Other quiz

What is cybercrime?

There is no universally accepted definition of cybercrime. A common approach is to define it in two categories: cyber-dependent crime and cyber-enabled crime.

Cyber-dependent crimes are crimes that can only be committed using information and communication technology (ICT). A notorious example is ransomware: hacking an organisation's or individual's device, encrypting data and demanding payment for decryption.

Cyber-enabled crimes are so-called traditional crimes that have been transformed in speed, scale and scope through the use of ICT, such as online banking scams, identity theft or fraud and online child sexual exploitation.

Why does a new cybercrime treaty matter?

Over the past 20 years, new technologies and threat actors have evolved at an unprecedented pace. In parallel, there have also been many different national and international efforts to combat the criminal use of ICT.

Victims of cybercrime range from individuals and communities to entire businesses and governments. Cyber scams, fraud, extortion and harassment are on the rise. In the last five years alone, it is estimated that individual victims have lost at least $1.3 billion due to romance scams. In 2022, the government of Costa Rica was forced to declare a state of emergency following a ransomware cyberattack that damaged the country's digital infrastructure for months. The perpetrators of cybercrime are equally diverse. They range from small-scale scammers to international cybercrime gangs and even state-sponsored actors. Cybercriminals often target victims in different national jurisdictions, making cybercrime a global threat with local impact. Recently, organized criminal groups offering cybercrime as a service have become increasingly common. Against this backdrop, the intended purpose of the treaty is to combat cybercrime and improve cooperation and coordination between States.

What is the treaty process?

In December 2019, the UN passed a resolution establishing an open-ended Ad Hoc Committee (AHC) tasked with developing a ‘comprehensive international convention on combating the use of ICT for criminal purposes’.

Negotiations began in early 2022. The treaty roadmap has six negotiating sessions, three in Vienna and three in New York. Each meeting addresses different parts of the treaty, including chapters on criminalisation, procedural measures, the role of law enforcement, international cooperation, technical assistance, preventive measures, and implementation.

States are expected to negotiate by consensus, but if consensus cannot be reached, two-thirds majority voting rules apply. At the two most recent sessions, informal working groups were created for states to discuss divisive issues. In June, the chair published the draft text of the convention, which states will discuss in August 2023.

While states are responsible for negotiating, adopting, ratifying, and implementing the treaty, civil society and the private sector have played an important role in shaping the convention through statements, consultations, and side events.

What are the main areas of disagreement?

The treaty process is complex. The draft text is the synthesis of months of negotiations and hundreds of proposed amendments, spanning nine chapters and over 60 articles.

The main areas of disagreement covered by this explainer relate to the scope of the treaty, human rights protections, how to address gaps in state capacity, how the treaty should be harmonized with other instruments, and the relevance of gender to the treaty.

It does not address issues such as data protection or the role of the private sector and civil society. Similarly, it highlights some of the many terminological disagreements.

Additionally, the AHC process coincided with the start of Russia’s full-scale invasion of Ukraine. Many state representatives have condemned Russia’s aggression and questioned whether they can negotiate in good faith with Russia.