Russia has formulated and put forth a draft convention to the United Nations to fight cybercrime. The proposal is entitled the “United Nations Convention on Countering the use of Information and Communications Technologies for Criminal Purposes”.
This proposal reportedly calls for member states to develop domestic legislation to punish a set of cybercrime-related offences that are far broader than those recognized by international regulations at the moment. This 55-page document reportedly covers a whole range of things including defining 23 types of cybercrimes, providing an outline about procedures between different nations to extradite hackers, and also provide legal assistance in criminal cases like detecting crimes, arrest, and recovery of assets.
The Convention on Cybercrime of the Council of Europe, more popularly known as the 2001 Budapest Convention on Cybercrime, is the only binding international convention on the issue. It was brought into existence to provide standards for nations to formulate their own legislations on cybercrime. Russia, which has been a hotbed for ransomware in recent times, famously did not sign the convention because it allows cross-border operations which Russia considers a threat to national sovereignty.
You might also be interested in: China lays down new vulnerability disclosure rules
What the convention by Russia contains
“To prevent actions directed against the confidentiality, integrity and availability of ICT, and the misuse of ICT, by criminalizing such acts covered by this Convention, and by providing powers sufficient for effectively combating such offences and other unlawful acts, by facilitating their detection, investigation and prosecution at both the domestic and international level and by developing arrangements for international cooperation;”A few lines from Article 1 of the draft convention to fight cybercrime
According to Russian media outlet Tass, the 2001 Budapest convention is “flawed” because it apparently only recognizes 9 types of cybercrimes. Whereas, the draft convention defines 23 different cybercrimes that need to be discussed.
Russia’s proposal even calls for domestic laws to criminalize the changing of digital information without permission.
“Each State party shall adopt such legislative and other measures as are necessary to establish as an offence or other unlawful act under its domestic law the intentional unauthorized interference with digital information by damaging, deleting, altering, blocking, modifying it, or copying of digital information.”Article 8 of the draft convention
The draft convention also says that member states must formulate domestic laws to disallow unsanctioned malware research.
“Each State Party shall adopt such legislative and other measures as are necessary to establish as an offence under its domestic law the intentional creation, including adaptation, use and distribution of malicious software intended for the unauthorized destruction, blocking, modification, copying, dissemination of digital information, or neutralization of its security features, except for lawful research.”Article 10 (1) of the draft convention
The convention also “forbids” the creation and use of digital data that may mislead users and cause harm, such as deep fakes. This draft also contemplates a far broader basis for extraditing hackers by saying, where allowed by domestic law, all the listed cybercrimes should not be considered “Political Offences”.
In recent times, the Biden administration has doubled down on improved cybersecurity. It is, therefore, suggested that, given their relationship between the US and Russia especially after their recent summit, they may be motivated to engage with Russia at the United Nations to modify the draft convention to bring it in compliance with US norms and policies.