*This is an AI-powered machine translation of the original text in Portuguese

** Co-authored with Júlia Reis and Luiza Gibran. Originally published in JOTA.

The United Nations (UN) Convention on Cybercrime represents a crucial global effort to address the transnational nature of digital offenses. This increasingly relevant topic on the international stage requires comprehensive and collaborative discussions among nations, given the absence of borders in the realm of the internet and cybercrimes. Examples of standardization efforts, such as the General Data Protection Regulation, Digital Markets Act, Digital Services Act, UNCITRAL Working Groups, and Convention 108, are already observed at regional and global levels.

Opened for signature on November 23, 2001, the Budapest Convention on Cybercrime was a pioneering effort in addressing cybercrimes, serving as a significant international milestone, despite its ratification being limited to members of the Council of Europe. Criticisms related to the balance between combating cybercrime and protecting privacy and freedom of expression rights have been raised.

In response to these limitations and criticisms, the UN General Assembly decided to establish an Ad Hoc Intergovernmental Committee in 2019 through Resolution 74/247. This committee, composed of experts with global representation, was tasked with drafting a comprehensive convention to combat the use of information and communication technologies for criminal purposes. Sessions were scheduled to commence in January 2022, according to Resolution 75/282, with the aim of presenting a draft convention with unified international guidelines for combating cybercrime at the 78th session of the UN General Assembly.

Challenges in Drafting the Convention

The initial challenge in drafting a Convention on Cybercrime lies in defining "cybercrime" itself. Like many other concepts, "cybercrime" does not have a universally accepted wording. The difficulty in adopting a standardized definition across countries hinders cooperation initiatives for treaty enforcement. Without a mutually accepted concept, the same conduct could easily be classified differently among countries, hindering effective cooperation.

In addition to the need for a consensus definition, it is essential to consider the balance between protection against cybercrimes and the safeguarding of individual rights, such as privacy (UDHR Art. 12 and ICCPR Art. 17) and freedom of expression (UDHR Art. 10 and ICCPR Arts. 19 and 20). Resolving this divergence through the use of overly broad concepts poses risks regarding the criminalization of conduct and, particularly, the possibility of arbitrary application of the norms.

Between August and September 2023, the zero draft of the Convention was debated in the sixth session organized by the Ad Hoc Committee, with the participation of 139 member states and other international actors. This initial draft was developed from negotiated drafts throughout 2022 and 2023. Naturally, one of the central issues in the zero draft is the definition of "cybercrime." Three concepts in the zero draft stand out for their breadth: (a) "other criminal offenses committed through [a computer system] or [an information and communication technology device]; (b) "any criminal offense"; and (c) "serious crimes." Although the openness of the concept does not, in itself, imply arbitrary application of the norm, it should be approached with caution.

The Ad Hoc Committee will meet in its closing session in New York (January 29, 2024, to February 9, 2024), to finalize and approve the preliminary text of the Convention. The Committee's President will prepare a revised preliminary document, incorporating the provisions agreed ad referendum in the sixth session, as well as compromise proposals on pending provisions based on formal and informal negotiations and consultations among participating members. However, of the 67 articles in the draft, only four were approved ad referendum. The remaining articles, to a greater or lesser extent, received proposed amendments. It should be noted that not all proposed amendments to the zero draft move in the same direction to find solutions to the problem, which may compromise, at least in part, the effectiveness of the final document.

Conclusion

The UN Convention on Cybercrime addresses an increasingly important topic on the international stage. The challenges in its drafting involve recurring issues in the negotiation of international documents, such as reaching a definition of "cybercrime" accepted by the involved countries or balancing the fight against these offenses with the protection of individual rights, such as privacy and freedom of expression. However, the nature of cybercrimes requires a global and collaborative approach, as these crimes are not limited by national borders or jurisdictions.

While establishing uniform international guidelines is an important goal, differences in national legal systems and the rapid evolution of technology make the task challenging. The discussions during the sixth session and proposed amendments to the zero draft highlight the need to closely monitor the issue to achieve a comprehensive and effective solution in combating cybercrime on a global scale