In the picture
Security alert [Elchinator]
The United Nations Convention against Cybercrime, adopted in 2024, is the first global treaty designed to address cybercrime. The Convention was created in response to the challenges the world faces as a result of the rise and transformation of information and communication technology (ICT). Along with the benefits of a more interconnected world—which has transformed communication, the economy, and key aspects of our lives—new opportunities have emerged for criminals to exploit technology and sensitive data.
The fight against cybercrime is addressed at the international level by the treaty adopted by the United Nations General Assembly in December 2024 (hereinafter, the Convention). The term “cybercrime” is used as a general umbrella term to define two categories: cyber-enabled crimes and cyber-dependent crimes. The first category includes crimes that are facilitated by the use of ICT (e.g., drug trafficking), while the second category includes crimes that can only be committed through the use of ICT (e.g., spreading malware).
Cybercrime is inherently transnational and poses a global threat that requires cooperation from all affected countries. It suffices to recall that, for example, over the past five years, romance scams are estimated to have cost individual victims at least $1.3 billion. This highlights the harsh reality of cybercrime, and one of the main challenges it poses is its transnational nature, which makes it difficult for states to effectively combat it. Operating anonymously through digital networks allows criminals to conceal their identities. And while they hide behind a screen, they are able to harm businesses, ICT systems, and financial assets. Therefore, the paradox is that while criminals are protected by the transnational nature of these systems, law enforcement must act in accordance with legal guidelines.
Another significant challenge posed by cybercrime is the issue of digital evidence. Evidence is collected electronically and distributed across the jurisdictions of various countries. The problem this creates is that “national law enforcement agencies must confront borderless crime within their territorial boundaries.” Furthermore, criminals exploit legal loopholes among the affected states to create safe havens. These safe havens exist where legal frameworks are either nonexistent or incorrectly applied across different states. The discrepancies created by the challenges posed by cybercrime require an effective response through strong international cooperation among states.
Objectives of the Convention
The Convention on Cybercrime was created specifically to strengthen cooperation among states. It provides states with measures they can take to prevent and combat cybercrime. It strengthens cooperation and promotes the sharing of electronic evidence. The Convention contains nine chapters that outline an approach to preventing and combating cybercrime.
More specifically, the Convention’s application and objectives have two prongs. The first concerns the offenses defined within the Convention itself: Articles 7–17 establish a framework for criminalizing various forms of cybercrime, directly shaping how states classify and prosecute these offenses. The second prong is represented by the provisions on the sharing of electronic evidence in Chapter IV of the Convention (“Procedural measures and law enforcement”), which establishes a set of procedural powers designed to enable national authorities to access electronic data in the context of criminal investigations. Beginning with Article 23, states are required to adopt legislative measures authorizing the use of these instruments, reflecting a clear intention to achieve functional harmonization across domestic legal systems. However, the most controversial aspect, as will be discussed below, lies in Article 23, paragraph 2, which extends the scope of application of these measures beyond the offenses specifically defined in the Convention. These powers apply not only to cybercrime offenses in the strict sense, but also to any offense committed through information and communication technologies, and even to any criminal offense for which the obtaining of electronic evidence is necessary.
Furthermore, under Chapter V, State Parties will cooperate in sharing evidence regarding both the offenses defined in the Convention and other “serious crimes.” This approach will alleviate the challenges faced by governments due to differences in electronic evidence across jurisdictions.
The convention is based on several pillars. The first pillar is criminalization: it establishes the definitions of cybercrime, with the aim of standardizing how these offenses are understood by different States and how they will be punished. On the second point, the Convention focuses on jurisdiction, clarifying when States have jurisdiction over these matters. It states that a State has jurisdiction if the crime occurs within its territory or on one of its ships or aircraft. Furthermore, the Convention emphasizes international cooperation, based on legal assistance and joint investigations through a 24/7 cooperation network.
Finally, it addresses the issues of prevention, technical assistance, and implementation in member states. The Convention is effective because the mechanisms it employs address the key challenges of cybercrime, namely its transnational nature and the differences in the legal frameworks of various countries.
Human rights concerns
That said, while the Convention is sorely needed to strengthen international cooperation in addressing this difficult challenge, its enforcement may be limited by concerns regarding respect for human rights in authoritarian states. In particular, a pertinent question arises as to whether the adoption of this Convention will jeopardize basic human rights.
Many of the problems related to human rights stem from the drafting of the treaty itself. In fact, the convention was shaped by political disagreements, and in order to bring it into force, all the differences between countries had to be resolved through compromise. This resulted in an inconsistent treaty, with some parts that are unclear and contradictory. For example, the convention is intended to apply to what is defined as a “serious crime,” but the definition of this term is very broad and varies from country to country. This creates ambiguity regarding the scope and definition of the term across nations.
This ambiguity puts human rights defenders and journalists at risk. This danger stems from several factors. First, states are granted excessive powers; they are allowed access to staff without any human rights safeguards in place. In fact, they make no reference to the principles of proportionality, necessity, and legality. This can lead to human rights violations for every citizen, but even more so for those working on the front lines of journalism as well as activists fighting for human rights.
Secondly, the main issue with the convention lies in the differences among the states that are party to it. Many states lack adequate protection of human rights, and by ratifying the convention, they are not recognizing any of them. The main problem with this stems from the model implemented in all countries—the Mutual Legal Assistance Treaties (MLATs)—which require states to cooperate in prosecuting any “serious” crime. The concept behind the agreement is fundamentally sound and would work in theory in an ideal world. However, the risk is that states could end up assisting in the criminal investigation of other states for a crime that is wrongfully prosecuted in another jurisdiction. The impact of this is far more severe in authoritarian countries, where the investigation of an independent journalist or someone advocating for fundamental rights is targeted because it violates domestic law. Scholars argue thatthe convention’s reliance on national legal systems for implementation risks creating fragmented systems where the level of protection varies significantly from country to country.
A comprehensive approach is needed
In conclusion, cybercrime is a complex transnational issue that requires cooperation among the countries affected by it. The Convention on Cybercrime is merely the first step toward addressing the challenges that cybercrime poses to our society, and it succeeded in establishing a framework for international cooperation and enabling states to collaborate on this issue for the first time.
However, concerns regarding the protection of human rights must be addressed, as these protections vary from country to country and must be standardized across the board to ensure effective implementation and safeguard the rights of every citizen.
Ultimately, the effectiveness of the Convention will depend on how the regulations are implemented in each individual State, and its success will hinge on striking a balance between combating cybercrime and protecting human rights.