Indian Council of World Affairs

Abstract: Growing access to internet, the fragmented nature of global cyber governance, increasing speed and complexity of cybercrime, inadequacy of liberalinstitutions, broken international dialogue, erosion of multilateralism, etc, has necessitated a timely analysis of the recently adopted UN Cybercrime treaty. The treaty is being celebrated as a triumph of multilateralism and international cooperation to combat cybercrime. 

Introduction 

Scholars like Ikenberry[i] and Mearsheimer[ii] havecautioned thatan aggressive rise of nationalism, populism, economic inequalities, great power competition is leading to the fall of liberal world order and multilateralism.In these times of short-term strategic alliances and minilaterals, the adoption of Cybercrime Treaty by UN General Assembly is a“major victory” for multilateralism and a breakthrough for a fractured cyber governance system[iii]. 

Not only the treaty is a first legally binding treaty in twenty years that addresses a crucial aspect of cybersecurity i.e. cybercrime, a significant step towards cyber governance. But the treaty is also a success ofmultilateralism, diplomacy, and international co-operation amidst thecurrently divided and unstable world.Before UN Cybercrime Treaty, only other treaty was the Budapest convention on cybercrime (2001) of the Council of Europe (a regional organisation) to which many states were not party. The initial opposition of like-minded countries to a global framework under the aegis of United Nations quickly faded as the negotiation process was wide focussing on including broad perspective. 

The Cybercrime Treaty has taken shape amidst global power struggle that is taking place at the intersection of geopolitics and technology. This power struggle has given way to a contested cyberspace where Russia and China are pushing for ‘a post liberal cyber order’[iv] orchestrated by US and it’s allies. Nonetheless, on 24^th December 2024,[v] UN General Assembly adopted the Cybercrime Convention, a treaty which is viewed as a landmark that aims to focus on strengthening international cooperation to combat,prevent, investigate and prosecute cybercrimes. 

What is cybercrime and it’s types 

There is no one universal definition of cybercrime, however it has been broadly grouped into two types (1) cyber enabled and (2) cyber dependent crimes.[vi] Cyber enabled crimes are the traditional crimes that use computer technologies to increase the speed, scale, and scope of the traditional crime, for example,identity theft or fraud, online banking scams, and online child sexual exploitation etc.[vii] The cyber dependent crimes are the ones which can only be done by using ICTs(Information and Communication Technologies). For example, ransomware attacks on healthcare systems, government services, supply chains etc. The different types of cybercrimes have been depicted in figure1. below.

 
Fig 1

Reading between the lines: The negotiating process of UN Cybercrime treaty and resurgence of Multilateralism 

In his influential work After Hegemony: Cooperation and Discord in the World Political Economy (1984), Robert Keohane has presented multilateralism as away out from common collective global issues such as climate, trade etcas there is no one state is a hegemon, and every state is interdependent on the other state to address complex global issues. 

Cyberspace, too, transcends borders and boundaries, thus the threats emanating in and through cyberspace needs collective action. Cybercrimes have now become a new global threat.In 2022, a series of devastating ransomware attacks caused Costa Rica’s President to declare a national emergency, as he described the situation as a ‘state of war’.[viii]Also,  year 2024 saw one of the most devastating ransom attack on Change Healthcare, a key player in the U.S. healthcare system by the BlackCat/ALPHV ransomware group.[ix] It exposed the Change Healthcare customer’s social security numbers, names, and treatment details.[x]Also,  South East Asian regionhave become “ground zero” for organized cybercrime operations, and these cybercrimes are often highly coordinated and sophisticated.[xi]The cybercriminals are quite diverse in nature ranging from small scammers to organised transnational cybercrime gangs and proxy state actors (cyber mercenaries).[xii]Victims of cybercrime include individuals,groups, businesses and governments. The cybercrime threat is accelerating, harming economies, breaking down critical infrastructure, and eroding trust among states.[xiii]

To address the growing concern around cybercrime the process of negotiating the cybercrime treaty started in 2017. The story of success of multilateralism lies in this process of negotiation of the treaty. The timeline of the negotiations is depicted below in figure 2.  

The broad challenge while negotiating the treaty were the divisions amongst countries where one group of states led by US and its allies were rooting for the liberal cyber order which is defined in terms of open data flows, multi-stakeholder governance, freedom to people online, etc.On the other hand, the other group led by Russia and China were hoping for a post-liberal cyber order that constitutesmore state control in cyber sphere, restricted cross border data flows, regulating freedom of people online etc. A case in point is the November 2019 resolution sponsored by Russia and backed by China, Iran, Belarus, Myanmar, Cambodia etc which was opposed by US and Europe. Also, there were countries like India who were regarded as crucial ‘cyber deciders’ that could provide a more balanced cyber order catering to the needs of the Global South. India has projected the need to secure supply chains, localize data, capacity building, technical support but it has refrained from amplifying on issue of cyber sovereignty at UN. 

The first episode of consensus came with the resolution (74/247) to form the Ad-Hoc Committee (AHC)[xiv] in December 2019 which was given the responsibility to draft a UN Resolution “on countering the use of information and communications technologies for criminal purposes”.[xv] The very act of formation of AHC to draft a resolution was a first success step for multilateralism to start working on the proposed treaty. AHC was an Inter-governmental Committee composed of experts and representatives of all countries thus reflecting inclusivity. AHC’s decision making too was much fair as the initial simple majority requirement (sponsored by Russia) was replaced with the requirement by the committee to gain approval of a two-thirds majority of representatives which was an amendment proposed by Brazil and adopted by consensus.[xvi] Moreover, the participation in the AHC was open to all Member States of the UN, as well as non-member state observers (like the EU and the Council of Europe), civil society, and nongovernmental organizations (NGOs) to varying degrees.[xvii] This resulted in more diverse and plural viewpoints while drafting the treaty. 

Figure 2. Prepared by the researcher

Later, the Russian proposal to divide the task thematically was adopted by AHC members. Thus, task of AHC was thematically divided into eight broad themes to develop consensus on global benchmarks on defining cybercrime, scope of cybercrime, legal framework, capacity building, human rights consideration and enabling international cooperation to achieve these goals.[xviii]In the first AHC meeting in New York,approval was given for intersessional consultations to be held between AHC negotiating sessions to solicit the input of a diverse range of stakeholders, including human and digital rights organizations, on the formation of the draft treaty.[xix] After several rounds of negotiations at AHC in New York and Vienna Consolidated Negotiating Documents (CND) were made.[xx]

Later, to resolve the differences the Chair of AHC adopted a staggered approach where negotiations were split in two tracks: formal sessions and informal meetings behind closed doors. The informal meetings seemto have focused on more sensitive issues such as the scope and human rights-related provisions and were extremely intense.[xxi]In August2024, the Draft of UN Cybercrime Treaty was finalised and approved which made its way to UN General Assembly. 

Multilateralism is a process, and the Cybercrime Treaty was a result of this process. The states were divided on issues of national interest, scope, jurisdiction, joint investigation, technical assistance, data privacy, etc but were able to successfully reach consensus through negotiations, discussion and dialogue. 

The States thus have agreed to aim to balance protection of state sovereignty (Article 5) and respect for human rights (Article 6). The Chapter 2 of the Convention deals withvarious cybercrime offences (Article 7-19) which includes “illegal access, illegal interception, data interference, system interference, misuse of devices, ICT-related forgery and fraud, non-consensual dissemination of intimate images, laundering of proceeds of crime, and liability of legal persons”.[xxii] Further, Article 14 focusses exclusively on offences related to online child sexual abuse or child sexual exploitation material which is a huge step since cybercrimes involving children have seen an exponential rise.[xxiii] Article 35-52 contains principles and procedures for international cooperation, including mutual legal assistance, extradition, transfer of sentenced persons, joint investigations, and mechanisms for the recovery of property through international cooperation.[xxiv] ​

Out and out, the treaty has been a landmark with respect to multilateralism. The negotiating process of the UN Cybercrime Treaty embodies the norms, principles, rules, challenges and opportunities which form the core of multilateralism. It has laid strong foundations for global cyber governance for the future. It promoted inclusive participation, informal networking (Slaughter’s work New World Order)[xxv], recognition of shared responsibility, space for multiple perspectives, consensus based on agreed norms and principles. 

The UN Convention against Cybercrime is set to become the first global instrument for global efforts to combat cybercrime and enhance international cooperation and technical assistance. The treaty will open for signature in Vietnam in 2025during a formal ceremony and will enter into force 90 days afterratification by at least 40 member states.[xxvi]Further, UNODC (United Nations Office on Drugs and Crime) will continue its role as the secretariat for the Ad Hoc Committee and has been tasked to draft a supplementary protocol to the Convention and supporting the future Conference of States Parties.

Nonetheless, issues are still there, and many states have raised concerns about enforcement, domestic laws amendment, state sovereignty, data sharing, privacy, etc.  The fact that cybercrime is not strictly defined makes it an inherently political term, used differently depending on what is being criminalized in which context.[xxvii]Also, the human rights group, civil society networks, political activists researchers have flagged serious concerns regarding the Treaty as they point out that though the treaty counters cybercrimes yet can also jeopardize freedom and political opposition in non-democratic regimes.[xxviii] 

A note on how India negotiates cybercrime

For few years now,India has been adopting digital technology at a great pace making it one of the fastest growing digital economies.Nevertheless, this has resulted in some unseen and unheard challenges for businesses, people and government.[xxix]Cybercrime threat looms large as a concern in digital governance. According to the World Cybercrime Index,India ranked number 10 in cybercrime, with frauds involving people to make advance fee payment being the most common type.[xxx] Thus, India has been making efforts both at the international and national level to combat and prevent cybercrime. 

At the UN, India has refrained from any active overtures in favor of any one country. India’s strategy at AHC has been about open inclusive discussion and acknowledging all perspectives on contentious issues or sides.[xxxi]India has been an active part of the treaty process as it understands its international role and responsibility to tackle cybercrime. India has been vocal and consistent on securing supply chains, protecting critical infrastructure, and has delved into areas of capacity-building to prevent and combat cybercrime. For example, India has pushed for a Global Cybersecurity Cooperation Portalwhich is being envisaged as a one-stop platform for enabling global cooperation and coordination between member states on matters related to cyber security. 

At the domestic front, the government has taken many positive steps in the right direction. India has created a multifaceted institutional framework involving ministries, departments, and agencies. The IT Act of 2000 is a comprehensive law aimed at addressing various legal and regulatory aspects related to electronic governance and online crimes in India.[xxxii] In addition to this India has a National Cyber Security Policy 2013. Further the formation of Indian Cyber Crime Coordination Centre (I4C), CERT-In (Computer Emergency Response Team -India), National Cyber Forensics Laboratory, National Cyber Crime Reporting Portal and the latest being the Cyber Crime help number 1930 are important initiatives of Government of India to tackle cybercrime. 

Testing times for Cyber & Multilateralism 

Multilateralism involves collaboration among multiple countries to address shared challenges that transcend borders. The UN Cybercrime Treaty is remarkable example of successful multilateralismas it relied heavily on collective efforts to tackle the global and interconnected nature of cybercrime. The process looks to balance competing national interests with the shared goal of building a secure, inclusive, and rights-respecting global framework to combat cybercrime. The success of the treaty rests on balancing competing national interests harbouring trust, fostering inclusivity, and ensuring the treaty evolves along with the cyber landscape. It is hoped that the treaty’s ratification process will proceedsmoothly, and state parties will work together to ensure its effective implementation.

*****

*Anubha Gupta, Research Associate, Indian Council of World Affairs, New Delhi.
Disclaimer: Views expressed are personal.

Endnotes 

[i]In his article The End of Liberal International Order?" (2018) analyses the pressures facing the liberal international order, including the rise of populism and nationalism, and discusses the implications for multilateral institutions.

[ii]John J. Mearsheimer in his work “Bound to Fail: The Rise and Fall of the Liberal International Order"(2019) argues that the liberal international order is unsustainable and examines the factors leading to its potential demise.

[iii]Mishra, V., “UN General Assembly adopts milestone cybercrime treaty”,UN News, 24^th Dec 2024, Available athttps://news.un.org/en/story/2024/12/1158521( Accessed On 25th December 2024)

[iv]Sukumar, A., & Basu, A. (2024) “Back to the territorial state: China and Russia’s use of UN cybercrime negotiations to challenge the liberal cyber order”, Journal of Cyber Policy, 1–32, Available at https://doi.org/10.1080/23738871.2024.243659(Accessed on 26th December 2024)

[v]Vibhu Mishra, “UN General Assembly adopts milestone cybercrime treaty”, UN News, 24^th Dec 2024, Available athttps://news.un.org/en/story/2024/12/1158521( Accessed On 25th December 2024)

[vi] Isabella Wilkinson “What is UN cybercrime treaty and why it matters?”, Chatham House, 4^th August 2023 Available at https://www.chathamhouse.org/2023/08/what-un-cybercrime-treaty-and-why-does-it-matterAccessed on 26th December 2024

[vii] Ibid.

[viii]Ransomware hack cripples Costa Rican agencies https://dxc.com/us/en/insights/perspectives/report/dxc-security-threat-intelligence-report/2022/june-2022/ransomware-hack-cripples-costa-rican-agencies#:~:text=A%20Conti%20ransomware%20attack%20has,Costa%20Rican%20town's%20energy%20supplier. Accessed on 26^th December 2024

[ix]Goukar, T., “Will the Change Healthcare case finally make providers do a business impact analysis?”SC Media, 22^nd April 2024 Available at https://www.scworld.com/perspective/will-the-change-healthcare-case-finally-make-providers-do-a-business-impact-analysis (accessed on 28^th December 2024)

[x] Ibid

[xi] Gil, L., “Making the digital and physical world safer: Why the Convention against Cybercrime matters”, UN News, 24^th December 2024 Available at: https://news.un.org/en/story/2024/12/1158526(Accessed on 24th December 2024)

[xii]Isabella Wilkinson “What is UN cybercrime treaty and why it matters?”, Chatham House, 4^th August 2023 Available at https://www.chathamhouse.org/2023/08/what-un-cybercrime-treaty-and-why-does-it-matter Accessed on 26th December 2024

[xiii] Ibid

[xiv]intergovernmental committee composed of experts and representatives of all regions. The committee is chaired by Algeria, with 13 vice chairs: Egypt, Nigeria, China, Japan, Estonia, Poland, the Russian Federation, Dominican Republic, Nicaragua, Suriname, Australia, Portugal, and the USA. Indonesia was appointed as the committee’s rapporteur. 

[xv] Vogel, R. “Countering the use of information and communications technologies for criminal purposes”, Report of the Third Committee, November 27^th 2024https://documents.un.org/doc/undoc/gen/n24/372/04/pdf/n2437204.pdf

(Accessed on 27^th November 2024)

[xvi]Gullo, K. and Rodriguez, K, “UN Cybercrime Treaty Timeline”, EEF, Available at https://www.eff.org/pages/un-cybercrime-treaty-timeline Accessed on 30th December 2024

[xvii] Ibid.

[xviii]Sukumar, A., & Basu, A. (2024). Back to the territorial state: China and Russia’s use of UN cybercrime negotiations to challenge the liberal cyber order. Journal of Cyber Policy, 1–32. https://doi.org/10.1080/23738871.2024.243659(Accessed on 26th December 2024)

[xix]“Ad Hoc Committee to Elaborate a Comprehensive International Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes on its first session”, UN Report Available athttps://www.unodc.org/unodc/en/cybercrime/ad_hoc_committee/ahc-first-session.html Accessed on 1st January 2025

[xx]Sukumar, A., & Basu, A. (2024). Back to the territorial state: China and Russia’s use of UN cybercrime negotiations to challenge the liberal cyber order. Journal of Cyber Policy, 1–32. https://doi.org/10.1080/23738871.2024.243659(Accessed on 26th December 2024)

[xxi]Kazakova, A,Kovač, B andIttelson, P., “Decision postponed on the Cybercrime Convention: What you should know about the latest session of the UN negotiations”, Geneva Internet Platformhttps://dig.watch/updates/decision-postponed-on-the-cybercrime-convention-what-you-should-know-about-the-latest-session-of-the-un-negotiations(Accessed on 31st December 2024)

[xxii]Vogel, R. “Countering the use of information and communications technologies for criminal purposes”,  Report of the Third Committee, November 27^th 2024 https://documents.un.org/doc/undoc/gen/n24/372/04/pdf/n2437204.pdf

(Accessed on 27^th November 2024)

[xxiii] Ibid.

[xxiv] Ibid.

[xxv]A New World Order is a book by Anne-Marie Slaughter where she has argued today, we have a new world order, and that it's made up of a complex global web of networks.

[xxvi]Mishra, V., “UN General Assembly adopts milestone cybercrime treaty”, UN News, 24^th Dec 2024, Available athttps://news.un.org/en/story/2024/12/1158521( Accessed On 25th December 2024)

[xxvii]Anja P. Jakobi and Lena Herbst, “Between a Rock and a Hard Place: The UN Cybercrime Convention” PRIF Blog, December 9 2024,  https://blog.prif.org/2024/12/09/between-a-rock-and-a-hard-place-the-un-cybercrime-convention/ accessed on 5^th January 2025

[xxviii] Ibid.

[xxix]Kailasam, R. “India stares at a steep cybercrime challenge. Is it Prepared?”,  The Indian Express, May 27^th 2024 Available athttps://indianexpress.com/article/opinion/columns/india-cyber-crime-challenge-9351602/?utm_source=whatsapp&utm_medium=social&utm_campaign=WhatsappShare accessed on 2^nd January 2025

[xxx]World-first “Cybercrime Index” ranks countries by cybercrime threat level”,  University of Oxford News, 10^th April 2024,   Available at https://www.ox.ac.uk/news/2024-04-10-world-first-cybercrime-index-ranks-countries-cybercrime-threat-level, Accessed on 5^th January 2025

[xxxi]Basu, A. “Ideological Agnosticism and Selective Engagement: How India Sees the Global Cybersecurity Norms Debate”, Centre for the Advanced Study of India¸ University of Pennsylvania, January 15^th, 2024, Available at https://casi.sas.upenn.edu/iit/arindrajitbasu (Accessed on 4th January 2025)
[xxxii] Kailasam, R. “India stares at a steep cybercrime challenge. Is it Prepared?”,  The Indian Express, May 27^th 2024 Available athttps://indianexpress.com/article/opinion/columns/india-cyber-crime-challenge-9351602/?utm_source=whatsapp&utm_medium=social&utm_campaign=WhatsappShare accessed on 2^nd January 2025