54 comments

[ 4.5 ms ] story [ 55.9 ms ] thread
The government is shut down, treaties need to be ratified by the Senate.
> It also creates legal regimes to monitor, store and allow cross-border sharing of information without specific data protections. Access Now’s Raman Jit Singh Chima said the convention effectively justifies “cyber authoritarianism at home and transnational repression across borders.”

None of this sounds good for privacy and data protection.

Opting out of the treaty was probably a good choice. Opting out doesn’t preclude the US from cooperating with international cybercrime investigations, but it does avoid more data collection, surveillance, and sharing.

Err... yeah, because that's what USA based companies are known for - PII protection and data privacy?!?

Maybe there is some more complexity to this argument, that I'm missing. But, it's not one that has merit without justification.

Opting out was the right thing to do. This is Badthink monitoring in the guise of cybersecurity.
No thank you and I’m loath to see the EU sign up to this with a ton of authoritarian states. Things like this and the continued pushing of stuff like Chat Control has convinced me the EU stands to turn our countries into flawed democracies and eventually authoritarian states.
Previous threads:

https://news.ycombinator.com/item?id=41207987 ("EFF’s concerns about the UN Cybercrime Convention (eff.org)", 99 comments)

https://news.ycombinator.com/item?id=39129274 ("Proposed UN cybercrime treaty has evolved into an expansive surveillance tool (eff.org)", 64 comments)

https://news.ycombinator.com/item?id=41210110 ("New U.N. Cybercrime Treaty Unanimously Approved, Could Threaten Human Rights (scientificamerican.com)", 53 comments)

https://news.ycombinator.com/item?id=41221403 ("UN Cybercrime Convention to Overrule Bank Secrecy (therage.co)", 42 comments)

Why would the US give away it's power? I do not see anything to gain here. At least 2 of the big players are duplicitous bad actors (ie take more than they give) ... If they want prove otherwise then let Tencent teams compete in public CTFs again and disclose 0days.
What power? The US gave up power by not signing. The treaty is standardizing the process for sharing cybercrime evidence and prosecuting individuals. It has signatories pledging to align their laws and create new ones to make the same cybercrime illegal.

This isn't giving any country any sole power over cybercrime prosecution decisions.

When countries like North Korea, which depends on cybercrime to fund itself, are signatories, you have to wonder whether this agreement means what its title says.
The old “think of the children/fight terrorism/support our troops/be a good person” style of naming propositions to destroy data privacy.
(comment deleted)
They have also had the longest on going embargo on earth right after they were nearly wiped out by a genocidal war on behalf of the US.

I don't doubt their history explains the shape of their economy.

This may seem like I am defending North Korea, but in reality I am putting in perspective who/why they are. Facts which nearly amount propaganda to western nations.

China, north korea, and russia, all prolific cybercriminal nations with significant state backing of the same, are signatories. This means it's at best meaningless and at worst surrenders power to a regime with partial control by objectively bad actors. Staying out of this was the right move.

Plus it has too many implications for surveillance and security; poor idea in any case.

Also, America has traditionally refused to sign these types of accords.
(comment deleted)
Wow so the hosts and beneficiaries of cybercrime wrote a treaty on it (with a ton of additional surveillance mandates included, of course) and the US didn't sign on. How disappointing.
text of the treaty: https://www.unodc.org/unodc/en/cybercrime/convention/text/co...

I wouldn't get excited about the US "not signing". With the government shutdown, they might just be waiting for the document to be in New York before they bother. Hanoi is far.

64ss1: This Convention shall be open to all States for signature in Hanoi in 2025 and thereafter at United Nations Headquarters in New York until 31 December 2026.

Article 37 is spooky. Expands extradition to where there might not be preexisting extradition treaties.

Fuck article 11. It's the EU's "any program for committing cybercrime is a crime" law, and makes programmers culpable. IANAL, but it actually looks like it criminalizes the entire software supply chain. Sure, there's a clause in there that looks like it's supposed to protect security research (11s2) but this is the thinnest of loincloths.

It also seems to apply to "crime where there was a computer somewhere around". As for what constitutes "crime":

Article 2:(h) “Serious crime” shall mean conduct constituting an offence punishable by a maximum deprivation of liberty of at least four years or a more serious penalty;

...that seems to mean that if publishing information against the state regime is punishable by 4+ years and you used a computer to do it, there is now a basis for seizing your data and extraditing you.

I'm not even going to get into the implications this has for damaging privacy in general. This is some dark ass shit.

(comment deleted)
When Cambodia is a signatory, you know this is just whitewash, or even 'protective intelligence' ie using the shared international intelligence to protect the scams and evade enforcement. Keep your enemies close.
> The U.K. and European Union joined China, Russia, Brazil, Nigeria and dozens of other nations in signing the convention...Human rights groups warned on Friday that it effectively forces member states to create a broad electronic surveillance dragnet that would include crimes that have nothing to do with technology.

Countries like Nigeria, Morocco, North Korea and Russia signing a "cybercrime" treaty is just hilarious to me.

I don't believe for a second that these countries want to crack down on cybercrime, considering their citizens are the main perpetrators and beneficiaries of it, and they've taken zero actions to prevent it before today. Lagos is essentially the Silicon Valley of internet fraud, and it happens with permission from the highest levels of their government.

This obviously is just an excuse to create a global dragnet for governments looking to crack down on dissent.

UN should move its HQ outside of US. It is obvious they have become a bad host.
> cybercrime — which the U.N. estimates costs $10.5 trillion around the world annually.

That's almost 10% of global GDP. Who comes up with these numbers?

Couple clicks to get to the list so here it is. Not countries I usually associate with caring about privacy.

Algeria,Angola,Australia,Austria,Azerbaijan,Belarus,Belgium,Brazil,Brunei Darussalam,Burkina Faso,Cambodia,Chile,China,Costa Rica,Côte d'Ivoire,Cuba,Czech Republic,Democratic People's Republic of Korea,Democratic Republic of the Congo,Djibouti,Dominican Republic,Ecuador,Egypt,European Union,France,Ghana,Greece,Guinea-Bissau,Iran (Islamic Republic of),Ireland,Jamaica,Mozambique,Namibia,Nauru,Nicaragua,Nigeria,Palau,Papua New Guinea,Peru,Philippines,Poland,Portugal,Qatar,Russian Federation,Rwanda,Saudi Arabia,Slovakia,Slovenia,South Africa,Spain,Sri Lanka,State of Palestine,Sweden,Thailand,Togo,Türkiye,Uganda,United Kingdom of Great Britain and Northern Ireland,United Republic of Tanzania,Uruguay,Uzbekistan,Venezuela (Bolivarian Republic of),Viet Nam,Zimbabwe

All this would do is drive criminals to poorer countries that can't stop crime as well. Just like many scammers being based in South Asia, or billionaires moving their money to tax havens. It just takes one country to allow this stuff or at least not stop it, and your treaties are just pieces of paper.
I don't understand why political topics such as international treaties like this are upvoted and kept on the front page? To be clear, I'm in favor of politics being discussed on here, but this is so uninteresting and pointless to discuss IMO. International law can be ignored even by countries that agreed to it. What are you going to do, invade? As pointed out, countries like China and Russia signed onto a cybercrime treaty... pure slop.

Just seems very distracting when actual abuses and interesting political topics are hidden away in /active (like ICEs use of facial recognition)

Don’t have to look far to find out why.

Per the article: “Illicit flows of money, concealed through cryptocurrencies and digital transactions, finance the trafficking of drugs, arms, and terror. And businesses, hospitals, and airports are brought to a standstill by ransomware attacks.”

Then there’s this: Inside the Trump family’s global crypto cash machine https://www.reuters.com/investigations/inside-trump-familys-...

Once again, Chat Control is a never ending battle.
Russia in particular is turning the blind eye on en masse cyber crime that is originating from Russia. Russian hackers in the last two decades stole millions of credit cards from US and EU and hacked numerous banks and still the biggest Russian cyber criminals are at large in Russia. Just look at the FBI's top 10 wanted for cyber crime.
(comment deleted)