UN General Assembly to vote on the United Nations Convention Against Cybercrime

The United Nations General Assembly is set to enter their final vote to approve the United Nations Convention Against Cybercrime in December of 2024. According to the U.S. Department of State, this treaty, if adopted, would provide “additional tools for countries to work together, including through law enforcement cooperation, to address cybercrime, including protecting children.” Specifically, the convention seeks to aid in cross-border cooperation and criminalizes a range of “cyber-dependent” crimes and a handful of “cyber-enabled crimes”; obligates signatory States to develop enhanced digital investigation and enforcement procedures to be applied to crimes involving computer networks; provide an evergreen blanket of protection by utilizing technologically neutral language and addressing activities, as opposed to methods, so that the provisions of the convention will remain relevant as technology continues to develop; and provide comprehensive definition for the ever-elusive term “cybercrime."

In regards to streamlining the definition of cybercrime, which lacks a universally accepted definition, the convention would notably define cybercrime by breaking it down into two categories: “cyber-dependent” crimes and “cyber-enabled” crimes. Cyber-dependent crimes, such as deploying ransomware, are crimes that can only be committed by using a computer or other Information and Communication Technologies (ICTs), while cyber-enabled crimes, on the other hand, are traditional crimes that do not require a computer to commit but have been enhanced in speed, size, and scope through the use of ICTs. By breaking down the definition into two categories, the convention has the potential to cover almost any crime facilitated by the use of a computer, regardless of whether that crime is the use of malware or merely identity theft online—a broadness that poses both positive and negative capabilities.  

International cybercrime, surprisingly to some, has gone largely unregulated with no existing international laws on point to directly combat or regulate the use of cyber-attacks. In fact, most cybercrimes, and even the use of cyber tactics in modern warfare, are often lumped haphazardly under existing State-specific criminal statutes or international human rights laws and treaties. Yet, the applicability of these treaties is loose at best as most, if not all, of the existing treaties utilized as catch-alls are fashioned to cope with terrestrial activities, and the jurisdictional and enforceability issues involved with both international treaties and State-specific legislation pose their own array of trials and tribulations. Resultantly, as cyber-attacks continue to be a growing threat around the globe with the ability to cripple both public and private sectors, the need for appropriate regulation cannot be overstated. With this in mind, approval of the UN’s convention would be a welcome set of assurances against cyber trespasses.

However, approval means little without ratification, and some of the world’s key players are likely to be hesitant to bind themselves to a restriction on cybercrime, especially when there has been much debate over what can constitute a crime amongst the jurisdictions. Additionally, some organizations have spoken out against the treaty, condemning its broad scope and highlighting the room for human rights violations absent adequate safeguards. Namely, human rights organizations fear that the wide scope of the convention runs the risk of some States criminalizing online content and activities, including content related to political opposition or information deemed to be harmful by the current government, journalism, and LGBTQ+ information or other association. Further, some organizations and UN bodies warn that the treaty would pave the way for privacy violations under the guise of criminal investigatory procedure.

How to target cybercrime continues to pose challenges and will surely evolve over time.  These efforts may give some solace to victims knowing that this is top-of-mind internationally and more and more tools are being brought to bear in the fight.

If you have any questions about your company’s compliance with cyber regulations, concerns about vulnerability to attacks or other breaches, or if you want to learn more about proactive cybersecurity defense, contact a member of McDonald Hopkins’ national data privacy and cybersecurity team.

Jump to Page

McDonald Hopkins uses cookies on our website to enhance user experience and analyze website traffic. Third parties may also use cookies in connection with our website for social media, advertising and analytics and other purposes. By continuing to browse our website, you agree to our use of cookies as detailed in our updated Privacy Policy and our Terms of Use.