After a third round of talks on the nascent United Nations Cybercrime Convention wrapped in New York on September 9th, one Western government official told OCCRP that “Russia is certainly not as active in the room as might have been expected, or as they are in other negotiations.”
Gerardo Isaac Morales Tenorio, Coordinator for Multidimensional Security at Mexican Ministry of Foreign Affairs, who is also engaged in the ongoing discussions, similarly said that he feels the Russians “recognise they are not leading this conversation.”
Moscow has shown significant interest in how cyberspace is governed since the late 90s, amid concerns over the West’s perceived technological advantages, and was in fact the UN member state to submit the proposal for the treaty currently under discussion.
Though Russia’s resolution establishing a committee to draft the convention passed in December 2019, it was without a majority of states in favor. Sources told OCCRP earlier in June this was largely to do with the fact of a pre-existing international legal instrument in this space, but also because of the lack of trust that had characterized discussions so far.
The Council of Europe’s Budapest Convention, introduced in 2001, covers a wide range of issues related to cybercrime and internet governance. Russia declined to sign the treaty on grounds that its provisions for cross-border investigations into criminal activity in cyberspace violate national sovereignty.
A second round of talks on the new UN convention, which took place between May 30 and June 10 in Vienna, had focused on issues relating to criminalization and law enforcement. Critics at the time accused Russia of trying to use the negotiations to forge cover for criminal groups staging attacks against the West and human rights abuses at home.
Russia is home to the world’s largest market for cybercriminal services, with longstanding evidence of “loose coordination” between intelligence agencies and prominent ransomware gangs, like Conti and REvil, responsible for attacks against non-allied states.
“For the country that seems to have the most cybercrime to introduce a treaty is slightly ironic,” the Western government official said. “If you’re being skeptical, you might question some of the motivations behind how this process originated.”
Robust protections on national sovereignty, as Russia has been pushing for, might mean that signatories to the treaty could not be forced into handing over data on criminal activity. Some have suggested this would potentially enable Moscow to shield cybercriminal networks or proxies within Russia’s borders who attack targets abroad.
“You’d always have plausible deniability,” as Valentin Weber, a cyber research fellow at the German Council on Foreign Relations, previously told OCCRP. “You could claim you’re not able to investigate or that you haven’t found anything, because the provisions on sovereignty would cover you.”
Others have expressed concern that provisions against “content-related conduct,” pushed for by a cadre of state representatives from Russia, China, Tajikistan, Burundi and Nicaragua, among others, may open the way for further suppression of dissent and other civil rights in those countries.
“We’ve seen vaguely worded international cybercrime laws misused to violate freedom of expression, target dissenters, and put them in danger,” the Electronic Frontier Foundation, a digital rights advocacy group, warned as the most recent round of discussions began.
“It’s paramount that the proposed treaty does not invite abuse and overreach by obligating states to cooperate in open-ended investigations of ill-defined criminal matters,” they added.
War in Ukraine has loomed large since the talks began. Several sources in the room told OCCRP that on the first day of the opening session, incidentally the same day Russia launched its invasion, many national representatives opened by condemning the conflict.
Since then, Russian diplomats have apparently taken more of a back seat as discussions have continued. In the meantime, sources say the overall process has also proven more democratic than initially anticipated.
Morales Tenorio explained that states who have perhaps not previously been as active on the issue of cyber governance were in fact now deeply engaged on issues of criminalization, international cooperation, and capacity-building among developing countries.
“We’re very much seeing this sort of pluralistic approach,” they said.
Joyce Hakmeh, deputy director of the International Security Program at Chatham House, said that while it remains too early for optimism, with at least three sessions remaining, there’s room for hope the negotiations may produce a comprehensive and sufficiently targeted convention.
“There is this sort of momentum. There’s a desire, and there’s potential for technology to be used in a much better way,” she said. “I think for a lot of developing countries, that is a good thing.”
However, some sources voiced concern that Russian diplomats appearing to slip from center stage may in fact indicate a willingness on Moscow’s part to play the long game when it comes to the provisions Russia is eager to see included in the final version of the convention.
Even if the treaty ends up adopting a more targeted scope, excluding provisions that countries like Russia have been gunning for, there is a chance these more controversial issues may be pushed forward through subsequent protocols that only some countries might ratify.
The Permanent Representative of Russian to the United Nations in Geneva did not respond to request for comment on the talks, due to resume in January.