Career connections: transnational expert networks and multilateral cybercrime negotiations

ABSTRACTThe Council of Europe’s Budapest Convention on cybercrime (2001) remains a key landmark in multilateral governance on cybersecurity. Negotiated over two decades ago, this regional agreement gains renewed significance today through its enduring impact, its rarity as a binding multilateral agreement on cyber-issues, and its role in shaping the debate on free speech and the criminalization of online content. This article asks how the almost-total exclusion of content crimes from the Convention can be explained. Drawing on new documents published for the twentieth anniversary of the Convention, including detailed testimonials from its chair and principal drafters, the article highlights the importance of long-term career connections among technically-savvy and diplomatically experienced negotiators, creating a transnational policy network that overcame differences and power imbalances. Understanding how the Budapest Convention resolved disagreements helps contextualize current crises in multilateral cybersecurity and cybercrime governance and provides a path away from growing digital authoritarianism.KEYWORDS: CybersecuritycybercrimemultilateralismgovernanceBudapest Conventionexpertise AcknowledgmentsI thank the editors of the special issue at The Hague Program on International Cyber Security for the opportunity to contribute to this issue, and the editors and reviewers at Contemporary Security Policy for their guidance and feedback. I also thank the team of the International Security Programme at Chatham House for their support in writing this article, and for enabling my participation in various cybercrime forums as a non-state multistakeholder organization.Disclosure statementNo potential conflict of interest was reported by the author(s).Notes1 It should be noted that issues of unreliability and unduly positive memory are common across qualitative methods, including interviews. In this way, while commemorative materials pose specific challenges for interpretation, these challenges are equivalent to those faced by other methodological routes; in each case, the guiding principle must be to incorporate critical analysis of such factors into the interpretation.2 Workshop held under the Chatham House Rule on 8 February 2023.3 The standard term used in this area is now child sexual abuse material (CSAM), avoiding problematic associations and conflations with adult pornography, legal in many jurisdictions.4 While many Arab states subsequently adopted national cybercrime laws, their first iterations did not refer to the Arab Convention, and it was ratified (phrased more loosely as “certification or acceptance or ratification” in the Arabic original) by only 11 of the 22 members of the League of Arab states (most recently Bahrain in 2017).Additional informationNotes on contributorsJames ShiresJames Shires is a senior research fellow in cyber policy at Chatham House. He is a co-founder and trustee of the European Cyber Conflict Research Initiative (ECCRI), and is a non-resident associate fellow with The Hague Program for International Cyber Security. He speaks regularly and has published extensively on cybersecurity and global politics, including The Politics Of Cybersecurity In The Middle East (Hurst/Oxford University Press, 2021) and Cyberspace and Instability (ed., Edinburgh University Press, 2023). A full list of publications is available at https://www.jamesshires.com/research.