China, north korea, and russia, all prolific cybercriminal nations with significant state backing of the same, are signatories. This means it's at best meaningless and at worst surrenders power to a regime with partial control by objectively bad actors. Staying out of this was the right move.
Plus it has too many implications for surveillance and security; poor idea in any case.
> For example, the convention requires states to have laws that compel internet services to collect certain data, and does not require that requests for such data be transparent. There are limited cases when member states may deny a request for data, although there is a provision to do so if a state believes a request is due to "sex, race, language, religion, nationality, ethnic origin, or political opinions". The latter statement was weakened during negotiations, and challenged by Iran and Russia until the end of negotiations.
Ok, so it's basically a "five eyes" style agreement for sharing intel on citizens. Why would anyone want their government to support this?
I was hoping to see a comment like this. These sorts of “global collaborations” seem to always end with the US carry all the water, and the goal from the other countries perspective is to throttle the US. Like the Paris Accords.
Climate change isn't driven by human defined borders either. It's driven by total CO2 emissions. If a per-capita rate is non sensical then border based emissions are even more non sensical. Greenland only emits 0.001% of the total. Greenland is 12000x a better country than the US wow. This is exactly why per-capita is used.
Yeah and this is clearest when you consider federations. Imagine if you count the US as 50 separate countries, suddenly they are much more climate friendly! That's of course absurd.
But the reason emissions happen is for per-inhabitant benefits. It's a very reasonable idea [0] to set a per-inhabitant goal and criticize countries exceeding that threshold (which the US would still fail at, but I'm arguing against the metric itself rather than US faults).
Take your position to something of an extreme -- the Vatican could open up 200 coal power plants for its holy Bitcoin operations and still be sufficiently less impactful to CO2 than the US that nobody would target them during climate talks. Rephrased from the other direction, each US citizen would blow their CO2 budget by buying a shirt per decade to get down to the Vatican's levels.
That's a common mental failure mode, analogous to the sorites paradox. Countries are made up of many small actors and decisions, and pretending otherwise is unlikely to help you achieve your goals.
[0] Mostly -- transitive effects like one country generating all the goods another country uses are harder to account for. Assuming we could measure perfectly though...
How is that fair when a lot of industrial production was shifted to one region of the globe specifically? It would be impossible without a lot of guessing and estimations, producing questionable data, but you would have to include CO2 attributable to exports and imports.
Which is just too hard, and too open to change assumptions to fit a desired result.
Because in reality, much of the globe's economy is waaayyyyy too interconnected, and the arrows don't just point one way. Feedback loops without end.
That whole "this/that country..." just does not work, except to fill comment sections. The systems are global.
Super weird that they don't factor in productivity at all. Don't take me the wrong way I hate the fact that the United States thinks the only way to do anything is to burn fossil fuels, but that doesn't change the fact that our output per capita has got to be 10x the countries we are being compared against in this article.
> I was hoping to see a comment like this. These sorts of “global collaborations” seem to always end with the US carry all the water, and the goal from the other countries perspective is to throttle the US. Like the Paris Accords.
What about non-proliferation treaties which have prevented the vast majority of countries from bankrupting themselves in an existential sprint to nuclear weapons?
You know what the fun fact that everyone I hear complain about the US spending more than is fair on international projects ignores or appears ignorant of?
When you’re the one carrying the water, you get to decide where the water goes.
I actually prefer regimes like NATO where everyone is happy to leave the US in charge and doesn’t arm themselves. For all the projection of “strength” the current admin gives off, they are on their way towards reigning over a kingdom formed from the ashes of the republic's empire
I prefer multilateralism, but I do think there are challenges when every country that isn't the biggest smashes the 'defect' button as many times as they can.
And don't forget the tertiary effects as we displace millions with those bombs, only to take in a large number of "asylum seekers" from the countries we "aided".
IMO this is all by design, and there are a non-zero number of NGO operatives on this very site who are frustrated that anything is impeding that plan.
What point are you trying to make? I'm honestly not sure. Is it that China is polluting a lot? Or a little? That they are making environmental progress? Or none?
Damned if you do, damned if you don't. If they hadn't signed the treaty, people here would be saying it's proof those countries support cybercriminals.
No. Like many countries, the US requires legislative ratification of treaties, but by 2/3 of the Senate, not 3/4 of the Congress. The US has the same obligations as any non-ratifying signatory with regard to treaties it has signed but not ratified.
That's not how the EU works. As an example take the Mercosur treaty: it has 4 parts. The first post is straight up trade rules, an area that the Eau member states delegated to the EU. This part was directly valid once signed.
The other three parts all concern areas not delegated to the EU. To become law, all three parts have to be approved by the EU parliament and the EU council (which consists of the heads of the executives of the member states) and the local parliaments of the member states. Depending on local law, even regional parliaments have to approve it (Belgium is such a state). The final implementation of Mercosur is not expected before 2028.
Right. Its not like recent statistics showed that the US was the place where most of the cyberattacks originate. And its not like both the US and UK are openly saying that they are maximizing cyberwarfare against everyone as if it was something to be proud of. The country that is facilitating a livestreamed genocide in Gaza, is the 'good guys' to be trusted in cyberwarfare, for 'some' reason.
But, then again, in the Angloamerican culture, its always 'others' who are evil. Never itself.
Almost no rebuttals on the internet are intellectually honest these days. Take the same exact action by a President of the alternative party, and it's considered "decisive", "shows our enemies we mean business". But since it's not coming from your political party, it's "oh no, what is this guy doing. He's going to get us all unalived."
> It also creates legal regimes to monitor, store and allow cross-border sharing of information without specific data protections. Access Now’s Raman Jit Singh Chima said the convention effectively justifies “cyber authoritarianism at home and transnational repression across borders.”
None of this sounds good for privacy and data protection.
Opting out of the treaty was probably a good choice. Opting out doesn’t preclude the US from cooperating with international cybercrime investigations, but it does avoid more data collection, surveillance, and sharing.
US-based companies probably have the most sophisticated PII & data privacy compliance schemes globally. Sure, that's mostly due to obligations imposed on them by jurisdictions outside of the US, but it is still true.
When countries like North Korea, which depends on cybercrime to fund itself, are signatories, you have to wonder whether this agreement means what its title says.
Nice to see abstention from Canada, Finland, Japan, South Korea, India, Iceland, Germany, Mexico, and Switzerland as well. Not everyone is on board with this (for good reason), it’s not just the big bad US ignoring the rest of the world.
Given the presence of some extremely authoritarian states on the list of signatories, the fact that the UK and France signed on seems to confirm my suspicions about the trajectory of freedom in those countries. And surprisingly Sweden! I feel like Mullvad users should be concerned.
Why would the US give away it's power? I do not see anything to gain here. At least 2 of the big players are duplicitous bad actors (ie take more than they give) ... If they want prove otherwise then let Tencent teams compete in public CTFs again and disclose 0days.
What power? The US gave up power by not signing. The treaty is standardizing the process for sharing cybercrime evidence and prosecuting individuals. It has signatories pledging to align their laws and create new ones to make the same cybercrime illegal.
This isn't giving any country any sole power over cybercrime prosecution decisions.
Signing on to bad treaties is bad. Treaties can both restrict what you can do and compel you to do things that you don't want to.
For example: "Compelled Technical Assistance: The draft requires countries to adopt laws enabling authorities to compel anyone with knowledge of a particular computer system to provide *necessary information* to facilitate access."
The US would have to have laws that would force you to provide login information to systems if the government wanted access to it. This would run contrary to the 5th amendment.
Wow so the hosts and beneficiaries of cybercrime wrote a treaty on it (with a ton of additional surveillance mandates included, of course) and the US didn't sign on. How disappointing.
Couple clicks to get to the list so here it is. Not countries I usually associate with caring about privacy.
Algeria,Angola,Australia,Austria,Azerbaijan,Belarus,Belgium,Brazil,Brunei Darussalam,Burkina Faso,Cambodia,Chile,China,Costa Rica,Côte d'Ivoire,Cuba,Czech Republic,Democratic People's Republic of Korea,Democratic Republic of the Congo,Djibouti,Dominican Republic,Ecuador,Egypt,European Union,France,Ghana,Greece,Guinea-Bissau,Iran (Islamic Republic of),Ireland,Jamaica,Mozambique,Namibia,Nauru,Nicaragua,Nigeria,Palau,Papua New Guinea,Peru,Philippines,Poland,Portugal,Qatar,Russian Federation,Rwanda,Saudi Arabia,Slovakia,Slovenia,South Africa,Spain,Sri Lanka,State of Palestine,Sweden,Thailand,Togo,Türkiye,Uganda,United Kingdom of Great Britain and Northern Ireland,United Republic of Tanzania,Uruguay,Uzbekistan,Venezuela (Bolivarian Republic of),Viet Nam,Zimbabwe
> America? The one with all the spying, NSA, Patriot Act, this America?
Yes. We do all of that. But so does practically everyone else. The difference is our federal structure and--until recently--independent courts provided a bit more oversight than other countries' citizens had access to. And we've had--until recently--respect for privacy held deeply enough by enough people that it turns into a stink at the federal level in at least some respect.
Most countries have national logging requirements, disclosure requirements and domestic police with the powers of the NSA.
You are dead wrong about Brazil, our legislation about online privacy is pretty advanced. The European Union is not a country but has pretty solid legislation as well. Other South American countries on the list are pretty good as well.
You seem to be making a blanket statement about “not the first country I think about when…” of places you know nothing about.
It will all make sense once you realize who works at the UN, basically nepo babies of all colors and variety, including second cousins of Saudi royalty etc.
Russia in particular is turning the blind eye on en masse cyber crime that is originating from Russia. Russian hackers in the last two decades stole millions of credit cards from US and EU and hacked numerous banks and still the biggest Russian cyber criminals are at large in Russia. Just look at the FBI's top 10 wanted for cyber crime.
I think you're misreading the situation. As far as I can tell, Russia has every reason to want to continue engaging in heavy cyber-criminal activities. I don't think this is the virtuous Kremlin turning a blind eye. This is a classic case of deception. Look at my left hand, so you don't see what my right is doing.
I wouldn't get excited about the US "not signing". With the government shutdown, they might just be waiting for the document to be in New York before they bother. Hanoi is far.
64ss1: This Convention shall be open to all States for signature in Hanoi in 2025 and thereafter at United Nations Headquarters in New York until 31 December 2026.
Article 37 is spooky. Expands extradition to where there might not be preexisting extradition treaties.
Fuck article 11. It's the EU's "any program for committing cybercrime is a crime" law, and makes programmers culpable. IANAL, but it actually looks like it criminalizes the entire software supply chain. Sure, there's a clause in there that looks like it's supposed to protect security research (11s2) but this is the thinnest of loincloths.
It also seems to apply to "crime where there was a computer somewhere around". As for what constitutes "crime":
Article 2:(h) “Serious crime” shall mean conduct constituting an offence punishable by a maximum deprivation of liberty of at least four years or a more serious penalty;
...that seems to mean that if publishing information against the state regime is punishable by 4+ years and you used a computer to do it, there is now a basis for seizing your data and extraditing you.
I'm not even going to get into the implications this has for damaging privacy in general. This is some dark ass shit.
- (ii) To cooperate and assist the competent authorities in the collection or
recording of; traffic data, in real time, associated with specified
communications in its territory transmitted by means of an information and
communications technology system.
Seriously? Will the authorities of state X simply ask the authorities of state Y to collect/intercept data, and will the authorities of state Y be required to cooperate even without a legal basis in their local legislation? Because this treaty become sufficient legislation?
And more so:
3. Each State Party shall adopt such legislative and other measures as may be
necessary to oblige a service provider to keep confidential the fact of
the execution of any power provided for in this article and any
information relating to it.
I cannot imagine anyone with a functioning brain signing this at the UN level.
Upon a reading, a "cybercrime" can be as simple as saying 'Kim Jong Un is a fat dumbass' on social media.
And since it was said on a computer, combined with insulting 'His Glorious Leader (spit) ' is a death penalty, thats a extraditing cybercrime.
Sure it could be argued thats not a real example. But given OFCOM's recent stunts of sending british compliance letters to US firms with no british presence, I'd rather not have other countries manufacturing shit laws and exporting to us as a "treaty".
When Cambodia is a signatory, you know this is just whitewash, or even 'protective intelligence' ie using the shared international intelligence to protect the scams and evade enforcement. Keep your enemies close.
The executive branch is shut down. The Senate is still in session.
(The House of Representatives is effectively shut down, but only because the Speaker of the House has been unilaterally putting it into recess at the beginning of every session. The House Republicans all voted to grant the Speaker the power to do this whenever he wants, at the beginning of their current term.)
> The government is shut down, treaties need to be ratified by the Senate.
The President isn't shut down, and only the President is needed to sign a treaty; it is submitted for ratification later and that, absent a deadline in the treaty, can take as long as it takes.
Also, even if the Senate was required to sign a treaty, the Senate isn't shutdown, and is in session and doing business.
Just a reminder that the UN exists as a place where countries with very opposing points of view can have a forum for discussion. A treaty put forth by the UN, or a declaration by the UN, does not automatically mean that it is good or aligned with your values in any way shape or form.
Let me guess - the "treaty" really means setting up a UN-run organization that will oversee global cybercrime defense. Let's check out the last time that happened. Oh yeah, the WHO. The WHO that lied about the coronavirus and said it isn't airborne despite overwhelming evidence to the contrary.
Per the article:
“Illicit flows of money, concealed through cryptocurrencies and digital transactions, finance the trafficking of drugs, arms, and terror. And businesses, hospitals, and airports are brought to a standstill by ransomware attacks.”
All this would do is drive criminals to poorer countries that can't stop crime as well. Just like many scammers being based in South Asia, or billionaires moving their money to tax havens. It just takes one country to allow this stuff or at least not stop it, and your treaties are just pieces of paper.
Now that's an idea I think a lot of people can get behind. From the left, the US is a bad host. From the right, get those globalists out of my country. Everybody wins.
I mean, that's true, but not because they won't sign onto a global dragnet treaty with Russia and China.
China especially actively fabricates crimes for Chinese dissidents living outside its borders, and this is a perfect vehicle to allow them to track and monitor those people with ease.
No thank you and I’m loath to see the EU sign up to this with a ton of authoritarian states. Things like this and the continued pushing of stuff like Chat Control has convinced me the EU stands to turn our countries into flawed democracies and eventually authoritarian states.
It's remarkable context that the Russian government authored this UN treaty,
> "Russia, however, Rodriguez said, has objected to the convention for infringing state sovereignty by allowing other nations to investigate cybercrimes in its jurisdiction. So in 2017, Russia proposed negotiating a new treaty, and in 2019 the UN adopted a resolution to do so, backed by Russia, Cambodia, Belarus, China, Iran, Myanmar, Nicaragua, Syria and Venezuela."
lol and the same politicians who call everything a Russian plot to influence Europeans run and sign this. The loss of shame is one of our main problems in modern politics on all sides. The professional politician industrial complex has to go.
> The U.K. and European Union joined China, Russia, Brazil, Nigeria and dozens of other nations in signing the convention...Human rights groups warned on Friday that it effectively forces member states to create a broad electronic surveillance dragnet that would include crimes that have nothing to do with technology.
Countries like Nigeria, Morocco, North Korea and Russia signing a "cybercrime" treaty is just hilarious to me.
I don't believe for a second that these countries want to crack down on cybercrime, considering their citizens are the main perpetrators and beneficiaries of it, and they've taken zero actions to prevent it before today. Lagos is essentially the Silicon Valley of internet fraud, and it happens with permission from the highest levels of their government.
This obviously is just an excuse to create a global dragnet for governments looking to crack down on dissent.
I don't understand why political topics such as international treaties like this are upvoted and kept on the front page? To be clear, I'm in favor of politics being discussed on here, but this is so uninteresting and pointless to discuss IMO. International law can be ignored even by countries that agreed to it. What are you going to do, invade? As pointed out, countries like China and Russia signed onto a cybercrime treaty... pure slop.
Just seems very distracting when actual abuses and interesting political topics are hidden away in /active (like ICEs use of facial recognition)
China, north korea, and russia, all prolific cybercriminal nations with significant state backing of the same, are signatories. This means it's at best meaningless and at worst surrenders power to a regime with partial control by objectively bad actors. Staying out of this was the right move.
Plus it has too many implications for surveillance and security; poor idea in any case.
According to World Crime Index, Russia, Ukraine, China and the US are in top 4. North Korea is #7. Just to add some perspective to it.
The Wikipedia article having a whole section about human right objections also says a lot about this treaty.
https://en.wikipedia.org/wiki/United_Nations_Convention_agai...
Although somehow I doubt that was the justification for the U.S. gov not signing it.
> For example, the convention requires states to have laws that compel internet services to collect certain data, and does not require that requests for such data be transparent. There are limited cases when member states may deny a request for data, although there is a provision to do so if a state believes a request is due to "sex, race, language, religion, nationality, ethnic origin, or political opinions". The latter statement was weakened during negotiations, and challenged by Iran and Russia until the end of negotiations.
Ok, so it's basically a "five eyes" style agreement for sharing intel on citizens. Why would anyone want their government to support this?
I was hoping to see a comment like this. These sorts of “global collaborations” seem to always end with the US carry all the water, and the goal from the other countries perspective is to throttle the US. Like the Paris Accords.
> and the goal from the other countries perspective is to throttle the US. Like the Paris Accords.
Which is not inherently a bad thing: https://en.wikipedia.org/wiki/List_of_countries_by_carbon_di...
Interesting dataset.
It would be a lot fairer to display tons of CO2 per inhabitant I think.
And that's before taking into account imported CO2.
>And that's before taking into account imported CO2.
It doesn't really make much of a difference. For US specifically there's about a 10% difference.
https://ourworldindata.org/consumption-based-co2
Climate change isn't driven by per-inhabitant CO2 emissions. It's driven by total CO2 emissions, of which the US outputs 12% per year.
Climate change isn't driven by human defined borders either. It's driven by total CO2 emissions. If a per-capita rate is non sensical then border based emissions are even more non sensical. Greenland only emits 0.001% of the total. Greenland is 12000x a better country than the US wow. This is exactly why per-capita is used.
[delayed]
Yeah and this is clearest when you consider federations. Imagine if you count the US as 50 separate countries, suddenly they are much more climate friendly! That's of course absurd.
But the reason emissions happen is for per-inhabitant benefits. It's a very reasonable idea [0] to set a per-inhabitant goal and criticize countries exceeding that threshold (which the US would still fail at, but I'm arguing against the metric itself rather than US faults).
Take your position to something of an extreme -- the Vatican could open up 200 coal power plants for its holy Bitcoin operations and still be sufficiently less impactful to CO2 than the US that nobody would target them during climate talks. Rephrased from the other direction, each US citizen would blow their CO2 budget by buying a shirt per decade to get down to the Vatican's levels.
That's a common mental failure mode, analogous to the sorites paradox. Countries are made up of many small actors and decisions, and pretending otherwise is unlikely to help you achieve your goals.
[0] Mostly -- transitive effects like one country generating all the goods another country uses are harder to account for. Assuming we could measure perfectly though...
12% is quite low considering that the US is responsible for >20% of global industrial output.
[delayed]
How is that fair when a lot of industrial production was shifted to one region of the globe specifically? It would be impossible without a lot of guessing and estimations, producing questionable data, but you would have to include CO2 attributable to exports and imports.
Which is just too hard, and too open to change assumptions to fit a desired result.
Because in reality, much of the globe's economy is waaayyyyy too interconnected, and the arrows don't just point one way. Feedback loops without end.
That whole "this/that country..." just does not work, except to fill comment sections. The systems are global.
[delayed]
Super weird that they don't factor in productivity at all. Don't take me the wrong way I hate the fact that the United States thinks the only way to do anything is to burn fossil fuels, but that doesn't change the fact that our output per capita has got to be 10x the countries we are being compared against in this article.
In what sense? Does an American bolt factory produce 10x as much bots per worker, or is the American bolt just 10x more expensive?
I think in the sense that if you look at the ratio of say GDP (https://en.wikipedia.org/wiki/List_of_countries_by_GDP_(nomi...) to CO2 emission, you could get _a_ metric of efficiency. The product produced vs the emissions produced.
> I was hoping to see a comment like this. These sorts of “global collaborations” seem to always end with the US carry all the water, and the goal from the other countries perspective is to throttle the US. Like the Paris Accords.
I agree 100%.
I don't see the benefits here.
Do you have even a slightest proof for your claim?
What about non-proliferation treaties which have prevented the vast majority of countries from bankrupting themselves in an existential sprint to nuclear weapons?
You know what the fun fact that everyone I hear complain about the US spending more than is fair on international projects ignores or appears ignorant of?
When you’re the one carrying the water, you get to decide where the water goes.
I actually prefer regimes like NATO where everyone is happy to leave the US in charge and doesn’t arm themselves. For all the projection of “strength” the current admin gives off, they are on their way towards reigning over a kingdom formed from the ashes of the republic's empire
I prefer multilateralism, but I do think there are challenges when every country that isn't the biggest smashes the 'defect' button as many times as they can.
Most US foreign aid is delivered as bombs, and/or directly funding the terrorists.
And if not directly funding the terrorists, creating a situation so stupid that it will lead to a fresh batch for next years war.
Neither the people paying for it, nor the people receiving it want it to be done that way.
And don't forget the tertiary effects as we displace millions with those bombs, only to take in a large number of "asylum seekers" from the countries we "aided".
IMO this is all by design, and there are a non-zero number of NGO operatives on this very site who are frustrated that anything is impeding that plan.
Say what you want about this treaty but China is running circles around you regarding Paris.
What point are you trying to make? I'm honestly not sure. Is it that China is polluting a lot? Or a little? That they are making environmental progress? Or none?
Like throttling the US from committing war crimes?
Damned if you do, damned if you don't. If they hadn't signed the treaty, people here would be saying it's proof those countries support cybercriminals.
Aren't treaties with the US meaningless by default, unless ratified by 3/4th of Congress?
No. Like many countries, the US requires legislative ratification of treaties, but by 2/3 of the Senate, not 3/4 of the Congress. The US has the same obligations as any non-ratifying signatory with regard to treaties it has signed but not ratified.
Contrast this to the EU where all treaties are automatically law across all members.
That's not how the EU works. As an example take the Mercosur treaty: it has 4 parts. The first post is straight up trade rules, an area that the Eau member states delegated to the EU. This part was directly valid once signed.
The other three parts all concern areas not delegated to the EU. To become law, all three parts have to be approved by the EU parliament and the EU council (which consists of the heads of the executives of the member states) and the local parliaments of the member states. Depending on local law, even regional parliaments have to approve it (Belgium is such a state). The final implementation of Mercosur is not expected before 2028.
Two-thirds of the Senate, I believe, not three-quarters of Congress.
Right. Its not like recent statistics showed that the US was the place where most of the cyberattacks originate. And its not like both the US and UK are openly saying that they are maximizing cyberwarfare against everyone as if it was something to be proud of. The country that is facilitating a livestreamed genocide in Gaza, is the 'good guys' to be trusted in cyberwarfare, for 'some' reason.
But, then again, in the Angloamerican culture, its always 'others' who are evil. Never itself.
Surely signing it would signal willingness to get along? What would be the downside?
> surrenders power to a regime with partial control by objectively bad actors
...do you think we are a regime with good actors? Why? What signals of morality or competency do you look for?
Screw game theory, I have the bigger stick. This is how everyone goes "defect" and you enter an arms race. https://en.wikipedia.org/wiki/Prisoner%27s_dilemma
Never mind, we already crossed that line: https://www.bbc.com/news/articles/c4gzq2p0yk4o
> Never mind, we already crossed that line: https://www.bbc.com/news/articles/c4gzq2p0yk4o
This was a very proportional response to Putin[1] the other day, so it's still technically game theory.
[1] https://www.reuters.com/world/china/putin-says-russia-tested...
Almost no rebuttals on the internet are intellectually honest these days. Take the same exact action by a President of the alternative party, and it's considered "decisive", "shows our enemies we mean business". But since it's not coming from your political party, it's "oh no, what is this guy doing. He's going to get us all unalived."
> It also creates legal regimes to monitor, store and allow cross-border sharing of information without specific data protections. Access Now’s Raman Jit Singh Chima said the convention effectively justifies “cyber authoritarianism at home and transnational repression across borders.”
None of this sounds good for privacy and data protection.
Opting out of the treaty was probably a good choice. Opting out doesn’t preclude the US from cooperating with international cybercrime investigations, but it does avoid more data collection, surveillance, and sharing.
Err... yeah, because that's what USA based companies are known for - PII protection and data privacy?!?
Maybe there is some more complexity to this argument, that I'm missing. But, it's not one that has merit without justification.
Well, yes. Compared to most countries that have signed this treaty, the US has excellent protections for PII and data privacy.
But that's beside the point. The most objectionable parts are about state surveillance and the potential for human rights abuses.
For example, here's what the EFF had to say about it:
https://www.eff.org/deeplinks/2024/07/effs-concerns-about-un...
US-based companies probably have the most sophisticated PII & data privacy compliance schemes globally. Sure, that's mostly due to obligations imposed on them by jurisdictions outside of the US, but it is still true.
We're talking about privacy / data (ab)use for military purposes. Those compliance schemes you speak of matter naught.
> We're talking about privacy / data (ab)use for military purposes.
What? No, we're not. What gave you that impression?
When countries like North Korea, which depends on cybercrime to fund itself, are signatories, you have to wonder whether this agreement means what its title says.
The old “think of the children/fight terrorism/support our troops/be a good person” style of naming propositions to destroy data privacy.
Previous threads:
https://news.ycombinator.com/item?id=41207987 ("EFF’s concerns about the UN Cybercrime Convention (eff.org)", 99 comments)
https://news.ycombinator.com/item?id=39129274 ("Proposed UN cybercrime treaty has evolved into an expansive surveillance tool (eff.org)", 64 comments)
https://news.ycombinator.com/item?id=41210110 ("New U.N. Cybercrime Treaty Unanimously Approved, Could Threaten Human Rights (scientificamerican.com)", 53 comments)
https://news.ycombinator.com/item?id=41221403 ("UN Cybercrime Convention to Overrule Bank Secrecy (therage.co)", 42 comments)
Nice to see abstention from Canada, Finland, Japan, South Korea, India, Iceland, Germany, Mexico, and Switzerland as well. Not everyone is on board with this (for good reason), it’s not just the big bad US ignoring the rest of the world.
Given the presence of some extremely authoritarian states on the list of signatories, the fact that the UK and France signed on seems to confirm my suspicions about the trajectory of freedom in those countries. And surprisingly Sweden! I feel like Mullvad users should be concerned.
Why would the US give away it's power? I do not see anything to gain here. At least 2 of the big players are duplicitous bad actors (ie take more than they give) ... If they want prove otherwise then let Tencent teams compete in public CTFs again and disclose 0days.
What power? The US gave up power by not signing. The treaty is standardizing the process for sharing cybercrime evidence and prosecuting individuals. It has signatories pledging to align their laws and create new ones to make the same cybercrime illegal.
This isn't giving any country any sole power over cybercrime prosecution decisions.
Signing on to bad treaties is bad. Treaties can both restrict what you can do and compel you to do things that you don't want to.
For example: "Compelled Technical Assistance: The draft requires countries to adopt laws enabling authorities to compel anyone with knowledge of a particular computer system to provide *necessary information* to facilitate access."
The US would have to have laws that would force you to provide login information to systems if the government wanted access to it. This would run contrary to the 5th amendment.
https://www.eff.org/deeplinks/2024/07/effs-concerns-about-un...
And what's that thing about treaties and the Constitution?
SC has already ruled that when treaties and the constitution conflict, the latter is supreme.
US knows this treaty is a joke. No point in signing when the bad actors are already in.
Wow so the hosts and beneficiaries of cybercrime wrote a treaty on it (with a ton of additional surveillance mandates included, of course) and the US didn't sign on. How disappointing.
Couple clicks to get to the list so here it is. Not countries I usually associate with caring about privacy.
Algeria,Angola,Australia,Austria,Azerbaijan,Belarus,Belgium,Brazil,Brunei Darussalam,Burkina Faso,Cambodia,Chile,China,Costa Rica,Côte d'Ivoire,Cuba,Czech Republic,Democratic People's Republic of Korea,Democratic Republic of the Congo,Djibouti,Dominican Republic,Ecuador,Egypt,European Union,France,Ghana,Greece,Guinea-Bissau,Iran (Islamic Republic of),Ireland,Jamaica,Mozambique,Namibia,Nauru,Nicaragua,Nigeria,Palau,Papua New Guinea,Peru,Philippines,Poland,Portugal,Qatar,Russian Federation,Rwanda,Saudi Arabia,Slovakia,Slovenia,South Africa,Spain,Sri Lanka,State of Palestine,Sweden,Thailand,Togo,Türkiye,Uganda,United Kingdom of Great Britain and Northern Ireland,United Republic of Tanzania,Uruguay,Uzbekistan,Venezuela (Bolivarian Republic of),Viet Nam,Zimbabwe
Sweden, Uruguay and Portugal are on that list, to name a few more advanced countries. Seems like a pretty good list.
I wonder what countries you do associate with data privacy.
Clearly when one thinks of data privacy they think of China, Venezuela, Russia, Congo, DRPK, Saudi Arabia, Turkey, Iran, Belarus, etc etc etc
I am curious about which countries do you associate with privacy.
> curious about which countries do you associate with privacy
Estonia, Iceland, Switzerland, the Nordic countries and America.
America? The one with all the spying, NSA, Patriot Act, this America?
> America? The one with all the spying, NSA, Patriot Act, this America?
Yes. We do all of that. But so does practically everyone else. The difference is our federal structure and--until recently--independent courts provided a bit more oversight than other countries' citizens had access to. And we've had--until recently--respect for privacy held deeply enough by enough people that it turns into a stink at the federal level in at least some respect.
Most countries have national logging requirements, disclosure requirements and domestic police with the powers of the NSA.
Obviously if this agreement conflicts with the patriot act, it’s unpatriotic and America is right not to sign it.
The typical answer to this would be places like Switzerland, Germany and the Cayman Islands.
You are dead wrong about Brazil, our legislation about online privacy is pretty advanced. The European Union is not a country but has pretty solid legislation as well. Other South American countries on the list are pretty good as well.
You seem to be making a blanket statement about “not the first country I think about when…” of places you know nothing about.
> cybercrime — which the U.N. estimates costs $10.5 trillion around the world annually.
That's almost 10% of global GDP. Who comes up with these numbers?
It will all make sense once you realize who works at the UN, basically nepo babies of all colors and variety, including second cousins of Saudi royalty etc.
full list of signatories: https://treaties.un.org/Pages/ViewDetails.aspx?src=TREATY&mt...
Thanks, this should be added to the OP
What's the difference between this and the first link you shared?
That seemed to an EU thing
But I note the treaties.un.org link is signatories as of late 2024.
Why are they not publishing the current signatories? This is absolutely not something that should be murky.
you can see at the top of the page it says:
and the date of the signature says 25 Oct 2025.Russia in particular is turning the blind eye on en masse cyber crime that is originating from Russia. Russian hackers in the last two decades stole millions of credit cards from US and EU and hacked numerous banks and still the biggest Russian cyber criminals are at large in Russia. Just look at the FBI's top 10 wanted for cyber crime.
I think you're misreading the situation. As far as I can tell, Russia has every reason to want to continue engaging in heavy cyber-criminal activities. I don't think this is the virtuous Kremlin turning a blind eye. This is a classic case of deception. Look at my left hand, so you don't see what my right is doing.
The United States is taking an indefinite hiatus. Please check back later.
text of the treaty: https://www.unodc.org/unodc/en/cybercrime/convention/text/co...
I wouldn't get excited about the US "not signing". With the government shutdown, they might just be waiting for the document to be in New York before they bother. Hanoi is far.
64ss1: This Convention shall be open to all States for signature in Hanoi in 2025 and thereafter at United Nations Headquarters in New York until 31 December 2026.
Article 37 is spooky. Expands extradition to where there might not be preexisting extradition treaties.
Fuck article 11. It's the EU's "any program for committing cybercrime is a crime" law, and makes programmers culpable. IANAL, but it actually looks like it criminalizes the entire software supply chain. Sure, there's a clause in there that looks like it's supposed to protect security research (11s2) but this is the thinnest of loincloths.
It also seems to apply to "crime where there was a computer somewhere around". As for what constitutes "crime":
Article 2:(h) “Serious crime” shall mean conduct constituting an offence punishable by a maximum deprivation of liberty of at least four years or a more serious penalty;
...that seems to mean that if publishing information against the state regime is punishable by 4+ years and you used a computer to do it, there is now a basis for seizing your data and extraditing you.
I'm not even going to get into the implications this has for damaging privacy in general. This is some dark ass shit.
Article 29: Real-time collection of traffic data
Seriously? Will the authorities of state X simply ask the authorities of state Y to collect/intercept data, and will the authorities of state Y be required to cooperate even without a legal basis in their local legislation? Because this treaty become sufficient legislation?And more so:
I cannot imagine anyone with a functioning brain signing this at the UN level.Upon a reading, a "cybercrime" can be as simple as saying 'Kim Jong Un is a fat dumbass' on social media.
And since it was said on a computer, combined with insulting 'His Glorious Leader (spit) ' is a death penalty, thats a extraditing cybercrime.
Sure it could be argued thats not a real example. But given OFCOM's recent stunts of sending british compliance letters to US firms with no british presence, I'd rather not have other countries manufacturing shit laws and exporting to us as a "treaty".
When Cambodia is a signatory, you know this is just whitewash, or even 'protective intelligence' ie using the shared international intelligence to protect the scams and evade enforcement. Keep your enemies close.
notably absent are the netherlands and germany… wonder why this is!
The government is shut down, treaties need to be ratified by the Senate.
The executive branch is shut down. The Senate is still in session.
(The House of Representatives is effectively shut down, but only because the Speaker of the House has been unilaterally putting it into recess at the beginning of every session. The House Republicans all voted to grant the Speaker the power to do this whenever he wants, at the beginning of their current term.)
I am the Senate.
> The government is shut down, treaties need to be ratified by the Senate.
The President isn't shut down, and only the President is needed to sign a treaty; it is submitted for ratification later and that, absent a deadline in the treaty, can take as long as it takes.
Also, even if the Senate was required to sign a treaty, the Senate isn't shutdown, and is in session and doing business.
Just a reminder that the UN exists as a place where countries with very opposing points of view can have a forum for discussion. A treaty put forth by the UN, or a declaration by the UN, does not automatically mean that it is good or aligned with your values in any way shape or form.
Let me guess - the "treaty" really means setting up a UN-run organization that will oversee global cybercrime defense. Let's check out the last time that happened. Oh yeah, the WHO. The WHO that lied about the coronavirus and said it isn't airborne despite overwhelming evidence to the contrary.
Don’t have to look far to find out why.
Per the article: “Illicit flows of money, concealed through cryptocurrencies and digital transactions, finance the trafficking of drugs, arms, and terror. And businesses, hospitals, and airports are brought to a standstill by ransomware attacks.”
Then there’s this: Inside the Trump family’s global crypto cash machine https://www.reuters.com/investigations/inside-trump-familys-...
All this would do is drive criminals to poorer countries that can't stop crime as well. Just like many scammers being based in South Asia, or billionaires moving their money to tax havens. It just takes one country to allow this stuff or at least not stop it, and your treaties are just pieces of paper.
UN should move its HQ outside of US. It is obvious they have become a bad host.
Now that's an idea I think a lot of people can get behind. From the left, the US is a bad host. From the right, get those globalists out of my country. Everybody wins.
I mean, that's true, but not because they won't sign onto a global dragnet treaty with Russia and China.
China especially actively fabricates crimes for Chinese dissidents living outside its borders, and this is a perfect vehicle to allow them to track and monitor those people with ease.
No thank you and I’m loath to see the EU sign up to this with a ton of authoritarian states. Things like this and the continued pushing of stuff like Chat Control has convinced me the EU stands to turn our countries into flawed democracies and eventually authoritarian states.
It's remarkable context that the Russian government authored this UN treaty,
> "Russia, however, Rodriguez said, has objected to the convention for infringing state sovereignty by allowing other nations to investigate cybercrimes in its jurisdiction. So in 2017, Russia proposed negotiating a new treaty, and in 2019 the UN adopted a resolution to do so, backed by Russia, Cambodia, Belarus, China, Iran, Myanmar, Nicaragua, Syria and Venezuela."
https://www.theregister.com/2023/04/14/un_cybercrime_treaty/ ("Russia-pushed UN Cybercrime Treaty may rewrite global law. It's ... not great")
> "It was proposed by Russia in 2017 and adopted by the General Assembly in December 2024 amid resistance from human rights organizations"
https://en.wikipedia.org/wiki/United_Nations_Convention_agai...
lol and the same politicians who call everything a Russian plot to influence Europeans run and sign this. The loss of shame is one of our main problems in modern politics on all sides. The professional politician industrial complex has to go.
The UN should stick to environmental treaties
> The U.K. and European Union joined China, Russia, Brazil, Nigeria and dozens of other nations in signing the convention...Human rights groups warned on Friday that it effectively forces member states to create a broad electronic surveillance dragnet that would include crimes that have nothing to do with technology.
Countries like Nigeria, Morocco, North Korea and Russia signing a "cybercrime" treaty is just hilarious to me.
I don't believe for a second that these countries want to crack down on cybercrime, considering their citizens are the main perpetrators and beneficiaries of it, and they've taken zero actions to prevent it before today. Lagos is essentially the Silicon Valley of internet fraud, and it happens with permission from the highest levels of their government.
This obviously is just an excuse to create a global dragnet for governments looking to crack down on dissent.
Once again, Chat Control is a never ending battle.
I don't understand why political topics such as international treaties like this are upvoted and kept on the front page? To be clear, I'm in favor of politics being discussed on here, but this is so uninteresting and pointless to discuss IMO. International law can be ignored even by countries that agreed to it. What are you going to do, invade? As pointed out, countries like China and Russia signed onto a cybercrime treaty... pure slop.
Just seems very distracting when actual abuses and interesting political topics are hidden away in /active (like ICEs use of facial recognition)