Question over ‘legal value’ of proposed UN cybercrime convention
A proposed UN treaty on cybercrime could end up competing with the existing Budapest Convention and needlessly complicating international investigations and enforcement, a legal expert has said.
Efforts to finalise the text of the proposed UN Convention against Cybercrime are currently under way in New York, having been postponed in February in an attempt to reach a political consensus.
An ad hoc committee has been working on the text since 2019 following a proposal brought by Russia to the UN General Assembly for a “comprehensive international convention on countering the use of information and communications technologies for criminal purposes”.
However, the process has been beset with criticism from human rights campaigners and technology experts who fear it could pave the way for sweeping online surveillance.
Deirdre Leahy, who teaches cybercrime law at University College Cork (UCC) and , told Irish Legal News it is still “not entirely clear how the proposal for a UN Treaty on Cybercrime can improve the legal framework for cybercrime investigations and enforcement already established under the Budapest Convention on Cybercrime of 2001 and its Second Protocol”.
“The original Budapest Convention was equipped with an enforcement and investigative regime that was criticised for undershooting human rights protections,” Ms Leahy said.
“These criticisms were addressed in the Second Protocol to the Convention, adopted in 2022, which creates a framework for enhanced co-operation and disclosure of electronic evidence in cybercrime investigations.
“This new regime introduces specific protections for personal data, access to information, retention periods, data security and oversight.”
She continued: “Despite its Council of Europe origins, the Budapest Convention is also an international treaty capable of universal application, which has been actively monitored and managed.
“To date, 75 countries have adopted and enacted the Convention, and a further 18 — including Ireland — have signed but not yet fully ratified it, or have been invited to accede.
“The Second Protocol has already been signed by 44 countries and as part of its strategy for cybersecurity, the EU actively encourages its member states to adopt the Protocol.
“The question for governments and legislators is whether the alternative international framework being proposed via the UN can really add legal value to the existing measures for international cybercrime control and enforcement?
“If this treaty materialises it may result in competing international frameworks for cybercrime, further complicating but not resolving the significant challenges of cross-border law enforcement and investigation in the sector.”