• Home
• /
• Opinion

Fight cybercrime, but why shut down the Net?

The answer is simple: the proposed cybercrime convention is like a wolf in sheep's clothing.

The United Nations General Assembly approved a resolution to create a convention on cybercrime by a vote of 79-60, with 33 abstentions, last Friday. According to a 2019 study by Accenture, cybercrime is estimated to put at risk $5.2 trillion in global value over the next five years. Clearly, cybercrime is a global problem and an international law seeking to curb it ought to be a good idea. So, why are the United States, the European Union, and other countries opposed to the Russian-sponsored effort to draft new international rules?

The answer is simple: the proposed cybercrime convention is like a wolf in sheep's clothing. In the words of Human Rights Watch, countries sponsoring the resolution are "a rogue's gallery of some of the earth's most repressive governments." Unsurprisingly, in the name of fighting cybercrime, the convention seeks to confer repressive powers on government agencies and fundamentally alter the internet freedoms we take for granted today.

The resolution entitled 'Countering the use of information and communications technologies for criminal purposes,' was sponsored by Russia, Belarus, Cambodia, China, North Korea, Myanmar, Nicaragua and Venezuela. Other supporting countries include Algeria, Angola, Cuba, Egypt, Iran, Libya, Syria, Zimbabwe, India, and Indonesia. The UN-adopted resolution establishes 'an open-ended ad hoc intergovernmental committee of experts . to elaborate a comprehensive international convention on countering the use of information and communications technologies for criminal purposes.'

Perhaps the biggest strike against the UN resolution is that there are already rules to tackle cybercrime - the Budapest Convention. It has been ratified by 64 countries and provides rules for cybercrime investigations and cooperation between government agencies.

To be sure, despite the existence of the Budapest Convention, cybercrime presents a growing risk both in terms of sheer volume and effect. In the US, the Federal Bureau of Investigation (FBI), received 351,936 complaints in 2018 - up 17% from 2017. The total cost of these crimes in 2018 was $2.7 billion. This is likely to be a vast undercount because many crimes do not get reported and the true costs are difficult to calculate. And contemporary cyberattacks are not just targeting individuals for small change - they are hitting entire cities and critical infrastructure such as power grids and paralysing essential services.

Against such a growing menace, the resolution may seem innocuous on its face. However, underpinning it is a previous draft UN convention sponsored by Russia that is likely to serve as the template for new rules birthed by this UN resolution. That draft convention conferred government agencies vast powers over internet activity. For instance, Article 27 pertains to real-time internet traffic and asks a state to 'to empower its competent authorities to collect or record. the traffic data associated with ICT use' within its territory. It seeks to oblige internet service providers to collect or record real-time traffic data and to cooperate with and assist state authorities 'in collecting or recording in real time the traffic data associated with specified information in the territory of that State party.' Critically, the provision also asks states 'to oblige a service provider to keep confidential the exercise of any power . and any information relating to it.' This means that you may not even know that your internet activity is under surveillance. There are other provisions authorizing the collection and recording of non-real-time internet traffic data. These provisions appear to be a blanket invitation for government surveillance over its citizens, and given the vague definitions employed in the draft, legitimate internet activity could be caught up. The net result is the chilling of basic rights including the freedom of speech, expression, and association.

Aside from surveillance, broad authority conferred on government agencies is likely to result in severe intrusions on liberties we take for granted. Arrests, searches and seizures over activities deemed verboten by government agencies are already common in countries sponsoring the UN resolution and may become widespread. New powers granted may also legitimize internet shutdowns and access to vital communication in the name of law and order. For instance, India imposed internet shutdowns in Kashmir and other parts of the country to quell protests recently. Aside from violating basic individual freedoms, such governmental actions also impose serious economic costs. In India, mobile operators are estimated to have lost over $350,000 per hour due to the internet shutdown. Ecommerce sites such as Amazon and Flipkart are estimated to have lost a fifth of their business volumes due to the shutdown. These estimates do not account for the losses imposed on a plethora of service providers and those employed in internet-dependent sectors of the economy.

Other countries have more sophisticated methods of controlling access to the internet. Regardless of whether government actions manifest in crude total or partial shutdowns, filters for particular content, or fake content designed to cause confusion, they are problematic given the ubiquitous use of the internet for daily life. Such actions fundamentally alter the way citizens interact with each other and the external world to their detriment.

The solution to cybercrime is not a new UN convention. To the extent legal tools are necessary, reforming the Budapest Convention and getting countries such as Russia, China, and India to ratify it would suffice. Equally, we need less government intrusion alongside a pledge to desist from malicious use of cyber tools against civilians and businesses. Cyber criminals must also be declared as hostis humani generis - enemies of mankind - and subject to legal prosecution universally. Establishing such a norm whilst fostering cooperation and coordination between governments is the best hope for combating this global problem. Destroying internet freedom is not the answer.

Dr Sandeep Gopalan is the Vice Chancellor of Piedmont International University, North Carolina, USA