Round table on cyberlaw, cybercrime, & cybersecurity

Event report

[Read more session reports and live updates from the UNCTAD E-commerce Week]

The session was organised by Cyberlaws.Net & Pavan Duggal Associates, Advocates. In absence of Mr Pavan Duggal (Chairman, International Commission on Cybersecurity Law and President, Cyberlaws.net, International Commission on Cybersecurity Law & Cyberlaws.net), Mr Christoph Stückelberger (President and Founder at Globethics.net Foundation, Executive Director, Geneva Agape Foundation) moderated the session.

He identified three challenges in the discussion concerning cyberlaw, cybercrime, and cybersecurity, all of which concern political and policy responses to threats: the need for stronger public-private partnerships to find adapted solutions; the importance of perception of threats; and the double standards that are applied in analysing cybercrimes.

Mr Collins Rex (Director, Africa & Asia Global Trade Professionals Alliance (GTPA)) noted that micro-, small-, and medium enterprises (MSMEs) often do not recognise the dangers that surround their businesses until they are directly affected. He further pointed out that affected MSMEs are often unaware of the resources they have to solve their issues and that many members of their support networks (i.e. banks and lawyers) have themselves not heard about cyberlaws. To address this challenge, Rex highlighted that MSMEs need to be made aware of the dangers and educated on the means they can rely on.

Mr O. Rais mentioned that the perception of crimes perpetrated online is different than they are in the analogue world. This accountability gap must be closed by emphasising that values and mechanisms that apply offline also matter in the digital world. He further said that ‘in cyberlife there are no borders, so crime is borderless’ and that policies should be future-oriented. Finally, Rais noted the problem of fake identities online and explained that digital IDs need to be secured and authenticated through a holistic framework, elaborated by relevant international organisations.

Ms Octavia Cerchez (Director of Research, Geneva Interdisciplinary Centre for Economics and Law) said that the concept of ‘if you want peace, prepare for war’ also applies to cybersecurity. According to Cerchez, companies need to know their vulnerabilities in order to adopt defence mechanisms that could prevent attacks from happening. She noted that in the digital world each company and actor is important and they are all intrinsically linked. Public-private partnerships and multistakeholder approaches to challenges are therefore ways to establish greater security.

Mr B. Liküyi spoke about the ease with which products proliferate and that trade also involves illicit goods such as weapons and malware. He noted that governmental institutions in various countries are supporting and buying malware and digital weapons. However, he underlined that these companies not only sell their products to governments, but also to non-state actors, thus fuelling insecurity.

Mr Andrew Crosby (Fellow, Asian Trade Centre) spoke about the different approaches that actors of the trade community have regarding cybersecurity and crime in comparison to those of policy-makers. He noted that policy-makers often look at cybersecurity challenges through the lens of national security and that other developments are pushed to the background, whereas cybersecurity breaches have grave implications for trade and economies. Crosby also mentioned that big economies are better equipped to cope with costs of cyber-attacks than smaller economies and that it is difficult for smaller countries to navigate cybersecurity issues due to the multitude of solutions that are discussed. He pointed out that the development of artificial intelligence will only increase the pressure on policy-makers to find solutions quickly.

Ms Ally Spinu (CEO, Export Portal Inc) explained that while cybercrime is borderless, business operations still happen within countries and that companies have to abide by local regulations. She mentioned the challenge that companies face when trying to conduct cross-border trade given that they have to abide by national laws, but also ensure that their products and services are in compliance with the laws of the country where their goods are consumed. Spinu mentioned points that should be considered by policy-makers to alleviate jurisdictional burdens:

• National, unified rules that go hand-in-hand with international regulations
• Attribution policies and solutions to secure digital evidence about breaches coming from other jurisdictions
• Data storage issues
• Data protection rules for payments given for which no integrated rules protect payments.

Mr Roy Tin (Chief Investment Officer, Stannum Capital) highlighted that cybersecurity is a major concern for traders and that 40 percent of trading happens in uncontrolled dark pools. He explained that cyber attacks delay trade operations and that each second of delay represents the loss of millions of dollars. Tin indicated that public-private partnerships should try to increase transparency in the system and that the public sector should create incentives for the private sector to work with governments. Such collaboration should also aim to reduce entry barriers for actors wishing to enter the e-commerce ecosystem.

Mr Carsten Priebe (Priebe Consulting) noted that cyberlaws are adopted too slowly. Additionally, he spoke about the perception gap between practitioners and policy-makers regarding cybersecurity and cyber-crime, as the former see the threats and dangers of cyberbreaches much more critical to their operations as do public servants. He mentioned that 2.1 billion attacks were targeted at e-commerce platforms alone and that this number would only increase through the growing rates of mobile connectivity and the Internet of things. Other challenges might arise from an increase in cyber mercenaries (i.e. ex-military hackers) and the creation of new forms of money laundering through digital fronts.

Mr Waruna Dhanapala (Senior Assistant Secretary (ICT for development), Ministry of Digital Infrastructure and Information Technology, Sri Lanka) pointed out that challenges for governments involve the short times in which governments have to respond to cyber-attacks and a lack of reporting of cyber incidents. Additionally, the expansion of mobile devices and the ease with which devices can be traded makes locating and mapping IP addresses and identifying perpetrators more difficult.

Mr Africa Kiiza (Program Officer, Southern and Eastern African Trade Information and Negotiations Institute) mentioned that only very few African countries have adopted cybersecurity laws. Kiiza also pointed out that African countries lose about USD$ 3.5 billion annually to cyber piracy and security breaches.

Mr Christoph Stückelberger (President and Founder at Globethics.net Foundation, Executive Director, Geneva Agape Foundation) said that in order to address these issues, an answer should be found to the underlying question of what kind of society we want? This question must be considered through a variety of subordinate questions related to the amount of information we want to share online, what type of control or freedom we want online, and what online sovereignty represents to us. Additionally, he addressed the issue of secret services and their collusions with the dark net. He noted that cybersecurity issues cannot be solved without addressing the issue of secret services.

Mr Kaj Farzad (Senior Vice President, CRO, IBG Group & Plate & GCGC INC) said that policy-makers must have a better understanding of digital issues in order to develop better infrastructures for security. Farzad also highlighted the challenges of conducting online trade with developing countries and mentioned the difficulty of verifying sources and documents that their partners provide.

By Cedric Amon