The UN Cybercrime Treaty could lead to widespread monitoring of crypto worldwide
On Tuesday, the UN started the penultimate round of negotiations for a new international treaty on cybercrime. The latest draft includes language that, if passed, would impose extensive surveillance requirements on cryptocurrency and threaten financial privacy worldwide.
Article 93 of the draft treaty would require all nations that sign the treaty to implement onerous financial oversight laws for cryptocurrency. These financial surveillance laws will apply to any organization “engaged in activities related to the circulation of digital financial assets and digital currency,” even if they do not resemble a traditional financial institution. Like the dangerously broad Digital Asset Anti-Money Laundering Act introduced in the US Senate, this incredibly broad language could be interpreted to include software developers, custodial and self-hosted wallet providers, miners, validators, nodes, non-fungible token non- fungible token (NFT) trading platforms and even users.
Marta Belcher is president and chair of the Filecoin Foundation and Filecoin Foundation for the Decentralized Web, as well as general counsel and head of policy at Protocol Labs. Kurt Opsahl is the cybersecurity and civil liberties attorney for the Filecoin Foundation. Their views are their own.
These organizations will be required to implement intrusive mass surveillance systems and transfer users’ sensitive financial information to the authorities automatically. They must collect identity information for all users who engage in transactions, maintain this sensitive data so that it can be handed over to authorities, monitor for “suspicious” activity and automatically report certain transactions to authorities. In addition, when a person is suspected of “possible involvement” in a cybercrime, these organizations will have to provide authorities not only with the suspect’s accounts, but also with the suspect’s “associates” and family members – a shocking overreach.
In addition, these organizations could be required to “apply enhanced scrutiny” to any person identified by a government that has signed the treaty. Because the UN includes states with problematic human rights records, this provision is deeply troubling because it allows countries to designate individuals in other jurisdictions as targets for “enhanced scrutiny” for dubious reasons.
For blockchain network participants such as developers and miners, compliance is not only burdensome, but in many cases impossible. For example, software developers have no idea who the end user of their software might be, and cryptocurrency miners and validators have no way of knowing the identity of the people whose transactions they facilitate.
In addition, the draft Article 93 seeks to eliminate all “banks that do not have a physical presence and that are not affiliated with a regulated financial group.” While “banking” is not yet defined in the treaty, this could be interpreted to include some decentralized finance projects, even if they are otherwise legal. Nations that sign the treaty will be required to prevent such “banks” from being established in their own countries.
The negotiations have been going on for over a year, and the language is expected to be finalized in the autumn. More than 130 human rights organizations and academics from around the world have already raised concerns about the adequacy of the treaty’s human rights protections, and technology policy experts have questioned its effectiveness against cybercrime. While protecting against ransomware, malware, and other attacks by cybercriminals is a noble goal, laws designed to strengthen police power in the name of crime prevention can all too often lead to violations of civil liberties.
Many leaders from civil society participate in the negotiations and work to ensure that the treaty respects human rights. We encourage everyone participating in the negotiations to push back against Article 93’s comprehensive financial surveillance requirements to defend financial privacy worldwide.
