In a recent letter to key U.S. officials, the Software & Information Industry Association (SIIA) and the Computer & Communications Industry Association (CCIA) express serious concerns about the proposed United Nations Convention Against Cybercrime. While supporting its objective of addressing cybercrime, the organizations warn that the draft Convention could hinder cybersecurity and AI safety, limit essential research, and pose significant risks to U.S. technology and data. Specifically, they argue that Articles 7-10 lack provisions to protect good-faith research, potentially weakening global cybersecurity resiliency by discouraging vulnerability testing. They also highlight that the Convention may empower foreign governments to justify data expropriation, compromising U.S. leadership in technology innovation.

SIIA and CCIA further caution that the Convention’s expansive definitions and lack of safeguards could legitimize censorship and increase privacy risks. By mandating broad data-sharing and surveillance measures, the Convention opens the door for abuses by autocratic regimes, posing a threat to free expression and the open internet. The letter urges the U.S. to reconsider its stance on this Convention and to advocate for an alternative approach that aligns more closely with existing frameworks, such as the OECD Declaration and Budapest Convention, to effectively combat cybercrime while preserving human rights and innovation.