I would understand if this was coming from the states but why is the UN even considering such a proposal coming from Russia?
So it is only natural that the UN would consider proposals from Russia.
Member States traded away existing human rights safeguards to reach a contrived consensus for a treaty that will endanger journalists, dissenters, human rights activists, and every day people around the world.
Fortunately, those same legal principles in the US cannot be overridden by a treaty.
Why is it back on the front page and posted "5 hours ago"? I'm not implying underhandedness or anything but I'd like to know why this happens. Anyone know?
These are the comments it got at the time:
Unfortunately, the UN mostly works as a venue for governments negotiating with governments, with accredited NGOs having a position of being tolerated in those discussions, but with no real power. Outside of those tolerated NGOs, influence drops even further.
(When I was at EFF, we did try to get UN official accreditation, but China would consistently veto it. There are other digital rights groups that have been accepted though, and we worked very closely with those. The full list of NGOs are here: https://en.wikipedia.org/wiki/List_of_organizations_with_con... )
I think it almost doesn't make sense, in that I perceive EFF to be, whether overtly or not, a very American organization with very American public policy views.
The EFF isn't like that - for example, the idea of outlawing DRM, while popular among hackers and people here, is a total nonstarter internationally. It's about as effective as hiring the FSF to lecture Microsoft; or hiring PETA to lecture Tyson; or hiring the Amish to lecture you on electrical design. The opinions are so diametrically opposed that it's not even worth considering.
That is a fairly bad take tbh.
I mentioned this in my previous comment about this treaty, and the primary driver is the fact that most countries (especially China, Russia, Singapore, South Korea, Saudi Arabia, UAE, Iran, India) are NOT parties of the Budapest Convention because of the Censorship or Surveillance portions.
Now that offensive security capabilities have proliferated, some amount of norms are required (which is what Article 12, 13 and 17 touch on), but the countries listed above will not budge on their censorship or surveillance stance.
This treaty is itself is a result of the Track 1.5 Dialogues around cyberwarfare happening between the 5 Eyes and China [1][2] after tensions became dangerously bad in the early 2020s.
If letting China continue their Great Firewall means we can formalize the rules of engagement for gray-zone operations using a third party (Appin/India, LockBit/Russia, ChamelGang/China or NK), so be it.
The UN treaty is superseded by American jurisdiction anyhow.
> future of a free internet
The internet was never truly free. Access was always arbitrated by telcos (and a major reason why the tech industry has been a major donor to the EFF) who themselves are strongly regulated by governments.
The difference is, the internet isn't only a Western project anymore, and consensus will need to be formed with other nations, unless we want to end up forming regionalized "internets"
[0] - https://news.ycombinator.com/item?id=41210110#41211961
[1] - https://www.chathamhouse.org/about-us/our-departments/intern...
[2] - https://www.idcpc.org.cn/english2023/bzhd/202406/t20240618_1...
>HN's second-chance pool is a way to give links a second chance at the front page. Moderators and a small number of reviewers go through old submissions looking for articles that are in the spirit of the site—gratifying intellectual curiosity—and which seem like they might interest the community. These get put into a hopper from which software randomly picks one every so often and lobs it randomly onto the lower part of the front page. If it interests the community, it gets upvoted and discussed; if not, it falls off.
That is where it was. So the process posts a copy of the article and comments with the current date? But gives it the old URL?
Can you elaborate a bit further on why you see this as a necessary step for a given outcome?
Otherwise this just looks like giving in to bad faith actors and weakening our own protections in the process.
Well, the EFF's take on the resolution is always going to be more about the censorship it introduces than how much it enables law enforcement to curb actual crime.
I'm aligned with the EFF on this, and would vote against this if it were raised in any democratic forum I voted in, but that's because I care more about reducing censorship than reducing online crime. Yes, I, unlike most voters in modern liberal democracies, would let ten paedos walk free to save one Aaron Swartz.
If you really care about them ~equally - as you have to, for your comment to be made in good faith - then you can't take your talking points from the EFF.
Because it is.
The existing status quo over cyberwarfare is untenable, and runs the very real risk of causing chaos if we don't tamp down on the usage of third parties for plausible deniability.
Most countries have offensive security capabilities directly under direct government control, but a number of them will also tolerate third party actors attacking a rival country so long as they don't attack the host country.
This is what LockBit (Russia), ChamelGang (either China or NK), Appin (India), etc has done.
Either everyone allows cybercriminals in their countries to attack other countries (and spark actual chaos in our entire internet infra that could escalate into actual violence), or all nation states agree to tamp down on third party attackers.
The Budapest Convention was the previous cybercrimes agreement, but most countries outside of the West that matter didn't ratify it. This meant terms of engagement over cyberwarfare weren't truly formalized, and a bad actor like NK or China could in good faith argue that a North Korean or Chinese cybergang did no wrong.
The brutal reality is that performative treaties like the Budapest Convention have no teeth, and a global Internet means that terms of engagement are needed for warfare, or the entire Internet splinters.
[0] https://documents.un.org/doc/undoc/gen/v24/055/06/pdf/v24055...
>Each State Party shall adopt such legislative and other measures as may be necessary to empower its competent authorities to: (a) Collect or record, through the application of technical means in the territory of that State Party; and (b) Compel a service provider, within its existing technical capability: (i) To collect or record, through the application of technical means in the territory of that State Party; or (ii) To cooperate and assist the competent authorities in the collection or recording of; traffic data, in real time, associated with specified communications in its territory transmitted by means of an information and communications technology system.
That is pretty bad. Some parts of this draft actually seemed pretty reasonable - eg. Article 14 making CSAM illegal. I guess that is part of the trick.
>States Parties are encouraged to establish bilateral or multilateral arrangements to facilitate the transfer of personal data.
>This treaty is itself is a result of the Track 1.5 Dialogues around cyberwarfare happening between the 5 Eyes and China [1][2] after tensions became dangerously bad in the early 2020s.
>If letting China continue their Great Firewall means we can formalize the rules of engagement for gray-zone operations using a third party (Appin/India, LockBit/Russia, ChamelGang/China or NK), so be it.
>The internet was never truly free. Access was always arbitrated by telcos
>the internet isn't only a Western project anymore
None of what you wrote here is an argument for mandating data collection, as outlined in articles 29 and 30. Those two articles are unrelated to your points here. They aren't about establishing norms for an existing phenomenon or about preventing or regulating cyberwarfare between the US and China or about formalizing rules of grey zone operations. It's just a requirement for data collection.
Data Collection was one of the primary reason why Russia, China, India, Singapore, and other nations did not become parties to the Budapest Convention (the precursor to this treaty) [0][1]
Most nations other than the US, Canada, EU, and Japan mandate collection and retention of metadata by ISPs and Online Services, and this was a major sticking point that lead to the inefficacy of the Budapest Convention.
> Those two articles are unrelated to your points here
I just gave links to the currently ongoing Track 1.5 dialogues to show the ongoing diplomacy work that has started over cybercrime in the early 2020s.
[0] - https://www.uscc.gov/sites/default/files/Research/China%20In...
[1] - https://ccdcoe.org/uploads/2018/10/InternationalCyberNorms_C...
Then they should just not mention data collection at all if there is no agreement on it. "These countries are already doing it" is not a good reason to agree to something. Especially since it makes changing the law in those countries impossible now.
>this was a major sticking point that lead to the inefficacy of the Budapest Convention.
Really? Are you saying those other countries said they would not agree to any Cybercrime Convention unless it had an article mandating data collection? I find that hard to believe. In any case, even if that were true, it would be better to have no convention at all.
This treaty is supposed to supersede the Budapest Convention. The Budapest Convention is explicitly in favor of data privacy (a number of it's data privacy norms influenced the GDPR).
Either data collection mandates are left to individual states or the same deadlock that happened with the Budapest Convention would happen again.
> it would be better to have no convention at all
Then you're left with the status quo that every nation that isn't a party of the Budapest Convention can use 3rd party groups to hack a rival, which leads to chaos.
I take it you oppose the EU-US Data Privacy Framework then?
What is wrong with this? This seems extremely obvious. The fact that you do not mention this option in your original post seems almost disingenuous. Unless you meant to address it in the 'unless we want to end up forming regionalized "internets"' line? Although leaving the entire meat of your argument to one unexplained line isn't great either. And even then I don't see how the lack of mandating data collection would result in regionalized internets. So far I can access websites in Russia or South Korea just fine despite this point. And in any case you can create a regionalized internet even if all these rules are followed. See China and north korea.
>you're left with the status quo that every nation that isn't a party of the Budapest Convention can use 3rd party groups to hack a rival, which leads to chaos.
US, China, Russia and North Korea will continue to hack each other, no matter the outcome of this UN Convention. Even ignoring that point it is still strictly much better to have hacking than have globally mandated data collection
> This Constitution, and the Laws of the United States which shall be made in Pursuance thereof; and all Treaties made, or which shall be made, under the Authority of the United States, shall be the supreme Law of the Land; and the Judges in every State shall be bound thereby, any thing in the Constitution or Laws of any State to the Contrary notwithstanding.
And there is no explicit ordering of priority between them and the Constitution.
You don't have to get there axiomatically though; you can just look this up. Treaties are coequal with federal statutes, and are overridden by any conflicting statute passed after the treaty is ratified.
We need analysis, not summary of the statute. What it compels whom to do, and how different principles were balanced in its drafting.
In particular, a lot of global proposals come out of the US, especially around IP, so having a US organization say "this is what the US political situation is, this is how this has worked out in the US, and these are the lobbying groups pressuring the US to support this internationally", can be very useful.
I was EFF's international activist and later international director for a number of years. A lot of EFF's rhetoric is aimed at US lawmakers, and its primary USP for change, public impact litigation in the US courts, means that a lot of what you see is oriented toward American audiences and actions.
But behind the scenes, much more of the work than you'd imagine has a global side to it. This has been true since the days of the Digital Millennium Copyright Act, elements of which were rejected by the US Congress in the mid-Nineties, then policy-laundered through WIPO into the 1996 Copyright Treaty, which meant that it had to become law after the US Senate consented to it in 1999. (Treaties don't need the support of both houses in the US). EFF and other orgs at the time learned the lesson that regional and international agreements can often be an end-run around local democracy or norms -- and that local laws (from the DMCA to the GDPR) can have wider ramifications on a global network.
EFF and partner groups often contribute to government and international proposals (a hundred-or-so of them have been involved in the cybercrime treaty process for many years https://www.eff.org/deeplinks/2024/01/joint-statement-propos... and I believe got it to a fairly good place before a last-minute push by some states to introduce more surveillance into it.)
You don't really get to hear about the compromises, because you don't really need to kick up a fuss about something that has worked out okay -- and even if you do post about the positive fine print, nobody sends such exciting documents to the front page of Hacker News.
When I was at EFF, we did try to get UN official accreditation, but China would consistently veto it.. I was EFF's international activist and later international director for a number of years.. more of the work than you'd imagine has a global side to it. This has been true since the days of [DMCA].. elements of which were rejected by the US Congress in the mid-Nineties, then policy-laundered through WIPO into the 1996 Copyright Treaty, which meant that it had to become law after the US Senate consented to it in 1999. (Treaties don't need the support of both houses in the US). EFF and other orgs at the time learned the lesson that regional and international agreements can often be an end-run around local democracy or norms -- and that local laws (from the DMCA to the GDPR) can have wider ramifications on a global network..
EFF and partner groups often contribute to government and international proposals (a hundred-or-so of them have been involved in the cybercrime treaty process for many years [1] and I believe got it to a fairly good place before a last-minute push by some states to introduce more surveillance into it.)
Earlier HN threads:
UN Cybercrime Convention To Overrule Bank Secrecy, 40 comments, >>41221403
UN cybercrime treaty unanimously approved, 50 comments, >>41210110
Critique by 20 NGOs: https://www.eff.org/deeplinks/2024/01/joint-statement-propos...
Further analysis needed.
> even if you do post about the positive fine print, nobody sends such exciting documents to the front page of Hacker News.
This seems overblown. The behavior you're describing has been present nearly as long as the internet has been globally accessible. It's an inconvenience and it means we need to do a better job securing systems against attacks, which is hardly the worst thing from an evolutionary perspective. Better that systems get hardened now to prevent ransomware than that they remain vulnerable until there is an actual war and an enemy state takes advantage of longstanding complacency.
> or all nation states agree to tamp down on third party attackers.
This doesn't happen even with a treaty, because not all countries will be signatories, and even the signatories can just ignore the provisions as they do with many other treaties. Corrupt governments deflect blame; "the attack seems to have originated from here but we investigated ourselves and found ourselves innocent" etc. Proving otherwise without local cooperation is close to impossible because the location of the originating systems is not inherently the location of the attackers. And, of course, corrupt governments are the places where these things are already happening.
This actually isn't a great example: the Amish do use electricity on their farms. They just don't like to be connected to the grid, so they're big supporters of solar power. They probably know a lot more about electrical design than you think (depending on your definition of "electrical design"). They even have internet-connected computers so they can get orders from customers.
A better example might be hiring the Amish to lecture you on public transit design in dense cities. Not that they're opposed to it, but it's just something far outside their experience (they don't live in dense cities). Or back to electricity, having them lecture you about grid-scale electrical transmission, or nuclear power generation.
Of course, if all the other monkeys get wise to your game you're going to have to institute more violent measures to retain your position, and mass surveillance is a means to that end. Which is why the Saudis buy all that Israeli spyware, to keep their own population in line, right?
To be clear for those not familiar with American government structure, this is an intended separation of powers between the two Houses of Congress.
The House of Representatives (aka Lower House) is tasked primarily with duties concerning money and commerce. Representatives have the sole authority to draft and ratify budgets, Senators may only ratify or not.
The Senate (aka Upper House) is tasked primarily with affairs of state including but not limited to confirming and impeaching executive, judicial, and other public servant appointments; drafting and ratifying treaties; and helping ensure all States have a say in most political affairs.
Most legislative tasks do in fact require drafting and ratification of sibling bills by both Houses of Congress, but certain things like treaties are the sole jurisdiction of one House or the other.
The Senate has traditionally been viewed as more prestigious and powerful than the House, but actually neither is strictly better than the other.
Reviewed by humans: https://news.ycombinator.com/pool
Isn't that exactly what the linked page suggests in this case? Most of the recommendations are things like "Limit Articles 23(2)(c) and 35(1)(c) to Articles 7 to 11 and delete Article 23(2)(b)", not "burn the thing down and start over".
Think of the children has been a trope for a very very long time because it takes a real backbone to stand up against it and to risk being labeled a pedo yourself because other than lawyers (who have to) and other pedos, who would defend a pedo?
Fun fact, there is a large overlap between pedos, those who argue against teaching kids from early age on about their bodies and sexuality, and those who consistently see pedos everywhere they look at.
I mean, by definition, no. We usually call those "officials" or similar, it's not until convicted that they become "criminals".
The first two are often used as justifications for taking freedom away and giving more control or power to the government. However that gets us closer to an all powerful, unaccountable government.
Power corrupts, sooner or later those who wish to commit these crimes will seek out official positions where they can commit them with impunity.
Private, remote communication was not a thing until a couple of decades ago: how can we consider it a basic human right?
As it pertains to your question, the Constitution (and its amendments) are the supreme law of the land, and a treaty stipulation that requires the government to do something unconstitutional would have no legal effect.
No sinner from its sweep may hide.
Its meshes are so fine and strong,
They take in every child of wrong.
O wondrous web of mystery!
Big fish alone escape from thee!
— James Jeffrey Roche (1847-1908)
> The enforceability of treaties was further limited in the 2008 Supreme Court decision in Medellín v. Texas, which held that even if a treaty may constitute an international commitment, it is not binding domestic law unless it has been implemented by an act of Congress or is itself explicitly "self-executing".[26] Law scholars called the ruling "an invisible constitutional change" that departed from both longtime historical practice and the plain language of the Supremacy Clause.[27]
As the above former EFF guy comment essentially stated “after a bunch of work and a long time and a bunch of effort … last minute subversion undid everything and we were left with more tyrannical surveillance pushed by compromised and corrupted, bought and paid for traitors”
Direct election of senators changed that because the senators no long answer to the state governments but to the population of the state directly.
I can tell you that government surveillance of private communication has at least been a widespread concern for thousands of years. See for example: https://classicalstudies.org/imperial-spies-and-intercepted-....
Many countries have centuries-old constitutional guarantees of the right to secrecy of correspondence: https://www.marottaonmoney.com/right-to-privacy-of-correspon....
25 years ago I could never have imagined the internet we have today.
25 years from now we could easily have a free internet protocol that is taking hold and the whole process repeats.
So much has came and went in a single generation but it works both ways. It is not an eternally negative, march towards complete totalitarianism even if it it feels like that right now.