The UN’s push for a cybercrime treaty could endanger the security of journalists

‘When there’s ambiguity, some governments will take advantage of that and try to use it to clamp down on speech.’ —Human Rights Watch

Cybercrime is on the global agenda as a United Nations committee appointed to develop a treaty on the topic plans for its first meeting amid pandemic-related delays. The process is slated to take at least two years, but experts warn that such a treaty–initially proposed by Russia–could hand new tools to authorities looking to punish those who report the news.

The issue stems from competing definitions of cybercrime—one narrowed on malicious hacking of networks and data, the other encompassing any crime facilitated by a computer. It matters because many authorities around the world already invoke cybercrime or cybersecurity laws to punish journalists— not for secretly hacking into networks or systems, but for openly using their own to publicize wrongdoing.

“When there’s ambiguity, some governments will take advantage of that and try to use it to clamp down on speech,” Deborah Brown, senior researcher for digital rights at Human Rights Watch (HRW), told the Committee to Protect Journalists (CPJ). Brown has written about a global surge in national cybercrime laws undermining human rights. “It’s important to look not just at what’s being proposed at the global level, but at how national governments are interpreting their own laws,” she told CPJ.

Cybercrime laws criminalize topics like false news in NicaraguaNigeria, and Sudan, among other countries. Journalists have been arrested on cybercrime charges in Iran for reporting on the economy; in Pakistan for investigative and political commentary; and in Benin, for alleged defamation.

In 2011, CPJ warned about Russia’s push, along with China and a handful of other UN member states, to propose an “information security” code to combat online information that could incite terrorism or undermine national stability, charges both countries have levied against journalists.

“This has been part of Russia’s agenda for a while, and China has also been pushing for a treaty that would achieve similar goals—simply to extend more state control over the internet,” said Sheetal Kumar, head of global engagement and advocacy at Global Partners Digital, a London-based organization advocating digital rights.

CPJ emailed the Russian and Chinese permanent missions to the UN in New York to request comment but received no response.

Cybercrime measures can affect the press even if they don’t explicitly criminalize speech. According to Kumar, some seek to undermine encryption, a privacy feature that helps journalists protect files and communicate privately with sources and colleagues. CPJ has reported on journalists facing trumped-up hacking charges in retaliation for reporting, like Egypt’s Nora Younis. Journalists in the U.S. have told CPJ that the federal Computer Fraud and Abuse Act criminalizes data-gathering and verification activities that ought to be considered a routine part of reporting the news. In one recent local U.S. case, Missouri governor Mike Parsons said on December 29 that he expected prosecutors to charge St. Louis Post-Dispatch reporter Josh Renaud under a state anti-hacking statute for publicizing a local government website vulnerability that had exposed teachers’ Social Security numbers.

But journalists could be even more vulnerable if a global convention entrenches a broader definition of computer-enabled cybercrime, according to Brown at HRW. “The [UN] treaty has the potential to criminalize certain behavior and content online,” she said.

“Jordan, Indonesia, Russia, China, and others want to see a much broader scope [for the treaty] with so-called morality crimes, disinformation – more content-based crimes,” Kumar said, citing national statements submitted ahead of the convention. CPJ has documented journalists imprisoned under both Jordan’s Cybercrime Law and Indonesia’s Electronic Information and Transactions Law in the past.

Three journalists who have been arrested under cybercrime laws:

Maria Ressa at the International Journalism Festival in Perugia, Italy, April 4, 2019.
  • Filipino journalist Maria Ressa, who was awarded the Nobel Peace Prize in October, is battling a spate of spurious libel charges under the Philippines’ 2012 Cybercrime Prevention Act in connection with reporting by her news website, Rappler, and could face a six-year prison sentence if one conviction from 2020 is not overturned on appeal.
  • Bangladeshi reporter Ruhul Amin Gazi has been jailed for over a year without trial because a 2019 report about an executed opposition leader published by his employer, the Bangla-language Daily Sangram newspaper, was available on the internet, triggering a criminal complaint under the Digital Security Act, Rezaur Rahman Lenin, an independent academic and activist based in Dhaka who has followed the case, told CPJ. Local courts deny bail to those charged under the law so often that the prosecution itself is a punishment, Lenin said.
  • Nigeria’s Cybercrimes Act criminalizes using computers to transmit information that could cause annoyance or that the sender knows to be false; Luka Binniyat, a Nigerian journalist who contributes to the U.S.-based outlet The Epoch Times, was arrested under the Cybercrimes Act in November 2021 and continues to be held in advance of a February 3 court hearing.

Many UN member states are calling for increased international cooperation in cybercrime investigations, which could see more information about alleged criminals shared across borders, according to Kumar.

“What’s good is that a number of states have said they want a rights-respecting approach,” she said. “But the devil is in the detail. You’re asking for increased [law enforcement] powers, you’re also saying human rights need to be protected. That’s where the issues will lie.”

This article was originally published by the Committee to Protect Journalists. 

Madeline Earp has been working with CPJ to document the impact of technology on press freedom since March 2019. She previously managed content for Security First, a tech startup solving security challenges for people at risk; and coauthored five editions of Freedom on the Net, an annual index of internet access, censorship and user rights in 65 countries published by Freedom House’s research office in New York. She was a researcher on CPJ’s Asia desk from 2007 to 2013. Earp has a master’s degree in East Asian studies from Harvard University and a bachelor’s in English literature from Cambridge University. She is based in Bristol, UK. Follow her on Twitter @madelineearp.