new | ask | show | jobs
pksebben 4 days ago  [ - ]

text of the treaty: https://www.unodc.org/unodc/en/cybercrime/convention/text/co...

I wouldn't get excited about the US "not signing". With the government shutdown, they might just be waiting for the document to be in New York before they bother. Hanoi is far.

64ss1: This Convention shall be open to all States for signature in Hanoi in 2025 and thereafter at United Nations Headquarters in New York until 31 December 2026.

Article 37 is spooky. Expands extradition to where there might not be preexisting extradition treaties.

Fuck article 11. It's the EU's "any program for committing cybercrime is a crime" law, and makes programmers culpable. IANAL, but it actually looks like it criminalizes the entire software supply chain. Sure, there's a clause in there that looks like it's supposed to protect security research (11s2) but this is the thinnest of loincloths.

It also seems to apply to "crime where there was a computer somewhere around". As for what constitutes "crime":

Article 2:(h) “Serious crime” shall mean conduct constituting an offence punishable by a maximum deprivation of liberty of at least four years or a more serious penalty;

...that seems to mean that if publishing information against the state regime is punishable by 4+ years and you used a computer to do it, there is now a basis for seizing your data and extraditing you.

I'm not even going to get into the implications this has for damaging privacy in general. This is some dark ass shit.

mystraline 4 days ago  [ - ]

Upon a reading, a "cybercrime" can be as simple as saying 'Kim Jong Un is a fat dumbass' on social media.

And since it was said on a computer, combined with insulting 'His Glorious Leader (spit) ' is a death penalty, thats a extraditing cybercrime.

Sure it could be argued thats not a real example. But given OFCOM's recent stunts of sending british compliance letters to US firms with no british presence, I'd rather not have other countries manufacturing shit laws and exporting to us as a "treaty".

thw_9a83c 4 days ago  [ - ]

Article 29: Real-time collection of traffic data

   - (ii) To cooperate and assist the competent authorities in the collection or
     recording of; traffic data, in real time, associated with specified
     communications in its territory transmitted by means of an information and
     communications technology system.
Seriously? Will the authorities of state X simply ask the authorities of state Y to collect/intercept data, and will the authorities of state Y be required to cooperate even without a legal basis in their local legislation? Because this treaty become sufficient legislation?

And more so:

   3. Each State Party shall adopt such legislative and other measures as may be
      necessary to oblige a service provider to keep confidential the fact of
      the execution of any power provided for in this article and any
      information relating to it.
I cannot imagine anyone with a functioning brain signing this at the UN level.