2 August 2021 – International Affairs Journal
Andrey Krutskikh, Special Representative of the President of the Russian Federation for International Cooperation on Information Security, Director of the Department of International Information Security of the Ministry of Foreign Affairs of Russia
Airat Khamidullin, Third Secretary of the Department of International Information Security of the Ministry of Foreign Affairs of Russia
Translated by Elizaveta Ovchinnikova
The COVID-19 pandemic forced humanity to ‘dive’ into the virtual space and put economic and everyday life on digital rails. Crime, having dynamically adapted to modern conditions, rushed to use information and communication technologies (ICTs) for its own purposes. Phishing, ransomware, DDoS attacks and cyber attacks do not leave information reports and have become an integral part of our life. In the rampant digitalisation era, the results of computer attacks can be very destructive and lead to disasters affecting national security. At the same time, the overwhelming part of cybercriminals’ activity is still reduced to obtaining a financial advantage. The pandemic has given them a new impetus and exposed long overdue problems. They are largely related to the imperfection of the national legislation of states and the current system of international cooperation in this field. The existing multilateral tools were created 10-20 years ago and objectively do not keep up with cybercriminal activities. Bilateral channels of interaction between law enforcement agencies of states are also far from ideal. This is especially noticeable when crimes are committed in minutes, and the response to a request for electronic evidence can take from a couple of weeks to two or three years.
Therefore, it is not surprising that the damage from information crime has increased significantly in recent years. Its scale is dramatic. If in 2018, the UN Secretary-General A. Guterres noted that the annual damage from cybercrime is 1.5 trillion US dollars, then in 2021 this figure may reach 6 trillion. Given that many companies and states are not inclined to report such incidents, the real figures may be way higher. At the same time, the special character of ICT crimes is that they are committed remotely, often from the territory of other countries, and no state in the world is able to fight them alone.
Understanding this, Russia was the first to raise the issue of developing a practical mechanism under its aegis at the main negotiating platform of the planet – the UN. This mechanism is focused on fighting crimes in the field of ICT usage and is inclusive by its very essence. The main message is that the world must ‘pile on’ the cybercriminals, seriously complicate their activities and not leave them loopholes to escape justice, even if the chain of events involves the jurisdiction of several states with different legal systems from different regions of the planet. Many developing countries are seriously affected by this phenomenon but they are not able to fight ICT crimes alone. Taking into account the fact that the United Nations Convention against Corruption (UNCAC) and the United Nations Convention against Transnational Organised Crime (UNTOC) have come a similar way, they perceive the creation of a universal convention on countering information crime positively.
However, at first this idea encountered serious opposition from Western states. For almost twenty years, they have been strenuously promoting the 2001 Council of Europe Convention on Cybercrime, better known as the Budapest Convention, as a kind of ‘gold standard’ in this field. 65 states became its participants. Russia and most of the UN member states did not sign this convention due to its serious shortcomings. The main of them are the small number of crimes (nine in total), the lack of official statistics of application, as well as the high risk of violating the principle of state sovereignty and fundamental human rights and freedoms of a state party to this convention under the pretext of fighting cybercrime (article 32b on trans-border access to stored computer data).
At the same time, the apologists of the Budapest Convention had been blocking for a long time any discussion in the UN on the development of uniform standards in this area, declaring that there is no alternative to their creation. Therefore, although real cooperation between the states was moving forward but not at right speed. It was even stalling in political terms. This resulted in the emergence of local legislative initiatives and mechanisms in various countries, the fragmentation of international cooperation and, as a consequence, a sharp surge in illegal actions in the information sphere.
Russia managed to reverse this negative trend by offering the international community the idea of creating a full-fledged negotiating platform for the development of the first-ever UN cyber convention. As a result, through the resolution 74/247 of 27 December 2019, the UN General Assembly established an Ad Hoc Committee to Elaborate a Comprehensive International Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes (hereinafter referred to as the Ad Hoc Committee) under its aegis. 47 states became co-authors of the document, although a year earlier, literally 5-10 delegations, at specialised sites, could have spoken into the microphone about the idea of developing global documents.
Moreover, even here, some Western partners tried to block the negotiations at first using procedural techniques and appealing to the threat of the pandemic. However, the outcome of political discussions and votes at the UN in New York clearly demonstrated that the whole world needed to develop a global treaty in this area in order to put in place an effective mechanism to curb cyber threats. And it could no longer wait.
That is why the negotiation background has also changed. Despite the rigidity of different delegations’ positions, informal consultations on the future convention led to the launch of a dialogue with an eye to reaching serious political agreements. The question was no longer whether a convention was needed but how to develop it quickly and efficiently. In preparation for the organisational session of the Ad Hoc Committee (10-12 May 2021), the Russian delegation headed by Deputy Director of the Department of International Information Security of the Russian Foreign Ministry D. Bukin held several rounds of negotiations with representatives of the US Department of State that had previously opposed the creation of this negotiating platform. However, this time the dialogue between the countries allowed the parties to reach a compromise text of the draft resolution on the modalities of the Ad Hoc Committee’s work, which formed the basis for the UN General Assembly resolution 75/282 adopted by consensus.
At the same time, there were attempts to postpone the consideration of the mentioned draft resolution. The dates of the organisational session of the Ad Hoc Committee were changed twice under the pretext of the pandemic. But the result was inevitable – the development of a universal convention on ICT crimes was launched on the initiative of Russia and in the interests of the entire international community. This was a serious diplomatic achievement in the direction of countering cybercrime and a proof that our country is making a significant contribution to the fight against it.
Law enforcement experts and diplomats of the UN member states will actually have to develop a global convention with the participation of all interested parties in two years and submit it to the UN General Assembly for consideration and approval in 2023-2024 during its 78th session. For these purposes, the Ad Hoc Committee will hold 7 substantive sessions: 4 – in New York, 3 – in Vienna. The first meeting is scheduled for 17-28 January 2022.
The complex and broad nature of the negotiations, in which the number of meetings has significantly increased, led to the active involvement of young diplomats of the Department of International Information Security of the Russian Foreign Ministry – Second Secretary L. Chernysheva, Third Secretaries A. Kusaev and A. Khamidullin. It has become a common practice for them to hold regional and bilateral informal meetings and presentations of Russian initiatives, prepare the necessary documents, which will then receive the status of a UN document. Considerable time was devoted to public speeches, sometimes entering into a polemic with eminent opponents and coming out of it as victors. The proximity of the young generation of diplomats to the ICT environment, understanding its specifics allowed them to accurately convey the essence of the problem and a clear argument to the delegations of other states. This eventually played a positive role. The youth justified this trust.
A significant contribution to the implementation of Russian diplomacy in this area was made by the Russian missions to the UN in New York and to international organisations in Vienna headed by V. Nebenzya and M. Ulyanov respectively. Together with the experts of these permanent missions, a huge negotiation work has been done, which has convinced the countries that for Russia this is not an ordinary process but one of the priorities of state and international policy due to the urgent and real problem of cybercrime. All this has made it possible to divert the international community from the previous degree of political confrontation and move on to a professional and constructive dialogue on such a difficult topic.
The next step after the creation and launch of the negotiation platform for the development of a global treaty on countering ICT crimes was the question of filling it with content. The practice of developing such documents usually boils down to two ways – proposing an initial draft of the convention or discussing the key parameters and the skeleton of a future mechanism, which will later be supplemented by proposals from delegations. Taking into account the tight deadlines allotted to the Ad Hoc Committee for the development of the convention, Russia chose the first option.
To do this, on 27 July 2021, in Vienna, a Russian interdepartmental delegation headed by Deputy Prosecutor General of the Russian Federation P. Gorodov submitted to the Ad Hoc Committee a Russian draft of the first-ever universal treaty on combatting cybercrime as a contribution to its work. The document was handed over to the leadership of the United Nations Office on Drugs and Crime, which oversees the problems of countering information crime and serves as the secretariat of the Ad Hoc Committee, as well as to the Chairman of the Ad Hoc Committee, Permanent Representative of Algeria to International Organisations in Vienna F. Mebarki. The project was presented by the Permanent Representative of Russia to International Organisations in Vienna M. Ulyanov and D. Bukin.
Thus, the Russian Federation, which initiated the creation of a negotiating platform on this topic in 2019, was the first to substantially fill the process of developing a much-needed international treaty. The document is currently being distributed in order to prepare for the first substantive session of the Ad Hoc Committee. Now delegations will have something to start from at the very beginning of its work, which will significantly simplify the life of both country delegations, leading world experts and the UN Office on Drugs and Crime, considerably reducing its costs.
The development of the Russian draft convention was carried out by leading experts of the country within the framework of the Interdepartmental Working Group on Computer Related Crime established under the aegis of the Prosecutor General’s Office of the Russian Federation.
The document is innovative and has a number of significant advantages over existing tools. It reflects 23 elements of crimes, which include the main and current trends in this field. This includes unauthorised access to personal information, distribution of narcotic drugs, arms trafficking, involvement of minors in the commission of unlawful acts, inducement to commit suicide, illicit distribution of counterfeit medicines and medical products, cyber terrorism, rehabilitation of Nazism and much more.
The document uses the provisions of the UNCAC, the UNTOC and the Budapest Convention, which are well known to states. This will make it possible not to change the already established elements and rules of international cooperation functioning but only to supplement them with the specifics of the ICT environment and simplify their implementation into the national legislation of states. There is a broad conceptual framework, the procedure for providing legal assistance in criminal cases, including identification, seizure, confiscation and return of assets. At the same time, the urgent mechanisms of interaction that are so necessary now are prescribed, which considerably increases the speed and efficiency of law enforcement agencies activities in investigating cybercrimes that require instant response and interaction with other countries.
An important achievement in the development of the draft convention was the observance of a balance in the issues of personal data protection, respect for state sovereignty and human rights. At the same time, the document takes into account the active use of modern technologies, for example, for conducting interrogations and other procedural actions that were not previously available to subject matter experts. In relation to persons suspected of committing crimes and requested for extradition, the principle of ‘either extradite or try’ is fixed – one of the ‘pillars’ of international criminal law cooperation.
For developing countries that are the most vulnerable in the digital environment and need serious support, the project creates a solid international legal basis for providing them with extensive technical assistance, including training and material support in fighting crimes in the field of ICT usage. For them, in the context of the digital gap, this issue is not just the most desirable to discuss at the UN but even fundamental for stable and progressive economic development.
For some Budapest Convention’s participants, the prospect of having two documents at once – universal and regional ones – is not a problem, on the contrary, a wider range of tools will appear for law enforcement agencies to find, detain and convict criminals. Therefore, there is a chance to reach compromise solutions on the final document during the negotiations.
Taking into account the specific nature of the topic and the difference in approaches, Russia is ready to receive comments and suggestions on this document from all interested parties in order to work together to create a truly effective tool for countering ITC crime that reflects a current reality. Now there is a historic chance for all of us to join our forces and make a big step forward in the fight against a common enemy. We hope that the presented draft convention will allow us to unite and direct the efforts of the world community to develop practical solutions in this area.