At a glance.
- The UN's new cybercrime treaty raises human rights concerns.
- How China's new counter-espionage law could impact cyber business.
- DHS moves to codify the Cyber Safety Review Board.
- New report on international cyber legislation.
The UN’s new cybercrime treaty raises human rights concerns.
The United Nations is on the cusp of completing negotiations for a new cybercrime treaty. The Washington Post explains that while most UN member states are happy with the existing treaty, the Budapest Convention, Russia began pushing for changes in 2017, and in 2019 a vote came down in favor of drafting a new document. Member states gathered in Vienna in April, and it’s clear that Moscow and other members want to redefine cybercrime, expanding the number of criminal offenses from the previous nine to thirty-four. US representatives, along with human rights activists and civil liberties groups, say the inclusion of these new offenses raises questions about freedom of speech. Human rights group Article 19 explains that the new list includes offenses “that have not been previously implemented at an international level, and would create conflicts with international human rights obligations even without the use of a computer/digital technology,” and “do not leave room for other mechanisms for redress such as civil or nonlegal remedies.” Jane J. Lee, a federal prosecutor and member of the U.S. delegation to the treaty committee, said that “for the types of crimes that we’re talking about where there might be authoritarian regimes working to see greater control over information and speech, that’s something that the United States is carefully watching.” Lee also noted that the treaty committee is challenged with avoiding the creation of any laws that might overlap or contradict the Budapest Convention, which has served as the basis for international cyber cooperation since 2001.
The Record notes that representatives from tech giants Microsoft and Google appeared alongside Lee at this week’s RSA Convention, and as two of the largest companies that receive data requests from governments, they have their own worries about the new treaty. Microsoft Senior Government Affairs Manager John Hering warned, “This is a process that’s been kicked off by countries that seem to be a bit revisionist, and I think there were some concerns that it could cater to authoritarian and undemocratic interests when it comes to policing our digital environment.” A first draft of the treaty text is due June 20.
How China’s new counter-espionage law could impact cyber business.
Chinese lawmakers are expanding its counter-espionage law, broadening the definition of espionage to include cyberattacks targeting information infrastructure connected to the country’s spy agencies. The amendment, which goes into effect on July 1, is representative of Chinese president Xi Jinping’s focus on national security. Yasuhiro Matsuda, an international relations professor at the University of Tokyo, told CNN that the existing version of the law was “very ambiguous and very powerful. But China thinks it’s not enough.” Matsuda went on to say that the law’s new verbiage suggests “any organization and anyone can be suspect … and anything can be counted as a threat to national security.” He added, “This will definitely cause a chilling effect,” he said. As China begins to lift Covid-era border restrictions, the expanded law is likely to deter foreign researchers, activists, and businesses from visiting or operating in China. A recent series of arrests of foreign nationals for espionage charges have already heightened concerns about how the new law will be applied.
DHS moves to codify the Cyber Safety Review Board.
Rob Silvers, the US Department of Homeland Security’s (DHS) undersecretary for strategy, policy, and plans confirmed at the RSA Conference this week that officials are working toward codifying the Cyber Safety Review Board (CSRB). As the Record explains, the fifteen-person board was established last year by executive order and is focused on analyzing major cyber incidents in order to make remediation recommendations. The CSRB voted earlier this month to approve a legislative proposal to present to Congress. Silvers explained, “[W]e think Congress should put its stamp on it and also give us a foundation for more resources, further building out the staff. The legislation would formalize the board’s funding, as well as grant it the power to subpoena victims of cyberincidents to share their experiences, though Silvers says that power will likely not be used often. Comparing it to the National Transportation Safety Board’s (NTSB) authorities during accident investigations, Silvers noted that the NTSB “almost never uses it, because it doesn't need to, because it gets a cooperation.” The draft bill also states that the board can be convened by the President or the DHS secretary whenever needed. DHS Secretary Alejandro Mayorkas has been a vocal supporter of codifying the CSRB.
New report on international cyber legislation.
International cybersecurity non-profit (ISC)², in collaboration with British think tank the Royal United Services Institute (RUSI), has released a report on cybersecurity legislation in the UK, US, Canada, the EU, Japan and Singapore, Infosecurity Magazine reports. (ISC)² explains, “The aim of this research and the paper produced is to serve as a guide to policymakers by examining different approaches to cybersecurity policy, regulation and legislation.” Titled Global Approaches to Cyber Policy, Legislation and Regulation, the report examines the issues that have steered cyber legislation in the various nations, and it notes that all six are challenged by a shortage of skilled cybersecurity professionals, as well as the need to defend critical national infrastructure. Pia Hüsch, a research analyst at RUSI and the report’s principal author, says the report also highlights the importance of collaboration between the private and public sectors. (ISC)² CEO Clar Rosso added that the report, which was based on research conducted from December 2022 to March 2023, is “a first-of-its-kind comparative work, pushed by the proliferation of new cyber regulation – and the fact that more is on the way.”