Current Internet Governance Challenges: What’s Next?

14 Nov 2017

Geneva, Switzerland

Event report

The event was moderated by the Chief of Strategic Planning and Membership Department at the International Telecommunication Union (ITU), Ms Doreen Bogdan-Martin, who welcomed participants to the discussion on what is next in Internet governance. What role can and will governments, civil society and international organisations play in fostering the 2030 Agenda for Sustainable Development? Do we need new forms of co-operation and partnership? What can the industry do ‘to earn everyone’s trust everyday’? The co-moderator for the session was the Director of DiploFoundation and Head of the Geneva Internet Platform, Mr Jovan Kurbalija, who followed the online discussion which took place simultaneously.

The session was opened by the Director-General of UN Office in Geneva, Mr Michael Møller, who reminded everyone that more than 3.5 billion people remain unconnected to the Internet, while the rest can have the entirety of human knowledge in a single device. While none of the sustainable development goals (SDGs) can be achieved without the Internet, technological progress also produces challenges, increasing the means for surveillance by governments, but also expanding the data collection capabilities of private companies. Among the key challenges is the risk of conflict and a new arms race in cyber weapons. We are faced with an urgent governance challenge, Møller emphasised, noting the political will, focus, and momentum to find solutions to problems such as online terrorist propaganda and extremist violence in fora such as the UN or the G7. ‘A dialogue around a digital Geneva Convention needs to include everyone; whatever the outcome we ultimately agree on, it should be people and value-centered’ concluded the director-general. Recognising that nobody can solve the problems of technological progress alone, it is timely to have the discussion in Geneva, a global hub for Internet governance, and a place where discussions can progress towards global rules.

Providing opening remarks for the 10th edition of the Geneva Lecture series, the Executive Director of UNITAR, Mr Nikhil Seth, also highlighted the need to include the unconnected. Only 17% of the population in least developed countries has access to the Internet. He urged that in Internet governance discussions we should not miss the fact that so many billions do not have access. Technology is never impact-neutral and we should remain aware of the major divide between the hyper-connected world and those who have nothing. There is no better place than Geneva to discuss these issues, as it is more intellectually driven, less political and more open than other global hubs. In conclusion, he called for the UN and the private sector to work jointly to ensure the world of tomorrow is built on principles of rights, security, fairness and inclusivity.

In his keynote, the President and Chief Legal Officer of Microsoft, Mr Brad Smith, outlined the opportunities and challenges that confront the world as it becomes digital. He drew a parallel with the 1959 Battle of Solferino, whose hallmark was the impact of new technology in armed conflict, namely by inflicting more suffering. He talked about Henry Dunant, the businessman who happened to be in Solferino for a private meeting with Napoleon III, but witnessed the human suffering on the battlefield and dedicated the rest of his life to alleviating that. He founded the Red Cross on the recognition that humanity needed to catch up with technology. He succeeded to convince others that medical personnel should be protected in times of war in order to treat those whose lives were at stake (independent of the sides taken). For Smith, this basis lead to the successes associated with the spirit of Geneva, including advances in bio-weapon regulation, humanitarian law, the banning of landmines etc. Yet technological innovation also means the development of weapons; in our generation, that happens in cyberspace. Smith noted that a new arms race is starting and the fundamental question is: what will we as a planet make of the development of cyber weapons?

The Wannacry attack on 12 May 2017 affected more than 200 000 computers in 150 countries, followed by other attacks equally disruptive. The tech industry has the first responsibility in cybersecurity, affirmed Brad Smith: ‘we must adapt the sets of responsibilities that is incumbent upon us’. Real-time data can now be used to respond to a threat immediately, but cybersecurity has to be a shared responsibility. 90% of all cyber attacks start with somebody clicking on a link in an email, therefore the tech sector needs to be the first respondent. Smith further called for a new tech sector accord, to adopt the same principles that medics did after the battle of Solferino, namely that it would not help any government attack anyone anywhere, that it would assist anyone who is injured anywhere and work together to share information about threats and respond quickly. In that sense, the technical sector can be treated as a ‘neutral digital Switzerland to protect people around the world’, emphasised Smith.

Pointing out that new rules are needed to solve cybersecurity problems, Smith called for a new digital Geneva Convention, for governments to agree not to attack civilians or civilian infrastructure in times of peace, and not use cyber weapons; they should also agree to work together with the private sector to respond to cyber incidents, building on existing international law. He concluded his speech with the message: ‘Cybersecurity needs to be a cause for our times’ and ‘all communities must contribute and learn from each other to find solutions’.

The panel discussion focused on the human rights perspective and the application of humanitarian law to cyber attacks. The Deputy High Commissioner for Human Rights (OHCHR), Ms Kate Gilmore, was asked to reflect on the way in which human rights could be integrated in Microsoft’s proposition. She stressed that the human-centered approach drives technology, and a rights-based approach should be at the core, to bring dignity and respect to the fore. Alongside opportunities, the digital technology is also perpetuating discrimination and reproducing inequality. This is corrosive on the future of democracy, together with an understanding that we have analogue leaders for a digital world. ‘We are the first generation that can choose to be the last, but we can also make the digital world more inclusive and fairer’, she noted.

The next speaker, the Head of the Delegation of the International Committee of the Red Cross (ICRC) to the United Nations in New York, Mr Phillip Spoerri, clarified the relationship between the international humanitarian law (IHL) and the ICRC’s role and mandate, as well as the focus of his organisation on the potential human cost of armed conflict. Just as in their daily activities and observations substantiated in field operations, the foreseeable effects of rules should be in focus. In his view, new rules should build on existing laws, which applies to cyber-operations in a number of ways: attacks against essential civilian infrastructure constitute violations of IHL if they are not military objectives and whenever the consequences are similar to a kinetic attack.

A Digital Geneva Convention would be about protecting civilians in times of peace; currently, states surround the development of cyber capacity with secrecy. There is a lack of a collective agreement on how to move forward on cybersecurity matters, but the central players will continue to be the states themselves – interpreting, clarifying and implementing rules.The industry involvement in discussions about binding rules is not new; it has lead to agreement on the chemical and biological weapons, arms trading, autonomous weapon systems etc. The technical expertise of companies is important to inform the assessment of the human costs of operations. In this field, the ICRC contributes with its legal expertise and the technical analysis of cyber-weapons.

In his answers to the questions directed at him, Smith focused on the need to bring everyone around the table to discuss the state of play today. He reminded the audience about the history of Red Cross and the clear understanding that led to its establishment. Henry Dunant first reflected on the horrors brought about by war in his memoirs and the first step in cybersecurity should be to share what we are seeing, he said. Smith further drew attention to the discussions he had with other companies welcoming the proposal for a Digital Geneva Convention: they share the vision and are ready to sign an accord recognising the tech sector as the first one responsible.

In her intervention during the Q&A, Gilmore stressed the evolution of responsibility across a number of fields: ‘We have been here before with regards to slavery and child labour; we are here regarding environmental footprint of activities, we have to come here with regards to capital, profit and taxation’. She noted the complex relationship between governments and business: many decisions for good governance are outsourced to the private sector without applying the same rules online  as those that regulate the offline world. There is also a need to be cautious about the governments’ intent to instrumentalise cyberspace to violate privacy and diminish participation in public life.

Summarising the online comments, Kurbalija brought forward three sets of questions: do we have rules for cyberspace and how can they be implemented? What lessons can be learned from similar governance processes? What are the responsibilities of the tech sector? The ensuing discussion touched on the limitations of technologies and the need for a political agreement, the new sense of global comments that needs to emerge, as well as the evolution of cybersecurity as an asymmetric power field. The path forward must involve the rule of law and the agenda should not be run by fear, but by a justice system worthy of the challenges, the panelists concluded. The solution might come from a step-by-step approach.