MICHEL MARTIN, HOST:
The United Nations has moved to formally define and respond to global cybercrime. Some countries, including the United States, have lingering concerns about the terms. NPR's cybersecurity correspondent Jenna McLaughlin has more.
JENNA MCLAUGHLIN, BYLINE: While many people around the world were off celebrating winter holidays, the United Nations General Assembly was hard at work, looking to push through policy they've been working on for the last five years.
ILONA COHEN: When everybody else was waiting for Santa to come down the chimney, the U.N. was passing its five-year cybercrime convention.
MCLAUGHLIN: That's Ilona Cohen. She's in charge of legal and policy issues at cybersecurity firm HackerOne. She and the rest of the cyber community have been keeping a close eye on conversations at the U.N., especially after Russia spearheaded talks to come up with the cybercrime agreement back in 2019. There are other international cybersecurity agreements like the Budapest Convention, but it doesn't have the same global support. The U.N. set out to define cybercrime itself and figure out ways its members could help each other tackle the problem.
COHEN: So the underlying purpose of the cybercrime convention was a good one. It was to facilitate international cooperation, to investigate and prosecute, you know, serious cybercrimes. And that is a cause that everyone can support. But unfortunately, that's about where the consensus collapses because there are a lot of questions about how they define cybercrime and specifically what a serious crime is under the treaty.
MCLAUGHLIN: For example, Russia and China might argue that language the U.S. might see as activism or free speech might constitute a serious cybercrime. And it's possible the convention might not protect good-faith security researchers, who hunt for vulnerabilities in order to fix them, explains Cohen.
COHEN: So regardless of intent, it makes no distinction between a cybercriminal and somebody who is conducting legitimate security testing and who might not otherwise have explicit permission to do so.
MCLAUGHLIN: Despite the overly broad language, the U.N. General Assembly adopted the cybercrime convention on Christmas Eve. Lauding the steps taken to tackle online abuse, scams and money laundering, Jonathan Shrier, who represents the U.S. on the U.N.'s Economic and Social Council, cheered the adoption but made it clear that the U.S. has remaining concerns about the ambiguity of the convention. He said the U.S. would not allow other nations to use the new treaty as a weapon to violate human rights around the globe. And the process isn't over. There's time before the policy is fully ratified. Cohen and HackerOne hope the U.S. uses that time to push for better protections.
Jenna McLaughlin, NPR News.
(SOUNDBITE OF DEUSDOSOL AND SLO FIVE'S "SOLAR DUST") Transcript provided by NPR, Copyright NPR.
NPR transcripts are created on a rush deadline by an NPR contractor. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.
