US declines to join more than 70 countries in signing UN cybercrime treaty

372 pointsposted 3 months ago
by pcaharrier
(therecord.media)

87 Comments

landl0rd

3 months ago

China, north korea, and russia, all prolific cybercriminal nations with significant state backing of the same, are signatories. This means it's at best meaningless and at worst surrenders power to a regime with partial control by objectively bad actors. Staying out of this was the right move.

Plus it has too many implications for surveillance and security; poor idea in any case.

rpdillon

3 months ago

Yeah, the article is quite good at summarizing some of these issues.

> The convention has been heavily criticized by the tech industry, which has warned that it criminalizes cybersecurity research and exposes companies to legally thorny data requests.

> Human rights groups warned on Friday that it effectively forces member states to create a broad electronic surveillance dragnet that would include crimes that have nothing to do with technology.

> Many expressed concern that the convention will be abused by dictatorships and rogue governments who will deploy it against critics or protesters — even those outside of a regime’s jurisdiction.

> It also creates legal regimes to monitor, store and allow cross-border sharing of information without specific data protections. Access Now’s Raman Jit Singh Chima said the convention effectively justifies “cyber authoritarianism at home and transnational repression across borders.”

> Any countries ratifying the treaty, he added, risks “actively validating cyber authoritarianism and facilitating the global erosion of digital freedoms, choosing procedural consensus over substantive human rights protection.”

ethagknight

3 months ago

I was hoping to see a comment like this. These sorts of “global collaborations” seem to always end with the US carry all the water, and the goal from the other countries perspective is to throttle the US. Like the Paris Accords.

andreygrehov

3 months ago

According to World Cybercrime Index, Russia, Ukraine, China and the US are in top 4. North Korea is #7. Just to add some perspective to it.

andyvesel

3 months ago

That's right. If this is happening in the wrong nation - it's totalitarism and evil. If this happens in the correct nations, which are on the bright side - then it's democracy.

olalonde

3 months ago

Damned if you do, damned if you don't. If they hadn't signed the treaty, people here would be saying it's proof those countries support cybercriminals.

dlcarrier

3 months ago

Aren't treaties with the US meaningless by default, unless ratified by 3/4th of Congress?

user

3 months ago

[deleted]

user

3 months ago

[deleted]

litbear2022

3 months ago

It must be China or North Korea that forced TikTok to sell.

cyanydeez

3 months ago

Also, America has traditionally refused to sign these types of accords.

dumbledoren

3 months ago

Right. Its not like recent statistics showed that the US was the place where most of the cyberattacks originate. And its not like both the US and UK are openly saying that they are maximizing cyberwarfare against everyone as if it was something to be proud of. The country that is facilitating a livestreamed genocide in Gaza, is the 'good guys' to be trusted in cyberwarfare, for 'some' reason.

But, then again, in the Angloamerican culture, its always 'others' who are evil. Never itself.

kazinator

3 months ago

Just because known bad actors are signatories to a community promise does not ispo facto make it meaningless to everyone else.

I mean, what are you going to do? Instigate a rule that only nice people can be signatories? You've not played nice in various ways in the past, so you cannot sign this promise?

(Not to say that I agree with the treaty. See concerns by human rights groups mentioned in article and all.)

MangoToupe

3 months ago

Surely signing it would signal willingness to get along? What would be the downside?

> surrenders power to a regime with partial control by objectively bad actors

...do you think we are a regime with good actors? Why? What signals of morality or competency do you look for?

Aurornis

3 months ago

> It also creates legal regimes to monitor, store and allow cross-border sharing of information without specific data protections. Access Now’s Raman Jit Singh Chima said the convention effectively justifies “cyber authoritarianism at home and transnational repression across borders.”

None of this sounds good for privacy and data protection.

Opting out of the treaty was probably a good choice. Opting out doesn’t preclude the US from cooperating with international cybercrime investigations, but it does avoid more data collection, surveillance, and sharing.

rprwhite

3 months ago

Err... yeah, because that's what USA based companies are known for - PII protection and data privacy?!?

Maybe there is some more complexity to this argument, that I'm missing. But, it's not one that has merit without justification.

slowmovintarget

3 months ago

Opting out was the right thing to do. This is Badthink monitoring in the guise of cybersecurity.

perihelions

3 months ago

Previous threads:

https://news.ycombinator.com/item?id=41207987 ("EFF’s concerns about the UN Cybercrime Convention (eff.org)", 99 comments)

https://news.ycombinator.com/item?id=39129274 ("Proposed UN cybercrime treaty has evolved into an expansive surveillance tool (eff.org)", 64 comments)

https://news.ycombinator.com/item?id=41210110 ("New U.N. Cybercrime Treaty Unanimously Approved, Could Threaten Human Rights (scientificamerican.com)", 53 comments)

https://news.ycombinator.com/item?id=41221403 ("UN Cybercrime Convention to Overrule Bank Secrecy (therage.co)", 42 comments)

shenberg

3 months ago

When countries like North Korea, which depends on cybercrime to fund itself, are signatories, you have to wonder whether this agreement means what its title says.

Atlas667

3 months ago

They have also had the longest on going embargo on earth right after they were nearly wiped out by a genocidal war on behalf of the US.

I don't doubt their history explains the shape of their economy.

This may seem like I am defending North Korea, but in reality I am putting in perspective who/why they are. Facts which nearly amount propaganda to western nations.

y-curious

3 months ago

The old “think of the children/fight terrorism/support our troops/be a good person” style of naming propositions to destroy data privacy.

user

3 months ago

[deleted]

iamnothere

3 months ago

Nice to see abstention from Canada, Finland, Japan, South Korea, India, Iceland, Germany, Mexico, and Switzerland as well. Not everyone is on board with this (for good reason), it’s not just the big bad US ignoring the rest of the world.

Given the presence of some extremely authoritarian states on the list of signatories, the fact that the UK and France signed on seems to confirm my suspicions about the trajectory of freedom in those countries. And surprisingly Sweden! I feel like Mullvad users should be concerned.

SllX

3 months ago

All better company than the countries listed as signatories.

I’m actually not sure about Germany though. I almost posted a similar list above but then I noticed the European Union is listed as a signatory, so not sure where that puts the EU members not listed: https://treaties.un.org/Pages/ViewDetails.aspx?src=TREATY&mt...

maerF0x0

3 months ago

Why would the US give away it's power? I do not see anything to gain here. At least 2 of the big players are duplicitous bad actors (ie take more than they give) ... If they want prove otherwise then let Tencent teams compete in public CTFs again and disclose 0days.

delfinom

3 months ago

What power? The US gave up power by not signing. The treaty is standardizing the process for sharing cybercrime evidence and prosecuting individuals. It has signatories pledging to align their laws and create new ones to make the same cybercrime illegal.

This isn't giving any country any sole power over cybercrime prosecution decisions.

sixhobbits

3 months ago

Couple clicks to get to the list so here it is. Not countries I usually associate with caring about privacy.

Algeria,Angola,Australia,Austria,Azerbaijan,Belarus,Belgium,Brazil,Brunei Darussalam,Burkina Faso,Cambodia,Chile,China,Costa Rica,Côte d'Ivoire,Cuba,Czech Republic,Democratic People's Republic of Korea,Democratic Republic of the Congo,Djibouti,Dominican Republic,Ecuador,Egypt,European Union,France,Ghana,Greece,Guinea-Bissau,Iran (Islamic Republic of),Ireland,Jamaica,Mozambique,Namibia,Nauru,Nicaragua,Nigeria,Palau,Papua New Guinea,Peru,Philippines,Poland,Portugal,Qatar,Russian Federation,Rwanda,Saudi Arabia,Slovakia,Slovenia,South Africa,Spain,Sri Lanka,State of Palestine,Sweden,Thailand,Togo,Türkiye,Uganda,United Kingdom of Great Britain and Northern Ireland,United Republic of Tanzania,Uruguay,Uzbekistan,Venezuela (Bolivarian Republic of),Viet Nam,Zimbabwe

lbrito

3 months ago

Sweden, Uruguay and Portugal are on that list, to name a few more advanced countries. Seems like a pretty good list.

I wonder what countries you do associate with data privacy.

etiennebausson

3 months ago

I am curious about which countries do you associate with privacy.

tamimio

3 months ago

> Not countries I usually associate with caring about privacy.

Well, people should start accepting new norms that are different from what they used to know, not just data privacy, but even in other values as well, like personal freedom. I am sure some of the countries above have more personal freedom for a person compared to countries that lecture others about it, meanwhile the individuals get tracked by their phone through cell towers, get tracked while on the road by some unregulated cameras, get tracked online with digital ID, get tracked everywhere and if you end up getting caught and prosecuted, you will lose your basic human needs like getting a job or even voting in the so called free countries.

malvim

3 months ago

You are dead wrong about Brazil, our legislation about online privacy is pretty advanced. The European Union is not a country but has pretty solid legislation as well. Other South American countries on the list are pretty good as well.

You seem to be making a blanket statement about “not the first country I think about when…” of places you know nothing about.

nwellnhof

3 months ago

> cybercrime — which the U.N. estimates costs $10.5 trillion around the world annually.

That's almost 10% of global GDP. Who comes up with these numbers?

orbifold

3 months ago

It will all make sense once you realize who works at the UN, basically nepo babies of all colors and variety, including second cousins of Saudi royalty etc.

varenc

3 months ago

It might be including the cost of the entire cybersecurity business sector? Salaries of security engineers, security vendors, etc. Not just fallout from hacks.

edit: cybersecurity ventures seems to be the real source for the 10.5T number: https://cybersecurityventures.com/cybercrime-damage-costs-10...

Apparently their methodology is just assume $3T cybercrime cost in 2015, then compound it by 15% annual.

some_random

3 months ago

Wow so the hosts and beneficiaries of cybercrime wrote a treaty on it (with a ton of additional surveillance mandates included, of course) and the US didn't sign on. How disappointing.

christkv

3 months ago

No thank you and I’m loath to see the EU sign up to this with a ton of authoritarian states. Things like this and the continued pushing of stuff like Chat Control has convinced me the EU stands to turn our countries into flawed democracies and eventually authoritarian states.

perihelions

3 months ago

It's remarkable context that the Russian government authored this UN treaty,

> "Russia, however, Rodriguez said, has objected to the convention for infringing state sovereignty by allowing other nations to investigate cybercrimes in its jurisdiction. So in 2017, Russia proposed negotiating a new treaty, and in 2019 the UN adopted a resolution to do so, backed by Russia, Cambodia, Belarus, China, Iran, Myanmar, Nicaragua, Syria and Venezuela."

https://www.theregister.com/2023/04/14/un_cybercrime_treaty/ ("Russia-pushed UN Cybercrime Treaty may rewrite global law. It's ... not great")

> "It was proposed by Russia in 2017 and adopted by the General Assembly in December 2024 amid resistance from human rights organizations"

https://en.wikipedia.org/wiki/United_Nations_Convention_agai...

mrkramer

3 months ago

Russia in particular is turning the blind eye on en masse cyber crime that is originating from Russia. Russian hackers in the last two decades stole millions of credit cards from US and EU and hacked numerous banks and still the biggest Russian cyber criminals are at large in Russia. Just look at the FBI's top 10 wanted for cyber crime.

edm0nd

3 months ago

RU cybercriminals pay bribes to RU law enforcement to stay out of trouble as well as bend the knee and work for GRU/KBG when called upon for various requests by them.

then there is also the unspoken rule of "dont shit where you eat" aka RU/CIS based ransomware operators and hackers cant attack any companies in the CIS region.

a good read, https://www.recordedfuture.com/research/dark-covenant-3-cont...

ryanisnan

3 months ago

I think you're misreading the situation. As far as I can tell, Russia has every reason to want to continue engaging in heavy cyber-criminal activities. I don't think this is the virtuous Kremlin turning a blind eye. This is a classic case of deception. Look at my left hand, so you don't see what my right is doing.

bloppe

3 months ago

Ya, this isn't surprising.

https://www.atlanticcouncil.org/blogs/new-atlanticist/the-un...

> states parties are obligated to establish laws in their domestic system to “compel” service providers to “collect or record” real-time traffic or content data.

That's probably the biggest poison pill. The whole data sharing thing got watered down to the point of farce. Of course the EU won't extradite Russian LGBT activists under this law. But similarly, how likely do you think it would be for North Korea to extradite its own state-sponsored cybercriminals? They can simply claim that doing so would go against their "sovereignty, security, or other essential interests". Case closed!

user

3 months ago

[deleted]

bilekas

3 months ago

The title sounds more ominous than it really is. Why would the US want to weaken their position when it comes to advancing their cyber warfare weapons. Unrestricted they don't even need to pretend to be playing nice. I prefer the honesty at least.

user

3 months ago

[deleted]

zaoui_amine

3 months ago

US knows this treaty is a joke. No point in signing when the bad actors are already in.

jacknews

3 months ago

When Cambodia is a signatory, you know this is just whitewash, or even 'protective intelligence' ie using the shared international intelligence to protect the scams and evade enforcement. Keep your enemies close.

pksebben

3 months ago

text of the treaty: https://www.unodc.org/unodc/en/cybercrime/convention/text/co...

I wouldn't get excited about the US "not signing". With the government shutdown, they might just be waiting for the document to be in New York before they bother. Hanoi is far.

64ss1: This Convention shall be open to all States for signature in Hanoi in 2025 and thereafter at United Nations Headquarters in New York until 31 December 2026.

Article 37 is spooky. Expands extradition to where there might not be preexisting extradition treaties.

Fuck article 11. It's the EU's "any program for committing cybercrime is a crime" law, and makes programmers culpable. IANAL, but it actually looks like it criminalizes the entire software supply chain. Sure, there's a clause in there that looks like it's supposed to protect security research (11s2) but this is the thinnest of loincloths.

It also seems to apply to "crime where there was a computer somewhere around". As for what constitutes "crime":

Article 2:(h) “Serious crime” shall mean conduct constituting an offence punishable by a maximum deprivation of liberty of at least four years or a more serious penalty;

...that seems to mean that if publishing information against the state regime is punishable by 4+ years and you used a computer to do it, there is now a basis for seizing your data and extraditing you.

I'm not even going to get into the implications this has for damaging privacy in general. This is some dark ass shit.

mystraline

3 months ago

Upon a reading, a "cybercrime" can be as simple as saying 'Kim Jong Un is a fat dumbass' on social media.

And since it was said on a computer, combined with insulting 'His Glorious Leader (spit) ' is a death penalty, thats a extraditing cybercrime.

Sure it could be argued thats not a real example. But given OFCOM's recent stunts of sending british compliance letters to US firms with no british presence, I'd rather not have other countries manufacturing shit laws and exporting to us as a "treaty".

thw_9a83c

3 months ago

Article 29: Real-time collection of traffic data

   - (ii) To cooperate and assist the competent authorities in the collection or
     recording of; traffic data, in real time, associated with specified
     communications in its territory transmitted by means of an information and
     communications technology system.
Seriously? Will the authorities of state X simply ask the authorities of state Y to collect/intercept data, and will the authorities of state Y be required to cooperate even without a legal basis in their local legislation? Because this treaty become sufficient legislation?

And more so:

   3. Each State Party shall adopt such legislative and other measures as may be
      necessary to oblige a service provider to keep confidential the fact of
      the execution of any power provided for in this article and any
      information relating to it.
I cannot imagine anyone with a functioning brain signing this at the UN level.

user

3 months ago

[deleted]

beanjuiceII

3 months ago

the US makes smart decision unlike 70 countries, fixed the title

ecshafer

3 months ago

The government is shut down, treaties need to be ratified by the Senate.

teraflop

3 months ago

The executive branch is shut down. The Senate is still in session.

(The House of Representatives is effectively shut down, but only because the Speaker of the House has been unilaterally putting it into recess at the beginning of every session. The House Republicans all voted to grant the Speaker the power to do this whenever he wants, at the beginning of their current term.)

dragonwriter

3 months ago

> The government is shut down, treaties need to be ratified by the Senate.

The President isn't shut down, and only the President is needed to sign a treaty; it is submitted for ratification later and that, absent a deadline in the treaty, can take as long as it takes.

Also, even if the Senate was required to sign a treaty, the Senate isn't shutdown, and is in session and doing business.

user

3 months ago

[deleted]

nizbit

3 months ago

Don’t have to look far to find out why.

Per the article: “Illicit flows of money, concealed through cryptocurrencies and digital transactions, finance the trafficking of drugs, arms, and terror. And businesses, hospitals, and airports are brought to a standstill by ransomware attacks.”

Then there’s this: Inside the Trump family’s global crypto cash machine https://www.reuters.com/investigations/inside-trump-familys-...

taco_emoji

3 months ago

The United States is taking an indefinite hiatus. Please check back later.

user

3 months ago

[deleted]

quantum_state

3 months ago

Snowden … there must be darker stuff that is still there …

pembrook

3 months ago

> The U.K. and European Union joined China, Russia, Brazil, Nigeria and dozens of other nations in signing the convention...Human rights groups warned on Friday that it effectively forces member states to create a broad electronic surveillance dragnet that would include crimes that have nothing to do with technology.

Countries like Nigeria, Morocco, North Korea and Russia signing a "cybercrime" treaty is just hilarious to me.

I don't believe for a second that these countries want to crack down on cybercrime, considering their citizens are the main perpetrators and beneficiaries of it, and they've taken zero actions to prevent it before today. Lagos is essentially the Silicon Valley of internet fraud, and it happens with permission from the highest levels of their government.

This obviously is just an excuse to create a global dragnet for governments looking to crack down on dissent.

orenlindsey

3 months ago

All this would do is drive criminals to poorer countries that can't stop crime as well. Just like many scammers being based in South Asia, or billionaires moving their money to tax havens. It just takes one country to allow this stuff or at least not stop it, and your treaties are just pieces of paper.

reenorap

3 months ago

Has the UN actually solved any problems in the last 40+ years? It seems like a massive bureaucracy that is absolutely ineffective. They have been completely ineffective with respect to Ukraine, Gaza, COVID, any other conflict around the world.

When the W.H.O. went into China to "investigate" the COVID virus and came back saying "Nope, nothing to see here!" was probably one of the most predictable and pathetic things from the UN.

deafpolygon

3 months ago

notably absent are the netherlands and germany… wonder why this is!

phendrenad2

3 months ago

Let me guess - the "treaty" really means setting up a UN-run organization that will oversee global cybercrime defense. Let's check out the last time that happened. Oh yeah, the WHO. The WHO that lied about the coronavirus and said it isn't airborne despite overwhelming evidence to the contrary.

radial_symmetry

3 months ago

Just a reminder that the UN exists as a place where countries with very opposing points of view can have a forum for discussion. A treaty put forth by the UN, or a declaration by the UN, does not automatically mean that it is good or aligned with your values in any way shape or form.

tiberius_p

3 months ago

Any treaty joined by Russia is compromised from the start.

xyst

3 months ago

When it comes to the UN, if Israel doesn’t sign/agree to it. Usually USA follows.

“America first”, right? Load of horse shit.

aeternum

3 months ago

"peace, commerce, and honest friendship with all nations—entangling alliances with none"

abtinf

3 months ago

Once again, Chat Control is a never ending battle.

hypeatei

3 months ago

I don't understand why political topics such as international treaties like this are upvoted and kept on the front page? To be clear, I'm in favor of politics being discussed on here, but this is so uninteresting and pointless to discuss IMO. International law can be ignored even by countries that agreed to it. What are you going to do, invade? As pointed out, countries like China and Russia signed onto a cybercrime treaty... pure slop.

Just seems very distracting when actual abuses and interesting political topics are hidden away in /active (like ICEs use of facial recognition)

elAhmo

3 months ago

UN should move its HQ outside of US. It is obvious they have become a bad host.

ARandomerDude

3 months ago

Now that's an idea I think a lot of people can get behind. From the left, the US is a bad host. From the right, get those globalists out of my country. Everybody wins.

ang_cire

3 months ago

I mean, that's true, but not because they won't sign onto a global dragnet treaty with Russia and China.

China especially actively fabricates crimes for Chinese dissidents living outside its borders, and this is a perfect vehicle to allow them to track and monitor those people with ease.

shevy-java

3 months ago

The USA has chosen Evil here.

This also confirms the PSF foundation being wary. The USA would love to put unaffiliated developers in prison.