Stronger together: multistakeholder voices in cyberdiplomacy | IGF 2023 WS #107

John Hering

The analysis includes various speakers discussing cybersecurity and multi-stakeholder inclusion in dialogues. One speaker notes the increasing professionalism of cybercrime, with a growing focus on critical infrastructure sectors. Microsoft’s annual digital defense report highlights this trend. Moreover, 41% of observed nation state cyber operations target critical infrastructure.

Another speaker raises concerns about the integration of cyber operations in armed conflict, citing the situation in Ukraine as an example. Urgent discussions, particularly at the United Nations, are needed to address this rising concern.

The ownership and operation of cyberspace by private entities is also discussed. It is emphasised that cyberspace is primarily owned and operated by private entities, necessitating a proper multi-stakeholder approach to tackle conflicts in this shared domain.

Improving the United Nations’ processes for including multi-stakeholder voices in cybersecurity dialogues is identified as a key issue. The current approach is described as ad hoc and patchwork.

The importance of accountability and understanding existing cybersecurity norms is highlighted. Holding countries accountable for violating norms and focusing on implementation rather than creating new norms are deemed important.

Another speaker advocates for multi-stakeholder inclusion in future cybersecurity dialogues. The non-governmental stakeholder perspective is considered essential for impactful outcomes, transparency, and credibility.

Challenges faced by non-governmental stakeholders in engaging with processes like the Open-Ended Working Group are discussed. The speaker acknowledges the progress made since the first multi-stakeholder consultation in 2019.

Improving the process of multi-stakeholder engagement and learning from successful first committee processes are advocated for. Structured non-governmental stakeholder engagement and a comparison with successful processes are seen as crucial.

The hindrance of multi-stakeholder inclusion in dialogues by escalating geopolitical tensions is mentioned. It is noted that these tensions have blocked voices, including Microsoft, from participating effectively.

The importance of multi-stakeholder inclusion in future dialogues is stressed, highlighting its role in transparency, credibility, and aiding in implementation efforts.

Insights from different stakeholders are valued for a holistic understanding of the issues. Effective dialogues and engagement with governments are seen as important for gaining insights into their perspectives.

The goal of achieving a gold standard of multi-stakeholder inclusion is expressed. Working towards a higher level of inclusion is seen as necessary.

The legitimacy of questioning the involvement of private companies in discussing governance at national or international levels is acknowledged. However, it is argued that these companies should have a voice in such dialogues, with decision-making authority ultimately resting with governments.

The summary accurately reflects the main analysis, covering various aspects of cybersecurity and multi-stakeholder inclusion. It includes relevant long-tail keywords and adheres to UK spelling and grammar.

Joyce Hakmeh

The analysis explores the challenges and benefits of multi-stakeholder participation in UN Information Security Dialogues. One of the significant challenges mentioned is that some states actively block multi-stakeholder participation. Additionally, there is a lack of conviction among states regarding the value that multi-stakeholders bring to the table. States often perceive the multi-stakeholder community as a uniform group with the same agenda, which further hampers their participation. Moreover, there is a lack of strategic and consistent engagement with multi-stakeholders by supportive states. This lack of engagement creates uncertainty for multi-stakeholder groups regarding their accreditation in UN processes.

On the other hand, there is a supportive stance towards increased multi-stakeholder participation. The role of multi-stakeholders in the cybercrime convention marks an important milestone as it is the first time they are attempting to shape a legal instrument within the UN regarding cyber issues. Participants argue that multi-stakeholders bring diverse perspectives, and their input can significantly influence decision-making processes. Furthermore, in the context of establishing new processes in cyber and digital technologies governance, it is crucial to include multi-stakeholder participation from the beginning. Transparency and clear criteria for inclusion and exclusion are seen as essential components of good modalities in these governance processes.

The speakers emphasize the need for multi-stakeholders to prove their value through concrete actions such as providing data, conducting research, and offering capacity building. This is especially necessary because some member states do not fully understand the value that multi-stakeholders can bring. Additionally, the analysis highlights the importance of not solely focusing on the multilateral level but also considering the national and regional levels in digital technologies governance.

Collaboration and input from various stakeholders, including civil society organizations and industry, are seen as mutually beneficial. Multi-stakeholder involvement aids governments in quality control and gathering diverse ideas during negotiations and decision-making processes related to digital issues. However, the speakers emphasize the need for these collaborations and inputs to be more strategic, ambitious, and inclusive, rather than narrowly involving only big tech companies.

Furthermore, the analysis suggests that the current composition of multi-stakeholder groups is primarily Western-dominated, calling for more regional inclusion. It is argued that there is a wealth of valuable experiences and perspectives at the regional and national levels that can enhance UN processes and initiatives.

The analysis also highlights the importance of better coordination among multi-stakeholders. While it is important to improve collaboration with governments, it is equally crucial to enhance collaboration among the multi-stakeholders themselves to ensure diverse voices are included in the discussion.

The fragmentation of cyber negotiations is acknowledged as a present reality, with various negotiations focusing on different aspects of cyber issues. The interconnectivity and overlap of activities in cyberspace challenge the artificial separation between negotiations dealing with international peace and security and those dealing with criminal activities.

In conclusion, the speakers advocate for increased multi-stakeholder participation in UN Information Security Dialogues. While there are challenges such as states blocking participation and lack of conviction, the benefits include diverse perspectives, shaping legal instruments, and influencing decision-making processes. The analysis calls for the development of good modalities from the start, the provision of concrete evidence of value by multi-stakeholders, inclusion of regional and national levels, better coordination, and a focus on inclusive collaboration.

Nick Ashton Hart

The analysis explores the need for increased stakeholder participation in policy-making and decision processes, focusing on cybersecurity and international commerce negotiations. The lack of stakeholder involvement and frustration with current procedures are identified as significant issues that need attention.

One speaker emphasises the value that stakeholders bring to these decision-making processes. The absence of their input not only results in the loss of valuable perspectives and expertise but also undermines the legitimacy and effectiveness of the policies and decisions made. Additionally, frustration is expressed concerning the application and veto process in cybersecurity procedures. The closed nature of the World Trade Organization (WTO) negotiations on electronic commerce excludes stakeholders completely, limiting their ability to contribute and raising concerns about transparency and fairness.

In response to these challenges, one speaker proposes the implementation of a policy on stakeholder participation. Such a policy would transform stakeholder involvement into an administrative process, ensuring their perspectives are consistently considered and incorporated into policy-making. It is suggested that many states would support this policy if a vote were to take place, indicating a growing recognition of the need for increased stakeholder participation.

Another speaker supports a campaign to address the issue of stakeholder participation once and for all. Some states are indifferent to involving stakeholders and find the arguments and disagreements on this topic tiresome. A resolution would save time and energy by establishing a clear framework for stakeholder participation. The importance of stakeholder involvement, particularly in the context of cybersecurity, is stressed. It is believed that their participation would drive a more ambitious cybersecurity agenda, bridging the gap between current offerings in international cybersecurity and the actual need for comprehensive and effective solutions.

In conclusion, the analysis highlights the necessity of enhanced stakeholder participation in policy-making and decision processes related to cybersecurity and international commerce negotiations. The establishment of a clear policy or a campaign to address this issue is crucial to bring valuable perspectives and expertise to these processes and to achieve more effective and legitimate outcomes. Furthermore, stakeholder involvement is essential for bridging the gap between the current offerings and the actual need in international cybersecurity, leading to a more comprehensive and robust approach to addressing cyber threats.

Charlotte Lindsey

In a recent analysis, it has been highlighted that the veto power within the Open-Ended Working Group limits the participation of various organizations, a concern raised by Charlotte Lindsey. This poses a challenge for multi-stakeholder civil society organizations who strive to contribute to multiple parallel processes. However, the analysis also acknowledges that civil society organizations play a significant role by providing valuable data, evidence, and practical recommendations.

Another area of concern is the lack of transparency and clarity in the process for non-state actors to contribute. This issue is seen as a barrier to their meaningful engagement. To promote inclusivity, it is suggested that the scope of participation should be extended to include organizations operating at national and regional levels.

Charlotte Lindsey urges the creation of a dedicated forum that includes all stakeholders, as it would foster legitimacy and help shape future instruments. The involvement of civil society organizations in such a forum could facilitate the implementation of cyber norms by connecting different actors and building partnerships.

Additionally, it is recommended that states establish a mechanism that reflects the multi-stakeholder nature of cyberspace. This would enable relevant stakeholders to contribute to discussions and ensure transparency and credibility in decision-making processes.

The analysis also highlights the importance of increasing the representation of African countries in global processes. It notes that there is a willingness among ambassadors from the African Union in Geneva to engage and learn more about these processes. To foster the participation of African countries, there is a need for capacity-building efforts to enhance the skills of representatives from the African Union in negotiations.

To encourage wider participation, it is necessary to demystify the processes involved. Participants from the African Union reported a misconception that they could not contribute due to a lack of familiarity with the debates. Efforts should be made to provide clear information and guidance to potential participants.

Lastly, the analysis emphasizes the importance of fact-based framing and timely input for effective engagement. Even if organizations cannot actively participate in discussions, the ability to produce valuable input is recognized and valued.

In conclusion, the analysis highlights the need for greater inclusivity, transparency, and recognition of the value that civil society and multi-stakeholders bring to the table. Creating dedicated forums, enhancing representation, demystifying processes, and promoting fact-based engagement are essential steps towards achieving these goals.

Speaker

Joyce Hakmeh is the director of the international security program at Chatham House and actively participates in various UN cyber projects. In her role, she leads these projects, focusing on advancing cybersecurity and addressing emerging challenges in the evolving digital landscape. Hakmeh follows UN cyber processes such as the open-ended working group and the cyber crime convention, which play a pivotal role in shaping global standards and policies in the fight against cyber threats. Moreover, she is part of the international security National Research Institute, further showcasing her expertise and dedication to the field.

Nisha serves as the director of the Cyber Security Institute in Geneva and actively engages in UN processes. She is particularly involved in the open-ended working group and the ad hoc committee on cybercrime. Nisha’s primary focus lies in providing evidence and data-driven analyses of the cyber landscape, aiming to develop a comprehensive understanding of the challenges and potential solutions. By utilizing facts and data, she contributes to the formulation of effective strategies and policies to combat cyber threats and ensure a secure digital environment.

Joyce Hakmeh and Nisha both play crucial roles in the field of cybersecurity, making significant contributions to UN cyber processes. They bring their expertise and experiences to the table, actively participating in discussions and decision-making processes concerning global cybersecurity challenges. Through their involvement, they strive to enhance international cooperation and strengthen partnerships in addressing cyber threats.

Overall, the work of Joyce Hakmeh and Nisha underscores the importance of collaboration and knowledge-sharing in tackling cybersecurity issues. Their commitment to the field and active participation in UN cyber processes demonstrate their dedication to improving the security and resilience of digital infrastructure worldwide. Their expertise and insights serve as valuable resources in shaping effective strategies to combat cyber threats and ensure a safer digital future for all.

Pablo Castro

Pablo Castro, a cybersecurity expert, emphasises the importance of implementing existing norms rather than establishing new ones. He believes that instead of focusing on developing new norms, it is more crucial to focus on effectively implementing the current 11 norms. Castro argues that regional-level implementation of norms should be a priority for Latin America. This approach would ensure a strong foundation of cybersecurity practices and strengthen the overall security posture in the region.

Castro also supports the role of stakeholders in assisting states to improve the implementation of cybersecurity norms. He believes that stakeholders, such as industry experts and civil society organizations, can provide valuable insights, expertise, and resources to help states in the process of moving forward. To exemplify this, he mentions that Chile proposed a new set of Confidence Building Measures (CBMs) specifically aimed at leveraging stakeholder involvement to enhance the implementation of cybersecurity norms.

In addition to implementation, Castro highlights the need for capacity building in the Latin American region. He argues that capacity building is crucial to improve cybersecurity efforts and to bridge any existing gaps in expertise and resources. He mentions that several Latin American states made a joint statement in July, highlighting the importance of capacity building in the region.

Castro also emphasizes the need for a strategic approach to engage stakeholders in cybercrime processes. He suggests creating a clear strategy that defines specific roles for stakeholders in future dialogues, such as the Program of Action (PoA). This approach ensures that stakeholders are actively involved in shaping cybercrime policies and addressing challenges related to international law, norms, and Confidence Building Measures.

Advocating for partnerships between stakeholders and states, Castro calls for increased collaboration in specific tasks. He believes that by working together, stakeholders and states can better address the complex challenges of cybersecurity. He encourages stakeholders and states to establish strong working relationships to foster effective collaboration and improve cybersecurity efforts.

Furthermore, Castro underscores the importance of strategic dialogue with stakeholders. He observes that stakeholder opponents often have clear strategies and goals, making it essential for proponents to engage in more strategic and well-planned dialogues. He suggests developing a counter-narrative to address opposition and effectively advocate for stakeholder participation.

Castro also mentions the significance of working beyond formal meetings and rooms to achieve progress in cybersecurity. He believes that a lot of influence can be exerted outside formal settings, particularly at the regional level. He highlights the major opportunities for meetings and collaboration that regional initiatives present, making them critically important for advancing cybersecurity efforts.

From his analysis, Castro notes the struggles countries face in cyber discussions due to geopolitical and cultural differences. He highlights how these differences can lead to fragmentation in discussions and potentially result in different internets in the future. This underscores the importance of finding common ground and fostering collaboration despite these challenges.

In conclusion, Pablo Castro provides valuable insights into the importance of implementing existing norms, engaging stakeholders, building capacity, and forming partnerships in the field of cybersecurity. His emphasis on strategic dialogue, regional initiatives, and the need for an action-oriented approach through frameworks like the Program of Action demonstrates his comprehensive understanding of the challenges and opportunities in the cybersecurity landscape. Overall, his viewpoints contribute to a more holistic and collaborative approach to addressing cybersecurity concerns.

Bert

The Internet Governance Forum (IGF) and the United Nations (UN) have different discussion approaches. While the IGF promotes equal discussions, the UN discussions are more intergovernmental and less friendly to stakeholders. This discrepancy is concerning as it highlights the lack of stakeholder inclusion and equality in the UN’s discussions on cyber governance. The Open Networking Group faces challenges in discussing real-world threats like cyber espionage. It struggles to have an open discussion on these issues, which is important for addressing the evolving threat landscape. To address this, the Open Networking Group needs to be more transparent and open about cyber espionage discussions. Clear violations should be called out, ensuring a better understanding among stakeholders.

Implementing international law is crucial in cyber governance. The General Assembly has confirmed that international law applies fully, but there is a need to focus on better implementation and understanding of the existing normative framework. The Open Networking Group will dedicate sessions to this question next year. Some argue for new norms, while others believe that a better understanding of existing norms is sufficient.

Inclusive multi-stakeholder involvement is key in decision-making processes related to cyber governance. Non-state participants have been invited to negotiations in the Human Rights Commission, and NGO representatives are involved in government delegations in some countries. The Program of Action (POA) should focus on implementing the existing normative framework and involve non-state actors. This collaboration can facilitate efforts and coordination between stakeholders.

The involvement of stakeholders has been politicized, and moving it from a political process to an administrative matter is suggested. This administrative approach can remove unnecessary barriers and streamline decision-making. A one-size-fits-all forever resolution for stakeholder participation may not be ideal, as future circumstances may require different rules.

The upcoming global digital compact discussions should involve various stakeholders, despite opposition from some countries. The input and perspectives of different stakeholders are essential for an inclusive and effective digital compact. Bert supports a strong role for the mighty stakeholder model and the IGF, advocating for an inclusive approach involving industry partners, academics, and experts.

Negotiations must be inclusive, with representation from different countries. Availability of funding for travel aids representation, ensuring active participation from a broader range of countries. The quality of discussions varies based on the level and diversity of participation. Inclusive discussions lead to a better understanding of the issues at hand.

More funding and support are needed to facilitate multi-stakeholder participation in cyber governance. Denial of funding for extensive travels hinders effective participation. The COVID-19 pandemic has unintentionally democratized multilateral processes, allowing for more remote participation and inclusivity. While negotiations occur internationally, it is essential to engage at the national level as well.

Stakeholder involvement in the global digital compact process is emphasized, utilizing the national IGF for discussions and preparation. Partnerships and value contribution are crucial for effective decision-making, amplifying the impact and improving feedback provision.

In conclusion, there are discrepancies between the IGF and the UN discussions on cyber governance. Open and transparent discussions are crucial for addressing real-world threats. Implementation and understanding of existing norms are necessary, alongside multi-stakeholder involvement and inclusivity. Adequate funding and support are needed for equal and inclusive participation. The COVID-19 pandemic has unintentionally increased remote participation and democratized multilateral processes. National and stakeholder engagement are vital for effective cyber governance. The development of a global digital compact requires multi-stakeholder involvement and partnerships, with organizations having a potentially underestimated impact.

Eduardo

The discussion at hand revolves around questioning the legitimacy of companies participating in multi-stakeholder discussions within the sphere of international law development. This topic is relevant to Sustainable Development Goal (SDG) 16, which focuses on achieving peace, justice, and robust institutions.

Several concerns are raised regarding the involvement of companies in these discussions. One concern relates to democratic issues. It is argued that when companies participate in discussions shaping international law, it raises questions about democratic representation. In a democratic system, decisions about laws and regulations are ideally made by elected representatives who are accountable to the citizens. However, the inclusion of companies in these discussions potentially bypasses this democratic process.

Another point of contention revolves around the conflict of interest that companies may have when participating in these discussions. Companies, by their nature, prioritize their own interests and profits. In international law development, where decisions are made with the aim of benefiting society as a whole, the alignment of companies’ interests with broader societal interests becomes a concern. The question arises as to whether the participation of companies in these discussions could lead to biased outcomes that favor their own agendas.

Furthermore, the lack of direct election by citizens is raised as a valid concern in questioning the legitimacy of companies’ involvement. Unlike elected representatives who are accountable to their constituents, companies operate under their own governance structures. This lack of democratic oversight over their participation in multi-stakeholder discussions adds to concerns about the legitimacy and transparency of the decision-making process.

The sentiment towards these issues is negative, as the concerns raised highlight potential flaws in including companies in multi-stakeholder discussions on international law development. However, it is important to note that Eduardo’s stance is neutral as he is simply relaying a question posed by Amir Mokaberi on this matter.

The analysis emphasizes the complexity of balancing the involvement of various stakeholders, including companies, in shaping international law. The insights gained from this discussion emphasize the need for further exploration and deliberation on how to ensure legitimacy, transparency, and democratic representation in such multi-stakeholder forums.

Marie

Cybersecurity discussions have been ongoing since 1998, but their scale has significantly increased in recent years. There is a clear need for broader multi-stakeholder involvement in these discussions, including the participation of the technical community. However, the current level of inclusivity falls short of expectations.

Collaboration between different stakeholders is crucial in effectively addressing cybercrime issues, both within the United Nations and in other forums. Marie emphasizes the importance of connecting cybersecurity discussions in various domains to promote a secure and trustworthy online environment. The emergence of numerous multi-stakeholder initiatives is inspiring and can potentially enrich engagements beyond traditional diplomacy.

The lack of mention of the technical community in the report of the open-ended working group highlights the need for its inclusion in cybersecurity discussions. Marie insists on continuing dialogues with stakeholders such as the technical community, as their involvement enhances understanding of their potential contributions.

While discussions have grown in scale, it is challenging for developing countries to allocate resources and time to processes primarily taking place in Western countries like the UN. Marie highlights the importance of ongoing discussions at national and regional levels, emphasizing the value of long-term engagement in shaping informed policies.

Marie further emphasizes the significance of stakeholder engagement, drawing from her experience working on cyber issues in the Netherlands. She advocates for the use of platforms like the IGF, RightsCon, and GFC for open discussions and aims to demystify discussions in the first committee for stakeholders.

Capacity-building and the spread of knowledge regarding the normative framework are identified as essential elements in the field of cybersecurity. Marie’s team endeavors to share their knowledge about the first committee to enhance engagement, participating in regional meetings and holding cyber policy discussions.

Marie encourages non-governmental stakeholders to share information, facts, and the impact of projects, as this input can add value to the discussions within the context of the UN. Continuous involvement of all stakeholders and their accountability in taking the right positions are crucial. Marie acknowledges that the process can be frustrating but assures that raised issues do make their way into the final reports.

The idea that all stakeholders, including the private sector and civil society, should have a voice in policy-making dialogues related to cybersecurity is strongly supported. This inclusive approach recognizes the importance of considering a wide range of perspectives in shaping effective and comprehensive cybersecurity policies.

In conclusion, cybersecurity discussions have grown significantly since their inception in 1998. Broader multi-stakeholder involvement, particularly including the technical community, is needed to effectively address cybercrime. Inclusivity in these discussions must be improved, and collaboration between different stakeholders is crucial. Regional and national initiatives, capacity-building, and knowledge sharing are essential for robust engagement. Continuous involvement and accountability of all stakeholders are emphasized to ensure the right positions are taken and all perspectives are considered in policy-making dialogues.

Audience

The analysis reveals a significant issue concerning the lack of representation from African stakeholders in multi-stakeholder discussions. This absence is viewed as a negative aspect, highlighting the need for better ways to enhance the participation of African stakeholders in these discussions. The argument is made that the current level of engagement must be improved to ensure that the perspectives and interests of African stakeholders are adequately represented.

Additionally, the analysis emphasises the importance of stakeholder engagement at both the national and regional level, emphasising that it is crucial to strengthen and improve this engagement. It is believed that by doing so, a more inclusive and effective multi-stakeholder approach can be achieved.

The analysis also identifies a common problem faced by civil society organisations, which is a lack of access to engage with the government. However, it is suggested that national and regional level engagement could offer a sustainable solution in addressing this issue.

Furthermore, the analysis highlights the potential benefits of better engagement, stating that it could help strengthen the broader ecosystem of civil society organisations. This indicates that by actively involving and consulting various stakeholders, a more robust and collaborative approach can be fostered.

The analysis brings attention to the fragmentation of the cybersecurity debate, which is seen as a challenge not only for non-state stakeholders but also for many developing countries. Keeping up with multiple tracks of discussion at the UN is particularly challenging for developing countries, making it difficult for them to actively participate in these discussions.

The analysis also touches upon the polarisation of positions on the future of institutional dialogue after OEWG (Open-Ended Working Group). There is a division between those supporting the continuation of discussions on the proposal of a Program of Action (POA) and those against the idea of something legally binding at the moment. Brazil, for example, supports continuing discussions on the proposal of a POA.

Furthermore, concerns are raised about the potential underutilisation of OEWG if the POA is adopted this year. If the decision to adopt the POA is made two years ahead of the end of OEWG’s mandate on regular institutional dialogue, it is feared that OEWG discussions might be undermined.

The analysis also considers the involvement of users in the multi-stakeholder process, highlighting the importance of including users’ perspectives and addressing issues related to defective use and abuse. The role of Microsoft in involving users in multi-stakeholder processes is specifically mentioned.

Lastly, the analysis emphasises the engagement of young people in the tech industry, advocating for their perspective to be taken into account. It highlights how Microsoft incorporates the youth perspective into its submission and ensures that everything is on track.

Overall, the analysis underscores the need for greater inclusivity and participation in multi-stakeholder discussions, particularly concerning African stakeholders. It also highlights the importance of various levels of engagement, the concerns regarding fragmentation and difficulty faced by developing countries in the UN, and the significance of involving users and young people in the decision-making processes.

Audience:
th th th th th th th th th th th th th th th . . . . . . . . . . . . . . . . . . . . . . . . . . . .

John Hering:
Actually, this is a well-timed conversation because last week Microsoft released its annual digital defense report, which if you haven’t had a chance to dive into in the days since it’s come out, I would encourage you to do so. It’s our summative annual threat intelligence report that we put out, a pretty comprehensive overview of how Microsoft sees the threat landscape. It’s not necessarily the entire landscape. We only see our sliver of the internet on our platforms, but it does give a pretty illustrative view of what the contemporary challenges are. Unsurprisingly, cybercrime continues to be an increasing challenge. In particular, we’ve noticed over the past year it’s increasingly professionalized. That’s to improve the scale and then the impact of cybercrime operations. And then when it comes to nation state activities as well, we’ve seen continued escalations in that space, in particular with a focus on espionage operations over the past year, and 41% of which, in terms of all nation state cyber operations observed by Microsoft threat intelligence teams, were focused on critical infrastructure sectors across various regions of the globe. None of this is especially new. It’s been an escalating concern for decades. But now the integration, obviously, of cyber operations in armed conflict is becoming a rising concern, including in the past year and a half in Ukraine, most notably, which is making conversations around peace and security online, in particular at the UN, all the more urgent. We have seen over the same time period of the last few decades, also the UN stepping up to try and meet the moment and keep pace with an evolving threat environment. Stirring up various working groups and new processes, evolving its mandate to make sure it’s meeting the moment. And this has also introduced a new challenge in how do we include the right multi-stakeholder voices in those conversations. Cyberspace is, after all, a much more shared domain of conflict than perhaps any other, given that it’s inherently synthetic and a lot of it owned and operated by private entities. It also raises important questions about how to ensure the right human rights are protected and the necessary. necessary multi-stakeholder and academia voices are at the table as well. And thus far, we’ve seen sort of an ad hoc patchwork approach to trying to include more multi-stakeholder voices in those conversations. So that brings us to today, and I think a two-fold goal for this conversation. The one, on the one hand, it’s to hopefully keep everyone appropriately informed on where these conversations are at the United Nations and beyond, and to hopefully help people feel like they are equipped to more effectively engage in those conversations. And then two, is going to be to hear from you in the room, from those in the IGF community, about the challenges, recommendations, or guidance you might have around how we might improve the relevant inclusion of multi-stakeholder voices in cybersecurity dialogues. That will be essential, I think, both for our guests on the stage, as well for an after action report that we’ll put together following this session. So to that end, we will save the bulk of the time of this session towards the end for audience Q&A. So that’s not just question and answer, but also commentary, other suggestions, or things you’d like to contribute to this conversation, or that you’d like to hear our guests respond to. But without further ado, then, I’d like to welcome our speakers, first on the stage, and then Charlotte online, to just introduce themselves first, let us know who you are, what organization you’re from, and maybe your relation to the cybersecurity dialogues at the UN. We start at the end of the table, and come on down.

Marie:
Now working. Thank you very much, and thank you for having me on this prestigious panel. My name is Marie Mou, I’m working at the permanent mission of the Netherlands to the UN in Geneva, and I’m First Secretary Cyber, so I’m the incarnation of what cyber diplomacy is from a member state’s perspective.

Pablo Castro:
Thank you very much, John. I’m Pablo Castro, I’m Cybersecurity Coordinator at the Ministry of Foreign Affairs of Chile. I basically cover cybersecurity, cyber…

Joyce Hakmeh:
I’m the director of the international security program at Chatham House. My relationship to this conversation today is that my team, we lead a lot of or a number of projects following UN cyber processes, the open ended working group as well as the cyber crime convention, and we have had our fair share of most of the work that we do.

Speaker:
So, I’m very happy to be here. I’m also very happy to be here as a member of the international security NRI, when you know that there is a trilateral project, there might be a possibility of a multi-stakeholder engagement or attempt to do so. . Thank you. If you’re online, could you introduce yourself? My name is Nisha, I’m the director of the cyber security institute in Geneva, and with my team, we engage in the UN processes, the open-ended working group, the ad hoc committee on cybercrime, and other fora in order to try to bring evidence and data-driven-based analyses of cyber landscape.

John Hering:
After interviewing you and trying to deal with the private matters and I just kind of gave an outline from how to see the environment from the industry side, but let me maybe from Marie and Bert to start us off, how has the conversation around nation-state activity in particular, evolved at the UN in the time that you’ve had there? And where are we living up to and where are we falling short of the international expectations that have been set?

Marie:
Thank you. So after the introduction of the UN development programme, and again I’m going to focus on the cyber industry sense, which is cybersecurity. I work at CreativeOcean Public, but I think there have been a lot of developers within the public sector. So, 13 still or 20 or 20 people who are members of that public. I think those discussions are not really new. They’ve been going on for since 1998. But there is also a broader picture that we need to take into consideration because the cyber security discussion are not new, but what is new is first the scale at which they’re being discussed. So it’s in more and more places, but also the integration of other stakeholders that is pretty new into those processes. When actually we’ve seen on the, we would look at the broader cyber picture, more multi-stakeholder engagement, and that comes back to the 2003 with this. But the fact that in the cyber security strict sense of the discussion, we’ve seen stronger multi-stakeholder involvement, unfortunately does not have yet achieved the inclusivity that we had expected in the first place. And we would like to have more inclusivity. It’s already nice that the open-ended working group now is open to all member states, which was not the case with the GGE. So there is already more inclusivity, but I think we would like to go a bit further and to make sure that all relevant stakeholders can have their voice heard also in those discussions.

Bert:
Thank you. Thank you so much. From my perspective, I have to say I’m very much looking forward to the discussion here, because what I can observe is, of course, quite a discrepancy between the way we discuss things here at the IGF, and where everyone is on an equal footing. And as soon as, if I stay with the metaphor, step your foot into the UN, it becomes very intergovernmental. And by its very nature, it’s not very much stakeholder-friendly. So we always see. that is really an uphill battle, every time in all these processes. And when it comes to your specific question on sort of the threat landscape and how it is being discussed, also there, there’s a bit of a discrepancy between the real world and the UN world. In the real world, you described yourself, you just released your own annual report, which lays out the landscape that is very, which raises many concerns about state actors, non-state actors, the collusion between the two, or cyber crime activities by state actors, et cetera, espionage activities, how it’s combined, how cyber act, malicious cyber actors become more and more involved in disinformation, information campaigns, all this is there. But it’s very difficult, if not impossible, to have a frank discussion on this in the Open Networking Group when we discuss threats. There’s always, there’s a strong sense, it’s an uncomfortable discussion, so to say, and people rather skim over. There’s a stronger interest to discuss things like confidence building, et cetera, than to discuss the hard stuff. Why do we need to build confidence? Because there is a problem of growth in malicious cyber activities. Particularly when it comes to the issue of cyber espionage, we are there for the view that we should become much clearer in calling it out as clear violations of the normative framework when such activities are directed against states or critical infrastructure, et cetera, thank you.

John Hering:
Thank you, Paul, so much. Sticking sort of on the government side of this conversation, and we’ll go right back to you, actually, Bert, and then bring Pablo into the conversation as well. You guys have both mentioned, I think, now, the Open Ended Working Group, which is the current information security dialogue, the second iteration of that body. Previous to that, it was the group of governmental experts, and there were successive rounds of that. As of 2015, there have been established norms for responsible state behavior online, some recognition that international law. ought to govern also state behavior online. There has not been new norms established since that period of time. And I was wondering if you could just sort of shed some light on how should we think of the current status of the open-ended working group? What is its mandate and mission? And then what is the importance of multi-stakeholder inclusion in that?

Pablo Castro:
Thank you. Regarding norms, and especially new norms, I have to be really honest that maybe even from the perspective of Chile, we’re not really thinking probably in new norms. It’s more like the implementation of 11 norms, especially the regional level. It’s probably one of our main interests right now. And I would say this is also very important for our Latin American regions, to try to move forward in this. Not some, expectation could be different, regarding the open-ended working groups. And from Latin America and from our conversation with our colleagues, I would just say right now we have a good coordination with other states. After years that probably stayed up, and Minister of Foreign Affairs didn’t have, you know, someone in charge of cyber. Now it’s possible to do this sort of coordinations. Capacity to build it, for example, is very important. But when it comes to norms, I think implementation is something important, especially at the regional level. And that could be also a good chance for stakeholders, you know, how they can help this process, you know, the states, you know, and improve this implementation. It’s one of the reasons why last year, which has proposed a new CBMs, you know, there’s a working group at the OAS for the establishment of CBMs in cyberspace. It started back in 2017. We have now 11 CBMs, which is quite something. One of them, it’s about the strength implementation of 11 norms, you know. And that was proposed specifically to try to, you know, encourage a state to work more than this. With the assistance of the Organization of American States, I was a good program. It’s very good, very important, this process. And be working, you know, a lot with stakeholders. So I think that it could be a good opportunity, you know, to that stakeholder. they can help a state, you’re meant to move on this. Now, moving forward, the opening of the working group is a tough, it’s a really good question, you know, because as we have different expectation, by the way, for Latin America, for example, capacity building could be probably something really important. We managed in the last, I mean, in July, to make a joint statement, you know, several, I mean, states for Latin America about capacity building. And the current situation, I think, is a little bit complicated. We always have this conversation between the states and our region, because trying to get the consensus, the opening of the working groups, it’s really difficult. And so trying to, you know, to decide which are the subject, the item, do we really move on, it’s also very complicated. So it’s a complicated balance, you know. So far, I think we’ve been trying, you know, to agree on things that we, things that everyone could agree, one of CBM’s, you know, directory portal. And, but I cannot really oversee how we can really move on new topics and new discussion, we can do that. That’s because, of course, the current context of the complicated conversation we have, and I don’t see that’s gonna be easy to resolve in the coming years. I mean, according to the geopolitical situation we have right now. Thank you.

Bert:
Thanks so much. I can subscribe to everything Pablo said. And just to add, our sense is also, we need to focus on how we implement better, and even not only implement, understand better the normative framework as we have it. We also see quite some, there’s some countries out there who try to make, to produce confusion. They say, oh, we only have voluntary norms, we have, therefore we need a legally binding treaty to clarify what the legal obligations are. Ignoring the fact that we have, the General Assembly has repeatedly confirmed that international law, as enshrined in the charter, et cetera, fully applies. Therefore, we need to have more dedicated discussions to look specifically, what does it mean international law applies? So, since we are just finalizing our national position paper, where we’re. We are very happy, we have been lobbying this for a while, that next year, one of the intercessional sessions of the Open Networking Group will be dedicated to the question of application of international law. And as we need to see, it’s a bit, the voluntary norms are a bit muddy the waters almost, it leads to some confusion. We also will have more discussions on the voluntary norms, and all of you again, we don’t need new norms, we need better understanding of the existing ones, what exactly that means, and then of course, particularly, that they have been implemented and the countries who violated them are held accountable. Thank you.

John Hering:
Thank you both so much. I heard accountability, confidence building measures, clarifying the existing norms obligations, all the spaces where we can move forward within the context of the current Open Networking Group and future cybersecurity dialogues, and things which need multi-stakeholder inclusion and participation and engagement. And so to that side, I wanted to bring in Charlotte Online and Joyce from the sort of non-governmental stakeholder perspective. Could you just take us through, I think, first for, you know, I think we have a lot of government folks in the room. What is it like to try and participate and engage in the UN Information Security Dialogues as a non-governmental stakeholder?

Joyce Hakmeh:
Thanks, John. And very, very good question. I think this is something that sort of like an experience that we reflect on quite a lot, and we sort of share stories, the multi-stakeholder community between each other. I think, speaking from our experience at Chatham House, but also observing multi-stakeholder participation more generally, I think there are maybe four issues that I believe act as a challenge to the multi-stakeholder participation. And of course, you know, I’m not going to talk about the biggest one, which is states blocking actively going out of their way sometimes to blocking multi-stakeholder participation in UN processes. The first point I want to make is I guess there is a disbelief or perhaps insufficient conviction from some states about the value that multi-stakeholders bring to the table. And so you basically, and this comes often from states who arguably need this support or could benefit from this support the most. So often the starting point is really sort of making the case about why it is important that you’re at the table and what is it that you can contribute. And so this basically leads to either states not engaging with multi-stakeholders or, so if they tolerate your presence, they don’t engage or they engage at the superficial level. And perhaps this stems from the second point I want to make which is a perception that some states have that the multi-stakeholder community is a sort of a uniform group, it’s like monolith and we sort of all have the same agenda, the same approach, the same objectives. And this is obviously more true when it comes to civil society rather than to industry. But of course that’s not true, right? Because civil society is a very diverse group with sometimes overlapping but more complimentary mandates and the role that they can play is diverse. So if you don’t understand what they can bring to the table then it is hard to sort of engage with them properly. The third issue is, and this is more sort of directed at countries who actually support the multi-stakeholder participation and can be called the champions of multi-stakeholder participation who really kind of like make that point over and over again in UN processes and beyond. I think sometimes the challenge with that relationship is there is a lack of strategic but also consistent engagement. And this could be related to like time issues, resources issues or perhaps sometimes lack of coordination within the government itself between the different agencies. So this means that the relationship with multi-stakeholders isn’t as good as it can be, isn’t as impactful as it can be. Now, I’m not suggesting that this is just the responsibility of government. I think of course this is a shared responsibility, it’s a relationship so it has to go both ways. And perhaps, you know, on this current OEWG specifically, I think the, probably the sort of the word that describes it the best when it comes to multi-stakeholder participation is uncertainty, right? With every session, like multi-stakeholder groups, they don’t know whether they’re going to be accredited or not. I know Microsoft, you’ve had your good share in that, and so the Chatham House, until we finally got the ECOSOC status, which in a way kind of like, you know, gave us that right to be in the room. And you know, the ability to influence UN processes, like in this kind of very complex geopolitical climate that Pablo described, requires strategic planning over time. So if you’re uncertain whether you’re going to be in the room or not, it makes it very hard to actually influence. I want to also talk about these sort of other ways where you can influence, but maybe for later. But maybe I want to conclude with this point that, although this, you know, the participation hasn’t been great, it has been possible, right? And I think from our perspective, it is, it has been a learning curve, and particularly, for example, if we look at the cybercrime convention, this is the first time the multi-stakeholder community is trying to shape a legal instrument within the UN on cyber, right? And so we are learning a lot of lessons that will definitely help us in the future and also help us sharpen our tools.

John Hering:
And Charlotte, you’re up if you’re online.

Charlotte Lindsey:
Yes, I am. Thank you. I agree with the points that Joyce raised. I would just like to focus on a couple of points. I think that while the Open-Ended Working Group is officially open to stakeholders, states have this veto power, which Joyce mentioned, which limits the participation in dozens of organizations, including the Cyber Peace Institute, are regularly vetoed. And I think that that makes it very complicated for us to plan strategically, but also to really be representative. and to bring added value to this forum. I mean, clearly an achievement, what has been that the GGE and the Open-Ended Working Group run these sort of parallel processes and came out with a consensus report, which was aligned. However, it’s very complicated for these parallel processes for multi-stakeholder civil society organizations to be able to participate in all of these parallel processes and to really be able to contribute. The Cyber Peace Institute, we have been able to contribute to the objectives of several of the UN working groups. We’ve submitted comments, recommendations on pre-drafts, on zero drafts, on final reports of the Open-Ended Working Group. We have also submitted multi-stakeholder engagement statement, which we led with a group of other organizations and contributed ahead of substantive sessions. So we are able to find ways to contribute, but it does take a lot of navigation, a lot of engagement behind the scenes to be able to really be able to be present and to put statements and positions forward. I think that we, as civil society organizations, we do have added value that we can bring. And I think that what we have been able to demonstrate and many states demonstrate that they really appreciate these contributions is bringing data and evidence on many of the issues that are being addressed in the Open-Ended Working Group. And we have been able to, for example, bring things like a compendium of best practices on protecting the healthcare sector from cyber harm and bring practical recommendations that can really help negotiations and help discussions. And I think that by bringing these recommendations, we can add the diversity, we can bring voices which really represent the full range of how the cyber landscape is actually being managed and the threats on that. of that, in that landscape today. I would just like to make a couple of final points. I think while we see that a number of governments have really sort of reiterated their commitment towards an inclusive process in which the multi-stakeholder community really does have a voice, we think it really is important that there’s more clarity on what these potential contributions from civil society or non-multi-stakeholders can really bring. And this can encourage other states to really advocate for and pursue this more inclusive process. If there is an understanding of the added value, then each time each organization is not having to bring that. And we think also what is complex ahead of some of the sort of consultative meetings, we think it’s also very complex when documents aren’t shared ahead of meetings or are very late, and therefore it’s really hard to bring, as Joyce mentioned, this very strategic role if we’re not able to actually receive any of the documents, understand what the subjects are going to be, and then also not necessarily able to participate in the room. So we think it would be important to have real clarity on non-state actors and how they can participate in the substantive sessions, clarity on the level of transparency and visibility offered for multi-stakeholder contributions throughout the process. And we think that there also needs to be inclusion, not just at sort of international organizations and civil society organizations operating at an international level, but also those operating nationally and regionally. And this could also help have a more of a global understanding of the challenges, but also the contributions that different actors can play. Thank you.

John Hering:
Thank you so much, Charlotte. And just this, I think, hit all the major points in terms of, you know, as a non-governmental stakeholder who has also tried to engage in these processes before. for, I think covered pretty well what some of those challenges have been, but I do think, to your point, Joyce, this is also a learning process, and I think we should also give credit where credit is due. I remember, you know, the first ever multi-stakeholder consultation for the OEWG that happened, you know, in the room, conference room B at the UN in 2019, and we really have come a long way since then in terms of regularizing things and having much greater inclusion. That’s a credit to, I think, a lot of support from various member states, increasing numbers of member states, and then also the current chair of the OEWG, who I think we should recognize, as well as having worked to create regularized, at least intersessional consultations with non-governmental stakeholders. But I think to the broader point here, indeed, it has been highly ad hoc, and especially for resource-limited organizations, that’s a particular challenge to try and think about how best to structure that level of engagement. So then thinking about maybe the other moving forward and how to sort of begin to be a little more accommodating and inclusive, I’d love to hear from Burt and from Charlotte, thinking beyond sort of just the OEWG and the GGE, Pablo and Marie, I’d love to hear sort of just a comparison to other first committee processes that maybe have greater success with multi-stakeholder inclusion, whether that’s, you know, the ECOSOC status or any other ways that we’ve seen other stakeholders more successfully included in the past.

Pablo Castro:
Okay, I’m going to start. Well, I mean, as you mentioned, I mean, the cybercrime, you know, current process right now, we do have this modality, we agree, it was working pretty well. We can mention also, I mean, all the discussion, like, for example, we’re talking about weapons systems in Geneva. But when I also think about the future dialogues, future process, okay, I have to think about the program of action, which is something that’s coming. be a very good opportunity, you know, to really create a sort of, as you mentioned, and I really love the word strategy, something we definitely need, and in a way also tries to create some or define a specific role for multistakeholder, let’s say in the future BOA, you know, how they can help, you know, or assist in terms of identifying needs, assessment, how to help a state for the implementations. We can, in some way, our case, not to say in a structure, but define some roles in this future dialogue. I mean, that way, we can, I mean, identify some stakeholder good for some, let’s say international law, let’s say 11 norms, let’s say CBMs, or in that way, I think it would be good if we can actually try to start this discussion, you know. I think, well, Cyberspace Institute, for example, has been very good, I mean, reporting this at the website, because this is something that is coming, I mean, sooner in the next couple of years, and that’s going to be a good opportunity for a state, I mean, to think about this. Now, I would like to see also more, I mean, probably partnerships between the stakeholder and other states, something that maybe in Latin America, even from Chile, I would like to do more on this in some, as I said before, in this specific task. This is something I could, we could probably, I mean, start to think and work in the, I would say, near future. Thank you.

Marie:
Thank you. I think I will just go a bit further than just the UN and the first committee. But looking at, first, at a purely, like, UN perspective, I think those discussions we’ve seen popping in into so many different fora. When the pandemic started, WHO started talking about cybersecurity, we were seeing cybersecurity related discussion in the context of e-commerce, but also, obviously, with the ongoing situation in Europe and in Ukraine, in the humanitarian dialogue. So I think we also need to take this into consideration and how other stakeholders are involved into those discussion. Because if we don’t connect the dots and all those discussion as well, then we will never be able to have the open, free, and secure environment that we want and where people trust, that people trust, and that we can all benefit from. So that’s on a positive note. But we are also seeing a growing number of multi-stakeholder initiative outside of the UN, be it at the national, regional, international level. And those are really inspiring. And I think we need to look at how stakeholders, when they are having those multi-stakeholder initiative, how they engage with each other. I find it difficult to really compare because obviously we are in a UN situation or in a multi-stakeholder. But I think we need to look for inspiration wherever we can, and not only in First Committee or purely UN. Because as was pointed out, it’s really new to have multi-stakeholder engagement within First Committee discussion on cyber. So I think that’s one of the things. The other thing that was mentioned a bit earlier on the panel is it’s true that we don’t always really well understand as diplomat, the entire breadth of how much civil society can bring and the stakeholders. And one of the thing I would like to point out is in the context of the open-ended working group, we never mentioned the technical community. If you look at the report, we talk about civil society, the private sector, academia, but the technical community, for example, is not there. So I think that’s also a sign that we need to continue that dialogue, and we need to understand how much other stakeholders can bring to those discussion. And then little by little, I think we will make that space, and that we will hopefully see more participation in those discussions.

John Hering:
Thank you both. And Pablo, I think you… mentioned the elephant in the room here, perhaps, in these conversations, which is the program of action, the sort of recently passed resolution to establish what would be kind of the first standing body that’s gonna be focused on cyber security at the UN. And there was a lot of open questions about that, but I’d like to invite Bert and Charlotte back into the conversation to share a little bit about what that might look like and how that could regularize, perhaps, some more multi-stakeholder inclusion in the UN processes in the first committee.

Bert:
Yes, with pleasure. And again, as I said in the beginning, the discrepancy between the IJF and the General Assembly, we will not overcome this. There are many great initiatives out there. And again, we should also look more what the IJF experience, what that can bring, similar to the Vistas Forum, et cetera. We have to see this, but also, just to mention, what’s the best way forward? We have these limitations, and I must also say, I found it more frustrating in the Open Networking Group, because there, the no-objection procedure that is now the practice for the invitation of multi-stakeholder was used much more extensively than in the Ad Hoc Committee’s cyber grant process, where basically, if you look at the list, it’s a long, long list. More or less, everyone who wanted to participate was able to participate, which is exactly how it should be. There are also other ways. I mean, if you look in the, I have done many things. I was delegate to the CSW in the past. There, you have a practice. Many countries involve NGO representatives in government delegations. Now, this is something, this was also done by some countries in the Open Networking Group after some, with blocked organizations. I’m not totally sure that’s the right message, because I must say, for me, multi-stakeholder, or to put them in your delegation sounds like they’re aligned with you. They have their own voice. I mean, I want you to be there, whether you agree with me or not. That’s the idea. I don’t want them to be part of a government delegation. So, I’m not absolutely sure that’s the right way. I was often a delegate to the Human Rights Commission. Commission. There, it depends a bit on the country, but in a number of negotiations and resolutions, non-state participants are invited to participate in the negotiations as well. So there is precedent for almost everything. When it comes to the POA, I will not go into the question how it should look like, etc. This is a separate discussion. It’s an important project and we’re preparing another resolution for the General Assembly that is happening as we speak. But again, the idea would indeed be to have more stability by having a permanent body, by having it inclusive. A strong focus of such a POA should, of course, be on implementing the existing normative framework, including capacity building, where, of course, multi-stakeholder play a key role. They are major actors in this field, so therefore they also need to have a proper seat at the table. But this we have to see, the POA, we want this to be a UN body, so we still will have to fight that UN rules and regulations apply. So we have to see, we will have these difficult negotiations to have multi-stakeholders as prominently as possible at the table. Because, as the saying goes, if you’re not sitting at the table, you’re on the menu, so to say. So we really want multi-stakeholders to be at the table. Thank you.

Charlotte Lindsey:
Yes, thank you. So, yeah, I think it’s really important to underline that the POA does present a sort of a unique opportunity to try to advance peace and security in cyberspace by really focusing on the implementation of the agreed norms and ensuring practical and needs-driven capacity building. We do think that this initiative needs to address a variety of issues related to the operationalization of the agreed-upon framework that would benefit from real practical implementation and meaningful stakeholder, multi-stakeholder participation. And that needs to therefore be reflected in the modalities. So the modalities for stakeholder participation need to be very much clarified. to make sure that the multi-stakeholder nature of cyberspace is reflected. And the inclusion of all the relevant stakeholders in a dedicated forum would build legitimacy, would shape any future instruments. So this inclusiveness could create a process that really reflects the lived realities, addresses real threats that affect the safety, security and wellbeing of people. And stakeholders can assist states to build their capacity and understanding of how to apply the norm. So I think there’s a real added role that civil society and other multi-stakeholder organizations can play on a practical day-to-day level that if we can contribute would be invaluable. And I think civil society organizations are particularly well positioned to connect different actors and to build partnerships across a variety of communities and geographies and to help the practical implementation of the cyber norms. And we can help in national and regional implementation efforts, including reporting on the progress. So the real added value is there. And I think what is really, and I come back to this point I started with, the modalities, the POA modalities in relation to the scope, the method of establishment, the format, the frequency of meetings, the decision-making structures and stakeholder participation, all of these points are being debated. And we urge that states really create a mechanism that reflects this multi-stakeholder nature. And as some of the previous participants mentioned, it does need to include civil society, industry, academia, the technical community and other experts who can really play a vital role and bring expertise to future dialogues on cybersecurity in the context of international security. And this will really drive much more impactful outcomes from the process and really contribute to ensuring transparency and credibility of the agreed decisions, as well as the sustainability of implementation.

John Hering:
Thank you both so much, points very well taken. I’m putting everybody on notice that we’re gonna have maybe one or two more questions here, and then I would love to hear from folks in the room. Again, either questions or comments on things that you think would be helpful at including more multi-stakeholder voices at the UN or elsewhere in conversations around peace and security online. Speaking of online, if you’re part of the online audience, please do put questions in the chat, and my colleague Eduardo will make sure that he addresses them to the room. But I want to pull over to sort of, I think what’s been mentioned a couple times but underscores a lot of this, which is the geopolitics of the moment. And so to maybe Joyce and then to Pablo to discuss, rising tensions means that this is getting more difficult to have more inclusive, well, seems to be more difficult to have any kind of productive conversation in diplomatic spaces, certainly multilateral ones, but in particular as it relates to multi-stakeholder inclusion, increasingly difficult to have multi-stakeholder voices heard. Microsoft is certainly among many, many other multi-stakeholder voices that would seem to be relevant to dialogues, but have been blocked from participating by respective member states amid escalating geopolitical tensions. How can we address this, do you think, such that we can ensure that we have the necessary voices and the inclusive dialogues we need in future conversations without letting geopolitics play such a weighty role? And Joyce, if you want to start.

Joyce Hakmeh:
Thank you, thank you, John. I think this is a very important question. Like how do we understand our reality and work within the confines of that? I think the, maybe I’ll sort of like split my answer into two kind of parts, or maybe to talk about it from sort of two different lens. So first of all, there is, there will be new processes, right? So we heard about the POA, but outside of cyber, there are sort of like processes that are being established and in cyber, there are calls for new processes. whether leading to something binding or otherwise. So I think it is very, very important, and this point has been mentioned before, is that the starting point ought to be figuring out good modalities for the process, right? So it’s much harder when you have bad modalities to fight for multi-stakeholder participation. It’s much easier when it’s already enshrined in the process from the very beginning. And in that, there has to be transparency. There has to be clear criteria for inclusion, but importantly, clear criteria for exclusion, right? And I think we can perhaps also aim to be a little bit more ambitious than just that, because even if a certain member state can object and can say why it’s objecting, and this won’t really go much further than that, I think maybe we should be more ambitious and ask for maybe some sort of formal procedure to resolve disputes when it comes to multi-stakeholder participation. I think we should, if we believe multi-stakeholderism is the kind of way forward in digital technologies governance, which it should be, right, then we ought to have it more sort of like part and parcel rather than something we sort of like every time try and beg for, right? It has to be there, and it has to be unquestioned. But of course, this is a journey, and bit by bit, and as you said, we’ve already had some successes, and we hope to build on that. The other thing that I want to, sort of the other lens, is how we sort of, what can we do with existing processes and in the kind of geopolitical context that you described. I think an important point is that while it is very important to be in the room, and if you’re not on the table, you’ll be on the menu, that’s probably maybe true, but also I think it is also important to know that the ability to influence is not just in the room, you know? There’s a lot that can be done outside the room, and arguably, you can have a better impact outside the room. When we take the floor in the open-ended working group, they give us three minutes to speak. You know, how much can you influence in three minutes? That’s very, very arguable. So I guess this sort of like combining this with other initiatives outside of the UN processes is extremely important. And working on that sort of relationship with states on a long-term basis. I think the, I talked about the fact that some member states don’t understand the value of multi-stakeholders. And I think there is an onus on multi-stakeholders to actually prove through actions what their value is. Charlotte talked about data and research and the importance of that. Capacity building is absolutely important. And then through actions, member states can understand why multi-stakeholders are valuable. And they will then become, so the champion’s circle will expand beyond the current few. And I think also importantly is to focus on not just multilateral, we talked national, but also regional. And Pablo talked about OAS and the different kind of initiatives there. Because that has also like a huge potential for influence. If you can get ECOSOC status, then do. Because that will help you overcome a lot of challenges. And maybe kind of a final point, I think we are working on new areas, emerging areas. And I think we can’t use sort of like always or just old or existing models to solve new and emerging problems. I think it’s very important to be innovative, to be creative, think outside the box. Particularly that we as multi-stakeholder community have limited resources. So yes, we might be able to participate in meetings if the door is open, but we might not even if they let us, right? So I think there’s also the need to think about how can we do it creatively and differently than the way we do it now.

Pablo Castro:
Thank you. Well, I agree 100% of what we were saying. So I’m not quite sure that that’s something more valid. But thinking about this, I think while you mentioned modalities and also transparency in the regional aspect, let’s come back again for the strategy council. I think we definitely need more, this is the perspective of government, to work more with the stakeholders in terms to how to face this problem. And how again, I mean, create your own strategy for doing so. I don’t think there has too much dialogue, again, for the perspective of mine. region, Latin America, that we really do a lot in terms of every time we have new meetings opening up in the working group or cybercrime, we really have this chance to start to have this dialogue, you know, with stakeholders, you know. We are trying to move on in this last year with the Dutch initiatives in Chile that we managed to organize a dialogue with stakeholders and representatives from Ministry of Foreign Affairs in the region, which is really good, to basically discuss, you know, open up the working group, aid the economy. But I think it is, I think we definitely need to try to, I mean, to work more in a strategy to face this, because the members say that they are actually against participation, they already have a strategy now, they have a goal, you know, that’s the problem, we are not facing something that they like it or not, they really have a very clear mission, a goal to stop this. So I think we are not maybe have this sort of, this is my impression at least, this sort of coordination to say, okay, they have a strategy, they want to do this, how we can actually create the counter-narrative, you know, and do more than this. And I agree also with Jules very much, is a lot of things we can do at the margins on all these meetings, you know, especially at the regional level, at the U.S. or in Africa, et cetera, which is probably has the most chances, you know, to come and meet together, you know, and really thinks about things that are also are important to move on, as you mentioned, capacity building, implementations, those are the thing that in some region are really critical, really important, and we can have the chance in that case to work together, you know, at the space. Thank you.

John Hering:
Thank you so much, Pablo. You brought up a really good point at the end there that I want to circle back on at some point here, which is sort of what are the opportunities for engagement outside the U.N., and how can sort of cyber diplomats in that community help to facilitate that, and what can others from the nongovernmental community do? But sort of before diving in there, I do want to invite, now that we’re sort of in the latter half of the program, anyone in the room or online who has a question or a comment or other ways to contribute to this conversation and invite them to please take the floor. There are microphones in the aisles here. And there is certainly the chat box online. And Eduardo, if you’re able to come on, maybe you could ask the first question if there is one.

Eduardo:
Sure, John. Maybe actually I’ll pass the floor over to Nick Ashton-Hart, who’s had his hand up and I think wants to make a comment. Go for it, Nick.

Nick Ashton Hart:
Good morning from New York. It’s like 2.30 or something here. No, 3, sorry. Yeah, I wanted to follow up on the point that Joyce made. I mean, I agree with everything everyone has said about the value of stakeholders and what we bring to the table. I think we all know that’s true. But I think we have to do something about it. Because just like when women got the vote, they didn’t get the vote because those who had the vote decided it would be the right thing for them to get the vote. They got the vote because they went out and said, you’re giving us the vote, right? And made it unavoidable. And I follow a lot of processes at the UN. The cybersecurity process are frustrating because of this theater of the absurd of applying and then being vetoed. The WTO negotiations on electronic commerce are completely closed to all stakeholders. It’s the least open process. So believe it or not, it’s actually somewhat better in the first committee. But I spend a lot of time with delegates in New York. I think they’re tired of having this stakeholder argument every time a new first committee process is launched. I know they’re tired of it. I think a majority of states think it’s a lot of wasted time going. on arguing about this. It’s the same argument every time. And I do believe that there is appetite to make a set policy on stakeholders that would turn it into more of an administrative process that happens each time a first committee process is convened, especially related to the internet. And then that would be the end of it. The decision would be taken, we would be able to participate and that would be that. States would still take decisions and we would speak last and all the rest of it. But we would have something more like what we have at the ad hoc committee on cyber crime, where it’s an administrative process really. It’s not a political process, which is what of course it’s being turned into. And I think as stakeholders, that’s something we believe we want. We’re going to have to advocate for it. We’re going to have to do the legwork on the ground with the delegates, get someone to propose a general assembly resolution. And I think we would win. I think we would win on votes if there’s voting. It wouldn’t be consensus, of course, because the states that don’t want us, don’t want us. And that’s the way it is. I think we would have a clear majority in favor of an administrative process just because we’re right, basically. We’re right. But also even for the states who are somewhat, who don’t care that much one way or the other, they’re tired of fighting about it and wasting a great deal of time arguing over the subject. So I think it would be interesting to, if any of the rest of you have thoughts on that, it would be interesting to actually mount a campaign to solve this problem on a horizontal basis once and for all. Because I think that’s the only real way we’re going to get a solution. And the honest truth is the states would be far better off if we were around to bug them because they need a more ambitious agenda when it comes to this. cybersecurity really. I mean if you look at what’s on the table to be decided at the OEWG and you look at what’s going on in international cybersecurity, there is a huge gap in need versus

John Hering:
what’s actually being addressed. Well taken Nick and thank you so much. Well I will leave it to the panel on the table to see if there’s anyone that would like to take up that thought about moving this to an administrative matter as opposed to a political process and whether or not Nick’s read of the appetite has some accuracy and validity to it. I would be happy to try to

Bert:
answer, to try to respond to Nick’s question. It’s a good point. You’re right that people are very tired of this question because it comes up again and again and it’s particularly because it has become such a politicized question and it has been politicized by a number of countries and it will be difficult all along. I think the idea whether a one-size-fits-all forever resolution of the General Assembly, how might the stakeholders should participate in such processes, is an interesting idea. It has to be discussed. I see a number of drawbacks, namely it’s so difficult if you make this totally unclear for what type of future process. I’m not sure we get the best result. We might get better results on the specific process, on the specific circumstances, than minutes for any future process where it might become quite narrow and it might be a difficult process. But it’s something to be discussed. My concern is if it would succeed, if then a new process would be set up, we would then again have a fight whether the agreed framework is being applied or whether specific rules have to be decided upon. So we might come back to square one. But we certainly it’s an urgent matter and the issue where I think which is particularly urgent is we are discussing here a lot both in sessions and informally about the upcoming process of negotiating particularly global digital compact which is is part of a much broader process preparing for the summit for the future where we need strongest possible mighty stakeholder involvement in the general assembly process which is sort of as I said already intergovernmental by nature where we have the challenge that basically our key objective is out of this process a reaffirmation of the mighty stakeholder model. Also in our view a strong role for the IGF, but then again to get there the process must be as mighty stakeholder oriented as possible and this will again be an uphill battle. It’s even not clear whether the mighty stakeholder arrangement would be made specifically for the global digital compact negotiations or for the entire process. I would be in favor of doing it specifically for the global digital compact because there’s a better understanding of the world and for instance when you negotiate a new agenda for peace where basically I think there’s a sense that states have a much stronger role to play. But it’s also I think we need to see I mean where are countries who are I mean there’s some countries who are very critical they’re opposed to mighty stakeholder involvement for a number of reasons. We also need to do more work why it is of benefit to all of us. It has become a political issue for me it’s an issue of expertise of quality control. I can only say I come from a country our capacity in the area of cyber digital etc. is limited. We benefit a lot from talking to industry partners from academics experts etc. without them we can’t survive these such negotiations. This is from where we get ideas inputs with a quality check of our ideas and I’m sure it’s the same for others. And it’s also therefore important that mighty stakeholder involvement is as inclusive as possible and as representative because there’s also a sense mighty stakeholder means basically big tech companies sitting at the table it must be clear that this must be broad and every effort must be made it is as inclusive as possible. Thank you.

Joyce Hakmeh:
And maybe if I can add I agree with everything you said but and I agree with the sentiment behind Nick’s message that. We need more passion to have this issue resolved, and we need to be a little bit more strategic and have more ambitious plans. But on your point, Bert, about how you benefit from multi-stakeholder’s input, I think it also goes both ways. Because we benefit also when we speak with governments about what’s on their mind, how they’re thinking about the different priorities. Sometimes, even if we follow online, if we’re in the room, we might not know what’s really going on. So speaking to them is also very valuable to us, because it makes our role much better, if we have our fingers on the right pulse. So I just wanted to add that.

John Hering:
Absolutely. Thank you both so much. Thank you again to Nick. Even if we don’t have something that’s going to be the be-all, end-all, I think even moving towards what is a gold standard of multi-stakeholder inclusion, what in the US we call the Cadillac of multi-stakeholder inclusion. But noticing that we’re in Japan, maybe it’s the Lexus of multi-stakeholder inclusion, I think could be a good framework to work towards. I think we have a question in the room here.

Audience:
Thank you very much, our speakers, for such an interesting conversation and discussion. I think I’m just going to point out the elephant in the room. We are talking about multi-stakeholderism. And I was just looking at the representation of different multi-stakeholders from the panel, and I don’t see representation from African stakeholders. So I guess my question would be, how involved are African stakeholders in these discussions and debates? And what can they do to improve their participatory role in these discussions? So I understand maybe government actors, there could be different processes being followed. But with the private sector, academia, civil society, what exactly is being done to increase or to improve their participation in discussions like this? And just giving this as an example, like we talk about inclusion. if we are not going to have African voices being part of these discussions, it becomes a bit difficult to understand how we approach our multi-stakeholderism. Thank you.

John Hering:
Absolutely. Thank you so much for the question, and I will leave it to those on the table to comment on multi-stakeholder inclusion and participation in the dialogues from across geographic regions and lines of difference.

Joyce Hakmeh:
Yeah, thank you for your question. I’m happy to take a stab. I think you’re absolutely right. I think we talk about multi-stakeholder participation, but if we look at the composition of the multi-stakeholder groups, it tends to be more sort of Western-dominated. So you’re absolutely right, that there’s a need for inclusion that goes also at the regional level and not just bring different actors, but also actors who represent different regions. And that’s why I talked about the importance of regional efforts, that we don’t put all our focus just on UN processes, because there’s a lot going on at region level, at national level, and the experience from those stakeholders who are very much on the field would be absolutely very, very valuable to the UN processes and beyond. So I think, you know, definitely agree with you there. And, you know, I think also we need to be honest about how multi-stakeholders coordinate with each other. And I don’t think it’s great either. I think there is definitely room to improve, but as I said, it’s a learning curve on several different fronts. The focus for today is how we work better with governments, but also there is a bigger question around how we work better with each other and how we bring more voices into the debate.

Marie:
Thank you. Thank you for the question. I think, indeed, there is a lot that still can be done, but it’s also a capacity issue, I think. And coming from developing country, I think it’s even more difficult to dedicate some time to come to New York and to come to those processes. And I think that’s why also the initiative at national, regional level are so important. And it was mentioned earlier, it’s not only about what you were saying in the room, it’s actually the ongoing discussion that you have with your representative that will go to New York. and will represent those points. And having those long run discussion, not only a one go during the open-ended working group, but really like an ongoing discussion where you actually bring to your governments, to your people that will represent, be present in the room negotiating, you give them the arguments that they will need to shape an informed policy that will benefit also, not only us, but like everyone, every stakeholder groups. And that’s completely part of the entire process. So we have the luxury that we can do it. We also have some diplomats that are there in different countries that can also have those discussion, not only with our national stakeholders, but also with other stakeholders from other regions. But really like we need those information to take informed policy decision that we will then bring to those fora. And thank you, Nick, for being a very dedicated stakeholder being still up at 3 a.m. for this discussion. But that’s exactly the kind of stakeholders that we need, like really dedicated as well. And we understand that it’s a capacity issue as well. So wherever you can go at any level, try to like bring your expertise and knowledge so we can take better informed policy decisions.

John Hering:
I believe Bert and then Charlotte online also asked for the floor, so.

Bert:
Okay, very briefly, sorry. I think a very important point, just two comments. One is, it’s the same challenge also on the government side, how to ensure to have negotiations that are inclusive. What I noticed, for instance, if you compare the open networking group with the ad hoc committee negotiations, through a number of measures, including that some funding is available for travel, far more countries are represented by experts from capital in the cybercrime negotiations than in the open networking group. And you see that the quality of the discussion is quite different in a way. I mean, I find it, I learn a lot from listening to the different. perspectives, and that’s extremely positive. The same applies on the multi-stakeholder side. Some initiatives have been taken to facilitate, to provide funding, to participate in such meetings, etc., but of course we all agree, even for us. I mean, we sometimes get denied the funding for travel to New York because it’s too expensive to spend two weeks in New York, and I’m sure it’s even worse for multi-stakeholders. And so we have to see what more is possible there to allow participation, because if you have seen it once, then you also understand better how it works, and then that’s maybe the advantage, that’s also one of the positive side effects of COVID, there’s a sort of a democratization of such multilateral processes. All of this is now hybrid, all of this is screened, and you can participate much more easily. And again, a key role is, any government in New York, the position formulated is back in capital, so you have, you need to work with the people in capital so that the people who sit in New York, Geneva, or wherever, they press the right button or make the right statement. So a lot of the work has to happen at national level in any event. Thank you.

John Hering:
Thank you, and Charlotte, if you’re going to take the floor, please do.

Charlotte Lindsey:
Yes, just very quickly, and I think it’s a really important point, particularly about African representation. It’s something that we tested also a year and a half ago, where we invited ambassadors from representatives of the African Union in Geneva to come for a half-day workshop on all of these processes. There was definitely an appetite, there were representation from most countries of the African Union at ambassador level, so there’s definitely an appetite to engage and to learn more about these processes. And I think it’s also really important to demystify these processes, because we heard feedback, for example, that, oh, well, you know, we specialize more on human rights. Well, actually, a lot of what’s been discussing at the Open-Ended Working Group is about human rights, and so there are very transferable skills. It’s just sometimes the language is very exclusive. or very difficult for people to feel that, oh, I haven’t followed these debates for many years, therefore I can’t contribute. And actually what we saw was that there were very key messages and participation possibilities from the representatives of the African Union that could very easily transfer their skillset into these negotiations. So I think there’s an appetite. We just need to focus much more on the capacity building side.

John Hering:
Thank you all. I think we have two questions I saw in the room. Patrick, were you at the mic a moment ago? And then the young woman over here. And then back over to you, Eduardo, if there’s anyone online after that.

Audience:
Hi, I’m Patrick Pawlak from Carnegie Europe. My question was partly asked and partly answered. So let me use the microphone to push back a bit and get a bit more precise answers. In answering to the colleague’s question, many of you said, yes, the engagement with stakeholders at the national and regional level is important and we have to do it more. How exactly do you envisage this? We have three governments on the podium. Could you describe to us how each of your governments engages with your civil society ahead of the open-ended working groups? I know for the fact that actually we very often talk about this engagement of multi-stakeholder community. It happens through the side events during the open-ended working group sessions or any other events there. And very often those meetings are really used as a fig leaf, let’s say, for the lack of engagement of the national level. So if you could share some concrete examples, that would be great. Speaking about national engagement with civil society, a lot of organizations from many countries around the world will tell you that actually they have no access. It will be easier for Joyce from Chatham House to talk to anybody in the world, to cyber ambassadors and get the access, that for the regional civil society organizations who are completely ignored, right? So how do we break that sort of a ceiling at the national level? And thirdly, I think that disengagement at the national and regional level indeed might be a more sustainable. sustainable solution, if we really want to create, let’s say, better functioning cyber diplomacy engagement, simply because so many countries in the world actually have this shrinking space for civil society organizations. So by creating the opportunities for engagement around cyber issues, we’re also contributing to strengthening the broader ecosystem of civil society organizations. So yes, I agree, but I wonder how you think we could do this in a more specific way. Thank you.

John Hering:
Thank you so much, Patrick. And maybe a question over here as well, and we’ll just sort of take both together.

Audience:
Thank you very much. I’m Larissa Calza, Head of Cybersecurity at the Ministry of Foreign Affairs of Brazil. I would like to, first of all, thank all the panelists for their interventions. And I would have one question building up on a point that I believe Charlotte made about fragmentation of the debate on cybersecurity and how detrimental it was in the period from 2019 to 2021 to the participation of non-government stakeholders. Well, for Brazil, fragmentation is a huge concern. It is a challenge not only to non-state stakeholders, but also to most developing countries. It’s always difficult to have enough delegates to follow multiple tracks at the UN. And so one question I would have is, well, we’ve spoken a lot about the POA and in very supportive terms, and Brazil very much supports continuing discussions on the proposal. But it is not a consensus within the UN. We have observed recently a fragmentation on states that support a POA, states that still are very much in favor of starting negotiations on a legally binding instrument, which us nationally feel that it is not quite a moment for it yet, though we do not oppose the idea of something legally binding. So I guess my question would be, do you see a a risk of having this fragmentation once again, given the polarization of positions on the future of institutional dialogue after the OEWG? And second, if the POA is indeed adopted this year, how do we avoid that the OEWG in a way is undermined or has its discussions emptied due to a decision being made two years ahead of the end of its mandate on regular institutional dialogue? Thank you very much.

John Hering:
Thank you both so much. I will leave it to you to sort of take the questions in turn or in the order that you’d like. Anyone on the stage would like to hop in? Or of course, Charlotte online.

Joyce Hakmeh:
So I can’t answer the question, what governments are doing to engage the society? I know my government doesn’t do anything, so yeah, how they should do it, I suppose. But I can sort of like, because this is of course like a very important problem, and we think about it as well, because inclusive governance is one of the sort of strategic priorities for our work at Chatham House. And just someone talked about the appetite that exists, and I agree with that. I think there’s a huge appetite. We organized, I think it was last year, a conference in Jordan about, and we have a representative from the MFA here, about the cyber diplomacy in the Arab region, and what are their perspectives? And I was amazed by the turnout, by how much eagerness there was from not just governments, but also non-state stakeholders to be part of this conversation. But there is of course like issue of, you know, sort of subject matter expertise with these UN processes, and as Charlotte mentioned, it can be a little bit too intimidating, because if you’re not, I mean, even for us, if I miss one OEWG session, I’m like, I don’t know what’s happening anymore, you know? It’s very hard to kind of stay on top of these very lengthy negotiation process. and be, and feel like you have the expertise to contribute every time in an informed way. And so I guess there is sort of responsibility on both sides. If we look at the list of accredited organizations to the Cybercrime Convention, which as Bert mentioned, they were all accredited after maybe a little bit of a pushback. I think there were around 160, something like that. But if you look at how many organizations actually participate, I think maybe 20, something or maybe a little bit more in terms of consistently participating, and although there is the opportunity for online engagement, et cetera. So there is also this, if you want to engage, you need to put in the effort, and that’s very true. But there is maybe perhaps how do we encourage that? I think maybe sort of the governments, the way they have been supporting developing states to come to the negotiations, perhaps there could be some funding dedicated to bring in multi-stakeholders more into the debate. And I know, Patrick, you’ve done work on that in the past, and I think more initiatives like this would be extremely important. On the fragmentation point that was mentioned, I think the question was should we be concerned about fragmentation with new processes? I think, to be honest, I think the fragmentation is already here to a certain extent. I mean, because we engage in the open-ended working group and the cybercrime process, you feel that there is this huge desire to keep those different conversations separate. And of course, this one is dealing with international peace and security, this one is dealing with criminal activities. But the reality of cyberspace is that the lines are not sort of like this division is not very clear. Sometimes it’s artificial and the distinction is not as clear-cut. So there are overlaps that need to be understood. If we take, for example, as you probably know now, the open-ended working group is trying to operationalize this point-of-contact directory about each state will have one organization dedicated to sort of answer responses and requests to de-escalate. So, we need to be more conscious in terms of how do we make sure that we have the same expectations in the cybercrime convention about 24-7 networks and having a point of contact, et cetera. Of course, they will have different mandates, but, as we know, in a lot of states, like, there will be one agency doing different, like, the same role, right, doing sort of cybersecurity stuff, but also cybercrime stuff, so we need to be more conscious in terms of where do these, where the touch points are, how do we understand them, and how do we make sure that we have the same expectations about the same things, and I think here, really, like, multi-stakeholders can play a very big role, right, in bringing those sort of nuances together and kind of, like, talking about them in a more sort of clear way. So that’s my answer.

Pablo Castro:
» Thank you. Let me start with a question from Larissa. This is a very good question, by the way, because we have this internal discussions, you know, in our countries, like, Brazil, Argentina, et cetera, about the situation we are right now, as I mentioned before, about this geopolitical content, which is quite difficult, and the problem is not just in the open-ended working group, also in the cybercrime, if you go to this cautionary weapon system, we cannot, it seems that we have this sort of fracture, you know, that is already there, so what we can do, basically, I mean, what we can really, I mean, one of the reasons we, regarding the open-ended working group, I mean, we have this discussion in the UN, we have this discussion in the IPOA, what we supported, I mean, the pay from the, not the very beginning, but from the 2021, was because it was action-oriented, so it was something, say, okay, we have this discussion in the UN, which is, well, by the way, Chile voted against the open-ended working group back in 2019, as I say, for the comedy. I can agree with the idea, because it’s something that, basically, we definitely need from the perspective of our country, Latin America, action-oriented, you know, focus on capacity building, implementation, we can keep the discussion, I mean, about international law application, et cetera, but we have very critical needs that we need to in some way achieve. So that’s the reason why we’re against this. We support it, but you’re right that we have this sort of things, what we can do now, that we have the Open Networking Group, the POA, the POS part, of course, the discussion, the Open Networking Group, the regional dialogue. And I’m not quite sure that I have the right answer. In a way, I think it solves something connected with what’s going on today, I mean, worldwide. This situation is going to have been stayed, I mean, for a long term, or we cannot just give a point that we can actually create or establish some concern. The discussion is quite frustrating, by the way. The cybercrime is sometimes even impossible in order to agree in some technicals, I mean, the practical solution, because we have this, to know this problem, you know. And it’s not so simple, because some states have their own view, principles, and values, and other states are avoiding different ones. So it’s a cultural problem, geopolitical problems, maybe in the next future, where we have different internets, I don’t know. But I agree with those, and this factor is already, I mean, the way I can manage this is going to be something that definitely we need to discuss more and see what can we remove on. But I agree with you that it’s something that several states have a lot of concern about how to deal with the process. So it’s not just, it’s a very important matter, I mean, part of our discussions. Regarding Patrick’s questions, always very good questions, very fundamental questions. I have to confess to you, Patrick, that, you know, sometimes we are, I see a lot of states that regard the multistakeholder in our statement, you know, we’re very clear that we support multistakeholder engagement, and so on, and at the very end, you come back to capital and realize that probably I did not do it, I mean. enough, you know, to work with them. That is true. I have to confess, in my case, when I started cyber security at the Ministry of Foreign Affairs ten years ago, I had no idea about this thing. All it was, I think, was Microsoft, the first time, kind of a secret in Singapore that taught me that Microsoft has a cyber diplomacy approach. I just came back to our Ministry of Foreign Affairs to explain to my bosses, you know, ambassadors about the role of Microsoft in international security, to try to make them understand that. So that’s been quite fascinating. I mean, my background is non-proliferation, I’m in control. You don’t see that, you know, in other processes. Sometimes, you know, and I can tell from our reality, and maybe also Latin America, is a lack, you know, of people, you know. You still don’t have too much, you know, expert on our Ministry of Foreign Affairs. You have the capacity, you know, to cover one thing or another. You know my case, I have to cover cyber security, cyber crime, and many other things. So we’ll have to have more time, you know, to engage, you know, on what I would like to do more with Stacey Holder is to work in some specific line of actions, you know. Again, the idea of a strategy, you know. If it comes to international law, I mean, China has maybe, you know, have some idea to do something, I mean, next year in Chile, you know. When it comes to CBS, or we can, I don’t know, with the implementation, IHL, which is something very important in Switzerland, be one of the champions in this, you know, how we can actually work with some specific, Stacey Holder thing in our regions. It’s something that can be done. It’s sometimes a lack of time, a lack of resources, you know, many things to do back in the capital. But I would give it again, I mean, there’s something that we did with Netherlands, you know, which is dialogue, you know. I don’t think we have too much dialogue in our regions, you know, when we can. And for that dialogue, something that we agree with the Dutch Ministry of Foreign Affairs was to invite representatives of the Ministry of Foreign Affairs, not just people from Ministry of Interior or CSIRS, you know, to bring, I mean, the people in charge of cyber security, the Ministry of Foreign Affairs, to talk. and engage with multi-stakeholders, you know, and talk about, you know, processes we have, you know, at the UN level, you know. And I would add just to keep in mind that the important roles that regional organizations play on this. And most of engagement of stakeholder be thanks to the OAS, and I think in other regions it’s the same. Chile’s now the chair of the SICTA, you know, the Inter-American Combat Against Terrorism, with the cybersecurity programs placed there. So it’s something with, and especially on the implementation, CBM is something that we definitely need to, would like to do more, and engage this stakeholder more in this process. But I totally agree with you that it’s not maybe good enough we’re doing right now. Thank you. Francesco.

Marie:
Yeah, I couldn’t be a better advocate for our way of doing stakeholder engagement than you are. But yeah, maybe I’ll give you a bit of like my background, and how it was when I started working on cyber issue, and in the Netherlands, that was a few years back. So at national level, it was back in the preparation of the GGE, and the Open-Ended Working Group in 2019. And back then, I went back to The Hague from Geneva, and we were having actually a consultation with other stakeholders to actually, before we entered into those rooms, more or less open, then we would be able to have an informed policy position. And I’m not saying we’re doing it enough, and I think that’s one thing, probably not enough, but we’re already trying at that level. The other thing that we are doing is, obviously, those conferences, I think Bert pointed out quite well that the IGF is a place also where we can have lots of open discussion. And we should also grab those opportunities that we have at the IGF, at our national, the IGF at also the regional IGF, to also talk about those issues that we are facing in the first committee and then grab all the expertise that is there. Because there are so many people around here, they know so much more than we would, then we really need to grab those opportunities. I’m talking about the IGF, but I can also talk about non-UN forum like RightsCon or the GFC conference in Accra next month, for example. I think we need to take all those opportunities to really also ourself, engage with the stakeholder community as well. I mean, capacity building, we are doing lots of capacity building and we’re also trying to bring this knowledge about what the first committee is about, what we’re discussing, what is the normative framework, what are our objective, and really looking into the implementation and what it means also for people. So then when they are informed, they can also engage. So Charlotte, as you said, we need to also demystify what’s happening in the first committee. And I think that’s on our side, also an effort that we need to do, because it’s already complex for us to understand how those processes work. So for someone who doesn’t have been there for so long or is not engaged in everyday or in all the discussion, or can be engaged in all the discussion, it’s even more complicated. So I think on our side, we also need to do more on demystifying those processes and explaining what you can bring to those discussion. I have to say, we have the luxury of having a nice cyber policy and we have 34 now cyber diplomats around the world. So we also participate in regional meetings and so on and so forth. And we try to grab all of this, but we also try to share our knowledge and our experience to make everyone be able to also engage. and we still have so much to learn and I’m sure some others have better ways of doing, but I think it’s about exchanging on how we do and then learning from others on what they have been doing and then we can just like improve the way we engage, but it’s true that we have the luxury of having a bit more people, so I’m happy to share, but also really happy to get some feedbacks on how you would like us to engage with you, because that’s the only way we can make it better.

Bert:
Thank you. Thanks so much. Also, as I mentioned already, for us it’s important, we learn a lot from others, both governments, other multi-stakeholders, it’s of critical importance. Joyce, you said that many multi-stakeholder were accredited to the ad hoc committee, but not so many make use of it, and that’s of course a challenge and of course even for governments, I mean these cybercrime negotiations, this is this year, three times two weeks. It’s a huge investment. It’s difficult to take, and there indeed, if you’re not following it closely, it’s difficult to do so. So that’s a challenge in terms also of resources. And by the way, if I may go back for one second to the global digital compact, which is coming up. Also there, I hope that many multi-stakeholder will make the investment, because it’s important that one does. I was a bit concerned that everyone was invited to provide input and so on, already late last year, until I think March or April this year. And then I think nobody ever heard what happened to the input. And then we had the policy briefs, which I can’t imagine would really somehow be a reflection of the input received. So I hear, also hear when I talk to people about the process, there’s a lot of, there’s some who say, well, is it really worthwhile to invest? It’s so difficult anyway, there’s such limited access, and so far our input has not been appreciated. That’s a huge concern to me, because we need multi-stakeholder involvement in the process in order to get the reaffirmation of the multi-stakeholder model as an outcome. So that’s certainly an issue. in the global digital compact, we have a very special committee, and it is responding to the question of Patrick, how do we involve multi-stakeholders, and maybe I start with the global digital compact. There basically we used a national IGF to discuss the process, but also to prepare input. So we had both a government input and a multi-stakeholder input, but we used a national sort of IGF for it. And also, I have to state, there was a huge circus, second Saskatchewan conference on technology security platform where we basically bring all the people together. Telecom, they’re hugely interested, how this treaty turns out because it has some serious implications for them. But some of them also actively participate in, but we regulated exchanges with them. So, there’s a lot of interest, and we have to make sure that they’re fully aware of it. So, we have a relatively small country, the interest is limited, because most people are not really, for them, it’s not clear what’s in it for them. So, there we need to mobilize interest, so that they’re fully aware of it. But as I mentioned, we’re working on a national position paper on international law. There we’re now finalizing our government draft, and this one we want to consult with mighty stakeholders, particularly, of Brazil, Oscar Diaz, Douglas Gilbert and there are many stake holders from Brazil. Soon, we will have very important stage questions to go before the Paul committee with the idea of the POA. I also think it makes a difference in terms of implementation, et cetera. We will permanently settle the question of micro-stakeholder involvement, hopefully, at least for that process. But again, also there, the idea certainly would be that we use the current open-ended working group to discuss in detail how this should be figured out, what the element should be, and then any sort of configuration would be the follow-up to the open-ended working group. But we will have to see how it pans out. It’s negotiations on this ongoing, but we very much hope that in the end we have an inclusive process and we end up with one mechanism after the open-ended working group, because also more, as we discussed, for any one of us, it’s difficult to entertain. Thank you so much.

John Hering:
Thank you. Thank you all for this. We’re coming up on time here, so I’m just going to say, Eduardo, is there a question online? Otherwise, I think we’ve exhausted things in the room, and I’ll move to just a final quick lightning round question.

Eduardo:
We do have a question. I wonder if we have time to answer it, but Amir Mokaberi was questioning the legitimacy of companies participating in multi-stakeholder discussions, especially in the field of international law development, nor making, due to their democratic nature, conflict of interest and lack of election by citizens. So I wonder if you have a quick response to that. John?

John Hering:
Yeah, maybe I’ll take that one. No, I think it’s a fair question and a fair thing to be concerned about in terms of what is the proper scope and size of private industry engagement in any conversations that relates to governance, whether at a national level or international level. The only thing I’ll say is Microsoft makes products and services that we sell, and that helps to augment the digital domain. And we certainly don’t want to be contributing to a space that is getting increasingly unsafe and more unstable. And so supporting these dialogues is critically important to us as an organization that is a large technology company. But I think we are always clear in that, and we would want to always be as transparent in this as possible in saying that. that obviously governments make the decisions here. We don’t. We are, you know, I think together with our other multi-stakeholder partners pushing for a voice at the table, not a vote. And that seems to be always the proper boundary and limitation there. So I hope that answers that question well enough. And I will just say in the last couple minutes, a lightning round. If there are sort of non-governmental stakeholders in the room who have not engaged before in any of these processes at the UN, what would be just a quick piece of guidance on the way they could be most impactful in helping to support government dialogues on cybersecurity at the UN? Anyone can start.

Marie:
I’ll start because I’m at the back of the table. I’ll be short because we don’t have so much time, but I would say, so approach us. We’re not, we will listen and be there, provide information, numbers, facts, show the impacts of the project that you’re doing like in the different countries, in the different regions, report on what’s happening. Those information can only give us like, give an added value to the discussion that will happen in the context of the UN. But also if you start following it from a, like it’s not a one go. If you start following it, then come back to us and tell us, oh, you did this, but you haven’t yet talked about that or this. And actually I have to say, I find it like very sad that people are saying that they don’t see the impact of what they bring to the table. But I can say that for some of the outcome from the open-ended working group and GGE report in 2021, there are actually things there that I heard happening at the beginning of the process, when it was inside event in discussion that we had with civil society, the private sector, academia, and actually they made their way through the end report. So actually it’s a long process. It’s frustrating because it takes time. and you don’t always have everything you would like to see, but it made its way through. So just like continue and all this accountable for making sure that we are taking the right position when it comes to those discussions.

Pablo Castro:
Yeah, I would agree on what Marie said. And also, I mean, I encourage to approach the states, you know, in just our conversation in New York, in Vienna and other places, but also in capital, you know. Most of our work that we did with stakeholders is because they approach to us, you know, proposing, you know, side events. We did one very good in July regarding the toolkits for implementation of norms for marginalized stakeholders. That was very interesting with other states, I mean, Mexico and Colombia. And most of this relation has been because thanks to this stakeholder approach to us, you know, to propose ideas, to make exchanges view about what thinking about their, I don’t know, the next POA or open-ended working group or cybercrime conversations. So I encourage to know to take on the winner state, you know, of course, during this, our meetings in New York and Vienna, we had the chance to create a sort of, I would say even friendship, you know. That’s one of the things I really like about State Hall, you know, you share beer, go dancing, whatever. And then, I mean, just come back, you know, and say, hey, let’s go to work on something or just have, you know, some meetings. And we were having this conversation very much with, for example, Microsoft, with cybercrimes. I always really like, of course, also the submission of documents. Probably we never really, I mean, thanks, I mean, to the stakeholder about this really good documents. Sometimes even in our state, we didn’t be using some of the very good ideas in the office today. I mean, it’s never really, I mean, recognizes, I mean, incredible. We’re very good documents, and we need that just for both, I mean, conversation. So thank you for that

John Hering:
We are one minute over so 20 seconds for everybody else No, please

Joyce Hakmeh:
Okay, 20 seconds, and I think maybe choose One thing that you think you can contribute value and not try to do everything if you’re new to this, right? If you want if I want to look at the way WG in July They agreed on an animal progress report with the like a whole loads of recommendations very concrete actions, right? If you’re you know a CSO like industry, whatever you want to be involved Look at those recommendations and see can I contribute to one or more from my perspective whether it’s national or regional? I maybe sort of take that as your first step and gradually, you know You’ll feel that you are being more involved than as Marie mentioned like, you know states are reading are listening So your input will make a difference. I

Bert:
Would fully subscribe to that Build also partnerships with others and then again what also often notices we receive a lot of proposals ideas sometimes They general sometimes very specific and very often it happens that you pick certain elements up in a statement in Negotiations as an argument etc. But rarely you write back to the organization’s. Thank you. I use this here there. So therefore I’ve thought I want to get better with this because it’s difficult sometimes to measure impact and Often you might not hear about it and you might have no idea how it might was used and you might have more impact

John Hering:
That you think that you have. Thank you. Thank you. And Charlotte if you’re online for the last word for 20 seconds

Charlotte Lindsey:
Yes, I am. I would just say very quickly In terms of engagement, I think what is critical is fact-based Framing and the timing of the input particularly for states so that they can then take that input engage So even if you can’t speak at the table that you can produce that input, but you have to do it in a timely way

John Hering:
Thank you so much. Thank you all so much for showing up, especially late in the day here to everybody online Especially folks like Nick who are up at 3 in the morning really appreciate the engagement and look forward to seeing you all throughout the week here at IGF. And thank you to our panel. And please join me in giving them a big round of applause.

Audience:
I am a computer science major at Georgia Tech. And I was just, we were talking multi-stakeholders. I thought it was just… See that again? Oh, oh yeah, that was really crazy. That was so crazy. It makes me so happy. No one expected that. No, no. We were talking about multi-stakeholders, I thought it was really interesting that no one really brought up the defective use, abuse and how users should be more involved in the multi-stakeholder process. So I was wondering, at Microsoft, when you’re talking about multi-stakeholder capabilities, how do you involve users? Do you involve users, or what does that look like? Good question. I just importantly have to think about what our role is in setting up these societies. Engaging them. We’re engaging them. And our goal is to sort of provide the opportunity for them to sort of get a part of it and say, hey, we have this new gadget that we want. Along the process, we’re inherently not doing this in the first place, until we find ourselves in a happy place. So I said, hey, how are we getting the youth perspective into Microsoft’s submission, into Oh, hey! Yes, how are you? Good, good. Everything’s on track? Yes. I mean, for us, yes. But I think we still have, like, a couple… As I’m working on it. We don’t have to freak out. No, not yet. Not yet freaking out time. No, no, good, good. I mean, the only reason why I’m also pushing a bit is because I’m… Especially for the people… Especially for the people who need funding. But I’m going to go through my sessions. Yeah, exactly. But because others don’t require the funding. So then we… I’ll send, like, in any case… Yeah, exactly. So are you staying until 5? Ah, thanks. Okay. Okay. Yeah, yeah, exactly. Yes. Okay. Yes. Yes. Yes. Yes. Yes. Thank you very much. Thanks. Thanks. I’ll see you tomorrow then. Thank you. Thank you.