That is a fairly bad take tbh.
I mentioned this in my previous comment about this treaty, and the primary driver is the fact that most countries (especially China, Russia, Singapore, South Korea, Saudi Arabia, UAE, Iran, India) are NOT parties of the Budapest Convention because of the Censorship or Surveillance portions.
Now that offensive security capabilities have proliferated, some amount of norms are required (which is what Article 12, 13 and 17 touch on), but the countries listed above will not budge on their censorship or surveillance stance.
This treaty is itself is a result of the Track 1.5 Dialogues around cyberwarfare happening between the 5 Eyes and China [1][2] after tensions became dangerously bad in the early 2020s.
If letting China continue their Great Firewall means we can formalize the rules of engagement for gray-zone operations using a third party (Appin/India, LockBit/Russia, ChamelGang/China or NK), so be it.
The UN treaty is superseded by American jurisdiction anyhow.
> future of a free internet
The internet was never truly free. Access was always arbitrated by telcos (and a major reason why the tech industry has been a major donor to the EFF) who themselves are strongly regulated by governments.
The difference is, the internet isn't only a Western project anymore, and consensus will need to be formed with other nations, unless we want to end up forming regionalized "internets"
[0] - https://news.ycombinator.com/item?id=41210110#41211961
[1] - https://www.chathamhouse.org/about-us/our-departments/intern...
[2] - https://www.idcpc.org.cn/english2023/bzhd/202406/t20240618_1...
>This treaty is itself is a result of the Track 1.5 Dialogues around cyberwarfare happening between the 5 Eyes and China [1][2] after tensions became dangerously bad in the early 2020s.
>If letting China continue their Great Firewall means we can formalize the rules of engagement for gray-zone operations using a third party (Appin/India, LockBit/Russia, ChamelGang/China or NK), so be it.
>The internet was never truly free. Access was always arbitrated by telcos
>the internet isn't only a Western project anymore
None of what you wrote here is an argument for mandating data collection, as outlined in articles 29 and 30. Those two articles are unrelated to your points here. They aren't about establishing norms for an existing phenomenon or about preventing or regulating cyberwarfare between the US and China or about formalizing rules of grey zone operations. It's just a requirement for data collection.
Data Collection was one of the primary reason why Russia, China, India, Singapore, and other nations did not become parties to the Budapest Convention (the precursor to this treaty) [0][1]
Most nations other than the US, Canada, EU, and Japan mandate collection and retention of metadata by ISPs and Online Services, and this was a major sticking point that lead to the inefficacy of the Budapest Convention.
> Those two articles are unrelated to your points here
I just gave links to the currently ongoing Track 1.5 dialogues to show the ongoing diplomacy work that has started over cybercrime in the early 2020s.
[0] - https://www.uscc.gov/sites/default/files/Research/China%20In...
[1] - https://ccdcoe.org/uploads/2018/10/InternationalCyberNorms_C...
Then they should just not mention data collection at all if there is no agreement on it. "These countries are already doing it" is not a good reason to agree to something. Especially since it makes changing the law in those countries impossible now.
>this was a major sticking point that lead to the inefficacy of the Budapest Convention.
Really? Are you saying those other countries said they would not agree to any Cybercrime Convention unless it had an article mandating data collection? I find that hard to believe. In any case, even if that were true, it would be better to have no convention at all.
This treaty is supposed to supersede the Budapest Convention. The Budapest Convention is explicitly in favor of data privacy (a number of it's data privacy norms influenced the GDPR).
Either data collection mandates are left to individual states or the same deadlock that happened with the Budapest Convention would happen again.
> it would be better to have no convention at all
Then you're left with the status quo that every nation that isn't a party of the Budapest Convention can use 3rd party groups to hack a rival, which leads to chaos.
What is wrong with this? This seems extremely obvious. The fact that you do not mention this option in your original post seems almost disingenuous. Unless you meant to address it in the 'unless we want to end up forming regionalized "internets"' line? Although leaving the entire meat of your argument to one unexplained line isn't great either. And even then I don't see how the lack of mandating data collection would result in regionalized internets. So far I can access websites in Russia or South Korea just fine despite this point. And in any case you can create a regionalized internet even if all these rules are followed. See China and north korea.
>you're left with the status quo that every nation that isn't a party of the Budapest Convention can use 3rd party groups to hack a rival, which leads to chaos.
US, China, Russia and North Korea will continue to hack each other, no matter the outcome of this UN Convention. Even ignoring that point it is still strictly much better to have hacking than have globally mandated data collection