UN cybercrime treaty opposed by Microsoft

CyberScoop reports that Microsoft has expressed concern about provisions under the United Nations' cybercrime treaty that advance government access to personal data, following the suit of human rights groups that have already criticized portions of the draft. Aside from enabling potentially increased government surveillance powers, the UN cybercrime treaty also lacks protections for surveillance targets and ethical hackers, according to Microsoft. "We need to ensure that ethical hackers who use their skills to identify vulnerabilities, simulate cyberattacks, and test system defenses are protected. Key criminalization provisions are too vague and do not include a reference to 'criminal intent,' which would ensure activities like penetration testing remain lawful," said Microsoft Associate General Counsel for Cybersecurity Policy and Protection Amy Hogan-Burney in a LinkedIn post. However, such concerns for the treaty, which has been backed by both China and Russia, could still be addressed as negotiations continue until Sept. 1, said former U.S. cyber diplomat Chris Painter. "In particular, the scope issue is critical as Russia and its allies want a very broad scope that risks criminalizing dissent and other things we believe should be protected. There isn't really much of a middle ground here so this threshold issue (as well as others) is critical," said Painter.