Australia to sign UN 'surveillance treaty' in Vietnam

A new United Nations convention aimed at combating cybercrime through increased cooperation and information sharing is set to be signed this weekend by Australia and other nations, at a high-level ceremony in Ha Noi, Vietnam.

Led by the UN Office on Drugs and Crime (UNODC) agency, the treaty targets several different online offences, such as phishing, ransomware attacks, trafficking and hate speech.

However, first proposed by Russia in 2017, the treaty has come under withering criticism by a large swathe of the technology sector, including large companies such as Oracle, Meta and Microsoft, and human rights organisations.

They have banded together as the Cybersecurity Tech Accord, calling for changes to be made to the convention, which the tech companies say could produce "a broad UN surveillance treaty that would undermine both privacy and security in the digital environment."

Last year, the Cybersecurity Tech Accord outlined multiple concerns with the treaty, including cross-border data sharing without legal challenges, transparency and accountability.

Vague provisions as to what constitutes cybercrime could conflate the term with any crime committed through the use of an information and communications technology system, the Accord said.

Reuters reported that UN High Commissioner for Human Rights warned during the negotiations of the treaty that laws carrying overly broad definitions of cybercrime are used to impose undue restrictions on the right to freedom of expression.

Host nation Vietnam has itself been criticised by Human Rights Watch for cracking down on dissidents who express their opinions online, leading to what the organisation termed abusive prosecutions.

Cyber security researchers are not protected under the UN treaty, the Accord claimed, and children could be criminalised for taking suggestive selfies, the organisation said.

One of the treaty articles allows law enforcement to force individuals to provide access to secure systems, and to turn over credentials, even if the people are "simply travelling on holiday in a third country".

This provision could be used to harm national security, and creates serious risks to corporate IT systems, the Accord said.

Human rights and online civil liberties organisations such as the Electronic Frontiers Foundation are jointly lobbying with tech companies, calling for the scope of the treaty to be narrowed, so that it specifically only covers cybercrime, and not any crime.

The organisations also want to limit government access to personal data and introduce safeguards to ensure transparency, for example so that individuals will know if their data has been sent to foreign administrations.

The UN Office on Drugs and Crime has said the agreement [pdf] contains provisions to protect human rights, with nations being able to reject cooperation requests, should they conflict with international law.

Legitimate cyber security research activies are also encouraged by the convention, the UN Office said.

Australia intends to sign the UN treaty at the ceremony, the Department of Foreign Affairs and Trade (DFAT) said, following several years of negotiation.

"The UN convention is the first-ever UN endorsed instrument addressing cybercrime, criminalising significant cyber offences and creating a robust framework to enhance international legal cooperation and sharing of electronic evidence for these and other serious crimes," DFAT said.

After it has been signed, Australia will consider ratifying the UN cybercrime treaty, subject to government approval.

Australia is already a signatory to the Budapest Council of Europe Convention on Cybercrime since 2013.