The UN Convention on Cybercrime confirmed my worst worries. Digital authoritarianism won. Internet freedom and human rights lost.

The reactions puzzle me. This bad deal brought unconcealed joy, and happy tweets from diplomats. After three years, the ad hoc working group has agreed on a Cybercrime Convention. Hooray!? Unfortunately, not.

The convention touts creating an international set of rules that, at first glance, appear to complement the fight against crime in the digital space and translate it into international law. However, the agreed document has little to do with these decent goals. 

Ever since Moscow first pushed for a Cybercrime Convention in 2017 at the UN, it has been clear that the autocratic dream team of Russia and China would use the negotiations. Worst of all, they used the convention to legitimize their ideas of mass surveillance. 

Many voices, including myself, had already warned of this outcome, saying no agreement was better than a bad one. Stay with the status quo rather than accept a massive deterioration. For all our love of international cooperation, no agreement should be reached just to agree. 

The UN treaty makes no significant or sufficient commitments to the right to anonymity, digital privacy, secure communications, encryption, the autonomy of internet self-governance, or the exclusion of mass surveillance. Safeguards are vague. They only are mentioned in the third chapter, not throughout the convention. 

The so-called “hacker provision” adds to my concerns. How should we deal with hackers and IT experts who discover vulnerabilities and publish them? This work is vital. The discovery of vulnerabilities is the prerequisite for their solution – ideally before they are exploited. Unfortunately, Articles 7 and 11 of the Cybercrime Convention fail to distinguish between a hacker’s intention and handling of a discovered vulnerability. 

Article 35 allows data exchange without security precautions, threatening human rights, especially privacy and freedom of expression. For example, Russia could request data stored abroad to use as electronic evidence in criminal proceedings. The Kremlin could invoke the convention to prosecute members of the opposition under the pretense of extremism. We should avoid this role as a digital assistant to authoritarianism. 

A critical debate is now urgently needed on the upcoming UN General Assembly vote and on a possible ratification.

Some might argue that almost every international convention has flaws and that reaching an agreement in geopolitically difficult times represents a success of multilateralism. I would object. 

On the contrary, this cybersecurity convention shows that attacks on freedom from authoritarian states are successful. The tug-of-war over our freedom and human rights has long since shifted to the digital space. Authoritarian states are aware of our lack of vigilance and are exploiting it.

Freedom, self-government, and self-determination in the digital space must be defended. These values must not be surrendered. In the digital world of the 21st century, they are the foundation of our democracy.

Tobias B. Bacherle is a Member of the German Parliament and Coordinator on the Committee for Digital Affairs for Alliance 90/The Greens.

This article was adapted from media partner Euractiv.com by CEPA.

Bandwidth is CEPA’s online journal dedicated to advancing transatlantic cooperation on tech policy. All opinions are those of the author and do not necessarily represent the position or views of the institutions they represent or the Center for European Policy Analysis.

The post Russia and China Cheer UN Cybercrime Convention appeared first on CEPA.