Security news that informs and inspires

A Sovereign Internet Will Not Combat Cybercrime

By

A United Nations committee has passed a Russia-backed resolution on a global cybercrime treaty, despite opposition from the United States and other European countries because the measure would allow countries to surveil its population and stifle dissenting voices.

The resolution, which passed 88 to 58, with 34 abstentions, sets up an “Open Ended Working Group” to examine cybercrime and how to prevent it. The resolution would also be voted on by the entire General Assembly in December. If the General Assembly passes the resolution, a committee will meet in August 2020 to draft the terms that would be used to write the actual treaty.

“The big picture is that Russia and China are seeking to establish a set of global norms that support their view of how the Internet and information should be controlled,” a European official told the Washington Post. “They’re using every means they can in the U.N. and elsewhere to promote that. This is not about cybercrime. This is about who controls the Internet.”

The resolution calls for a check on the “use of information and communications technologies for criminal purposes.” The definition of “criminal purposes” is left up to the individual government to determine. This could lead to criminalization of ordinary online activities that journalists, human rights groups, and other individuals take part in, such as using encrypted chat applications, 36 human rights groups wrote in an open letter to the United Nations General Assembly.

Justifying Soverign Internet

The resolution could “give wide-ranging power to governments to block websites deemed critical of the authorities, or even entire networks, applications, and services that facilitate online exchange of, and access to, information,” the group wrote. The resolution is unnecessary, ambiguous, "fundamentally flawed and would restrict the use of the internet for human rights, and social and economic development.”

The measure is very in-line with the Russian government’s recently enacted “sovereign internet” law which requires the country’s internet infrastructure to be built in such a way that it could be cut off from the global Internet and still keep functioning within its borders. Under this law, Russian telecommunications companies have to let the government filter Internet traffic and surveil its citizens. There are reports suggesting that Iran, which has been working on its “National information network” for at least a decade, has shut down access to the Internet but allowed some services to keep functioning internally as part of the latest waves of protests.

Critics said the proposed resolution and resulting treaty would not do anything to reduce global cybercrime but instead let governments justify seizing control of the country’s Internet communications. Giving countries control of the Internet within its borders would increase fragmentation of the global Internet, lead to pervasive censorship, amd allow human rights abuses. "When misused, cyber crime laws can create a chilling effect and hinder people's ability to use the internet to exercise their rights online and offline.”

Economic Costs of Fragmented Internet

There is also an economic impact to fragmenting the internet. Companies compete for the best products or services in a global and open network, but a closed network would hinder their efforts because the companies are subject to individual rules imposed by the country over data collection and availability.

For example, Vietnam has a cybersecurity law on the books mandating companies store user data on local servers. Thailand passed a law giving the government power to spy on Internet traffic and potentially search and seize computers and networking equipment that area deemed issues of national emergency, all without any judicial oversight. Thailand has used the law to censor websites such as YouTube.

Russia said the new treaty will be more “inclusive” and respect each country’s sovereignty while giving governments the ability to fight cybercrime and terrorism. The resolution was also supported by 45 countries, including China, North Korea, Cuba, Nicaragua, Venezuela, and Syria (and Russia). These countries have been known for crackdowns on civil society and censorship in recent years.

Fight to Keep Internet Open

Last year, the United States opposed a similar Russian-backed Countering the Use of Information and Communication Technologies for Criminal Purposes resolution in committee. That resolution passed 85 to 55, with 29 abstentions. At the time, New America’s Cybersecurity Policy Fellow Justin Sherman and senior policy analyst Robert Morgus noted that the votes fell along “established lines on cyber norms.” Every country that voted against the resolution were those favoring a global and open model of the Internet, and countries that voted for the resolution were those favoring a sovereign and controlled model, Sherman and Morgus wrote.

There are about 50 countries that have yet to decide their position on issues such as content censorship, traffic throttling, and internet regulation, and Sherman referred to them as Digital Deciders. “The battle for the global internet—for cyberspace as we know it—is not just over norms themselves, but over swaying undecided countries towards either a global and open or sovereign and controlled model for the internet,” Sherman and Morgus said. At the international level, cybercrime proposals are usually not about things like identity theft, but rather attempts to “politicize law enforcement and seek international top cover or legitimacy for actions already being undertaken.”

An international treaty on cybercrime already exists. The Budapest Convention was ratified by 64 countries in 2001, but Russia and China were among the few countries that did not vote for it.

"We are not convinced that there is a need for a new international convention on cyber crime," the civil rights groups wrote in their open letter.