Although at the beginning of the globalization of computer networks there were cosmopolitan expectations and utopian ideas about a virtual, networked world community, in recent years we can notice a return to the established patterns of the Westphalian state and its effort to assert state sovereignty in cyberspace. In fact, "digital sovereignty" and the redistribution of power are fought not only by states, but also by transnational actors, such as Big Tech companies (Google, Apple, Facebook, Amazon and Microsoft: "GAFAM"). This struggle takes place on two levels: on the technical level of cyberspace organization - centralization vs. decentralization of the global network, and at the political level - authoritarian vs. liberal political ideology about cyberspace. One of the elements of the geopolitical conflict is also reflected in the current processes within the United Nations.
It is true that since 2001, the Council of Europe Convention has been an important instrument for harmonizing the rules on cybercrime and electronic evidence, not only among the contracting states, however, we should not forget that not all countries of the world signed or acceded to it - to begin with Russia, China, India. For this reason, it is debatable to claim that this Convention has a global scope, and it is understandable why the United Nations is currently negotiating an international treaty to combat cybercrime, which would have a universal scope.
Namely, at the end of 2017, Russia sent the UN Secretary General letter proposing the text of the convention on cybercrime, and despite the opposition of the EU and the USA, at the end of 2019, a resolution it was adopted, which started the negotiation process. In December 2022, the Ad Hoc Committee prepared consolidated negotiating document, and the last (fifth) round of negotiations ended in April 2023. The Committee is expected to produce a zero draft during the summer, with the draft finalized in January 2024.
One of the main features of the proposed text of the Convention is its emphasis on the principle of sovereignty, which can already be seen in the preamble, where it is stated that each state has sovereignty and exercises jurisdiction over its territory with regard to cyberspace in accordance with its domestic law. Also, cross-border operations carried out by computer systems and networks under the control of one state on the territory of another, without its approval, are prohibited. In fact, one of the main reasons why Russia is not a party to the Council of Europe Convention is the provision on the possibility of cross-border access to computer data on the territory of other party states (Article 32). However, without going into the further reasons of the countries that did not accede to the Council of Europe Convention and supported the proposal of the text of the UN Convention at this point, nor the reasons of the countries that oppose this proposal, some interested factors should be pointed out.
Namely, several NGOs have expressed great concern for human rights in the online environment, considering that, if the Convention is adopted, competent authorities could access personal data without the control of an independent or judicial mechanism and carry out massive digital surveillance and thus fully override the right to privacy (eg Privacy International).
Also, IT companies are following the negotiation process with interest, given that the Convention would create significant obligations for them as well. It is not surprising that Microsoft and Google speak unfavorably about the text of this international agreement, pointing out that they would be obliged to hand over user data even to countries that they consider undemocratic and revisionist - moreover, these companies express their fear that the Convention could incriminate the mere cyber security reserach.
Although the Convention could serve as a basis for the development of a framework for comprehensive international cooperation, the question can be raised whether there is a need for another international convention on cybercrime. Certainly there are challenges regarding the varying strength of national laws, as well as the capacity of competent authorities to enforce them. Upgrading and improving existing instruments of cooperation is perhaps a more desirable and practical solution than diverting already scarce resources to the search for a new international framework, which is likely to stretch over many years and is unlikely to result in consensus. Furthermore, although a certain number of provisions in the Draft Convention reflect those from the Council of Europe Convention, there are no clear provisions that would insist on a balance between the interests of law enforcement and respect for basic human rights, as well as provisions on the principle of proportionality.
However, what the final text will look like, how the voting will go and what will be the acceptance and fate of the Convention, remains to be seen.