Sixty-five countries, including the United States and Canada, have signed a United Nations treaty on cybercrime that threatens privacy, online research, and free expression.
The agreement, known as the UN Convention against Cybercrime, was signed in Hanoi and will take effect once 40 member states have ratified it.
Each country must complete its own ratification process. In the United States, a two-thirds Senate vote is required for approval.
The UN Secretary-General António Guterres described the treaty as an essential step in combating cybercrime, saying that “cyberspace has become fertile ground for criminals…every day, sophisticated scams defraud families, steal livelihoods, and drain billions of dollars from our economies.”
He called the Convention “a powerful, legally binding instrument to strengthen our collective defenses against cybercrime” and insisted it “cannot be used for any forms of surveillance or others that could be linked to violations of human rights.”
The UN Office on Drugs and Crime (UNODC), which directed negotiations, has argued that the treaty includes protections for human rights and legitimate research.
But organizations such as Human Rights Watch (HRW) and the Electronic Frontier Foundation (EFF) disagree.
Before the signing, both groups urged governments not to endorse the treaty, warning that its vague definitions could allow governments to monitor citizens, prosecute security researchers, and suppress political speech.
Technology companies have also raised concerns. The Cybersecurity Tech Accord, whose members include Meta and Microsoft, described the treaty as a “surveillance treaty” that could promote government data sharing and criminalize ethical hacking.
Hellbound and Down 