for example dual  criminality, its far-reaching scope raises profound questions about its compatibility with international human rights law. In 2019, the UN General Assembly warned that it was  “gravely concerned that national security, counter-terrorism and cybercrime legislation and  other measures, such as laws regulating civil society organizations, are in some instances  misused to target human rights defenders or have hindered their work and endangered their  safety in a manner contrary to international law.” It would be both appalling and ironic if an international UN cybercrime treaty were to enable and perpetuate such abuses even further.

 

This article was originally published in the Solicitors Journal on the 17th January 2024.

Latest Insights

Insights

May 10 2024

Insights

April 26 2024

Insights

April 22 2024