The U.N. Cybercrime Convention Is a Promethean Moment

The United Nations’ Cybercrime Treaty can do more to protect women.

Cybercrime has increased as technology and its applications have grown. On December 24, 2024, the United Nations General Assembly adopted a treaty entitled “Countering the use of information and communications technologies for criminal purposes.” The treaty is also known as the Cybercrime Convention. The Cybercrime Convention is the first international criminal justice treaty of the 21st century, and the process of its development took five years and included input from stakeholders from both the public and private sectors. At the time of adoption, Philemon Yang, president of the U.N. General Assembly, highlighted the importance of the new Convention:

We live in a digital world, one where information and communications technologies have enormous potential for the development of societies, but also increases the potential threat of cybercrime.

The Preamble to the Convention includes a recognition of the importance of “mainstreaming a gender perspective in all relevant efforts to prevent and combat the offences covered by this Convention, in accordance with domestic law.” This declaration, however, is not followed up with substantive provisions that could meaningfully strengthen the Convention.

At a time when tech leaders such as Mark Zuckerberg bemoan the reduction in “masculine energy” in corporate culture, it is important to bring gender awareness to the tech world and to this first international convention on cyberspace. I will analyze a gender perspective in the context of our types of cybercrime: cyber-trafficking, non-consensual sharing of intimate images, cyber-grooming, and cyber scams.

The Preamble to the Convention includes a non-exhaustive list of crimes, including trafficking in persons, but falls short of noting cyber-trafficking as an urgent women’s rights concern. According to a U.N. report, however, 65 percent of all trafficking victims globally are women and girls, and more than 90 percent of detected female victims are trafficked for the purpose of sexual exploitation. Four years ago, a U.N. General Assembly resolution adopted at the 75th session noted that the increased risk of poverty women experience can disproportionately increase their risk of being trafficked. The Cybercrime Convention, however, falls short of making an explicit reference to cyber-trafficking of women. Over the last few decades, social media platforms such as Facebook, Snapchat, WhatsApp, and Xbox Live have also been used to recruit victims, largely women and children, through either direct messaging or “catfishing.”

Cyberspace can also serve as a platform for cybercrimes to target, harass, and traffic women for terrorist purposes. For example, ISIS and Boko Haram used cyberspace—including through videos, blogs, and social media messaging—to recruit young girls.

Furthermore, the United States, in its statement on the Convention, noted that Articles 14 to 16 “reflects an historic achievement in the effort to combat the nonconsensual distribution of intimate images, which disproportionately affects women, and child sexual abuse material and online grooming of children for sexual purposes.” The Convention itself does not mention women, however. A University of Exeter study shows that females disproportionately suffer intimate image abuse, otherwise known as “revenge porn.”

The rise of deepfake technology poses a specific threat to women. More than 90 percent of deepfake victims are women who experience online sexual harassment and nonconsensual deepfake porn. The gendered silences in the Convention must be filled by national legislation drafted in compliance with the new Convention.

Article 15 of the Convention also addresses cyber-grooming, or the “solicitation or grooming for the purpose of committing a sexual offence against a child,” and calls upon domestic law to address “intentionally communicating, soliciting, grooming, or making any arrangement through an information and communications technology system for the purpose of committing a sexual offence against a child.”

Under the Council of Europe’s Lanzarote Convention, the signatory states are obligated to criminalize the behaviors commonly referred to as “child grooming.” This pertains to the act of enticing minors, predominantly using the internet, for the purpose of committing sexual abuse or producing child pornography.

Although cyber-grooming has been named before, its naming in a global convention is important, especially for women and girls. Research by the United Kingdom’s National Society for the Prevention of Cruelty to the Children shows that four in five victims of online grooming crimes are girls. Therefore, the gender aspect of grooming needs to be emphasized in domestic legislation in line with the new Convention.

Cyber scams also target women and impact them differently. Cybercrimes are exploiting AI to engage in identity theft scams, which poses a threat to personal and financial security. Cyber attacks that target women include malware, ransomware, Trojan horses, denial-of-service attacks, and distributed denial-of-service attack. As a result of these attacks, women can lose access to critical information that ensures their personal safety, both in and outside the intimate sphere, which may negatively affect their economic well-being and physical safety. Women in the informal economy rely heavily on mobile communications to send and receive money and conduct e-commerce. In many countries, including Cameroon and Ethiopia, women in particular use WhatsApp or Telegram groups to sell household items. Internet shutdowns and Spyware ransomware negatively affect women’s use of e-commerce by limiting their economic autonomy and opportunity for social mobility.

Data breaches may also carry differentiated gendered effects. In cases where medical data is exposed, for example, revealing the personal information of women—such as in relation to reproductive care—might have harmful gendered consequences.

For example, in July 2016, São Paulo, Brazil was crippled by a data breach exposing the personal data of an estimated 650,000 patients in the Brazilian public health system. This breach exposed critical information on reproductive care. Information and data on women’s health—including menstrual cycles, pregnancy, and birth control—are increasingly vulnerable to cybersecurity risks, especially when leaked data can enable personal information to be used against women offline. In another data breach in Chile in 2016, more than three million health records—which included the names, ID numbers, and addresses of people living with HIV, and women and girls who asked for the morning-after pill in a public hospital—were exposed to the public.

The new U.N. Cybercrime Treaty will hopefully provide governments with an opportunity to regulate cybercrime while remaining alert to any restrictions on the human rights of political dissenters and human rights defenders. The overreach of cybercrime laws may affect the work of female human rights defenders and journalists.

The Human Rights Council Resolution 49/21, which focused on disinformation and human rights, recognized the role of gender in relation to misinformation and disinformation—specifically the targeting of women leaders, human rights defenders, politicians, and journalists with online disinformation campaigns. The 2023 report of the Special Rapporteur on freedom of information and expression on “disinformation and freedom of opinion and expression” similarly identified the need for gendered perspectives in addressing misinformation and disinformation. Similarly, the General Assembly resolution on access to justice for sexual violence in conflict, introduced by Sierra Leone and Japan and adopted in 2022, recognized both online and offline violence.

Thus, although I agree with the Office of the High Commissioner on Human Rights that the new Convention needs explicit human rights safeguards, I argue that gendered aspects of cybercrime cannot be invisible in the translation of the seminal U.N. Cybercrime Convention into national law.