UN Cybercrime Treaty Could Lead to Sweeping Surveillance of Crypto Worldwide

The treaty’s current draft language would require crypto companies to implement intrusive mass surveillance systems, turning over financial information to governments automatically, say Marta Belcher and Kurt Opsahl of the Filecoin Foundation.

AccessTimeIconApr 13, 2023 at 5:12 p.m. UTC
Updated Apr 13, 2023 at 6:34 p.m. UTC
AccessTimeIconApr 13, 2023 at 5:12 p.m. UTCUpdated Apr 13, 2023 at 6:34 p.m. UTC
AccessTimeIconApr 13, 2023 at 5:12 p.m. UTCUpdated Apr 13, 2023 at 6:34 p.m. UTC

On Tuesday, the United Nations kicked off the second-to-last round of negotiations for a new international treaty on cybercrime. The latest draft includes language that, if adopted, would impose sweeping surveillance requirements on cryptocurrency and threaten financial privacy worldwide.

Article 93 of the draft treaty would require all nations that sign the treaty to implement onerous financial surveillance laws for cryptocurrency. Those financial surveillance laws would apply to any organization “engaged in activities related to the circulation of digital financial assets and digital currency,” even if they are nothing like a traditional financial institution. Like the dangerously broad Digital Asset Anti-Money Laundering Act introduced in the U.S. Senate, this incredibly broad language could be interpreted to include software developers, custodial and self-hosted wallet providers, miners, validators, nodes, non-fungible token non-fungible token (NFT) trading platforms and even users.

Marta Belcher is the president and chair of the Filecoin Foundation and the Filecoin Foundation for the Decentralized Web, as well as general counsel and head of policy at Protocol Labs. Kurt Opsahl is the associate general counsel for cybersecurity and civil liberties policy for the Filecoin Foundation. Their views are their own.

Those organizations would be required to implement intrusive mass surveillance systems and turn over their users’ sensitive financial information to the government automatically. They would need to collect identity information for all users engaging in transactions, maintain that sensitive data so that it can be handed over to the government, monitor for “suspicious” activities and automatically report certain transactions to the government. In addition, when any person is suspected of “possible involvement” in a cybercrime, these organizations would have to give the government not only the financial records of the suspect, but also the financial records of the suspect’s “associates” and family members – a shocking overreach.

In addition, those organizations could be required to “apply enhanced scrutiny” to any individual identified by any government that is a signatory to the treaty. Because the U.N. includes states with problematic human rights records, this provision is deeply concerning because it allows countries to designate people in other jurisdictions as targets for “enhanced scrutiny” for dubious reasons.

For blockchain network participants like developers and miners, compliance is not only onerous but in many cases impossible. For example, software developers have no idea who the end-user of their software may be, and cryptocurrency miners and validators have no way of knowing the identity of the people whose transactions they are facilitating.

Read more: Marta Belcher: Reframing Privacy for the Digital Age

In addition, the draft Article 93 attempts to eliminate any “banks that have no physical presence and that are not affiliated with a regulated financial group.” While “bank” is not yet defined in the treaty, this could be interpreted to encompass some decentralized finance projects, even if they’re otherwise lawful. Nations signing the treaty would be required to prevent such “banks” from being established in their own countries.

The negotiations have been ongoing for over a year, with language expected to be finalized in the fall. More than 130 human rights organizations and academics from around the world have already raised concerns about the adequacy of the treaty’s human rights protections, and tech policy experts have questioned its effectiveness against cybercrime. While protecting against ransomware, malware, and other attacks from cybercriminals is a noble goal, laws designed to enhance police powers in the name of crime prevention can too often lead to civil liberties violations.

Many leaders from civil society are taking part in the negotiations and working to make sure that the treaty respects human rights. We urge all those participating in the negotiations to push back against Article 93’s sweeping financial surveillance requirements in order to defend financial privacy worldwide.

Edited by Ben Schiller.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk offers all employees above a certain salary threshold, including journalists, stock options in the Bullish group as part of their compensation.

Marta Belcher

Marta Belcher is the president and chair of the Filecoin Foundation, general counsel and head of policy at Protocol Labs and special counsel to the Electronic Frontier Foundation.

Kurt  Opsahl

Kurt Opsahl is the Associate General Counsel for Cybersecurity and Civil Liberties Policy for the Filecoin Foundation. He is a member of the CISA Cybersecurity Advisory Committee’s Technical Advisory Council, the Open Archive Advisory Board, and the Zcash Community Advisory Panel.