Cybercrime , Fraud Management & Cybercrime
UN to Hold Hearing on Proposed Cybercrime Treaty
4th Round of Meetings Will Focus on Legal Measures to Tackle CybercrimesThe United Nations will commence a hearing for its first-ever global treaty on cybercrime this week to focus on state response to cybercrime and coordinated intelligence sharing. The proposed treaty seeks to legally categorize various cybercrimes and develop a unified international response.
See Also: The Healthcare CISO’s Guide to Medical IoT Security
The United Nations General Assembly adopted a resolution on "countering the use of information and communications technologies for criminal purposes" in 2019.
The latest hearing, which will be held in Vienna Jan. 9-20, will focus on how states should respond to cybercrimes and measures that law enforcement can take to tackle crimes. As part of the hearing, the drafting committee will take recommendations from key stakeholders such as state representatives and members of civil society organizations.
The proposed treaty identifies cybercrime as any "criminal offenses committed intentionally and illegally" over IT devices. It further lists a variety of criminal activities that are deemed illegal. These include illegal access, network interference and tampering of hardware or software that results in the compromise of critical infrastructure or leak of confidential government data, among others.
By identifying and clearly defining what constitutes various cybercrimes, the treaty seeks to provide a legal basis for states to prosecute potential offenders, which may range from sophisticated nation-state hackers to employees who illegally access sensitive government data.
The draft proposal also spells out measures that states can adopt such as granting law enforcement agencies the right to collect data in real time, seize devices used for cybercrime activities, coordinate with intelligence agencies and assist victims of various cybercrimes.
The Critics Respond
Commenting on the draft treaty, Interpol, which published its recommendations ahead of the upcoming hearing, says more nuanced coordination between national cyber agencies "to cover a wide range of cybercrimes" is needed. The proposal also seeks to address the underreporting of cybercrimes to law enforcement by improving channels of communication, the agency said.
The International Chamber of Commerce, U.K. recommended that offenses that are already included in the criminal list should already be treated as criminal acts, not "merely unlawful" activities.
ICC also said that broader categorization of network intrusion as a criminal offense will affect penetration testers and security researchers equally as their work involves compromising networks, accessing them, and reviewing and retrieving information. Therefore, the agency recommends that the draft treaty should update the scope of the offense "to ensure that activities which are conducted in good faith for legitimate purposes - such as penetration testing - do not fall within the scope of the convention."
The January hearing is the fourth round of treaty talks. The fifth and the sixth rounds of hearings will be held in September, after which the treaty will be submitted to the UN General Assembly for finalization. The treaty is set to take effect in early 2024.