Plus it has too many implications for surveillance and security; poor idea in any case.
> The convention has been heavily criticized by the tech industry, which has warned that it criminalizes cybersecurity research and exposes companies to legally thorny data requests.
> Human rights groups warned on Friday that it effectively forces member states to create a broad electronic surveillance dragnet that would include crimes that have nothing to do with technology.
> Many expressed concern that the convention will be abused by dictatorships and rogue governments who will deploy it against critics or protesters — even those outside of a regime’s jurisdiction.
> It also creates legal regimes to monitor, store and allow cross-border sharing of information without specific data protections. Access Now’s Raman Jit Singh Chima said the convention effectively justifies “cyber authoritarianism at home and transnational repression across borders.”
> Any countries ratifying the treaty, he added, risks “actively validating cyber authoritarianism and facilitating the global erosion of digital freedoms, choosing procedural consensus over substantive human rights protection.”
> The U.K. and European Union joined China, Russia, Brazil, Nigeria and dozens of other nations in signing the convention, which lays out new mechanisms for governments to coordinate, build capacity and track those who use technology to commit crimes.
EU will coordinate with Russia on cybercrime?
https://en.wikipedia.org/wiki/United_Nations_Convention_agai...
Ok, so it's basically a "five eyes" style agreement for sharing intel on citizens. Why would anyone want their government to support this?
Which is not inherently a bad thing: https://en.wikipedia.org/wiki/List_of_countries_by_carbon_di...
I agree 100%.
I don't see the benefits here.
When you’re the one carrying the water, you get to decide where the water goes.
I actually prefer regimes like NATO where everyone is happy to leave the US in charge and doesn’t arm themselves. For all the projection of “strength” the current admin gives off, they are on their way towards reigning over a kingdom formed from the ashes of the republic's empire
/s
(Unfortunately the current United States administration makes the nation much closer to one of the Bad Nations, though, so it's kind of moot anyway.)
But, then again, in the Angloamerican culture, its always 'others' who are evil. Never itself.
Live streaming Gaza: I could not find a reliable source. As of today there are several webcam etc. claiming to live stream. I don't have the time to watch to verify this. However, there was a news block I place until recently and except for the occasional TikTok nothing on video, let alone 'live'.
[0] https://journals.plos.org/plosone/article?id=10.1371/journal...
Link?
> And it’s not like both the US and UK are openly saying that they are maximizing cyberwarfare against everyone as if it was something to be proud of.
Link?
> The country that is facilitating a livestreamed genocide in Gaza
Which country is that? And where’s the livestream streaming?
I'm not really trying to get into the political part of it fwiw.
I mean, what are you going to do? Instigate a rule that only nice people can be signatories? You've not played nice in various ways in the past, so you cannot sign this promise?
(Not to say that I agree with the treaty. See concerns by human rights groups mentioned in article and all.)
> surrenders power to a regime with partial control by objectively bad actors
...do you think we are a regime with good actors? Why? What signals of morality or competency do you look for?
Never mind, we already crossed that line: https://www.bbc.com/news/articles/c4gzq2p0yk4o
This was a very proportional response to Putin[1] the other day, so it's still technically game theory.
[1] https://www.reuters.com/world/china/putin-says-russia-tested...
Algeria,Angola,Australia,Austria,Azerbaijan,Belarus,Belgium,Brazil,Brunei Darussalam,Burkina Faso,Cambodia,Chile,China,Costa Rica,Côte d'Ivoire,Cuba,Czech Republic,Democratic People's Republic of Korea,Democratic Republic of the Congo,Djibouti,Dominican Republic,Ecuador,Egypt,European Union,France,Ghana,Greece,Guinea-Bissau,Iran (Islamic Republic of),Ireland,Jamaica,Mozambique,Namibia,Nauru,Nicaragua,Nigeria,Palau,Papua New Guinea,Peru,Philippines,Poland,Portugal,Qatar,Russian Federation,Rwanda,Saudi Arabia,Slovakia,Slovenia,South Africa,Spain,Sri Lanka,State of Palestine,Sweden,Thailand,Togo,Türkiye,Uganda,United Kingdom of Great Britain and Northern Ireland,United Republic of Tanzania,Uruguay,Uzbekistan,Venezuela (Bolivarian Republic of),Viet Nam,Zimbabwe
I wonder what countries you do associate with data privacy.
Estonia, Iceland, Switzerland, the Nordic countries and America.
Well, people should start accepting new norms that are different from what they used to know, not just data privacy, but even in other values as well, like personal freedom. I am sure some of the countries above have more personal freedom for a person compared to countries that lecture others about it, meanwhile the individuals get tracked by their phone through cell towers, get tracked while on the road by some unregulated cameras, get tracked online with digital ID, get tracked everywhere and if you end up getting caught and prosecuted, you will lose your basic human needs like getting a job or even voting in the so called free countries.
You seem to be making a blanket statement about “not the first country I think about when…” of places you know nothing about.
None of this sounds good for privacy and data protection.
Opting out of the treaty was probably a good choice. Opting out doesn’t preclude the US from cooperating with international cybercrime investigations, but it does avoid more data collection, surveillance, and sharing.
Maybe there is some more complexity to this argument, that I'm missing. But, it's not one that has merit without justification.
But that's beside the point. The most objectionable parts are about state surveillance and the potential for human rights abuses.
For example, here's what the EFF had to say about it:
https://www.eff.org/deeplinks/2024/07/effs-concerns-about-un...
> Maybe there is some more complexity to this argument, that I'm missing.
I think you’re missing the entire argument. Why would it be a good thing for a country to volunteer its’ companies PII through a treaty with foreign governments like Russia, North Korea, and China?
I don't doubt their history explains the shape of their economy.
This may seem like I am defending North Korea, but in reality I am putting in perspective who/why they are. Facts which nearly amount propaganda to western nations.
That's almost 10% of global GDP. Who comes up with these numbers?
edit: cybersecurity ventures seems to be the real source for the 10.5T number: https://cybersecurityventures.com/cybercrime-damage-costs-10...
Apparently their methodology is just assume $3T cybercrime cost in 2015, then compound it by 15% annual.
then there is also the unspoken rule of "dont shit where you eat" aka RU/CIS based ransomware operators and hackers cant attack any companies in the CIS region.
a good read, https://www.recordedfuture.com/research/dark-covenant-3-cont...
(The House of Representatives is effectively shut down, but only because the Speaker of the House has been unilaterally putting it into recess at the beginning of every session. The House Republicans all voted to grant the Speaker the power to do this whenever he wants, at the beginning of their current term.)
The President isn't shut down, and only the President is needed to sign a treaty; it is submitted for ratification later and that, absent a deadline in the treaty, can take as long as it takes.
Also, even if the Senate was required to sign a treaty, the Senate isn't shutdown, and is in session and doing business.
Given the presence of some extremely authoritarian states on the list of signatories, the fact that the UK and France signed on seems to confirm my suspicions about the trajectory of freedom in those countries. And surprisingly Sweden! I feel like Mullvad users should be concerned.
I’m actually not sure about Germany though. I almost posted a similar list above but then I noticed the European Union is listed as a signatory, so not sure where that puts the EU members not listed: https://treaties.un.org/Pages/ViewDetails.aspx?src=TREATY&mt...
Edit: another commenter mentioned something about treaties needing to go through the EU parliament and council if the areas of concern aren’t delegated to the EU. Not sure which side of the fence this falls under, and I bet there are some potential legal challenges waiting regardless. So perhaps France is hedging its bets by signing on as an individual nation, indicating its willingness to implement the treaty no matter what happens with the rest of the EU. But I am no expert on EU bureaucracy and politics!
This isn't giving any country any sole power over cybercrime prosecution decisions.
For example: "Compelled Technical Assistance: The draft requires countries to adopt laws enabling authorities to compel anyone with knowledge of a particular computer system to provide *necessary information* to facilitate access."
The US would have to have laws that would force you to provide login information to systems if the government wanted access to it. This would run contrary to the 5th amendment.
https://www.eff.org/deeplinks/2024/07/effs-concerns-about-un...
> "Russia, however, Rodriguez said, has objected to the convention for infringing state sovereignty by allowing other nations to investigate cybercrimes in its jurisdiction. So in 2017, Russia proposed negotiating a new treaty, and in 2019 the UN adopted a resolution to do so, backed by Russia, Cambodia, Belarus, China, Iran, Myanmar, Nicaragua, Syria and Venezuela."
https://www.theregister.com/2023/04/14/un_cybercrime_treaty/ ("Russia-pushed UN Cybercrime Treaty may rewrite global law. It's ... not great")
> "It was proposed by Russia in 2017 and adopted by the General Assembly in December 2024 amid resistance from human rights organizations"
https://en.wikipedia.org/wiki/United_Nations_Convention_agai...
I wouldn't get excited about the US "not signing". With the government shutdown, they might just be waiting for the document to be in New York before they bother. Hanoi is far.
64ss1: This Convention shall be open to all States for signature in Hanoi in 2025 and thereafter at United Nations Headquarters in New York until 31 December 2026.
Article 37 is spooky. Expands extradition to where there might not be preexisting extradition treaties.
Fuck article 11. It's the EU's "any program for committing cybercrime is a crime" law, and makes programmers culpable. IANAL, but it actually looks like it criminalizes the entire software supply chain. Sure, there's a clause in there that looks like it's supposed to protect security research (11s2) but this is the thinnest of loincloths.
It also seems to apply to "crime where there was a computer somewhere around". As for what constitutes "crime":
Article 2:(h) “Serious crime” shall mean conduct constituting an offence punishable by a maximum deprivation of liberty of at least four years or a more serious penalty;
...that seems to mean that if publishing information against the state regime is punishable by 4+ years and you used a computer to do it, there is now a basis for seizing your data and extraditing you.
I'm not even going to get into the implications this has for damaging privacy in general. This is some dark ass shit.
And since it was said on a computer, combined with insulting 'His Glorious Leader (spit) ' is a death penalty, thats a extraditing cybercrime.
Sure it could be argued thats not a real example. But given OFCOM's recent stunts of sending british compliance letters to US firms with no british presence, I'd rather not have other countries manufacturing shit laws and exporting to us as a "treaty".
- (ii) To cooperate and assist the competent authorities in the collection or
recording of; traffic data, in real time, associated with specified
communications in its territory transmitted by means of an information and
communications technology system.
And more so:
3. Each State Party shall adopt such legislative and other measures as may be
necessary to oblige a service provider to keep confidential the fact of
the execution of any power provided for in this article and any
information relating to it.
China especially actively fabricates crimes for Chinese dissidents living outside its borders, and this is a perfect vehicle to allow them to track and monitor those people with ease.
https://news.ycombinator.com/item?id=41207987 ("EFF’s concerns about the UN Cybercrime Convention (eff.org)", 99 comments)
https://news.ycombinator.com/item?id=39129274 ("Proposed UN cybercrime treaty has evolved into an expansive surveillance tool (eff.org)", 64 comments)
https://news.ycombinator.com/item?id=41210110 ("New U.N. Cybercrime Treaty Unanimously Approved, Could Threaten Human Rights (scientificamerican.com)", 53 comments)
https://news.ycombinator.com/item?id=41221403 ("UN Cybercrime Convention to Overrule Bank Secrecy (therage.co)", 42 comments)
https://www.atlanticcouncil.org/blogs/new-atlanticist/the-un...
> states parties are obligated to establish laws in their domestic system to “compel” service providers to “collect or record” real-time traffic or content data.
That's probably the biggest poison pill. The whole data sharing thing got watered down to the point of farce. Of course the EU won't extradite Russian LGBT activists under this law. But similarly, how likely do you think it would be for North Korea to extradite its own state-sponsored cybercriminals? They can simply claim that doing so would go against their "sovereignty, security, or other essential interests". Case closed!
https://www.reuters.com/investigations/inside-trump-familys-...
Per the article: “Illicit flows of money, concealed through cryptocurrencies and digital transactions, finance the trafficking of drugs, arms, and terror. And businesses, hospitals, and airports are brought to a standstill by ransomware attacks.”
Then there’s this: Inside the Trump family’s global crypto cash machine https://www.reuters.com/investigations/inside-trump-familys-...
Countries like Nigeria, Morocco, North Korea and Russia signing a "cybercrime" treaty is just hilarious to me.
I don't believe for a second that these countries want to crack down on cybercrime, considering their citizens are the main perpetrators and beneficiaries of it, and they've taken zero actions to prevent it before today. Lagos is essentially the Silicon Valley of internet fraud, and it happens with permission from the highest levels of their government.
This obviously is just an excuse to create a global dragnet for governments looking to crack down on dissent.
When the W.H.O. went into China to "investigate" the COVID virus and came back saying "Nope, nothing to see here!" was probably one of the most predictable and pathetic things from the UN.
“America first”, right? Load of horse shit.
Just seems very distracting when actual abuses and interesting political topics are hidden away in /active (like ICEs use of facial recognition)
This also confirms the PSF foundation being wary. The USA would love to put unaffiliated developers in prison.