14 Nov 2018 10:15h - 11:45h

Event report

[Read more session reports and live updates from the 13th Internet Governance Forum]

The session dealt with norms and the culture of norms that determine responsible behaviour in cyberspace. It was underlined that a multistakeholder model is essential for the creation of norms. The necessity for a human rights perspective in drafting national cybersecurity laws was also emphasised. 

Mr Wim Degezelle, BPF (Best Practices Forum) Cybersecurity consultant, gave a run-through of this year’s BPF output, which focused on norms and culture of norms in cybersecurity. Norms have become an important mechanism for agreement of states and non-state actors on a responsible way to behave in cyberspace. However, these norms are often developed in relatively close communities of stakeholders, and difficulties occur in translating such an environment into a multistakeholder environment. The BPF explored the field of cultural norms and values in cybersecurity, questioning what types of norms exist, where they were developed and by whom, what lessons can be learned from actors (not) abiding by the norm. The BPF also looked into the question of a possible cybersecurity digital divide, investigating the possibility of countries or communities who are unaware of security norms. BPF also issued a call for contributions to the community, getting feedback on various definitions of norms, end-user behaviour, examples of norms that worked well, concerns about norm implementation, training and research, and digital divide. The output of BPF is planned for the end of the year.

Mr Louk Faesen, Global Commission on the Stability of Cyberspace (GCSC), represented the contribution to the BPF from the GCSC. He gave a brief overview of GCSC’s organisational structure. The GCSC believes that in the discussions on international peace and security in cyberspace within the First Committee of the UN or in regional organisations, states should take into account the knowledge and expertise of other stakeholders. The reality of cyberspace needs to be taken into account: the technical community has expert knowledge, civil society manages the Internet, and the private sector owns the majority of infrastructure and develops services. Faesen also spoke about the Singapore norm package, the package of norms GCSC developed in 2017. The norms were created in a bottom-up approach, with community members identifying what was missing in the ecosystem of already established norms. Speaking on the future of the GCSC, he pointed out that the focus of the commission will be on the implementation of norms and on the placement of norms within the larger international peace and security architecture. GCSC will also look at the relevant parties that should be involved in implementation of norms and models for norm implementation.

Mr Ephraim Percy Kenyanito, Article 19, represented the contribution to the BPF from ARTICLE 19 Eastern Africa. He emphasised that cybersecurity laws must be developed with a human rights perspective in mind. Otherwise, laws could infringe on free speech, independent journalism, or other human rights. Kenyanito underscored that cybersecurity laws and norms should be about infrastructure, should be human rights friendly and allow for human rights assessments. He also stressed that to protect intellectual property rights, we need to amend existing conventions and other legal regimes.

Ms Saleela Salahuddin, Facebook, represented the contribution to BPF from the Cybersecurity Tech Accord. She reminded the audience of the norms to which Tech Accord signatories are abiding. Salahuddin also pointed out that Tech Accord supports the mutually agreed norms for routing security, as well as sharing information about vulnerabilities. Tech Accord focuses on a global outreach, not just on reaching its members. Salahuddin also underlined the importance of having the private sector and civil society at the table with governments when discussing norms and their implementation. The goal of the Paris Call for Trust and Security in Cyberspace, she said, is to prevent and better recover from malicious cyber-activities, to protect the availability and the integrity of the Internet, to cooperate to prevent malign interferences in electoral processes, and to work together against ICT-enabled theft. She commented that the Paris Call for Trust and Security in Cyberspace could be seen as an international declaration in which the world’s democracies and non-state stakeholders come together to support a unified vision of what the Internet and what cyberspace should be. 


By Andrijana Gavrilović