The Pivotal Role of International Human Rights Law in Defeating Cybercrime: Amid a (UN-Backed) Global Treaty on Cybercrime.

• Author: Albader, Fatemah

TABLE OF CONTENTS I. INTRODUCTION 1118 II. INTERNATIONAL REGULATION OF CYBERCRIME: A DEADLY THREAT TO HUMAN RIGHTS LAW 1121 A. Restrictions and Derogations to International Human Rights 1133 B. Freedom of Expression 1135 C. Freedom of Opinion 1139 D. Right to Privacy 1139 III. INTERNATIONAL REGULATION OF CYBERCRIME: INCORPORATING HUMAN RIGHTS 1141 TV. CONCLUSION 1143 I. INTRODUCTION

On May 26, 2021, the General Assembly of the United Nations adopted a resolution approving the drafting of a new global treaty on cybercrime, which commenced in February 2022. (1) This marks the first time that UN member states have begun to negotiate a legally binding treaty on any cyber-related topic. (2) The Ad Hoc Committee to Elaborate a Comprehensive International Convention on Countering the Use of Information and Communication Technologies for Criminal Purposes has been tasked with developing the draft convention in consultation with the UN Office on Drugs and Crime (UNODC). (3) From the outset, the proposed UN agreement on cybercrime regulation has garnered significant criticism among the international community, namely by state delegates, human rights advocates, and nongovernmental organizations. (4) Fears stem from the belief that such a treaty would risk "legitimizing abusive practices and could be used as an excuse to silence government critics and undermine privacy in many countries." (5) It is true that national cybercrime laws already unduly restrict human rights, including, inter alia, freedom of expression and privacy rights. (6) There is ample evidence to suggest that cybercrime laws frequently exceed that which is necessary to prevent such crimes, thereby bordering on oppressive and limiting human rights to a degree that is prohibited under international law. However, it is equally true that, as the global community moves toward a digital world, it becomes even more necessary to legislate on a global scale against its commission. Thus, a balance must be struck, one that would allow for cybercrime regulation while at the same time respecting international human rights. Many examples illustrate, however, that this is not often the case.

In recent years, several digital criminal attacks have garnered significant media attention. The COVID-19 pandemic has resulted in an insurmountable increase in these cyberattacks, which continue to advance at an alarmingly fast rate, with newer ways to commit various acts of cybercrime constantly emerging. (7) In the first session of the ad hoc committee on the UN treaty on cybercrime, the UNODC itself has acknowledged that governments must act quickly to meet the difficulties posed by cybercrime because of the acceleration of such crimes owing to COVID-19. (8) Even before the pandemic hit, cybercrime was on the rise. Especially worrisome, given its lucrative nature, it is predicted that cybercrime will "be more profitable than the global trade of all major illegal drugs combined." (9) At the same time, cybercrime will cost the international community $10.5 trillion annually by 2025. (10) Accordingly, in May 2021, the United Nations General Assembly approved Russia's resolution to draft a global treaty to tackle the growing threat of cybercrime, with a draft convention to be submitted for review in 2023. (11) While these efforts are commendable, there is significant potential for increased human rights violations amid a global treaty to combat cybercrime. Thus, drafters of the treaty must take into consideration, first and foremost, human rights concerns so as to reinforce the human rights framework in the digital arena. (12)

In considering this new cybercrime legislation, it is worthy to note that, while Russia spearheaded the process of establishing this global treaty on cybercrime, having initially been commended for its efforts, after the Russian invasion of Ukraine, criticisms grew. Many delegates expressed concern that negotiating with Russia at this time was inappropriate, given Russia's alleged use of cyberattacks in the ongoing conflict. (13) This has led to fears by those in support of a global treaty that the invasion would overshadow the negotiations process. (14) The committee chair rightfully urged the ad hoc committee "to focus on the substantive issues at hand." (15) Nonetheless, the first session of the ad hoc committee alone has revealed the tension between human rights and national security amid the ongoing conflict in Ukraine. But a global treaty on cybercrime, especially at this time, should be welcomed rather than feared, provided that governments exercise adequate care and due diligence to prevent the treaty from obscuring human rights concerns in the name of national security. It is clear that the COVID-19 pandemic as well as Russia's invasion of Ukraine have both complicated the process. However, as state cooperation is pivotal to the successful conclusion of this treaty, the delegates must set aside their political differences and focus on the outcomes that are required of them to address this pressing concern, especially given the current state of affairs.

Accordingly, this Article aims to provide guidance on how to ensure respect for human rights in the drafting of a global treaty on cybercrime in the hopes that it will help guide the process and facilitate a smoother transition. The Article concludes that national security concerns stemming from threats of cybercrime should be viewed not as dichotomies but as complementary, where one cannot be achieved without respect for the other. In viewing the two as complementary rather than mutually exclusive, states would be able to guarantee respect for human rights while, at the same time, addressing key national security needs. This is especially pertinent in cybercrime regulation where the tendency is to curtail human rights in favor of national security. (16) This Article therefore addresses these arguments by establishing a framework that would reconcile the two, such that, in most instances, one does not prevail over the other. Accordingly, this Article is divided into two parts. Part II discusses the connection between cybercrime regulation and human rights, concluding that a UN-backed global treaty on cybercrime is necessary in order to properly regulate cybercrime so long as the treaty takes into consideration human rights in the drafting process. Part III discusses the possible governing frameworks to incorporate human rights considerations, concluding that the best approach is one that integrates human rights into the text of the treaty, thereby ensuring that human rights are not trumped by national security concerns in the name of cybercrime regulation.

2. INTERNATIONAL REGULATION OF CYBERCRIME: A DEADLY THREAT TO HUMAN RIGHTS LAW

   Cybercrime breeds major national security challenges. At their core, the crimes are not a new phenomenon. Consider, for example, the crime of fraud. The crime has existed for many years. In the context of cybercrime, cyber fraud relies on technology to commit the same crime online. Due to the speed at which information is spread online, the level of sophistication, and the possibility for non-detection that is inherent in such attacks, cyber fraud has emerged as the most threatening type of fraud. (17) According to a 2021 study by Abnormal Security Corporation, a new malware strategy using phone fraud has evolved. (18) Unsuspecting victims would receive an email asking them to call the scammers who would then instruct them to download virus-containing files. The study reported that "[t]his relatively new tactic increased dramatically throughout the last half of the year, with nearly a third of all organizations receiving at least one attack in the third quarter, and over half in the fourth quarter." (19) The chances of receiving this new phone scam attack was at a likelihood of 59.2 percent. (20) Another recent study found that the government/military sector, which saw 1,136 attacks per week in 2021--an increase of 47 percent from 2020--witnessed the second-largest volume of attacks, with the education/research sector being the most vulnerable and having the highest number of attacks. (21) Thus, these crimes affect both the private and public sectors at massive scales and range from typical identity fraud and online theft of data to drug trafficking and cyber pornography.

   With advancements in technology, cybersecurity threats continue to develop. In addition, perpetrators often take advantage of public health emergencies and other crises that serve as a breeding ground for cybercrime. COVID-19 and the Russian invasion of Ukraine are two examples. During COVID-19, one phishing attack disguised itself as the World Health Organization, tricking individuals into opening emails they thought were from World Health Organization health officials but that actually contained dangerous malware. (22) Similarly, during the Russian invasion of Ukraine, cybercriminals exploited the ongoing war by launching phishing attacks and pretending to be Ukrainians or family members in need of financial support. (23)

   All of these examples highlight just how lucrative cybercrime can be, illuminating the reasons as to why cybercriminals are driven to commit these crimes. Because of the anonymity involved in such crimes, cybercriminals have been able to thrive. It is generally understood that the right to privacy includes the right to communicate privately and anonymously online. (24) On the positive side, this means that lawyers, journalists, and others who may be at risk for expressing their views online in more authoritarian countries are able to do so without risk of repercussion. (23) On the negative side, however, this has made it easier for criminals to commit wrongdoings online. (26)

   Former Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression David Kaye has stated that "[l]aw enforcement and counter-terrorism officials express...