UN cybercrime treaty enables threatening state intrusion

Flawed treaty will provide cover for installing a highly problematic law in Namibia

Frederico Links

Alarm has reverberated around the world following the adoption of the draft UN convention on cybercrime in early August 2024 by the Ad Hoc Committee of the UN General Assembly specifically created to draft such a treaty.

What is fueling the alarm within the global human rights community is the fact that the draft convention, which is set to be adopted by the UN General Assembly (UNGA) over coming months, has been adopted without addressing critical flaws in the treaty text that threatens to further erode the already fragile global human rights environment.

The fear that is being voiced is that the draft cybercrime convention, which flows from a Russian proposal from over five years ago, will legitimize the already evident human rights abuses of authoritarian states, while also providing cover for other, even democratic, states to insert repressive measures into domestic laws and frameworks.

Significant among the draft convention’s myriad of critical flaws are the absence of strong protections or safeguards for the rights to privacy and freedom of expression, in line with the established global human rights order.

An August 2024 analysis of the draft convention by US-based Just Security concludes that “while presented as a global milestone, [the draft convention] dangerously weakens human rights by offering broad criminal offense definitions and expansive surveillance powers, both domestically and across borders, with inadequate or at times non-existent human rights safeguards. These flaws open the door to widespread abuse, allowing governments to misuse the treaty for repressive purposes”.

Worth noting is that the issue of rights-threatening “expansive surveillance powers” was raised well before and up to the final round of treaty negotiations, from 29 July to 9 August 2024, by various digital rights actors. In the weeks leading up to the final negotiations, in New York, the Electronic Frontier Foundation (EFF) noted that “without robust privacy and human rights safeguards in the actual treaty text, we will see increased government overreach, unchecked surveillance, and unauthorized access to sensitive data – leaving individuals vulnerable to violations, abuses, and transnational repression”.

ABUSE ENABLED

This last point is of concern in the Namibian context.

A Namibian government delegation, from the Ministry of Justice, was present in New York in early August for the final round of treaty negotiations and adoption. It appears that the Namibian government is supportive of the final draft of the UN cybercrime treaty.

Namibia does not have a cybercrime law on the statute books, but a draft bill has been in the works for the better part of a decade, with indications as of early-September 2024 being that a substantive draft is close to being finalized.

With the draft UN cybercrime convention mere months away from adoption by the UNGA, it seems highly plausible that Namibian authorities will look to the treaty for guidance in finalizing and enacting a Namibian cybercrime framework. In fact, the National Cybersecurity Strategy 2022 – 2027 prioritizes the finalizing of the draft cybercrime bill “in line with international standards”, which in a few months will probably include the UN cybercrime treaty.

That said, the last version of the bill circulated for comment in 2021 was flagged for being substantially flawed and human rights threatening.

With regard to state surveillance specifically, and similar to the provisions of the existing communications surveillance framework – consisting of the Namibia Central Intelligence Service Act of 1997, the Communications Act of 2009 and the recent Criminal Procedure Amendment Act of 2023 – a 2021 Legal Assistance Centre (LAC) assessment found that the bill “lacks remedies in the case of illegal interception, which violates the right to an effective remedy for human rights violations”.

Similarly, a 2022 assessment of the bill for the Institute for Public Policy Research (IPPR) found that the bill creates parallel communication surveillance procedures to those in the existing framework, while also expanding surveillance powers provided for in the Communications Act, but still “falls short of best practices”.

The assessment also found that the surveillance-related provisions in the draft cybercrime bill reflected the shortcomings of the existing surveillance framework: weak oversight, transparency and accountability mechanisms; warrantless interception; lack of user notification; lack of privacy and data protections; etc.

The IPPR assessment advises that “the procedural and substantive powers in Namibia’s cybercrime law should be subject to clear protections for privacy, freedom of expression, and other human rights”.

The draft UN cybercrime treaty will not push the Namibian government to heed this advice, but rather it would accommodate and condone the opposite.

What this effectively means for Namibians is that state mass surveillance practices of questionable legality could effectively be accorded a sheen of lawfulness by the UN convention.

CONCERNING REGION

Namibia is part of a region – the Southern African Development Community (SADC) – in which cybercrime laws have already become highly problematic in the context of human rights.

Namibia and Lesotho are the only two countries in the 16-member bloc that have not yet enacted cybercrime laws.

In the majority of SADC countries where such laws exist, the human rights violations and abuses being perpetrated through the application of such and related laws are increasingly well-documented. Intelwatch researchers concluded that 25 African countries have laws that authorize the interception of communication and the vast majority require mandatory SIM card registrations linking reporters’ electronic communications to the country’s legal entities. Social media has also, to an extent, been criminalized in the region. Two meetings explicitly made recommendations to that effect: the 2019 Committee of Intelligence and security services of Africa in Abuja and the 2020 SADC Heads of State meeting where members states were urged to mitigate the impact of fake news and abuse of social media (especially during elections) “as social media was being exploited by subversive and negative forces to destabilize” countries.

A 2023 study mapping the repressive use of cybercrime laws in the SADC region found that the “enabling of state surveillance abuse and/or overreach – especially through mass surveillance enabling legislative and regulatory measures – has become a primary concern, particularly for media freedom advocates, in the context of cybersecurity and/or cybercrime law and regulatory crafting and drafting in the SADC region”.

SADC authoritarians could see the UN cybercrime convention as legitimizing their repressive practices, which could further exacerbate human rights abuses and democratic decline across southern Africa.

Frederico Links is a Namibian journalist, researcher and free expression advocate. This article was commissioned by Intelwatch, which is dedicated to strengthening public oversight of state and private intelligence agencies in Southern Africa and around the world.

Related Posts