US declines to join more than 70 countries in signing UN cybercrime treaty
therecord.media269 points by pcaharrier 7 hours ago
269 points by pcaharrier 7 hours ago
China, north korea, and russia, all prolific cybercriminal nations with significant state backing of the same, are signatories. This means it's at best meaningless and at worst surrenders power to a regime with partial control by objectively bad actors. Staying out of this was the right move.
Plus it has too many implications for surveillance and security; poor idea in any case.
Yeah, the article is quite good at summarizing some of these issues.
> The convention has been heavily criticized by the tech industry, which has warned that it criminalizes cybersecurity research and exposes companies to legally thorny data requests.
> Human rights groups warned on Friday that it effectively forces member states to create a broad electronic surveillance dragnet that would include crimes that have nothing to do with technology.
> Many expressed concern that the convention will be abused by dictatorships and rogue governments who will deploy it against critics or protesters — even those outside of a regime’s jurisdiction.
> It also creates legal regimes to monitor, store and allow cross-border sharing of information without specific data protections. Access Now’s Raman Jit Singh Chima said the convention effectively justifies “cyber authoritarianism at home and transnational repression across borders.”
> Any countries ratifying the treaty, he added, risks “actively validating cyber authoritarianism and facilitating the global erosion of digital freedoms, choosing procedural consensus over substantive human rights protection.”
The Wikipedia article having a whole section about human right objections also says a lot about this treaty.
https://en.wikipedia.org/wiki/United_Nations_Convention_agai...
> For example, the convention requires states to have laws that compel internet services to collect certain data, and does not require that requests for such data be transparent. There are limited cases when member states may deny a request for data, although there is a provision to do so if a state believes a request is due to "sex, race, language, religion, nationality, ethnic origin, or political opinions". The latter statement was weakened during negotiations, and challenged by Iran and Russia until the end of negotiations.
Ok, so it's basically a "five eyes" style agreement for sharing intel on citizens. Why would anyone want their government to support this?
Solid question. Related, but here is a list of governments that did support this: https://treaties.un.org/Pages/ViewDetails.aspx?src=TREATY&mt...
> Ok, so it's basically a "five eyes" style agreement for sharing intel on citizens. Why would anyone want their government to support this?
While I agree that it's not a good idea, I can answer that last question:
The idea would be that when an American enforcement body, presumably the FBI, determines that a bunch of cash or whatever was stolen by Russian hackers, the treaty compels the Russian government to keep records of the hackers' activity, and it "creates frameworks for collaboration, including mutual legal assistance and extradition". So instead of saying "hey, you stole all our money" and getting the response "wow, it must suck to be you", we could make them give the money back and extradite the criminals.
Oh yes indeed, Russia will definitely keep up their end of the deal. They wouldn’t piss on a treaty that they had signed for no reason.
Like, remember that time where they signed a treaty in 1994 that committed them to respecting and protecting Ukraine’s borders and then steadfastly stuck to it till present day?
You’ve convinced me. Entering this agreement with Russia, North Korea and China is a great idea.
Believe it or not, Russia, like most countries, mostly adheres to most of the treaties it signs.
That thrust would also land better if the US weren't ran entirely by an autocrat whose adherence to the terms of its treaties is, ah, capricious at best. But even before him, it's treaty adherence (like that of all countries) was also variable.
Even Trump "mostly adheres to most of the treaties" the USA has signed. The USA has signed a lot of treaties, and violating most of them would take a concerted effort, and quite a lot of time.
Yes, he does. The sad and stupid and novel thing is how fucking capricious he is about that adherence, and how congress has fully kowtowed to him and his minions.
> Why would anyone want their government to support this?
Clearly not enough people oppose it, because five eyes has been a thing for decades, and isn't going anywhere.
According to World Cybercrime Index, Russia, Ukraine, China and the US are in top 4. North Korea is #7. Just to add some perspective to it.
Three of these countries are technology leaders, so that makes sense. Then we have Ukraine.
Russia is number 1, Ukraine is number 2. This is my proudest moment as a Ukranian.
I was hoping to see a comment like this. These sorts of “global collaborations” seem to always end with the US carry all the water, and the goal from the other countries perspective is to throttle the US. Like the Paris Accords.
> and the goal from the other countries perspective is to throttle the US. Like the Paris Accords.
Which is not inherently a bad thing: https://en.wikipedia.org/wiki/List_of_countries_by_carbon_di...
Interesting dataset.
It would be a lot fairer to display tons of CO2 per inhabitant I think.
And that's before taking into account imported CO2.
Climate change isn't driven by per-inhabitant CO2 emissions. It's driven by total CO2 emissions, of which the US outputs 12% per year.
Climate change isn't driven by human defined borders either. It's driven by total CO2 emissions. If a per-capita rate is non sensical then border based emissions are even more non sensical. Greenland only emits 0.001% of the total. Greenland is 12000x a better country than the US wow. This is exactly why per-capita is used.
Yeah and this is clearest when you consider federations. Imagine if you count the US as 50 separate countries, suddenly they are much more climate friendly! That's of course absurd.
Climate change isn’t driven by borders but energy policy is defined within them.
And no policy is gonna willingly reduce energy consumption which is directly co-related with QOL when other countries have much higher per-capita consumption. Politically humans need fairness.
We don’t need to reduce energy consumption. We need to reduce greenhouse gas emissions.
We know. There are many reasons why countries choose more polluting sources of energy. Part of which is costs. The world runs on incentives. Maybe rich countries like the US can subsidize clean energy for poorer countries like India. Because consumption is definitely not going to come down.
Solar energy is currently the cheapest form of energy, cheaper than coal, cheaper than natural gas. You know the conspiracy theories about how the oil companies are keeping perpetual motion machines hidden? Solar panels are literally that. With the caveat that they only work in sunlight. So they're not great when you need energy at night. But even if you triple your costs to account for only working 8 hours a day, they're cheaper than anything else.
But the reason emissions happen is for per-inhabitant benefits. It's a very reasonable idea [0] to set a per-inhabitant goal and criticize countries exceeding that threshold (which the US would still fail at, but I'm arguing against the metric itself rather than US faults).
Take your position to something of an extreme -- the Vatican could open up 200 coal power plants for its holy Bitcoin operations and still be sufficiently less impactful to CO2 than the US that nobody would target them during climate talks. Rephrased from the other direction, each US citizen would blow their CO2 budget by buying a shirt per decade to get down to the Vatican's levels.
That's a common mental failure mode, analogous to the sorites paradox. Countries are made up of many small actors and decisions, and pretending otherwise is unlikely to help you achieve your goals.
[0] Mostly -- transitive effects like one country generating all the goods another country uses are harder to account for. Assuming we could measure perfectly though...
12% is quite low considering that the US is responsible for >20% of global industrial output.
Not really, by that metric Europe still comes out ahead.
Of course, Europe has relatively little carbon intensive industry. The US is the world's largest producer of oil, beef, and other things with an intrinsically high carbon footprint. The carbon intensity of industry is a byproduct of geography and geology.
Europe has a relatively high carbon footprint per unit of output for things like animal husbandry compared to the US, they just don't do enough of it for it to add up.
>Of course, Europe has relatively little carbon intensive industry. The US is the world's largest producer of oil, beef, and other things with an intrinsically high carbon footprint. The carbon intensity of industry is a byproduct of geography and geology.
This also works in reverse, eg. US importing goods from china and therefore not being on the hook for emissions generated by those goods. ourworldindata has another page that compares the difference between consumption based emissions and territorial emissions[1]. Looking at that page, consumption based emissions are 11% higher for the US vs 27% for the EU. That makes the US look better, but it's not enough to cancel out the fact that the US is 63% more carbon intensive than the EU.
You're kinda contradicting yourself. You're right that it's about absolute numbers. But then you use a percentage.
perhaps 12% for 5% of the global population is too high. But you dont want to relate it to population. Relating to number of countries is rather non-sensical. Some are big (by productivity, area, population, etc.), some are tiny.
How is that fair when a lot of industrial production was shifted to one region of the globe specifically? It would be impossible without a lot of guessing and estimations, producing questionable data, but you would have to include CO2 attributable to exports and imports.
Which is just too hard, and too open to change assumptions to fit a desired result.
Because in reality, much of the globe's economy is waaayyyyy too interconnected, and the arrows don't just point one way. Feedback loops without end.
That whole "this/that country..." just does not work, except to fill comment sections. The systems are global.
>It would be impossible without a lot of guessing and estimations, producing questionable data, but you would have to include CO2 attributable to exports and imports.
>Which is just too hard, and too open to change assumptions to fit a desired result.
See: https://news.ycombinator.com/item?id=45762344
No, it's pretty straightforward. Count where a given good is consumed rather then where it's produced. It has to be estimated, but that's also the case for territorial emissions or other economic figures like GDP, but we don't throw our hands up and say "well it's too hard and too prone to fudging so we might as well not bother".
>Because in reality, much of the globe's economy is waaayyyyy too interconnected, and the arrows don't just point one way. Feedback loops without end.
What "feedback loops" are you talking about?
>That whole "this/that country..." just does not work, except to fill comment sections. The systems are global.
Ok but surely you must recognize that the US, where the average person drives a pickup/SUV to work is emitting more carbon than something like India where the average person gets around by walking or using motorbikes? That's the concept that conversations like "US emits more carbon per capita" are trying to capture. "The systems are global" sounds like an excuse to continue driving a F-150 to work because of some spurious arguments about how hard it's do to do carbon accounting 100% accurately.
>And that's before taking into account imported CO2.
It doesn't really make much of a difference. For US specifically there's about a 10% difference.
A good thing from whose perspective? From the perspective of US it would always be a bad thing. Why would you ever want to concede something and limit yourself without proportional concessions.
To grow “soft power”. Especially by agreeing to things you probably would have done anyway.
But think about it from the perspective of a US that wants to reduce carbon emissions. Why not simply throttle carbon emissions directly?
Super weird that they don't factor in productivity at all. Don't take me the wrong way I hate the fact that the United States thinks the only way to do anything is to burn fossil fuels, but that doesn't change the fact that our output per capita has got to be 10x the countries we are being compared against in this article.
In what sense? Does an American bolt factory produce 10x as much bots per worker, or is the American bolt just 10x more expensive?
I think in the sense that if you look at the ratio of say GDP (https://en.wikipedia.org/wiki/List_of_countries_by_GDP_(nomi...) to CO2 emission, you could get _a_ metric of efficiency. The product produced vs the emissions produced.
There's a chart that does this directly: https://ourworldindata.org/grapher/co2-intensity
In some cases, I’d argue it might ironically be a worse metric. Case in point, a large AI adjacent firm like NVIDIA - or even OpenAI - that is both “creating gdp”, but also worsening stuff. I’d say a farmer farming in a sustainable way might have a near 0 gdp compared to Sama, but environmentally is much better.
Agree that not all gdp is equal or beneficial. However, I think most people would be remiss to the idea of giving up on science and technology and a return to the agricultural era.
Agree, to clarify, I’m specifically skeptical of the US GDP as much of it seems of a very bubble-like and speculative nature. Tesla (stock) pre NVIDIA was probably the poster boy for the longest of times.
That perspective also helps to understand the position that any call for radical climate action must be a weaponization of competing economies to weaken the leader of the pack. So it is very bad framing. Do the work cheaper, better, and at scale. By doing it more efficiently you win. Oh, and of course you'll be more innovative too.
GDP doesn't differentiate between good and bad things and for climate change it would be border line circular because natural disasters like floods and hurricanes are "good" for the GDP (reconstruction effort is a net positive, destruction itself is not subtracted).
> I was hoping to see a comment like this. These sorts of “global collaborations” seem to always end with the US carry all the water, and the goal from the other countries perspective is to throttle the US. Like the Paris Accords.
I agree 100%.
I don't see the benefits here.
Do you have even a slightest proof for your claim?
This is an example of US not carrying "all the water." The second link shows that the EU+UK (countries + institutions) sent more food aid than the US. The UK has roughly 1/5 the population of the US and sent more than 1/5 as much as the US. Or, the UK has roughly 1/8 the GDP of the US and sent far more than 1/8 as much as the US.
Also, the data is 2014-2018 when US food aid was managed by USAID. What is the US percentage now that USAID has been eliminated?
The us share of world gdp was between 22-27% and it was contributing 36%.
Secondly, this is only external aid, internally the US far outspend most countries with 100B towards SNAP. Most euro nations don't even have food stamp like programs.
If you're trying to convince someone (other countries the US) the burden of proof is on you.
Proof for his claim that this is how it seems to him? Isn't the proof self evident - he said it seems that way. Obviously this doesn't immediately make it true but asking for "proof" mischaracterizes the nature of his statement.
What about non-proliferation treaties which have prevented the vast majority of countries from bankrupting themselves in an existential sprint to nuclear weapons?
Don't worry, China is willingly replacing the US in these global collaborations.
Say what you want about this treaty but China is running circles around you regarding Paris.
What point are you trying to make? I'm honestly not sure. Is it that China is polluting a lot? Or a little? That they are making environmental progress? Or none?
They they are exceeding their initial commitment. Talking about pollution in your tone is also a bit rich coming from the biggest net polluter in all of history.
What percent difference in reduction do you see if they didn't sign the treaty?
You know what the fun fact that everyone I hear complain about the US spending more than is fair on international projects ignores or appears ignorant of?
When you’re the one carrying the water, you get to decide where the water goes.
I actually prefer regimes like NATO where everyone is happy to leave the US in charge and doesn’t arm themselves. For all the projection of “strength” the current admin gives off, they are on their way towards reigning over a kingdom formed from the ashes of the republic's empire
I prefer multilateralism, but I do think there are challenges when every country that isn't the biggest smashes the 'defect' button as many times as they can.
Most US foreign aid is delivered as bombs, and/or directly funding the terrorists.
And if not directly funding the terrorists, creating a situation so stupid that it will lead to a fresh batch for next years war.
Neither the people paying for it, nor the people receiving it want it to be done that way.
And don't forget the tertiary effects as we displace millions with those bombs, only to take in a large number of "asylum seekers" from the countries we "aided".
IMO this is all by design, and there are a non-zero number of NGO operatives on this very site who are frustrated that anything is impeding that plan.
Poor US always being bullied by everyone else. What kind of world have you been living in where the reality is not the exact opposite??
Eh, there are a bunch of these kinds of treaties the US won't sign because for most of the signatories they're inconsequential but they're a huge lever for other countries to take sovereignty from the US.
That's right. If this is happening in the wrong nation - it's totalitarism and evil. If this happens in the correct nations, which are on the bright side - then it's democracy.
This but non-ironically.
(Unfortunately the current United States administration makes the nation much closer to one of the Bad Nations, though, so it's kind of moot anyway.)
It's also crucially important that the person deciding "right" and "wrong" here is an Atlantic Council fellow, otherwise that would also be Bad.
Damned if you do, damned if you don't. If they hadn't signed the treaty, people here would be saying it's proof those countries support cybercriminals.
Aren't treaties with the US meaningless by default, unless ratified by 3/4th of Congress?
No. Like many countries, the US requires legislative ratification of treaties, but by 2/3 of the Senate, not 3/4 of the Congress. The US has the same obligations as any non-ratifying signatory with regard to treaties it has signed but not ratified.
Contrast this to the EU where all treaties are automatically law across all members.
That's not how the EU works. As an example take the Mercosur treaty: it has 4 parts. The first post is straight up trade rules, an area that the Eau member states delegated to the EU. This part was directly valid once signed.
The other three parts all concern areas not delegated to the EU. To become law, all three parts have to be approved by the EU parliament and the EU council (which consists of the heads of the executives of the member states) and the local parliaments of the member states. Depending on local law, even regional parliaments have to approve it (Belgium is such a state). The final implementation of Mercosur is not expected before 2028.
Surely signing it would signal willingness to get along? What would be the downside?
> surrenders power to a regime with partial control by objectively bad actors
...do you think we are a regime with good actors? Why? What signals of morality or competency do you look for?
Right. Its not like recent statistics showed that the US was the place where most of the cyberattacks originate. And its not like both the US and UK are openly saying that they are maximizing cyberwarfare against everyone as if it was something to be proud of. The country that is facilitating a livestreamed genocide in Gaza, is the 'good guys' to be trusted in cyberwarfare, for 'some' reason.
But, then again, in the Angloamerican culture, its always 'others' who are evil. Never itself.
Out of curiosity, can you give me an example of a presently extant culture that does view itself as evil?
The UK maybe?? The always had a little self loathing tendencies and since they decided their past Empire was actually quite evil, that seems to have become worse.
> Right. It’s not like recent statistics showed that the US was the place where most of the cyberattacks originate.
Link?
> And it’s not like both the US and UK are openly saying that they are maximizing cyberwarfare against everyone as if it was something to be proud of.
Link?
> The country that is facilitating a livestreamed genocide in Gaza
Which country is that? And where’s the livestream streaming?
Wait, what data are you seeing where most cyber attacks are originating from the US? I work in security at a place with some of the best threat intelligence globally, and there are indeed attacks from the US, even the government, but the idea that MOST cyberattacks originate from the US would be completely shocking to me. Is there some qualifier you're not including or maybe you misremembered "most targeted" as originated?
I'm not really trying to get into the political part of it fwiw.
Dont give it another second of thought. Parent poster's actual name is Dumbledope. Safe to ignore and move on.
Screw game theory, I have the bigger stick. This is how everyone goes "defect" and you enter an arms race. https://en.wikipedia.org/wiki/Prisoner%27s_dilemma
Never mind, we already crossed that line: https://www.bbc.com/news/articles/c4gzq2p0yk4o
> Never mind, we already crossed that line: https://www.bbc.com/news/articles/c4gzq2p0yk4o
This was a very proportional response to Putin[1] the other day, so it's still technically game theory.
[1] https://www.reuters.com/world/china/putin-says-russia-tested...
Almost no rebuttals on the internet are intellectually honest these days. Take the same exact action by a President of the alternative party, and it's considered "decisive", "shows our enemies we mean business". But since it's not coming from your political party, it's "oh no, what is this guy doing. He's going to get us all unalived."
> It also creates legal regimes to monitor, store and allow cross-border sharing of information without specific data protections. Access Now’s Raman Jit Singh Chima said the convention effectively justifies “cyber authoritarianism at home and transnational repression across borders.”
None of this sounds good for privacy and data protection.
Opting out of the treaty was probably a good choice. Opting out doesn’t preclude the US from cooperating with international cybercrime investigations, but it does avoid more data collection, surveillance, and sharing.
Err... yeah, because that's what USA based companies are known for - PII protection and data privacy?!?
Maybe there is some more complexity to this argument, that I'm missing. But, it's not one that has merit without justification.
Is your argument that because you don’t think US companies are good at PII, we need to force those companies to share their PII with 70 other countries on request?
> Maybe there is some more complexity to this argument, that I'm missing.
I think you’re missing the entire argument. Why would it be a good thing for a country to volunteer its’ companies PII through a treaty with foreign governments like Russia, North Korea, and China?
Well, yes. Compared to most countries that have signed this treaty, the US has excellent protections for PII and data privacy.
But that's beside the point. The most objectionable parts are about state surveillance and the potential for human rights abuses.
For example, here's what the EFF had to say about it:
https://www.eff.org/deeplinks/2024/07/effs-concerns-about-un...
I wouldn't exactly call them "excellent", but yeah I think the big caveat is
> the US has excellent protections for PII and data privacy
*for _US nationals_ :)
US-based companies probably have the most sophisticated PII & data privacy compliance schemes globally. Sure, that's mostly due to obligations imposed on them by jurisdictions outside of the US, but it is still true.
We're talking about privacy / data (ab)use for military purposes. Those compliance schemes you speak of matter naught.
> We're talking about privacy / data (ab)use for military purposes.
What? No, we're not. What gave you that impression?
Opting out was the right thing to do. This is Badthink monitoring in the guise of cybersecurity.
Previous threads:
https://news.ycombinator.com/item?id=41207987 ("EFF’s concerns about the UN Cybercrime Convention (eff.org)", 99 comments)
https://news.ycombinator.com/item?id=39129274 ("Proposed UN cybercrime treaty has evolved into an expansive surveillance tool (eff.org)", 64 comments)
https://news.ycombinator.com/item?id=41210110 ("New U.N. Cybercrime Treaty Unanimously Approved, Could Threaten Human Rights (scientificamerican.com)", 53 comments)
https://news.ycombinator.com/item?id=41221403 ("UN Cybercrime Convention to Overrule Bank Secrecy (therage.co)", 42 comments)
When countries like North Korea, which depends on cybercrime to fund itself, are signatories, you have to wonder whether this agreement means what its title says.
The old “think of the children/fight terrorism/support our troops/be a good person” style of naming propositions to destroy data privacy.
They have also had the longest on going embargo on earth right after they were nearly wiped out by a genocidal war on behalf of the US.
I don't doubt their history explains the shape of their economy.
This may seem like I am defending North Korea, but in reality I am putting in perspective who/why they are. Facts which nearly amount propaganda to western nations.
I don't think it's right to blame ordinary North Koreans for the state of their country like that. Clearly it has more to do with the paranoid authoritarianism of 1 guy, rather than the collective war trauma of the people. Just look at South Korea, the other party of that "genocidal war". They moved on a long time ago, because their national politics allowed them to.
Nice to see abstention from Canada, Finland, Japan, South Korea, India, Iceland, Germany, Mexico, and Switzerland as well. Not everyone is on board with this (for good reason), it’s not just the big bad US ignoring the rest of the world.
Given the presence of some extremely authoritarian states on the list of signatories, the fact that the UK and France signed on seems to confirm my suspicions about the trajectory of freedom in those countries. And surprisingly Sweden! I feel like Mullvad users should be concerned.
All better company than the countries listed as signatories.
I’m actually not sure about Germany though. I almost posted a similar list above but then I noticed the European Union is listed as a signatory, so not sure where that puts the EU members not listed: https://treaties.un.org/Pages/ViewDetails.aspx?src=TREATY&mt...
This is indeed strange. Can the EU sign treaties that are binding on all member countries? And if so, what’s the deal with France and other countries signing on redundantly?
Edit: another commenter mentioned something about treaties needing to go through the EU parliament and council if the areas of concern aren’t delegated to the EU. Not sure which side of the fence this falls under, and I bet there are some potential legal challenges waiting regardless. So perhaps France is hedging its bets by signing on as an individual nation, indicating its willingness to implement the treaty no matter what happens with the rest of the EU. But I am no expert on EU bureaucracy and politics!
> Can the EU sign treaties that are binding on all member countries?
That depends on the topic of the treaty.
The EU member countries have delegated their decision making powers on certain limited number of topics to the EU institutions, like The EU Commission, The EU Council or possibly others. One such topic is the trade. As a result, all EU countries share the same trade policy.
For other topics, where there is no such delegation in place, everything needs to be ratified by every member country individually.
I am unsure into which category this particular treaty falls.
> But I am no expert on EU bureaucracy and politics!
I’d be shocked if anyone alive is.
A couple of weeks ago the Council of the EU authorized both the Commission and members to sign onto this convention. That’s the best I’ve got and it still doesn’t tell us if this is would apply automatically to Germany and others without them signing on, but I guess in theory it helps the convention get over the 40 signature threshold if it weren’t going to already. Signing on still isn’t done either as it runs from October 25th 2025 through December 31st 2026.
PS: if you saw a previous version of this comment, your eyes weren’t fooling you, I just got taken for a ride by a bad source that confused the Council of Europe with the Council of the EU so I nuked it.
Why would the US give away it's power? I do not see anything to gain here. At least 2 of the big players are duplicitous bad actors (ie take more than they give) ... If they want prove otherwise then let Tencent teams compete in public CTFs again and disclose 0days.
What power? The US gave up power by not signing. The treaty is standardizing the process for sharing cybercrime evidence and prosecuting individuals. It has signatories pledging to align their laws and create new ones to make the same cybercrime illegal.
This isn't giving any country any sole power over cybercrime prosecution decisions.
Signing on to bad treaties is bad. Treaties can both restrict what you can do and compel you to do things that you don't want to.
For example: "Compelled Technical Assistance: The draft requires countries to adopt laws enabling authorities to compel anyone with knowledge of a particular computer system to provide *necessary information* to facilitate access."
The US would have to have laws that would force you to provide login information to systems if the government wanted access to it. This would run contrary to the 5th amendment.
https://www.eff.org/deeplinks/2024/07/effs-concerns-about-un...
And what's that thing about treaties and the Constitution?
SC has already ruled that when treaties and the constitution conflict, the latter is supreme.
> cybercrime — which the U.N. estimates costs $10.5 trillion around the world annually.
That's almost 10% of global GDP. Who comes up with these numbers?
It will all make sense once you realize who works at the UN, basically nepo babies of all colors and variety, including second cousins of Saudi royalty etc.
It might be including the cost of the entire cybersecurity business sector? Salaries of security engineers, security vendors, etc. Not just fallout from hacks.
edit: cybersecurity ventures seems to be the real source for the 10.5T number: https://cybersecurityventures.com/cybercrime-damage-costs-10...
Apparently their methodology is just assume $3T cybercrime cost in 2015, then compound it by 15% annual.
[flagged]
complete and utter nonsense. you have to be innumerate to believe that $1 in $10 is being stolen by cybercriminals.
Wow so the hosts and beneficiaries of cybercrime wrote a treaty on it (with a ton of additional surveillance mandates included, of course) and the US didn't sign on. How disappointing.
Couple clicks to get to the list so here it is. Not countries I usually associate with caring about privacy.
Algeria,Angola,Australia,Austria,Azerbaijan,Belarus,Belgium,Brazil,Brunei Darussalam,Burkina Faso,Cambodia,Chile,China,Costa Rica,Côte d'Ivoire,Cuba,Czech Republic,Democratic People's Republic of Korea,Democratic Republic of the Congo,Djibouti,Dominican Republic,Ecuador,Egypt,European Union,France,Ghana,Greece,Guinea-Bissau,Iran (Islamic Republic of),Ireland,Jamaica,Mozambique,Namibia,Nauru,Nicaragua,Nigeria,Palau,Papua New Guinea,Peru,Philippines,Poland,Portugal,Qatar,Russian Federation,Rwanda,Saudi Arabia,Slovakia,Slovenia,South Africa,Spain,Sri Lanka,State of Palestine,Sweden,Thailand,Togo,Türkiye,Uganda,United Kingdom of Great Britain and Northern Ireland,United Republic of Tanzania,Uruguay,Uzbekistan,Venezuela (Bolivarian Republic of),Viet Nam,Zimbabwe
Sweden, Uruguay and Portugal are on that list, to name a few more advanced countries. Seems like a pretty good list.
I wonder what countries you do associate with data privacy.
Clearly when one thinks of data privacy they think of China, Venezuela, Russia, Congo, DRPK, Saudi Arabia, Turkey, Iran, Belarus, etc etc etc
Ah -- sarcasm.
You're absolutely right. When thinking of data privacy people think of the USA, where you can be sent off to a gulag island if a random officer does not like what he sees on your personal phone -- which he is, of course, legally allowed to search for no good reason.
I am curious about which countries do you associate with privacy.
> curious about which countries do you associate with privacy
Estonia, Iceland, Switzerland, the Nordic countries and America.
America? The one with all the spying, NSA, Patriot Act, this America?
> America? The one with all the spying, NSA, Patriot Act, this America?
Yes. We do all of that. But so does practically everyone else. The difference is our federal structure and--until recently--independent courts provided a bit more oversight than other countries' citizens had access to. And we've had--until recently--respect for privacy held deeply enough by enough people that it turns into a stink at the federal level in at least some respect.
Most countries have national logging requirements, disclosure requirements and domestic police with the powers of the NSA. (America remains one of the few countries in which one can form a legal entity with zero identification.)
Obviously if this agreement conflicts with the patriot act, it’s unpatriotic and America is right not to sign it.
The typical answer to this would be places like Switzerland, Germany and the Cayman Islands.
You are dead wrong about Brazil, our legislation about online privacy is pretty advanced. The European Union is not a country but has pretty solid legislation as well. Other South American countries on the list are pretty good as well.
You seem to be making a blanket statement about “not the first country I think about when…” of places you know nothing about.
Russia in particular is turning the blind eye on en masse cyber crime that is originating from Russia. Russian hackers in the last two decades stole millions of credit cards from US and EU and hacked numerous banks and still the biggest Russian cyber criminals are at large in Russia. Just look at the FBI's top 10 wanted for cyber crime.
RU cybercriminals pay bribes to RU law enforcement to stay out of trouble as well as bend the knee and work for GRU/KBG when called upon for various requests by them.
then there is also the unspoken rule of "dont shit where you eat" aka RU/CIS based ransomware operators and hackers cant attack any companies in the CIS region.
a good read, https://www.recordedfuture.com/research/dark-covenant-3-cont...
I think you're misreading the situation. As far as I can tell, Russia has every reason to want to continue engaging in heavy cyber-criminal activities. I don't think this is the virtuous Kremlin turning a blind eye. This is a classic case of deception. Look at my left hand, so you don't see what my right is doing.
They see it as asymmetrical warfare, I know that; but if US would let US cyber criminals steal millions of Russian and Chinese credit cards or some other PII, I would perceive that as distasteful and not as a form of counterintelligence.
I bet that’s the real reason why
https://www.reuters.com/investigations/inside-trump-familys-...
full list of signatories: https://treaties.un.org/Pages/ViewDetails.aspx?src=TREATY&mt...
Thanks, this should be added to the OP
What's the difference between this and the first link you shared?
That seemed to an EU thing
But I note the treaties.un.org link is signatories as of late 2024.
Why are they not publishing the current signatories? This is absolutely not something that should be murky.
you can see at the top of the page it says:
STATUS AS AT : 30-10-2025 09:16:00 EDT
It's a very good thing the US has declined to sign this. The digital rights community has been campaigning against it since its proposal by Russia in 2017. The US not signing it is a small victory across a very large loss. Many explainers like https://www.eff.org/deeplinks/2025/10/joint-statement-un-cyb...
Ya, this isn't surprising.
https://www.atlanticcouncil.org/blogs/new-atlanticist/the-un...
> states parties are obligated to establish laws in their domestic system to “compel” service providers to “collect or record” real-time traffic or content data.
That's probably the biggest poison pill. The whole data sharing thing got watered down to the point of farce. Of course the EU won't extradite Russian LGBT activists under this law. But similarly, how likely do you think it would be for North Korea to extradite its own state-sponsored cybercriminals? They can simply claim that doing so would go against their "sovereignty, security, or other essential interests". Case closed!
Has the UN actually solved any problems in the last 40+ years? It seems like a massive bureaucracy that is absolutely ineffective. They have been completely ineffective with respect to Ukraine, Gaza, COVID, any other conflict around the world.
When the W.H.O. went into China to "investigate" the COVID virus and came back saying "Nope, nothing to see here!" was probably one of the most predictable and pathetic things from the UN.
text of the treaty: https://www.unodc.org/unodc/en/cybercrime/convention/text/co...
I wouldn't get excited about the US "not signing". With the government shutdown, they might just be waiting for the document to be in New York before they bother. Hanoi is far.
64ss1: This Convention shall be open to all States for signature in Hanoi in 2025 and thereafter at United Nations Headquarters in New York until 31 December 2026.
Article 37 is spooky. Expands extradition to where there might not be preexisting extradition treaties.
Fuck article 11. It's the EU's "any program for committing cybercrime is a crime" law, and makes programmers culpable. IANAL, but it actually looks like it criminalizes the entire software supply chain. Sure, there's a clause in there that looks like it's supposed to protect security research (11s2) but this is the thinnest of loincloths.
It also seems to apply to "crime where there was a computer somewhere around". As for what constitutes "crime":
Article 2:(h) “Serious crime” shall mean conduct constituting an offence punishable by a maximum deprivation of liberty of at least four years or a more serious penalty;
...that seems to mean that if publishing information against the state regime is punishable by 4+ years and you used a computer to do it, there is now a basis for seizing your data and extraditing you.
I'm not even going to get into the implications this has for damaging privacy in general. This is some dark ass shit.
Article 29: Real-time collection of traffic data
- (ii) To cooperate and assist the competent authorities in the collection or
recording of; traffic data, in real time, associated with specified
communications in its territory transmitted by means of an information and
communications technology system.
And more so:
3. Each State Party shall adopt such legislative and other measures as may be
necessary to oblige a service provider to keep confidential the fact of
the execution of any power provided for in this article and any
information relating to it.
Upon a reading, a "cybercrime" can be as simple as saying 'Kim Jong Un is a fat dumbass' on social media.
And since it was said on a computer, combined with insulting 'His Glorious Leader (spit) ' is a death penalty, thats a extraditing cybercrime.
Sure it could be argued thats not a real example. But given OFCOM's recent stunts of sending british compliance letters to US firms with no british presence, I'd rather not have other countries manufacturing shit laws and exporting to us as a "treaty".
The title sounds more ominous than it really is. Why would the US want to weaken their position when it comes to advancing their cyber warfare weapons. Unrestricted they don't even need to pretend to be playing nice. I prefer the honesty at least.
US knows this treaty is a joke. No point in signing when the bad actors are already in.
When Cambodia is a signatory, you know this is just whitewash, or even 'protective intelligence' ie using the shared international intelligence to protect the scams and evade enforcement. Keep your enemies close.
The government is shut down, treaties need to be ratified by the Senate.
The executive branch is shut down. The Senate is still in session.
(The House of Representatives is effectively shut down, but only because the Speaker of the House has been unilaterally putting it into recess at the beginning of every session. The House Republicans all voted to grant the Speaker the power to do this whenever he wants, at the beginning of their current term.)
> The government is shut down, treaties need to be ratified by the Senate.
The President isn't shut down, and only the President is needed to sign a treaty; it is submitted for ratification later and that, absent a deadline in the treaty, can take as long as it takes.
Also, even if the Senate was required to sign a treaty, the Senate isn't shutdown, and is in session and doing business.
The United States is taking an indefinite hiatus. Please check back later.
No thank you and I’m loath to see the EU sign up to this with a ton of authoritarian states. Things like this and the continued pushing of stuff like Chat Control has convinced me the EU stands to turn our countries into flawed democracies and eventually authoritarian states.
It's remarkable context that the Russian government authored this UN treaty,
> "Russia, however, Rodriguez said, has objected to the convention for infringing state sovereignty by allowing other nations to investigate cybercrimes in its jurisdiction. So in 2017, Russia proposed negotiating a new treaty, and in 2019 the UN adopted a resolution to do so, backed by Russia, Cambodia, Belarus, China, Iran, Myanmar, Nicaragua, Syria and Venezuela."
https://www.theregister.com/2023/04/14/un_cybercrime_treaty/ ("Russia-pushed UN Cybercrime Treaty may rewrite global law. It's ... not great")
> "It was proposed by Russia in 2017 and adopted by the General Assembly in December 2024 amid resistance from human rights organizations"
https://en.wikipedia.org/wiki/United_Nations_Convention_agai...
lol and the same politicians who call everything a Russian plot to influence Europeans run and sign this. The loss of shame is one of our main problems in modern politics on all sides. The professional politician industrial complex has to go.
the US makes smart decision unlike 70 countries, fixed the title
Don’t have to look far to find out why.
Per the article: “Illicit flows of money, concealed through cryptocurrencies and digital transactions, finance the trafficking of drugs, arms, and terror. And businesses, hospitals, and airports are brought to a standstill by ransomware attacks.”
Then there’s this: Inside the Trump family’s global crypto cash machine https://www.reuters.com/investigations/inside-trump-familys-...
All this would do is drive criminals to poorer countries that can't stop crime as well. Just like many scammers being based in South Asia, or billionaires moving their money to tax havens. It just takes one country to allow this stuff or at least not stop it, and your treaties are just pieces of paper.
Any treaty joined by Russia is compromised from the start.
Just a reminder that the UN exists as a place where countries with very opposing points of view can have a forum for discussion. A treaty put forth by the UN, or a declaration by the UN, does not automatically mean that it is good or aligned with your values in any way shape or form.
UN should move its HQ outside of US. It is obvious they have become a bad host.
Now that's an idea I think a lot of people can get behind. From the left, the US is a bad host. From the right, get those globalists out of my country. Everybody wins.
I mean, that's true, but not because they won't sign onto a global dragnet treaty with Russia and China.
China especially actively fabricates crimes for Chinese dissidents living outside its borders, and this is a perfect vehicle to allow them to track and monitor those people with ease.
The UN should stick to environmental treaties
Let me guess - the "treaty" really means setting up a UN-run organization that will oversee global cybercrime defense. Let's check out the last time that happened. Oh yeah, the WHO. The WHO that lied about the coronavirus and said it isn't airborne despite overwhelming evidence to the contrary.
notably absent are the netherlands and germany… wonder why this is!
Once again, Chat Control is a never ending battle.
> The U.K. and European Union joined China, Russia, Brazil, Nigeria and dozens of other nations in signing the convention...Human rights groups warned on Friday that it effectively forces member states to create a broad electronic surveillance dragnet that would include crimes that have nothing to do with technology.
Countries like Nigeria, Morocco, North Korea and Russia signing a "cybercrime" treaty is just hilarious to me.
I don't believe for a second that these countries want to crack down on cybercrime, considering their citizens are the main perpetrators and beneficiaries of it, and they've taken zero actions to prevent it before today. Lagos is essentially the Silicon Valley of internet fraud, and it happens with permission from the highest levels of their government.
This obviously is just an excuse to create a global dragnet for governments looking to crack down on dissent.
When it comes to the UN, if Israel doesn’t sign/agree to it. Usually USA follows.
“America first”, right? Load of horse shit.
[dead]
[dead]
[dead]
[dead]
I don't understand why political topics such as international treaties like this are upvoted and kept on the front page? To be clear, I'm in favor of politics being discussed on here, but this is so uninteresting and pointless to discuss IMO. International law can be ignored even by countries that agreed to it. What are you going to do, invade? As pointed out, countries like China and Russia signed onto a cybercrime treaty... pure slop.
Just seems very distracting when actual abuses and interesting political topics are hidden away in /active (like ICEs use of facial recognition)
The USA has chosen Evil here.
This also confirms the PSF foundation being wary. The USA would love to put unaffiliated developers in prison.