Well, thank you, Nastya, for that question. And I thank Diplo for inviting me for this webinar. We have followed these last five years of discussions in the OEWG with a lot of interest.
Those of us who have been involved with cyber issues for now almost 20 years. And I think that the signals that have come out in the final report of the OEWG show that there is a willingness among member states to take these discussions forward. While the political focus will be on this mechanism which is to be created by that resolution, I think the areas of activity are now quite clear and important.
In the Mentimeter survey that you’re doing, you have put the broad areas which are of interest to member states. And I think in that context, I would just like to give some of my thoughts on three areas that are before us. The first is, of course, an area where in 2013 and then, of course, 2015, when the GGE norms were unanimously adopted, there was a statement that international law applies to cyberspace.
For a lot of states, that was a very significant recommendation and outcome. And I think that that has to be now built upon by the mechanism. There are three separate areas where the mechanism, in my view, would do well to focus.
The first is the discussions under this area of Article 51, the right to self-defense. I think that for a lot of participants in these discussions, it has been a fairly monochromatic statement that there is the right to self-defense in the UN Charter. But in the work of the mechanism, we need to go a bit deeper into what this really means, especially when you have a plain reading of Article 51 of the UN Charter.
You notice that it is triggered by an armed attack, so therefore it’s not a prospective but a reactive measure. The second, and a lot of people I think haven’t really talked about it, is that Article 51 does not allow any state to take over the mandate given by the UN Charter and international law to the Security Council.
It in fact requires the state to report immediately, and I emphasize the word immediately, the measure it has taken. And then the Security Council has its responsibility under international law to regularize or comment or respond to that measure within the overall framework of maintaining international peace and security.
So that’s one set of issues. And I think the recent paper tabled by Mexico in the UN General Assembly and the Security Council on Article 51 and its link with Article 2.4 of the Charter should be incorporated into the work program of the mechanism when it discusses the subject of how international law applies to cyberspace.
There are two related issues from the UN Charter that I do not find getting much sort of prominence in the OEWG discussions, but I think that they would need to now come in if there’s a permanent mechanism.
These two areas both flow out of Article 62, Paragraph 3 of the UN Charter which empowers the Economic and Social Council to propose legal conventions which become international law under the Charter. Now we have already seen one set of such examples in the area of international humanitarian law which began with the Economic and Social Council mandating the negotiation and adoption of the Universal Declaration of Human Rights between 1946 and 1948.
And after the UDHR was adopted in 1948 and till today, the United Nations Member States have adopted nine major international legal instruments which form the body of international humanitarian law. And I think that this has to be brought into the discussions on how international law applies to cyberspace. The second is something even more invisible, if I may call it that, in the OEWG process.
And that is a reference which is important for all the developing countries which are participating in the mechanism, the reference to the right to development. Again, this is not a declaratory statement which has been made in the meetings of the United Nations. The right to development originates from Article 55 of the UN Charter.
It was developed by the Economic and Social Council, building on the idea of the right first proposed by the Senegalese jurist Keba Mbaye in 1972, which brought it into the African Charter on Human and People’s Rights, the Banjul Charter, and then the UN General Assembly’s Declaration of December 1986, which universalized the right to development.
Now, the right to development is important for developing countries to keep in mind when talking of the application of international law to cyberspace, because it deals with their sovereign rights over their own natural resources and their wealth, and it also upholds their political identity as sovereign states in a multilateral system.
This is something that is extremely important, and I think that this should come into the work of the mechanism on international law applying to cyberspace. In the other area, which is again on the Mentimeter survey that we are doing, about the cyber norms, I remember when the cyber norms were unanimously agreed to in 2015, and we must recognize that 10 years have passed since that decision of the United Nations General Assembly.
There is, therefore, a need to review the agreed 11 norms in these past 10 years to see whether they need to be adapted or amended to take into account both the changes in cyber and digital technologies that have taken place between 2015 and today, and the very, very significant changes in international relations since 2015, which for many of us was the golden apogee of multilateralism.
After 2015, multilateralism has been under a lot of challenge. So, when we consider the norms, we’ll have to look at the impact of these challenges on the norms. There is an interesting question which has been posed in the OEWG, and obviously there is no answer as yet, which is, can the norms become legally binding standards?
And I, from my experience of dealing with issues in the United Nations, can think of one precedent which may be relevant to those in the mechanism who want to move ahead on making legally binding standards out of the norms.
And that area in the United Nations has been the work done by the United Nations legally in terms of responding to terrorism. While the United Nations General Assembly continues to debate and discuss the Comprehensive Convention on International Terrorism, that has not prevented the General Assembly from authorizing the negotiation and adoption of sectoral legal instruments to counter terrorism.
These include conventions on the suppression of terrorist bombings, which was adopted in 1997, a convention on the financing of terrorism adopted in 1999, and the Convention on the suppression of nuclear terrorism in 2005.
So if we have seen the adoption of a sectoral approach, then I think the option of looking at the GGE norms, not as one composite box of 11 norms, but in terms of clusters becomes possible, the cluster becoming the sectoral approach.
And in some of our states, we have experience of two kinds of legal approaches to such norms or principles when we want to make them into legally binding provisions. One approach is of restricting or limiting, meaning a state shall not do something or the other. If you look at the GGE norms, you have norm 3, preventing misuse of ICTs in that state’s territory, norm 6, that states should not harm critical infrastructure, norm 7, that they are obliged to protect critical infrastructure, norm 8 for requests for assistance, norm 10 for reporting vulnerabilities.
and Norm 11, requiring them not to harm CERTs. And then you have another set of norms which could become declaratory. In India, in our constitution, we have a whole section in our constitution which is of declaratory objectives.
And in the GG context, this would apply to Norm 1 for international cooperation, Norm 2 on providing relevant information, Norm 3 on cooperation to prevent crimes or terrorism, Norm 4, Norm 5 on upholding human rights and Norm 9 on ensuring supply chain integrity.
So this is how I would position this topic in terms of the future work of the mechanism. The third and last point that I would like to make refers to the GSCCP, or the Global ICT Security Cooperation and Capacity Building Portal, which has been proposed and unanimously recommended and I assume would be implemented as soon as the resolution is adopted.
This is interesting for a lot of countries, including developing countries, because the idea of supporting capacity building is contained in the UN’s Tunis Agenda, which was adopted in 2005, and also in the discussions of the Global Conferences on Cyberspace, beginning with the London Conference in 2011.
And in fact, the Hague-based Global Forum on Cyber Expertise came out of the Global Conference held in The Hague in 2015. The objective of the Hague GFCE is to develop skills and capacity that address threats and vulnerabilities arising from cyberspace by strengthening cyber capacity and expertise globally through international collaboration and cooperation.
This is a quotation from their mission statement. Now, in the OEWG, the issue was raised of financing. I think in the report, the issue of financing was not addressed and it was left open.
I think in terms of our own experience, that financing has to be linked to two things. One is it must take into account a model of cyberspace, which is a partnership model between the state and private entities. And if that model is adopted and looked at, then in terms of the capacity building portal, the financing should come both from states which can contribute financially as well as from the private sector participants in the proposed portal.
And the issue of how this can be regulated or governed actually is not such a complicated issue because if we just look at one of the specialized agencies of the United Nations, the International Labor Organization, they have managed from 1921 onwards to operate a multiple stakeholder governance structure.
And a person who has come from there into the United Nations system, Mr. Guy Ryder, can be the best guide for the mechanism to advise on how this can be implemented on the ground. And finally, there is in the United Nations system an Office of South-South Cooperation.
And I think that the portal must get linked with the Office of South-South Cooperation for two reasons. One is that the Office of South-South Cooperation actually has available to it the requirements of member states from developing countries, including least developed countries, which would include requirements for cyberspace, for capacity building in cyberspace.
And therefore, there is already an existing mechanism. platform in the UN system which this portal can be interfaced with. The second is that funding for activities under the Office of South-South Cooperation is also taking place and there are at least three identifiable funds for South-South Cooperation which can be made available for capacity building in cyberspace and this includes the UN Fund for South-South Cooperation, the Perez Guerrero Trust Fund for South-South Cooperation and the India UN Development Fund.
So there are three specific funds which are available in addition to funds which are contributed by member states. There’s a China fund as well I know in the UN system and that also I’m sure can be made available if there’s this interface between the UN’s South-South Cooperation platform and the proposed portal. So these are the points I’d like to make and I thank