Russia and China Are Trying to Set the U.N.’s Rules on Cybercrime
At the United Nations General Assembly, the United States must push back against their agenda.
As world leaders gather in New York next week for another session of the United Nations General Assembly, they’ll have a number of pressing global security challenges on their minds. But on one key topic—cybercrime—the United States risks losing to Russia and China if it doesn’t have a clear strategy for pushing back against their attempts to prevail on the issue. By failing to articulate its own vision for cybersecurity, it would let two countries that have sponsored and harbored cybercriminals set the rules of the game.
The playing field has long been set in the competition to create the rules governing how countries deal with cybercrime. On one side, you have a global treaty, known as the Budapest Convention, which was drafted with strong support from the United States and its allies. The convention is the only legally binding international treaty that lays out common standards on cybercrime investigations and aims to boost cooperation among criminal justice systems around the globe in these cases. On the other side, you have Russia and China, two countries that have long been accused of sponsoring malicious cyberactivity themselves. These countries have refused to join the Budapest Convention and have instead called for a new global cybercrime treaty at the U.N.—one that they could presumably influence the drafting of.
The United States, as one of the hardest-hit victims of cybercrime, has a lot at stake in the debate. From the ransomware attacks in 22 Texas towns last month to continued attacks on some of the country’s largest businesses and civil society organizations, cybercrime presents a pressing national and economic security issue. A 2018 Gallup Poll found that one in four Americans have experienced cybercrime, and the White House has estimated that malicious cyberactivity cost the U.S. economy between $57 billion and $109 billion in 2016 alone. Yet those responsible for these crimes, many of whom are not located within the United States’ borders and some with direct sponsorship from other nations, currently operate with near impunity. A 2018 assessment by Third Way, where I work, found that in the United States alone, less than 1 percent of reported malicious cyber-incidents annually ever see an arrest.
To be sure, the Budapest Convention is hardly a panacea. Indeed, it has been validly criticized for its lack of human rights and legal safeguards. Yet, it’s the only global treaty that exists with a common vision for trying to facilitate international cooperation on cybercrime that also aims to protect the rule of law and an open internet. Alternatively, a draft treaty that Russia has recently circulated would allow countries to solidify their hold over information and communications technology within their borders, enabling some countries to further restrict activities and speech on the internet, while also stressing governments’ sovereignty in cybercrime investigations.
In the competition between these two visions, the United States has lost before, and this year it could happen again. During last year’s General Assembly proceedings, a resolution on cybercrime pushed by Russia with support from China passed by a vote of 94 to 59 with 33 abstentions. The resolution was innocuous on its face—it required the U.N. secretary-general to collect countries’ views about cybercrime and present a report—but was seen by the United States and its allies as an attempt by Russia to put discussions of a new global cybercrime treaty that advances its interests on the U.N.’s agenda. A separate Russian resolution opposed by the United States establishing an open-ended working group to discuss norms in cyberspace also passed in the General Assembly last year.
If the United States isn’t careful, it risks letting Russia and China win another matchup on cybercrime. It must be prepared for Russia to build on last year’s victory and start working now to expand the support it needs to effectively advance its own agenda on cybercrime. U.S. diplomats need to have a clear strategy and the resources needed to build allies in New York in this fight. And while the United States has remained committed to protecting the Budapest Convention, the government’s cybercrime agenda should be focused on not only expanding the number of parties to this treaty but also supporting new forums that can promote public and private global cooperation on cybercrime if those forums adhere to similar values.
Yet U.S. President Donald Trump’s previous backtracking on the United States’ historic position against Russia’s approach to cybercrime undermined efforts to craft a consistent and coherent agenda. The United States has already lost clout and leverage at the United Nations, and it will continue to do so if its diplomats do not have the support and high-level backing from leaders in the Trump administration to effectively do their jobs.
If they can’t, it will ultimately be everyday Americans who will be the victims.