UN approves Russia-Cina sponsored resolution on new cybercrime convention

The United Nations on Friday have approved a Russian-sponsored and China-backed resolution to create a new convention on cybercrime.

The United Nations on Friday has approved a Russian-sponsored and China-backed resolution to create a new convention on cybercrime.

The resolution was sponsored by Russia and China and has alarmed rights groups that fear the bid could threaten online freedom.

The resolution was approved by the General Assembly with 79 positive votes, 60 negatives, and 33 abstentions.

The Assembly would set up a committee of international experts in 2020 that will be tasked with elaborating “a comprehensive international convention on countering the use of information and communications technologies for criminal purposes.”

The committee will meet in August 2020 to define the agenda of its activities, but global powers and rights groups fear that the language is code for legitimizing crackdowns on expression. Many governments worldwide persecute their internal oppositions charging them with criminal activities and use strict online surveillance to track them.

In 2019 we discussed several times about the abuse of surveillance software, in October WhatsApp sued Israeli surveillance firm NSO Group, accusing it of using a flaw in its messaging service to conduct cyberespionage on journalists and activists.

The surveillance software developed by NSO Group was used by government organizations worldwide to spy on human rights groups, activists, journalists, lawyers, and dissidents. Security experts have detected and analyzed some of the tools in its arsenals, such as the popular Pegasus spyware (for iOS) and Chrysaor (for Android). 

In September 2018, a report published by Citizen Lab revealed that the NSO Pegasus spyware was used against targets across 45 countries worldwide.

In November 2019, Snowden warned of abuse of surveillance software that also had a role in the murder of the Saudi Arabian journalist Jamal Khashoggi.

In October 2019, NSO Group ‘s surveillance spyware made the headlines again, this time the malware was used to spy on 2 rights activists in Morocco according to Amnesty International.

Several countries have increasingly attempted to shut down the internet following internal disorders. In November, after the announcement of the government to cut fuel subsidies, protests erupted in Iran and the authorities blocked access to the internet to prevent the spreading of news, videos, and images online.

Initially, mobile networks stopped working in large areas of the country, the government blocked any access to the Internet.

A similar situation occurred in India due to the disputed Kashmir in August after the government stripped autonomy to the Muslim-majority region.

In July, the Kazakhstan government has begun intercepting all the encrypted traffic and to do it forced users in the country to install a certificate.

The Kazakhstan authorities issued an advisory to local Internet Service Providers (ISPs) asking them to allow their customers to access the Internet only after the installation on their devices of government-issued root certificates.

Once installed the root certificate (“trusted certificate” or “national security certificate) the ISPs will be able to spy on citizens’ encrypted HTTPS and TLS connections.

Since April, the Kazakh ISPs are informing users to install the “national security certificate” to access “allowed” HTTPS websites.

By installing a root certificate issued by a Government Organisation allows the authorities to generate a valid digital certificate for any domain they want to intercept even if the user connects it via HTTPS.

The resolution approved by the United Nations on Friday is also sponsored by China that is known for its online censorship. In October, security experts speculated that the Chinese government was using mobile spyware, MITM attacks, and Internet monitoring to control Hong Kong protesters.

“There is no consensus among member states on the need or value of drafting a new treaty. It will only serve to stifle global efforts to combat cybercrime.” US deputy ambassador Cherith Norman Chalet told the assembly before the vote.

Chalet added that the resolution would “undermine international cooperation to combat cybercrime at a time when enhanced coordination is essential”.

Chalet, along with the Finnish representative, stressed that the UN’s existing group of experts is already pushing international cooperation in the fight against cybercrime without threatening civil rights and freedom of expression.

“It is wrong to make a political decision on a new treaty before cybercrime experts can give their advice,” Chalet said, adding that the resolution “prejudges” and would “undermine” the experts’ work.

Human Rights Watch expressed it disappointment about the resolution and defined it’s list of sponsors “a rogue’s gallery of some of the earth’s most repressive governments”.

“If the plan is to develop a convention that gives countries legal cover for internet blackouts and censorship, while creating the potential for criminalising free speech, then it’s a bad idea,” said Human Rights Watch’s Louis Charbonneau.

The US government expresses concerns about the resolution and remarked that it was more important to expand the existing 2001 Budapest Convention on cybercrime that promoted international cooperation to curb online crimes.

While the Budapest Convention was also accepted by non-UN countries, including the US and Japan, Russia always opposed it because it allows investigators to access computer data across borders threatening national sovereignty.

Pierluigi Paganini

(SecurityAffairs – cybercrime, UN resolution)

[adrotate banner=”5″]

[adrotate banner=”13″]

Share On