United Nations Building in New York

UN Cybercrime Treaty could lead to increased surveillance of ‘crypto’ industry worldwide

The current draft of the United Nations Cybercrime Treaty will require digital asset companies to implement comprehensive surveillance systems, turn over financial information to governments, and restrict access to unregulated decentralized finance (DeFi).

On April 11, the UN began its penultimate round of negotiations for a new international treaty on cybercrime, which includes proposals to drastically increase surveillance and reporting obligations for digital asset players, as well as placing the onus on States to enforce the measures appropriately.

The UN Cybercrime Treaty was proposed in 2017, and later, in 2019, the UN General Assembly adopted a resolution to create an Ad Hoc Committee (AHC) to draft a UN Convention “on countering the use of information and communications technologies for criminal purposes.”

Since then, the AHC has debated and shaped the draft Treaty, with the fourth negotiating session taking place this January and the fifth round currently underway, finishing April 21.

The Treaty is aimed at comprehensively defining the problem of cybercrime and then coming up with a set of global standards for how to prevent it, as well as implementation methods.

Amongst the chapters of the extensive Treaty draft under negotiation in the current session of the AHC is one of particular interest to the digital asset space.

Article 93 of the treaty, titled “Prevention and detection of transfers of proceeds of crime,” imposes several significant obligations on entities involved in “activities related to the circulation of digital financial assets and digital currency.”

This broad definition could include exchanges, developers, miners, and individual traders of digital assets. In terms of the obligations themselves, States subject to the Treaty would need to ensure that such industry participants operating within their jurisdiction:

– Provide information on the identity of customers and beneficial owners, including information on their accounts.
– Maintain adequate records of accounts and transactions.
– Apply “reasonable scrutiny to accounts” sought or maintained by such digital users or entities.
– Automatically disclose financial information on persons suspected of being involved in cybercrime offenses, as well as the financial records of the suspects’ associates and family members.

States will also need to ensure that, where it does not already exist, an appropriate authority is set up to monitor the execution of these obligations.

This will come as unwelcome news to certain digital asset players who have made a selling point of not knowing, or not being able to know, who their users might be or whose transactions they are facilitating, which includes many software developers, digital currency miners, and validators across the industry.

Another blow to the regulation-shy section of the digital asset space is a possible ban on certain unregulated DeFi.

The draft Article 93 also proposes that States implement measures to prevent “the establishment of banks that have no physical presence and that are not affiliated with a regulated financial group.” Further, countries signed up to the treaty must prohibit financial institutions and digital asset companies from entering into or continuing a banking relationship with such institutions.

However, the term ‘Bank’ is not defined in the treaty, leaving room for it to include a range of DeFi projects.

A problem for the lawless

These changes will likely cause outrage from those in the industry who enjoy living in the unregulated grey areas of law, as the proposed obligations would drastically reduce their ability to function supervision-free, proving disastrous for the cowboys of the ‘crypto’ wild west.

However, these surveillance and reporting requirements should not prove substantially more onerous for the law-embracing and abiding in the industry. In fact, the draft emphasizes that the measures employed by signatory countries should be designed to detect suspicious transactions and not to discourage or prohibit those in the digital asset industry “from doing business with any legitimate customer.”

The implication is that increasing requirements around knowing your customer and proving that they are “legitimate” should not be a barrier to industry prosperity if that industry or its customers have nothing illicit to hide.

This brings up the much-fought-over debates within the digital asset space around the difference between anonymity and privacy; those who want the former often have nefarious motives, while those who want the latter often don’t realize it can be maintained without the former.

This distinction and confusion is something Dr. Craig Wright, chief scientist at global blockchain technology company nChain, has explored in depth. In a series of lectures in February this year, Dr. Wright explained how privacy, as opposed to anonymity, can be maintained by keeping personal data confidential where possible but also allowing access to authorities and institutions when necessary: “If we want privacy, we need people to be accountable for their actions. That doesn’t mean I need to know who you are; pseudonyms allow for privacy, but if they tie back to an identity.”

So, while throwing up some personal liberty debates, the extra surveillance and reporting obligations should not be a problem for those not dealing with anonymity. BSV blockchain, for example, is designed to work inside existing laws. As such, the increased surveillance, reporting, and enhanced security requirements proposed in the Treaty draft would largely not affect those within its ecosystem.

The Cybercrime Treaty has been on the cards for a while, but the latest update comes in the context of a rise in illegal activity in the digital asset industry.

‘Crypto’ crime on the rise

Earlier this year, U.S.-based blockchain analysis firm Chainalysis published its annual Crypto Crime Report, which identified that illicit digital asset-related transaction volume rose for the second consecutive year, hitting an all-time high of $20.6 billion despite the market downturn of 2022.

This increase was largely down to illicit sanctions-related activity, the report concluded. It also recommended that “although blockchains are inherently transparent, the industry has room for improvement in this respect.”

This room for improvement is something that the UN Cybercrime Treaty seems to be addressing, particularly in relation to shutting the door to digital assets for sanctioned or criminal individuals and organizations who seek to hide their identities.

A potential concluding session of the AHC is set for January/February next year, the hope being that the draft will be ready for consideration and adoption by the UN General Assembly in 2024. So those ‘crypto’ players enjoying operating under limited supervision and observation might want to reconsider their approach to the industry, and the blockchain, before it puts them at odds with international law.

Watch: Cybersecurity A Safer World with Blockchain

YouTube video

New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.