back to article Russia tells UN it wants vast expansion of cybercrime offenses, plus network backdoors, online censorship

Russia has put forward a draft convention to the United Nations ostensibly to fight cyber-crime. The proposal, titled "United Nations Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes," [PDF] calls for member states to develop domestic laws to punish a far broader set of …

  1. b0llchit Silver badge
    Devil

    Why not go Orwellian?

    All these small steps are already a prelude to an Orwellian world. Why not suggest it now and negotiate it down to a near Orwellian world?

    For example, suggest that everybody must have a camera and microphone implant installed in the eyes and ears. Then, with some tricky negotiations, they settle to have (force) every house install an echo dot, google assistant or whatever equivalent? Dumb houses no more; only smart houses allowed; controlled from the ministry of information services. Nearly everybody already has a smartphone-to-bug-oneself. State services will the be changed that you need a (backdoored) smartphone. Use your imagination for the best results.

    PS. Ask NSO how not to get caught in future endeavors.

    1. Brian Miller

      Re: Why not go Orwellian?

      "... suggest that everybody must have a camera and microphone implant installed in the eyes and ears."

      Wasn't that Google Glass? And all that's needed, really, is to do away with that pesky HTTPS, and all that encryption nonsense.

      1. b0llchit Silver badge
        Big Brother

        Re: Why not go Orwellian?

        I'm suggesting mandatory installation of an EyePhone. Then you are at the endpoint and encryption is a non-issue.

      2. Irongut Silver badge

        Re: Why not go Orwellian?

        Soon to be resurected in a far scarier form as Facebook Glasses. * shudder *

    2. simkin

      Re: Why not go Orwellian?

      They already have everyone carrying the phone and microphone with them. Why annoy people with a mandate?

    3. Mark 85 Silver badge

      Re: Why not go Orwellian?

      My impression is that we're pretty much there with Big Bro watching us. The catch is.. who watches the watchers? And then who watches the watcher watchers and so on?

      The proposal from Russia seems to be "do what we say, not what we do".

    4. Danny 2 Silver badge

      Re: Why not go Orwellian?

      @b0llchit

      I doubt you understand Orwell, or English for that matter. Try reading his books not the internet quotes.

      1. b0llchit Silver badge
        Joke

        Re: Why not go Orwellian?

        You are welcome to borrow my sarcasm'o'meter if your version is giving you wrong numbers.

    5. Anonymous Coward
      Anonymous Coward

      Re: Why not go Orwellian?

      Putin's obviously terrified of Navalny. Not the man, but the fact a challenger can appear, become popular, raise supporters, and all under Putin's nose, under Putin's surveillance, and then.... worst of all, after threats from Putin's goon squad, HE FACES PUTIN DOWN.

      If you don't have legitimate power, you get paranoid when a challenger can do that. What about the next challenger? And the next? As Putin gets more decrepit, so he'll struggle to keep his illegitimate power.

      How many Russians are using networks that Putin cannot tap? All those foreign messaging services, all those messaging boards without his spies watching them.....

      So he needs outside help.

      Watch and note who parrots Putin's language. It's always very revealing when analysing these loose power structures, who echos the words of whom.

      1. ICL1900-G3 Bronze badge

        Re: Why not go Orwellian?

        Hey, Vladimir, glad you found the time to come and downvote this post.

      2. Ken Hagan Gold badge

        Re: Why not go Orwellian?

        I think it is more likely that he is worried about Winnie the Pooh. (Internal threats can be dealt with by the usual internal mechanisms.) Perhaps he sees that Russia is on the way down and China is on the way up, so he might get trodden on as part of that process.

  2. Pascal Monett Silver badge
    Trollface

    "providing a backdoor for authorities"

    Yay ! The backdoored encryption request is back !

    But this time, it's Putin that wants it. Mathematics had better deliver, else it'll get a bullet in the head .

    1. MiguelC Silver badge

      Re: "providing a backdoor for authorities"

      Or maybe a nice cuppa of polonium tea?

      (really just wanted a reason to bring up this magnificent photo)

      1. Anonymous Coward
        Anonymous Coward

        Re: "providing a backdoor for authorities"

        "Please be careful, sir, the tea is, uh, 'hot'."

  3. Norman123

    Do they have an NSA?

    IF not, waiting until they find the funds to establish one...Can WHO or anyone put the surveillance states back in the box?

    1. Anonymous Coward
      Anonymous Coward

      Re: Do they have an NSA?

      No, of course not, don't be silly.

      It's all about repetitively stating the same thing, not requesting. That old fable about "crying wolf", well that's just to shut you up so you'll be a good dog, because crying wolf is exactly how it all works.

      Q: We will spy on our own people.

      A: No.

      Q: We will spy on our own people.

      A: No.

      Q: We will spy on our own people.

      A. O.K.

  4. Anonymous Coward
    Anonymous Coward

    R U kidding ?

    Norm, The bureaucrats running the UN are the same as anywhere else, if not worse from my small experience of them in the 3rd world. Most will happily support anything that increases control under the Management Delusion. At philosophical heart, TLAs in the old USSR countries, PRC and USA are the same and above any laws effectively. How many NSA spooks got jailed for bugging the USA politicians asking questions about intelligence services control ?

  5. Clausewitz 4.0
    Devil

    Double Standards

    Contrary to what most people believe, the 5-eyes alliance hacks/snoops far more than Russia, China, Iran, DPRK and whatsoever, all together.

    The asymmetric response by harboring / protecting non-state actors (Ok, some of these, soon, become full-geared state-actors, actually) is just a drop in the ocean.

    It would be much better for Russia, China, Iran, DPRK and whatsoever to actually have a framework curbing baddies online (Ok, sometimes also offline) - but having such a framework, means to hold some not-too-happy-with-cameras 3-letter 5-eyes agencies, accountable.

    .. And to politically cut the powers of some of these 3-letter agencies this way, also mean actions Kennedy-Style - and most politicians do not like actions Kennedy-Style, mostly because the stain in the suit is difficult to wash, explain, and takes time to prepare.

    I believe no treaty will be signed, and some of the new Kids on the block will take over the kindergarten, blinding the older kids.

    1. Anonymous Coward
      Anonymous Coward

      Re: Double Standards

      The proposal would make malware illegal and have the effect of forbidding any attempts to stop or detect malware. The current US president will probably not support it but the previous president might ... could this just be a continuation of the efforts to keep US politicians shouting at each other? It will be interesting to watch the reactions of the British boorish government and the EU, although this entire proposal seems to be just manipulative. Russia will be very happy if we approve or disapprove it, because it's just going to start an argument.

      1. naive Silver badge

        Re: Double Standards

        Double standards indeed, it is likely the word "Russia" in the title which kicked off the usual Pavlov reaction that it must be bad. The document contains many useful proposals, if implemented we would live in a better world.

        Lets not forget, it are the Western regimes who are the bad guys in this world. The difference with Western rule, and other is that Western countries support crime in other parts of the world.

        They annually buy for over 700 billion dollars of drugs, causing immense suffering and many tens of thousands of deaths in South-American countries.

        Law enforcement on their own territories is ineffective and lackluster, since we are "free" right ?.

        That perceived freedom is paid for by the blood of others, due to the largely toothless means to fight domestic crime and political unwillingness to solve issues in an effective manner.

        The measures proposed in this document would enable law-enforcement to fight crime more effective.

        1. Irongut Silver badge

          Re: Double Standards

          > The difference with Western rule, and other is that Western countries support crime in other parts of the world.

          So hacking the West from Russia / China is not a crime that happens in other parts of the world?

          Interesting take you have there Vladimir.

        2. Anonymous Coward
          Anonymous Coward

          Re: Double Standards

          "...it is likely the word "Russia""

          Honestly, that's all I'm taking from this, which is a game of Mad Libs.

          1) An outrageous tragedy for (victim(s)) which requires a (power-grab) to secure the people of (country/party) from the tyrannical actions of (antagonist(s)/axis) to help us (emotional-hook).

          Of course today transparently cheap is the political standard, but then again there must be many out there believing in it all, so I guess if the crowd wants more... why not? :-/

          I'll be over in the (place) waiting for the (sci-fi event) to play out,

  6. Howard Sway Silver badge

    wants vast expansion of cybercrime offenses, plus network backdoors, online censorship

    Good job we have Priti Patel defending us against such unwanted state powers......... I am awaiting the government response once she's calmed down and stopped shouting "where do I sign! where do I sign!".

  7. Eecahmap

    Perhaps Russia is, a bit late, trying to start the Codominium.

  8. Anonymous Coward
    Anonymous Coward

    Classic tactic

    Facebook, Google and Microsoft have used these tactics as well, purporting to support legislation that effectively would nuke their own business model (or, in Microsoft's case, part of it, or did you really think that the "privacy protection" links in Office 365 are not trackers?).

    The idea is to get out in front and control any legislation before sane people get to work on it.

    It's absolute classic Russion: camouflaged subversion.

    I'm not buying it for a second, and I don't think I'm alone in this.

  9. amanfromMars 1 Silver badge

    News of ROSCOSMIC Honey Pots and APT Virtual Venus Fly Traps ... Sino-Soviet Secret Weaponry?

    Better the devil you know, eh, rather than chasing the dragons and daemons of those unknown unknowns ... which are notoriously difficult and next to impossible to fathom?

    How have the proposals ... vast expansion of cybercrime offenses, plus network backdoors, online censorship ..... worked out for leaderships and/or systems admins in the West.

    Does/Did IT increase exponentially or decrease radically every possible advantage?

    Or is it one of those quantum entangling things that can choose to do both, and at the same time results in something else quite different, and whenever in tandem and/or consort with a whole host of others, something else again altogether much more advanced and attractively engaging to an almighty alarming addictive degree ‽ .

    Now .... should President Putin be a Real True Fan of that Hellish Angelic Ride, to match the enthusiasm which delivers the result is well worth the honourable sterling effort, for rewards are surely immeasurable and immutable?

    And yes, that is a live question being seriously asked of Mother Russian leadership with the simplest of correct replies the easiest of paths to travel and build upon/further flesh out and expand upon.

  10. Tron Bronze badge

    Vladimir Putin and Maude Flanders, speaking with one voice.

    The internet empowered us at the expense of the incompetent, corrupt con-artists who run our countries. Their response is inevitable. They will eventually pull their snouts from the trough for long enough to wreck the net.

    Can the geek community please get itself together to build the software for a consumer-friendly, fully distributed version of the internet and web, operating optionally through fixed nodes or peer to peer, and get it out there, with a development system, before Glorious Leaders unite, and 'take back control' of our net.

    I suppose the only thing we can cling to is the hope that internet censorship in the UK will be outsourced to the usual suspects and consequently work like a chocolate teapot.

    Dido, our Queen, will be a shoo-in as Britain's world-leading Censor-in-chief.

    1. Ken Hagan Gold badge

      Re: Vladimir Putin and Maude Flanders, speaking with one voice.

      The geek community did just that. The very first browser was a publishing engine as well as a reader and the original internet lets anyone act as a server. I believe there is even a distributed social media thingy out there somewhere, probably on Github.

      Thing is, the non-geeks don't want that level of control. They want to consume, like TV, so the likes of Zuck get to own everything.

    2. doublelayer Silver badge

      Re: Vladimir Putin and Maude Flanders, speaking with one voice.

      "Can the geek community please get itself together to build the software for a consumer-friendly, fully distributed version of the internet and web, operating optionally through fixed nodes or peer to peer, and get it out there,"

      Yes. We can. We did. Several times.

      The original internet was like that. It still is like that. If you want more anonymity and censorship protection, you have darknets like Tor to do it (though know there are nasty people using them along with you). We have IRC for quick comms. Email for more sustained comms. Torrent for big file transfers. HTTP for websites and other public resources. Plenty of options for audio and video communication.

      We did our bit. If it's going to get used by the rest of the public, we now need to get others to start using it. I run a Jitsi server for videochats which are encrypted and don't run through anyone else, but can you say that of basically anybody? People don't recognize it when I send them invites to it. Software is not your big problem.

      1. amanfromMars 1 Silver badge

        Re: Vladimir Putin and Maude Flanders, speaking with one voice.

        And you/we have the likes of El Reg too, doublelayer, reaching down deep and dark into all manner of both novel matters and disruptive technologies and sharing the news with supplementary commentating views on what are essentially potent valid 0days to exploit and employ, engage with and deploy to enjoy.

        And as for Tron's prophecy of inevitable resulting doom .......

        The internet empowered us at the expense of the incompetent, corrupt con-artists who run our countries. Their response is inevitable. They will eventually pull their snouts from the trough for long enough to wreck the net.

        ..... don't panic, he/she/it/they are 'avin' a larf for it cannot possibly happen ..... and what is truly dawning is the incompetent, corrupt con-artists who run our countries are realising too late that their fates are sealed and they can do absolutely nothing effective against it to pervert and subvert and redirect ITs Future Direction of Upcoming Events.

  11. Sparkus Bronze badge

    so looking to legitimize, on a global level

    their current kleptocracy and surveillance society.......

  12. Uncle Ron

    The article says that the US "may be inclined to engage with Russia at the UN to modify the language of the proposal so that it's compatible with US norms and policy goals." My guess is that the US government is at least as heavily engaged in "cyber crime" (and probably better at it) as Russia is, just not for altogether the same ends. Our "super hackers" are more into espionage and bringing down infrastructure, and not citizen extortion and theft, like Russia is. Russia's behavior is much more visible to the public at large, which puts a little (just a little) pressure on the West to respond. So, how do you think the US will "modify" Russia's proposal so as to protect our "norms and policy goals?" Russia wants to stop our deep government hacking and get the UN and the world community in general to enforce against us, and we will NEVER agree to it without extreme public pressure, which will never happen. So, you may as well throw Russia's proposal onto the trash heap.

    Russia is being very clever here doing this in public. The West will never agree to a proposal that will in any way endanger or expose our hacking, while they will never stop stealing credit card numbers, Social Security information, employment records, raiding bank accounts, and distributing malware. It is much cheaper for Putin to hack into every private computer and commercial server in the West, than to build weapons and hire armies. When the Soviet Union collapsed, literally 100's of thousands of first-rate programmers were thrown out of work for Putin to hire. And their English language skills are getting better and better. Maybe we should look more closely at the Russian proposal. Huh? (Somebody downvoted this less than 4 minutes after I posted it. WHY ??? What reason? Who do you work for???)

    1. Michael Wojcik Silver badge

      My guess is that the US government is at least as heavily engaged in "cyber crime" (and probably better at it) as Russia is, just not for altogether the same ends.

      Really, there's no need to guess; it's amply documented. I don't think any reputable IT-security experts disagree that the US is one of the top-tier nation-state IT-weapon developers. Generally speaking, the top-tier and second-tier rankings from various observers are pretty consistent, and they're supported by plenty of evidence. In the case of the US, that includes disclosures like the Snowden and Winner leaks, breaches like the Shadow Brokers dump, journalist and NGO investigations into incidents such as Stuxnet, and information from official sources such as government reports.

      On the other hand, it doesn't make much sense to make wild claims about which of the top-tier nations "does the most", as some commentators have here. We have some idea of the scope of US hacking activity, and some of the scope of Russia's, and China's, and Israel's, and so forth. Those give us lower bounds. The evidence to support upper bounds is much scarcer and less reliable.

      And, more importantly, it doesn't matter. All the top-tier, second-tier, and even third-tier states are doing as much as they can. As you say, they have different goals as well as different capabilities, and those shape what those efforts look like and how successful they are. That's a far more interesting and useful observation than the sophomoric tu quoques being thrown about by some people.

      I do take exception to this statement, though: "The West will never agree to a proposal that will in any way endanger or expose our hacking". History shows quite the opposite. Nations, including Russia and those of "the West", have been perfectly happy to propose, and agree to, all sorts of things in public, while ignoring them in private – and for that matter often abrogating them in public as well.

      There will be more proposals like this. There may well be treaties. They won't change much of anything, except perhaps the public posturing and claims of innocence. If anything, they'll be a bit more incentive for signatories to improve their false-flagging efforts.

      1. Anonymous Coward
        Anonymous Coward

        I think one of the great differences between Russia's hacking and that of the US is the targets - the US is going for government intelligence and nation-level attacks, while Russia is perfectly ok with targeting companies for profit and sowing misinformation and discord. On some level, I'm ok with one country trying to gain the secrets of another country. That's been done for as long as there have been countries. But ransoming companies, spreading misinformation, and intentionally causing strife is definitely not cool.

  13. FuzzyTheBear
    Big Brother

    Time and time over ..

    we saw the agencies in our own countries do all of this. head in the sand we can't have since Snowden. We all know the capabilities of the state of total surveillance , be it cell , telephone , radio waves , internet .. it's all in the open. It would also be foolish to think that the authorities don't have backdoor access to networks. as for encryption go .. i got a problem .. see .. would ANY government allow the people to have unbreakable military strength encryption in the first place ? Wouldn't they just step in and say no .. game over .. that cannot be used cause it can serve traitors , spies and criminals alike against the state ? .. that's something i got trouble believing. We were suspecting Huawei of having equipment that could be used to spy on us .. think that the intel agencies don't already have the same in the equipment made in our own countries ? That the equipment is free of backdoors ? Of course it ain't. What Russia proposes , basically , is only what already goes on here but we like to close an eye to pretending it don't already exist.

  14. HAL-9000

    Moi?

    Nothing like a bit of deflection, why shakedown your own cybercriminal gangs when you can pretend the problem is not yours. Let's hope the irony wasn't lost on the UN member state representatives

  15. Malachy33

    Hypocrisy at its best

    That is rich coming from the country that leads the world by far in originating online attacks and other cybercrime by a wide margin, much of it state sanctioned and paid for. What will they ask for next, that all other countries have to perpetually elect a friend of Putin as supreme leader for life?

  16. Neoc

    Am I the only one that cringed at the wording of these proposals:

    "the intentional creation, including adaptation, use and distribution of malicious software intended for the unauthorized destruction, blocking, modification, copying, dissemination of digital information, or neutralization of its security features, except for lawful research."

    "Malicious software": as defined by whom? Whoops, we don't like you, so you're software is malicious. But the people who work for us aren't.

    "Unauthorised destruction": yep, everything's fine and dandy so long as someone in power said it was OK. Country X can wipe your hard-drive if it's been authorised. Because we *know* all countries will follow the proper rule of law, right?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021