Opinion – UN cybercrime treaty enables threatening state intrusion

Opinion – UN cybercrime treaty enables threatening state intrusion

Alarm has reverberated around the world following the adoption of the draft United Nations (UN) convention on cybercrime in early August 2024 by the Ad Hoc Committee of the UN General Assembly (UNGA) specifically created to draft such a treaty. 

What is fuelling the alarm within the global human rights community is the fact that the draft convention, which is set to be adopted by the UNGA over the coming months, has been adopted without addressing critical flaws in the treaty text that threaten to further erode the already-fragile global human rights environment.

The fear that is being voiced is that the draft cybercrime convention, which flows from a Russian proposal from over five years ago, will legitimise the already-evident human rights abuses of authoritarian states while also providing cover for other, even democratic, states to insert repressive measures into domestic laws and frameworks.

Significant among the draft convention’s myriad of critical flaws is the absence of strong protections or safeguards for the rights to privacy and freedom of expression, in line with the established global human rights order. 

An August 2024 analysis of the draft convention by US-based Just Security concludes that “while presented as a global milestone, [the draft convention] dangerously weakens human rights by offering broad criminal offence definitions and expansive surveillance powers, both domestically and across borders, with inadequate or at times non-existent human rights’ safeguards. These flaws open the door to widespread abuse, allowing governments to misuse the treaty for repressive purposes”.

Worth noting is that the issue of rights-threatening “expansive surveillance powers” was raised well before and up to the final round of treaty negotiations from 29 July to 9 August 2024 by various digital rights actors. 

In the weeks leading up to the final negotiations in New York,
the Electronic Frontier Foundation (EFF) noted that “without robust privacy and human rights’ safeguards in the actual treaty text, we will see increased government overreach, unchecked surveillance and unauthorised access to sensitive data, leaving individuals vulnerable to violations, abuses and transnational repression”. 

Abuse enabled

This last point is of concern in the Namibian context. 

A Namibian government delegation from the Ministry of Justice was present in New York in early August for the final round of treaty negotiations and adoption. 

It appears that the Namibian government is supportive of the final draft of the UN cybercrime treaty. 

Namibia does not have a cybercrime law on the statute books, but a draft bill has been in the works for the better part of a decade, with indications as of
early this month being that a substantive draft is close to finalisation. 

With the draft UN cybercrime convention mere months away from adoption by the UNGA, it seems highly plausible that Namibian authorities will look to the treaty for guidance in finalising and enacting a Namibian cybercrime framework. 

The National Cybersecurity Strategy 2022-2027 prioritises the finalising of the draft cybercrime bill “in line with international standards”, which in a few months will probably include the UN cybercrime treaty.

That said, the last version of the bill, circulated for comment in 2021, was flagged for being substantially flawed and human rights-threatening. 

With regard to state surveillance specifically, and similar to the provisions of the existing communications surveillance framework, consisting of the Namibia Central Intelligence Service Act of 1997, the Communications Act of 2009 and the recent Criminal Procedure Amendment Act of 2023 – a 2021 Legal Assistance Centre (LAC) assessment found that the bill “lacks remedies in the case of illegal interception, which violates the right to an effective remedy for human rights violations”.

Similarly, a 2022 assessment of the bill for the Institute for Public Policy Research (IPPR) found that the bill creates parallel communication surveillance procedures to those in the existing framework, while also expanding surveillance powers provided for in the Communications Act, but still “falls short of best practices”. 

The assessment also found that the surveillance-related provisions in the draft cybercrime bill reflected the shortcomings of the existing surveillance framework: weak oversight, transparency and accountability mechanisms; warrantless interception; lack of user notification; lack of privacy and data protection, etc. 

The IPPR assessment advises that “the procedural and substantive powers in Namibia’s cybercrime law should be subject to clear protections for privacy, freedom of expression, and other human rights”.

The draft UN cybercrime treaty will not push the Namibian government to heed this advice, but accommodate and condone the opposite.

What this effectively means for Namibians is that state mass surveillance practices of questionable legality could effectively be accorded a sheen of lawfulness by the UN convention.

Concerning region

Namibia is part of the Southern African Development Community (Sadc) in which cybercrime laws have already become highly- problematic in the context of human rights. 

Namibia and Lesotho are the only two countries in the 16-member bloc that have not yet enacted cybercrime laws. 

In the majority of Sadc countries, where such laws exist, the human rights violations and abuses being perpetrated through the application of such and related laws are increasingly well- documented. 

Intelwatch researchers concluded that 25 African countries have laws that authorise the interception of communication, and the vast majority require mandatory SIM card registrations linking reporters’ electronic communications to the country’s legal entities. 

Social media has also, to an extent, been criminalised in the region. 

Two meetings explicitly made recommendations to that effect: the 2019 Committee
of Intelligence and Security Services of Africa in Abuja, and the 2020 SADC Heads of State meeting, where member states were urged to mitigate the impact of fake news and abuse of social media (especially during elections), “as social media was being exploited by subversive and negative forces to destabilise” countries.

A 2023 study mapping the repressive use of cybercrime laws in the SADC region found that the “enabling of state surveillance- abuse and/or overreach, especially through mass surveillance enabling legislative and regulatory measures has become a primary concern, particularly for media freedom advocates in the context of cybersecurity and/or cybercrime law and regulatory crafting and drafting in the Sadc region”.

Sadc authoritarians could see the UN cybercrime convention as legitimising their repressive practices, which could further exacerbate human rights abuses and democratic decline across southern Africa.

*Frederico Links is a Namibian journalist, researcher and free expression advocate. This article was commissioned by Intelwatch, which is dedicated to strengthening public oversight of state and private intelligence agencies in Southern Africa and around the world.