Australia has joined 71 other signatories to back the UN Convention Against Cybercrime, a global effort designed to synchronise cybercrime related legislation and “narrow the operating space” for organised crime by facilitating multinational criminal investigations.
The new convention – which was signed in Hanoi, Vietnam in late October and establishes the world’s first global framework for investigating and prosecuting online offences – was adopted by the UN General Assembly in December after five years of negotiation.
Its provisions require states to criminalise acts like the illegal access to or interception of private data or electromagnetic emissions; interference with electronic data or “serious hindering” of an ICT system; misuse of devices; and ICT-related forgery, theft and fraud.
For the first time, the Hanoi Convention also criminalises the non-consensual dissemination of intimate images across all signatory states, as well as providing victims with access to recovery, compensation, and mechanisms for the removal of offending content.
Australia was “influential” in ensuring these provisions – as well as measures addressing child sexual exploitation and abuse materials (CSAM) and the grooming of children online – were included, DFAT said in explaining the convention’s role in Australia’s cyber defence.
“Holding cybercriminals to account is made all the more difficult as criminal activity proliferates across borders at scale,” Assistant Minister for Foreign Affairs and Trade Matt Thistlethwaite said as he signed the Hanoi Convention on Australia’s behalf.
“Cybercriminals can establish themselves, in one country, utilise the forced labour of nationals of another country, and target victims in a third country.”
“In this scenario, which one government can overcome this challenge?” he added, noting that the convention “will eliminate unintentional safe havens” for ransomware gangs, fraudsters, sex traffickers, nation-state hackers and other malicious online actors.
From controversy to consensus: years of negotiations bear fruit
Adoption of the UN convention comes amidst surging losses to cybercriminals that have been projected to take $16 trillion ($US10.5 trillion) from world economies this year alone.
UN Secretary-General Antonio Guterres [L] joined Vietnam Prime Minister Pham Minh Chinh [R] to welcome global delegations to sign the Hanoi cybercrime convention. Photo: Supplied
Yet despite cybercriminals’ growing capabilities and AI-fuelled efficiency, it took nearly six years for the UN convention to come to convention after it was, ironically, proposed by a contingent from Russia – one of the world’s most active cybercriminal sponsors.
That 2019 proposal – originally framed as a resolution to form an “expert group to conduct a comprehensive study on cybercrime” – was contentious among a “sharply divided” UN membership, Australian Strategic Policy Institute senior analyst Gatra Priyandita noted.
Australia and 59 other countries voted against the initial proposal, arguing that the 2001 Budapest Convention – supported by 76 states – had provided adequate enforcement and human rights protections that could be diluted during negotiations for a new convention.
Early in negotiations, Russia proposed a broad range of offences and “an erosion of democratic and human rights safeguards”, Priyandita said, while Iran proposed removing a range of human rights safeguards in a move that was widely rejected by other states.
Australia was so sceptical of the “rollercoaster” process – which Home Affairs Deputy Secretary Brendan Dowling said originally had “many provisions that were dangerous for human rights and political freedoms – that it refused to get onboard.
Australia was influential in ensuring provisions that criminalised the non-consensual dissemination of intimate images were included in the UN convention. Photo: Shutterstock
Its support, Dowling said, was contingent on the formal adoption of the new convention by the UN General Assembly – which ultimately happened in December 2024, paving the way for the formal signing in Hanoi.
A new era of collaboration
Some 72 signatories ultimately adopted the convention – including, significantly, the UK, France, Russian Federation, China, Iran, Nigeria, and European Union even as the United States, New Zealand, South Korea, Israel, Japan, and other Western allied powers demurred.
Yet having achieved the required number of 40 signatories the convention will be formally ratified by the UN after 90 days, with the governments of signatory countries required to enact domestic laws that meet the requirements outlined in its provisions.
It “will ensure a global uplift in capability… and narrow the operating space for organised crime groups,” Thistlethwaite said, “using a human rights-based approach… to ensure our efforts to combat cybercrime do not come at the expense of the rights we seek to protect.”
The multinational convention provides “a clear pathway” for sharing digital evidence across borders, which UN Secretary-General António Guterres said “has long been a major obstacle to justice with perpetrators in one country, victims in another, and data stored in a third.”
As “a powerful, legally binding instrument to strengthen our collective defences against cybercrime,” Guterres said, the convention “is a promise that fundamental human rights such as privacy, dignity, and safety must be protected both offline and online.”
“It’s a vow that no country, no matter their level of development, will be left defenceless against cybercrime.”
