That is a fairly bad take tbh.
I mentioned this in my previous comment about this treaty, and the primary driver is the fact that most countries (especially China, Russia, Singapore, South Korea, Saudi Arabia, UAE, Iran, India) are NOT parties of the Budapest Convention because of the Censorship or Surveillance portions.
Now that offensive security capabilities have proliferated, some amount of norms are required (which is what Article 12, 13 and 17 touch on), but the countries listed above will not budge on their censorship or surveillance stance.
This treaty is itself is a result of the Track 1.5 Dialogues around cyberwarfare happening between the 5 Eyes and China [1][2] after tensions became dangerously bad in the early 2020s.
If letting China continue their Great Firewall means we can formalize the rules of engagement for gray-zone operations using a third party (Appin/India, LockBit/Russia, ChamelGang/China or NK), so be it.
The UN treaty is superseded by American jurisdiction anyhow.
> future of a free internet
The internet was never truly free. Access was always arbitrated by telcos (and a major reason why the tech industry has been a major donor to the EFF) who themselves are strongly regulated by governments.
The difference is, the internet isn't only a Western project anymore, and consensus will need to be formed with other nations, unless we want to end up forming regionalized "internets"
[0] - https://news.ycombinator.com/item?id=41210110#41211961
[1] - https://www.chathamhouse.org/about-us/our-departments/intern...
[2] - https://www.idcpc.org.cn/english2023/bzhd/202406/t20240618_1...
Can you elaborate a bit further on why you see this as a necessary step for a given outcome?
Otherwise this just looks like giving in to bad faith actors and weakening our own protections in the process.
Because it is.
The existing status quo over cyberwarfare is untenable, and runs the very real risk of causing chaos if we don't tamp down on the usage of third parties for plausible deniability.
Most countries have offensive security capabilities directly under direct government control, but a number of them will also tolerate third party actors attacking a rival country so long as they don't attack the host country.
This is what LockBit (Russia), ChamelGang (either China or NK), Appin (India), etc has done.
Either everyone allows cybercriminals in their countries to attack other countries (and spark actual chaos in our entire internet infra that could escalate into actual violence), or all nation states agree to tamp down on third party attackers.
The Budapest Convention was the previous cybercrimes agreement, but most countries outside of the West that matter didn't ratify it. This meant terms of engagement over cyberwarfare weren't truly formalized, and a bad actor like NK or China could in good faith argue that a North Korean or Chinese cybergang did no wrong.
The brutal reality is that performative treaties like the Budapest Convention have no teeth, and a global Internet means that terms of engagement are needed for warfare, or the entire Internet splinters.
This seems overblown. The behavior you're describing has been present nearly as long as the internet has been globally accessible. It's an inconvenience and it means we need to do a better job securing systems against attacks, which is hardly the worst thing from an evolutionary perspective. Better that systems get hardened now to prevent ransomware than that they remain vulnerable until there is an actual war and an enemy state takes advantage of longstanding complacency.
> or all nation states agree to tamp down on third party attackers.
This doesn't happen even with a treaty, because not all countries will be signatories, and even the signatories can just ignore the provisions as they do with many other treaties. Corrupt governments deflect blame; "the attack seems to have originated from here but we investigated ourselves and found ourselves innocent" etc. Proving otherwise without local cooperation is close to impossible because the location of the originating systems is not inherently the location of the attackers. And, of course, corrupt governments are the places where these things are already happening.