There’s a moment, sometimes, when a document looks harmless until you understand who benefits from its vagueness. The UN cybercrime convention, adopted on December 24, 2024, was introduced as a global framework to combat hacking, fraud, ransomware, all the things everyone agrees are real problems. But the heart of the matter is that the treaty is not primarily about those crimes. It has become a tool that allows authoritarian states—especially Russia and China—to expand their idea of “digital sovereignty,” the belief that governments should control not only networks and platforms within their borders, but the actual flow of speech and information online. And once that idea is embedded into an international treaty, it becomes something they can export, dressed up in the language of cooperation and public safety.
The core danger lies in how broadly the treaty allows countries to define what counts as cybercrime. Where democratic societies draw a line between criminal activity and dissent, authoritarian governments deliberately blur it. Criticism becomes “extremism.” Investigative journalism becomes “destabilization.” Mockery becomes “hate speech.” Once the treaty gives states the right to classify online expression as cybercrime, these regimes can claim international legitimacy when they punish speech. It’s all packaged to appear orderly and procedural, as though the act of calling repression “law enforcement” somehow changes its nature.
The mutual assistance provisions are where things start to feel genuinely chilling. When one country accuses a person of committing a “cybercrime,” other signatories may be expected to share data, cooperate on investigations, and assist in prosecution. If that accusation is simply “this person criticized the president” or “this journalist exposed corruption,” the treaty becomes a pipeline. A mechanism for repressive states to reach beyond their own borders. Even if democratic countries push back, the mere existence of that channel shifts the global norm toward treating dissent as a security threat rather than a civic right.
The Budapest Convention, the older framework for cybercrime cooperation, placed strong emphasis on human rights and free expression. It drew boundaries. This treaty does the opposite. It steps back and allows every government to define “dangerous content” however it wishes. And because Russia and China had significant influence in shaping the treaty, the result looks remarkably like their worldview: the internet as territory to be patrolled, speech as something to be licensed, criticism as something that can be criminalized and pursued across borders.
What we’re watching isn’t a dramatic overhaul; it’s something slower, quieter, bureaucratic. A shift where the architecture of the internet becomes less like a shared public square and more like a patchwork of fenced-off zones controlled by whoever holds power. The risk is not that one day the internet will suddenly be closed. The risk is that year by year, treaty by treaty, we wake up to find it already has been, and the fences are simply harder to see because they were constructed through legal cooperation, rather than force.
Leave a Reply