On 9 August 2024, the United Nations General Assembly agreed on the “Draft United Nations convention against cybercrime; strengthening international cooperation for combating certain crimes committed by means of information and communications technology systems and for the sharing of evidence in electronic form of serious crimes”. It is expected to be officially adopted and to become the first binding legal instrument on cybercrime.
Image by freepik
Objectives of the Convention
The Convention aims to encourage, foster and support measures, international collaboration, technical assistance, capacity-building to prevent, combat cybercrime, particularly for the benefit of developing countries. It covers (a) prevention, investigation and prosecution of the criminal offences established, including the freezing, seizure, confiscation and return of the proceeds from such offences, (b) collection, obtainment, preservation, share of evidence in electronic form for the purpose of criminal investigations, proceedings under articles 23, 35 of the Convention.
Some thoughts about the text
Sovereignty
As analysed in my recent paper in December, 2023, the questions about the determination of territory, jurisdiction and applicable law are difficult to find right practical responses since they are correlated to the sovereignty of State Members which must be strictly respected by the others. On the one hand, the Convention delegates the power to state members to establish principles defining the liability of legal persons participating the offences, including criminal, civil or administrative liability. On the other hand, the concept of “liability of legal persons” and a broad extent of the jurisdiction (Chapter III Article 22) which apparently include both state and non-state actors, may resolve questions about the cybercrime against physical persons and by non-state hackers. However, the language of this provision is not clear enough to extend its scope to cover the actors which are private entities, i.e. moral persons. Furthermore, the jurisdiction based on the vehicles is limited to vessels flying the state’s flag, aircraft registered under the state’s laws, it leaves out other space and outer space objects, as well as communication networks and other devices which could be suffered from the cyberattacks.
International Cooperation
The Convention has developed a more effective scheme of international cooperation. It provides general principles inclusive of the dual criminality, mutual legal assistance. It also sets out detailed provisions of transfer of personal data, extradition, transfer of sentenced person, criminal proceedings, expedited preservation and mutual legal assistance in the access of stored electronic data, expedited disclosure of preserved traffic data, mutual legal assistance in real-time collection of traffic data and the interception of content data, law enforcement, joint investigations, and confiscation (Chapter V Articles 35 – 52).
The Cybercrime Programmes Office of the Council of Europe supported this convention and ensured its consistency with the Convention on Cybercrime – Budapest Convention. According to them, the key provisions of the Budapest Convention have been retaken into this Convention. Many states became parties or sought accession to the Budapest Convention. It may bring synergies and benefits to the states which are parties of both treaties.
More news about data on AstraIA Gear https://www.astraiagear.com/category/cyber-security/
Press release: https://unis.unvienna.org/unis/pressrels/2024/uniscp1180.html
Draft full text: https://www.undocs.org/Home/Mobile?FinalSymbol=A%2FAC.291%2FL.15&Language=E&DeviceType=Desktop&LangRequested=False
Other sources: https://www.coe.int/en/web/cybercrime/-/united-nations-treaty-on-cybercrime-agreed-by-the-ad-hoc-committee