Open Net has issued a statement opposing the UN’s Cybercrime Convention and calling on the South Korean government not to join it. The UN Cybercrime Convention, adopted at the end of 2023, is scheduled for a ratification-promoting event in Hanoi on October 25–26. Although the Convention is framed as an international effort to combat cross-border cybercrime, South Korea’s ratification would significantly weaken domestic human rights protections. The government must not be swayed by public fear following recent cyber-enabled human trafficking and fraud incidents, such as the Cambodia scam network cases.
The Convention poses three major risks:
- Over-criminalization of online expression
The Convention requires states to criminalize not only cyber-attacks but also any traditional crime when committed through digital means. Its expanded definition of “fraud”—focused on causing property loss through false information—could be misused to create a “false information” crime, reminiscent of the “rumor dissemination” provisions used by authoritarian governments to suppress dissent. The Convention’s principle that “what is illegal offline must also be illegal online” ignores the core distinction between harmful acts and protected expression. Online expression is protected unless it creates a clear and present danger, a principle the Convention fails to acknowledge. - Mandatory surveillance powers for all crimes
The Convention obligates states to adopt six forms of invasive investigative powers—data preservation, production orders, electronic search and seizure, real-time traffic data collection, and content interception—applicable to any crime. This risks normalizing warrantless surveillance in countries lacking strong rule-of-law safeguards. Korea, too, would need new implementing laws mandating prior data preservation, a requirement it previously rejected when choosing not to join the Budapest Convention due to privacy concerns. - Unchecked cross-border data sharing
The Convention further permits states to share data acquired during investigations with foreign authorities outside existing mutual legal assistance processes. Once one state collects data, sharing it with multiple others multiplies privacy violations.
A major concern is that Korean citizens using foreign servers could be subjected to surveillance by foreign law enforcement lacking any constitutional duty to consider their privacy. That data could then be handed to Korean authorities, circumventing domestic judicial oversight. Unlike the Budapest Convention, the UN draft lacks a political-offense exception and sets a low threshold for “serious crimes,” leaving room for abuse by authoritarian regimes.
Given these risks, Open Net urges the Korean government not to join the UN Cybercrime Convention. If international cooperation on cybercrime is necessary, Korea should instead strengthen and modernize existing mutual legal assistance frameworks rather than adopting a treaty that threatens privacy and freedom of expression.
0 Comments