With the incessant rise in data breaches and cyberattacks, the United Nations has established a new global cybercrime treaty to curb online cross-border criminal activity. However, the proposal for the cybercrime treaty has garnered a mixed response from participating countries concerning the need to provide the intent related to data handling.
Intent can be understood as the intention behind accessing a person or company’s computer, system, device, data, etc, which helps draw conclusions or verify why an organization or cyber researcher did so. This has led to differing views from countries on whether the intent of accessing data without telling the owner must be provided or not. While some countries have submitted proposals that support providing the intent, others have not. This has led to discussions about creating a cohesive set of guidelines that all the involved countries could follow.
How intent could impact cybersecurity researchers
The presenting of intent in, say, accessing data from someone’s system by a cybersecurity researcher may result in freeing them from any criminal charges. However, not presenting intent and simply accessing system data may result in penalties. That is if the proposal to present intent is accepted in the proposed global cybercrime treaty. However, suppose it is excluded from the requirements; in that case, entities like researchers may continue working without the fear of being prosecuted while also maintaining the good cause of detecting and curbing cyber-attacks.
What the countries have to say
India’s proposal 5 stated that each party should take charge to establish it as an offense as per its domestic law in an instance of causing damage to a computer, system, data, program, etc., without the permission of the owner of the system or the person in charge of the device. Egypt’s proposal 1 also had a similarity in its proposal 1 to India’s proposal. It read that such offenses should be criminalized as unlawful damaging, slowing, concealing, or modifying of the site design of a company, person, or establishment.
Canada proposed penalizing someone found to be intentionally or without right hindering the working of a computer by damaging, changing, or deleting its data. This proposal promotes the use of intent wherein researchers may not be held responsible for breaking cyber-related laws while doing what is necessary to fulfil their duties.
In an instance of successfully forming a global cybercrime treaty, the U.N. would have more hold on the canons of cybersecurity. Cybersecurity is a must, and a global set of laws will make adhering to laws feasible since a hacker group based in a particular country may target countries, people, or organizations outside their own. They may not have the intent to stop at a particular limit, and so governments and law enforcement agencies may find it easier to maintain online laws in the presence of a system that all the participating countries unanimously follow.