Main Session on Cybersecurity, Trust & Safety Online | IGF 2023

10 Oct 2023 04:30h - 06:00h UTC

Table of contents

Disclaimer: It should be noted that the reporting, analysis and chatbot answers are generated automatically by DiploGPT from the official UN transcripts and, in case of just-in-time reporting, the audiovisual recordings on UN Web TV. The accuracy and completeness of the resources and results can therefore not be guaranteed.

Knowledge Graph of Debate

Session report

Full session report

Moderator 1 – Olga Cavalli

The analysis provides insights into various aspects of cybersecurity and cybercrime, including the relationship between global initiatives and national regulations and activities. It examines the need to enhance the link between global and national policies in this area. The analysis also highlights the role of the Internet Governance Forum (IGF) in facilitating multi-stakeholder discussions on cybersecurity initiatives. It emphasizes the importance of IGF in providing a platform for ministers, industry experts, and civil society representatives to engage in discussions and exchange ideas on cybersecurity.

Another proposed solution discussed in the analysis is the creation of a database of cybersecurity experts for knowledge sharing. Efforts have been made to develop such databases within the Organization of American States and through the United Nations’ open-ended working group on cybersecurity. The aim is to facilitate information exchange and collaboration among different countries and regions.

The analysis also mentions the agreement on the need for a pool of knowledge to aid in dealing with cybercrime. Olga Cavalli, a contributor in the analysis, supports the idea of having a knowledge pool to enhance capabilities in tackling cybercrime.

Furthermore, the importance of dialogue and cooperation in leveraging technology is emphasized. Active participation, interaction, learning, and sharing information are highlighted as key elements in harnessing the potential of technology. The analysis advocates for trusting in human skills and potential in the context of technology.

Overall, the analysis reveals the interconnectedness of global initiatives, national regulations, and activities in the field of cybersecurity and cybercrime. It underscores the significance of multistakeholder dialogues, knowledge sharing, and cooperation in addressing these issues effectively. The positive sentiment expressed throughout the analysis signifies a collective belief in the potential of these approaches in building more secure and resilient digital environments.

Katitza Rodriguez

The discussions on cybercrime and cybersecurity highlight the importance of finding a balance between security and the protection of privacy and human rights. However, the current UN Cybercrime Treaty is viewed as counterproductive and potentially undermines privacy rights. It focuses primarily on enhancing law enforcement powers, with minimal attention given to strengthening systems and networks at a technical level. Additionally, certain provisions within the treaty could criminalise the work of independent security researchers and allow governments to force engineers to compromise security measures, potentially violating privacy.

To address the challenges of cybersecurity, it is suggested that systems and networks need to be strengthened at the technical level. This would require better incentives to encourage the development of more secure software, devices, and networks. Legal protections for security researchers are also necessary to ensure their work in identifying vulnerabilities and improving security is not hindered. Furthermore, there is a need for enhanced education and information sharing about threats, vulnerabilities, and solutions among users and developers.

One of the major concerns with the current UN Cybercrime Treaty is the lack of adequate safeguards and disparities in privacy protections across different countries. The treaty places mandatory powers for criminal investigations, while the safeguards remain optional. This opens the door for potential abuses and compromises privacy rights. The variation in privacy protection across countries also raises concerns about meeting international human rights standards, as international cooperation in dealing with cybercrime may depend on the privacy protection provided by the assisting country’s national law.

Another argument presented is that there should be a minimum baseline for privacy protections in the UN Cybercrime Treaty. It is suggested that treaty-specific safeguards should be put in place to protect and establish a baseline for international cooperation. Currently, there is a significant disparity in the level of privacy protections and human rights from one country to another.

Companies also play a crucial role in upholding human rights. It is argued that companies should have grounds to refuse cooperation if a request is disproportional or violates human rights law. The broad scope of the treaty may lead to potential abuses, and companies need the ability to deny cooperation on grounds of human rights violations.

Overall, the discussions on cybercrime and cybersecurity underscore the need to ensure that human rights and privacy are not compromised in the pursuit of security. The current UN Cybercrime Treaty lacks adequate safeguards and may potentially violate privacy rights. Strengthening systems and networks at a technical level, providing legal protections for security researchers, and enhancing education and information sharing are seen as positive steps. A minimum baseline for privacy protections is necessary, and companies should have the ability to refuse cooperation if it violates human rights. Upholding human rights and promoting international cooperation are essential in effectively addressing cybercrime.

Ernesto Rodriguez Hernandez

There is increasing concern regarding the development of cyber offensive capabilities and the legitimacy of using force in response to cyber attacks, particularly for certain states. These states have included offensive cyber weapons as part of their national security strategies and doctrines, considering the use of force as a legitimate response to cyber attacks. This trend raises questions about the potential implications and consequences of such actions in international relations and security (keyword: cyber offensive capabilities, legitimacy of using force, national security strategies, international relations and security).

The misuse of Information and Communication Technologies (ICTs) and media platforms has emerged as a significant threat to nations. Individuals, organizations, and states are covertly and unlawfully exploiting computer systems to carry out attacks. These activities can potentially trigger international conflicts. Moreover, social networks and electronic broadcasts are being used as tools for interventionism, promoting hate speech, incitement to violence, destabilization, and the dissemination of false information and fake news. This misuse of ICTs and media platforms not only endangers peaceful relations but also undermines principles of justice and strong institutions (keywords: misuse of ICTs, media platforms, international conflicts, hate speech, incitement to violence, destabilization, false information, fake news).

To address these challenges, it is suggested that countries commit to using ICTs for peaceful purposes, fostering cooperation and development. A global commitment should be established, encouraging nations to utilize information and communication technologies for the betterment of society. Additionally, implementing technical assistance mechanisms to exchange good practices can enhance international cooperation in this domain (keywords: peaceful use of ICTs, cooperation, development, technical assistance mechanisms, international cooperation).

In addition to commitments and cooperation, the development of a legally binding international instrument is necessary to bridge the gaps in cybersecurity. This instrument should complement existing international law and effectively address the growing challenges and threats in cyberspace. International cooperation is crucial in tackling these issues and ensuring stability and security in the digital realm (keywords: legally binding international instrument, cybersecurity, international law, international cooperation, stability, security).

It is also acknowledged that existing international laws need adjustments to encompass cyberspace adequately. Given the highly dynamic nature of cyberspace, traditional laws may not cover emerging issues. Thus, a binding regulatory framework is needed to establish clear standards and criteria for cyber activities. Additionally, violations of treaties and conventions should be effectively addressed to maintain the integrity and security of the digital world (keywords: existing international laws, dynamic nature of cyberspace, binding regulatory framework, standards, criteria, violations of treaties and conventions).

The complexities involved in maintaining good cyber practices and the violations of treaties and conventions highlight the need for comprehensive solutions. It is important to address the challenges faced by both developing and developed countries in the digital arena. Developing countries, in particular, face difficulties due to the digital divide, leading to disparities in accessing information and financing for development. Bridging this divide and promoting equal opportunities for all nations is crucial for achieving sustainable development and reducing inequalities (keywords: good cyber practices, violations of treaties and conventions, digital divide, equal opportunities, sustainable development, reducing inequalities).

The importance of discussions and consensus-building regarding cyberspace-related topics is crucial. Continued dialogue among nations and stakeholders is necessary to navigate the complex landscape of cyberspace and develop shared norms and principles. Such discussions can help establish conventions that promote the development of all peoples and safeguard global interests (keywords: discussions, consensus-building, cyberspace-related topics, shared norms and principles, conventions, development of all peoples, global interests).

Lastly, it is important to recognize the time constraints involved in addressing all the issues in the world of cyberspace. The rapidly evolving nature of technology and the increasing threats in cyberspace pose significant challenges. While it is essential to strive for comprehensive solutions, it is also prudent to acknowledge the limitations and prioritize actions that can have the greatest impact in mitigating risks and promoting a secure and peaceful cyberspace (keywords: time constraints, rapidly evolving nature of technology, comprehensive solutions, mitigating risks, secure and peaceful cyberspace).

In conclusion, the analysis highlights the pressing need for regulations and international cooperation to address the growing challenges in cyberspace. This includes concerns about the development of cyber offensive capabilities, the misuse of ICTs and media platforms, and the gaps in current cybersecurity measures. Adopting a binding regulatory framework, adjusting existing international laws, bridging the digital divide, and fostering dialogue and consensus-building are vital steps towards creating a safer and more inclusive digital environment. (keyword: regulations, international cooperation, cyber offensive capabilities, misuse of ICTs, media platforms, cybersecurity measures, digital divide, safer and more inclusive digital environment).

Elizaveta Belyakova

The protection of children from cyber security threats and cyber crime is highlighted as a crucial matter in the collection of statements. The creation of the Russian Alliance for the Protection of Children in the Digital Environment demonstrates the commitment to address this issue. Furthermore, the issue gained recognition at the 2023 BRICS Summit, where participating countries pledged to take action to secure a safe digital environment for children. Major IT companies are urged to commit to initiatives aimed at mobilizing the public to protect children on the Internet. The Russian IT society has already taken voluntary steps in this direction. Additionally, the Digital Ethics of Childhood Charter was established to establish ethical principles regarding children’s online safety. A major concern expressed in the statements is the threat of sexual exploitation and abuse of children on the Internet. Disturbingly, a UN statistic reveals that 80% of children in 25 countries reportedly feel at risk of sexual abuse or exploitation online. The We Protect Global Alliance goes as far as to describe the easy access to child sexual abuse material online as a “tsunami.” The need for data exchange pertaining to the localization of harmful and dangerous material, as well as information on new criminal methods and attacker details, is stressed. In 2022, the removal of 1,126 units of content relied on a hash database with the involvement of major players in the UK IT market. Furthermore, joint efforts and open discussions are considered essential in protecting children from cyber threats. Elisaveta, a prominent figure, emphasizes the significance of collective actions in safeguarding children against such threats. In conclusion, the protection of children from cyber security threats and cyber crime is a pressing issue. The establishment of organizations such as the Russian Alliance for the Protection of Children in the Digital Environment and voluntary commitments by major IT companies demonstrate progress towards securing a safe digital environment for children. However, the prevalence of sexual exploitation and abuse online remains a distressing concern, necessitating further action and cooperation.

Folake Olagunju

The analysis conducted on cybersecurity in the West African region reveals several key findings. One major issue is the lack of national and regional coordination to effectively combat cyber threats. This coordination is crucial for developing and implementing comprehensive strategies that address the complex challenges posed by cybercrime. Due to resource limitations on technical, financial, and human fronts, the West African region is ill-equipped to tackle cybersecurity effectively.

Another important aspect highlighted in the analysis is the insufficient allocation of resources to the cybersecurity sector. Many member states do not have dedicated budget line items for cybersecurity, which hampers their ability to invest in the necessary tools and technologies needed to protect against cyber threats. Additionally, there is a shortage of qualified personnel in the region, further exacerbating the problem. Furthermore, the weak critical infrastructure in West Africa makes it particularly susceptible to cyber attacks, with frequent power outages and telecommunication disruptions already being commonplace.

The COVID-19 pandemic has brought necessary attention to the importance of cybersecurity and digitalization. As member states were forced to adopt digital solutions to meet the daily needs of their citizens, the conversation around digitalization security increased. This shift has highlighted the need for robust cybersecurity measures to safeguard critical systems and protect personal data.

The analysis also emphasizes the need for increased cooperation, information sharing, and involvement of the private sector in cybersecurity efforts. Peer-to-peer cooperation between member states is crucial for effectively combating cyber threats. Elisabetta, a prominent figure, stressed the importance of data exchange for child protection and overall cybersecurity. Furthermore, the analysis suggests that incentives for workers and partnerships with the private sector can significantly improve the cybersecurity landscape in the region.

The approach taken by the Global Forum on Cyber Expertise (GFC) in collaborating with regional economic communities, such as the Economic Community of West African States (ECOWAS), is commendable. The GFC aims to enhance capacity building in the region through such partnerships, which aligns with the goals and needs of the West African countries.

While global best practices in cybersecurity are valuable, the analysis highlights the need for local adaptations. Cybersecurity practices from other regions, such as the US, may not be directly applicable in West Africa without considering the local context and challenges. Therefore, promoting a practical approach to cybersecurity and encouraging local adaptation of global strategies are essential.

To address the issues surrounding cybersecurity in the region, a joint platform for advancing cybersecurity in West Africa was launched under the G7 German presidency. This program aims to establish an Information Sharing and Analysis Center (ISAC). The establishment of such a center is considered an excellent approach to enhancing information sharing and cooperation among stakeholders.

In conclusion, the comprehensive analysis of cybersecurity in West Africa underscores the urgent need for action. Promoting a cybersecurity culture, improving communication, coordination, and cooperation at both national and regional levels, and prioritizing resource allocation are vital steps to effectively combat cyber threats in the region. Additionally, the analysis highlights the significance of local adaptations, capacity building, and the involvement of the private sector in addressing cybersecurity challenges and protecting critical infrastructure.

Christopher Painter

The analysis explores various arguments surrounding cybercrime negotiations, stakeholder involvement, capacity building, cybersecurity, emerging technologies, and the digital economy.

One of the key points highlighted is the need for expertise in cybercrime negotiations. The analysis suggests that negotiations often lack input from experts who understand the real challenges on the ground. It further notes that the current model of negotiations, which is primarily built for countries, tends to involve a lot of geopolitical issues. This argument highlights the importance of including expert knowledge to develop effective policies to combat cybercrime.

Another argument put forth is the crucial involvement of stakeholders outside of government in cybercrime discussions. The analysis emphasizes that there is a wealth of outside expertise and insights available, and bringing in this expertise is essential for creating effective policies. This argument recognizes the need to involve various stakeholders such as industry experts, civil society organizations, and academia to ensure a more comprehensive approach to tackling cybercrime.

The analysis also addresses the growing international issue of cybercrime. It notes that cybercrime, particularly ransomware attacks, has significantly affected people’s daily lives, making it a pocketbook and backyard issue for many individuals. Additionally, cybercrime has become a political priority for countries around the world. These observations underscore the urgency of addressing cybercrime as a pressing global challenge.

In terms of cybersecurity, the analysis highlights the need for sustained attention to this issue. It acknowledges that cybersecurity has matured as a policy concern but identifies the challenge of bridging the gap between the political level and the practitioner level. The analysis suggests that ransomware attacks have helped raise the profile of cybersecurity and the importance of protecting against new and existing threats.

Furthermore, the analysis touches on the issue of policymakers feeling intimidated by technical issues. It points out that policymakers often struggle to understand complex technical concepts, which can hinder effective policymaking. However, the analysis argues that technical concepts can be understood by non-technicians if they are adequately explained. This highlights the importance of effective communication and education to bridge the gap between technical experts and policymakers.

Capacity building is also identified as a key aspect in the analysis. It highlights that countries, especially developing ones, require assistance in dealing with cybersecurity threats, building national strategies, establishing emergency response teams, and applying international norms and laws. The analysis praises the Global Forum on Cyber Expertise for coordinating capacity-building efforts worldwide.

Notably, the analysis observes the importance of not losing sight of the larger cybersecurity issue amidst the focus on emerging technologies. While emerging technologies are part of the problem, it is crucial to maintain a holistic approach to cybersecurity.

In conclusion, the analysis provides insights into various aspects of cybercrime, cybersecurity, stakeholder involvement, and capacity building. It underscores the need for expertise in cybercrime negotiations and involving stakeholders outside of government. The analysis highlights the urgency of addressing cybercrime as a global issue and the necessity of sustained attention to cybersecurity. It also emphasizes the importance of adequately explaining technical concepts, capacity building efforts, and maintaining a balance between addressing emerging technologies and the larger cybersecurity challenges.

Audience

The analysis encompasses a range of important discussions relating to cybersecurity, digitalisation, international law, knowledge-sharing, and solar technology. One notable point emphasised is the need to effectively utilise emerging technologies to enhance cybersecurity measures. This argument underscores the importance of staying ahead of cyber threats by employing advanced technologies. Policymakers are urged to prioritise cybersecurity and treat it seriously.

The significance of cybersecurity is further underscored by research findings which indicate a potential increase in a country’s GDP per capita with the maturity and implementation of robust cybersecurity measures. This evidence demonstrates the economic benefits that can be gained through investing in cybersecurity.

The debate surrounding the need for a legally binding instrument to govern responsible state behaviour in cyberspace is another key aspect addressed. While international law is already deemed applicable in cyberspace, there is a call for a specific instrument to address the complexities and unique challenges of cybersecurity. The involvement of stakeholders such as the technical community, civil society, and international law firms is viewed as crucial in shaping this instrument.

The analysis also highlights the importance of knowledge-sharing in the context of cybersecurity. It suggests the creation of a worldwide knowledge pool accessible to individuals across different regions, including Africa and South West Africa. The inclusion of non-technical aspects, such as social, psychological, and gender considerations, is emphasised as essential in developing comprehensive cybersecurity strategies.

In terms of infrastructure development, the potential of using solar technology to address the electricity gap in West Africa’s telecommunications sector is explored. This could potentially provide a sustainable solution to power critical telecommunications infrastructure.

Another important topic in the analysis is the need for specific measures to ensure the safety and security of children online. It is argued that a holistic approach to cybersecurity may not effectively protect children, and a more targeted and comprehensive approach is required. This includes the building of children’s capacity through internet governance and digital literacy initiatives.

The importance of cross-border collaboration in addressing cybersecurity challenges is also highlighted. Given the transnational nature of cyber threats, regional and international cooperation is deemed crucial to effectively counter cybercrime. The analysis suggests the involvement of organisations like Interpol for effective collaboration.

Lastly, the analysis suggests that instead of establishing a new convention or treaty on cybercrime, it may be more practical and efficient to focus on improving or expanding the role of existing organisations such as Interpol. This approach could lead to more effective outcomes in combating cybercrime.

In conclusion, the analysis provides a comprehensive overview of various topics related to cybersecurity and related fields. It emphasises the need for the effective use of emerging technologies, the importance of policymakers’ attention to cybersecurity, the role of international law in cyberspace, knowledge-sharing, and the potential of solar technology in telecommunications infrastructure. The analysis also highlights the importance of including non-technical aspects in cybersecurity, protecting children online, and promoting cross-border collaboration. Overall, the analysis offers valuable insights and recommendations for addressing the challenges and opportunities in the field of cybersecurity.

Moderator 2 – Tracy Hackshaw

The discussion on cybersecurity covered a range of important topics, including best practices, case studies, and practical issues. The participants expressed a strong desire to focus on real-world experiences and address core issues rather than engaging in theoretical debates. This emphasis on practicality and applicability underscores the need for actionable strategies and solutions in the field of cybersecurity.

In relation to the protection of children in the online environment, there was a call for the adoption of self-regulation mechanisms and social initiatives. The participants highlighted the importance of collaboration between various stakeholders in reducing online risks and threats. Tracy, for example, spoke about the role of Elisabetta from the Alliance for the Protection of Children in the Digital Environment, who could provide expert insights on this matter. It was also noted that the prevalence of child exploitation risk in the digital environment needs to be addressed, as evidenced by statistics shared by Elizaveta Belyakova. The rise of child trafficking in areas where the online world has a significant influence further highlights the urgency of this issue.

The discussions also shed light on the importance of equal communication and participation of all stakeholders in multilateral meetings regarding internet governance. In order to ensure effective participation, Tracy highlighted the role of the Internet Governance Forum (IGF), where all participating stakeholders can freely exchange ideas. It was acknowledged that language barriers may hinder effective communication, and suggestions were made to provide interpretation services to overcome this challenge.

The notion of collective action was deemed essential in addressing cybersecurity challenges, particularly in developing nations. The positive experiences shared by Falake and Tracy Hackshaw demonstrated how countries that excel in cybersecurity can assist those facing challenges in this domain. This highlights the potential benefits of sharing best practices and collaborating on cybersecurity efforts among nations.

Additionally, resource allocation towards cybersecurity in developing nations was acknowledged as a crucial aspect of addressing cybersecurity challenges. Participants, such as Falake, highlighted the issue of limited resources in West Africa. However, the discussions emphasized that collective action and collaboration can help overcome these limitations and contribute to the enhancement of cybersecurity measures.

In conclusion, the discussions on cybersecurity focused on practical aspects, such as best practices and case studies, rather than dwelling on theoretical debates. The protection of children online, equal participation in multilateral meetings, collective action among nations, and resource allocation in developing countries emerged as key areas of concern. Overall, the discussions provided valuable insights into the challenges and potential solutions in the field of cybersecurity.

Alissa Starzak

The analysis explores various perspectives on cybersecurity, including the importance of prevention and secure design in protecting against cybercrimes, as highlighted by Cloudflare. International collaboration and a human-centric approach are also emphasized as crucial in addressing cybercrimes, while the Internet Governance Forum (IGF) is seen as a proactive platform for promoting a human-centric approach. Additionally, the role of emerging technologies like Artificial Intelligence (AI) in cybersecurity is recognized. The analysis stresses the need for global collaboration, data sharing, and industry involvement to improve security. It also discusses legal considerations, treaty definitions, and the importance of empowering individuals through education and preventive measures. Overall, the summary captures the main points and keywords of the analysis accurately, while ensuring UK spelling and grammar are used.

Session transcript

Moderator 1 – Olga Cavalli:
Okay. Thank you, everyone, for being with us this early afternoon here in beautiful Kyoto, Japan, and welcome all the remote participants that are following from all over the world. For my colleagues in Latin America, it must be extremely late at night, but I’m sure that some of us, some friends of us are there. And thank you, distinguished colleagues and dear co-moderators here. My name is Olga Cavalli. I am the National Cyber Security Director of Argentina, and also I chair the South School of Internet Governance. Here with me is my dear friend, Tracy Hochschild. He is now the chef d’Entrepris de Post from the Universal Post Union Caribbean. He will be helping me in chairing this very interesting session about bridging the gap between international negotiations and on-ground experiences in cybercrime response. And I would like to briefly present my distinguished colleagues and friends who are with us this afternoon, Mr. Christopher Painter. He is Director of the GFC, Global Forum on Cyber Expertise, but also he is a very well-known expert in cybersecurity, cybercrime, and he was the first cyberambassador or cyberdiplomat in the world. And we have online Katitza Rodriguez from the Electronic Frontier Foundation. She is the Policy Director for Global Privacy. She is online. Are you there, Katitza? Yes, I’m here. Are you with us? Oh, Katitza, how are you? How are you, Olga? She is in New York, but she is Peruvian. She is from Latin America. Welcome, Katitza. And we have Alisa Staltzak. She is Cloud’s first Vice President from Global Head of Public Policy. Welcome, Alisa. And over to Tracy, who will present the other distinguished panelists.

Moderator 2 – Tracy Hackshaw:
Thank you very much, Olga. Let me first introduce, well, welcome everyone to today’s session. I’d like to introduce Elizaveta Belyakova. She’s the Chairperson of the Alliance for the Protection of Children in Digital Environments. Are you there, Elizaveta? Yes. Hello. She’s online. We also have a very special guest with us, Ernesto Rodriguez Hernandez, Deputy Minister of the Ministry of Communications of the Republic of Cuba. Welcome, Deputy Minister. And remote we have Fulake Olagunyu, Program Officer for Cybersecurity, Internet and e-Applications at the Economic Community of West African States, who is also remote. Fulake, are you there? I am indeed here. A very early good morning to everyone. And back over to Olga now to continue the program.

Moderator 1 – Olga Cavalli:
Thank you, Tracy, and thank you all distinguished panelists who are with us in person or remotely here in Kyoto and remotely. What’s the purpose of this session? There are several international activities and forums and United Nations efforts in relation with cybersecurity, cybercrime, like, for example, the Open-Ended Working Group and United Nations ADOC Committee. There are So, I would like to ask you a question. I would like to ask you a question about the global initiatives, the regional initiatives, but how those initiatives do impact or do relate with national activities and national regulations, activities of the CISRTs, activities of companies trying to build different best practices, and is this a real relationship? And if so, how do we find ways to enhance the global policy with local efforts? Is there a link, there is a link, or could we find ways to enhance a possible link in between these two kind of global and national and regional activities? So, for this, we have prepared some ideas and some questions for our ‑‑ no, sorry, I have to give the floor to Tracy, who will do some other comments, general comments about the CISRTs, and then I will turn it over to you, Olga.

Moderator 2 – Tracy Hackshaw:
Thank you. ≫ That’s all right, Olga, thank you. Just to add to what you’re saying, I think today we want to look at some best practices, as you were saying, maybe get some case studies out of the group to really understand or get to the real meat of the matter. What are the on‑the‑ground experiences that you have, whether with your clients, with your clients, with your clients, and how do you deal with that? And, you know, what are the best practices, preventative measures, and maybe some lessons learned for us. So I think that’s what we want to deal with today, and I hope that we can really get to the crux of the matter, get some questions from the audience as well, and let’s deal with the real issues. Let’s not get into theory, let’s get into the real base issues

Moderator 1 – Olga Cavalli:
that are in cybersecurity. So, Christopher, I know you have a lot of experience, and you have a lot of experience in cybersecurity, and you have a lot of experience in cybersecurity, and you have a lot of experience, Christopher, he has a vast experience, and now, if you talk to him, and he explains to you how many places he will travel in the next month, you will be amazed, because he’s going all over the world, trying to do a very important effort in relation with capacity building, related with cybersecurity. So, Christopher, how can international bodies, like the United Nations, open‑ended work? So I think it’s very important that we have a good understanding of what is going on in the world. And I think it’s very important that the working group and the Ad Hoc Committee on Cybercrime, for example, and similar entities effectively incorporate the expertise, insights, and real-world experiences gained from cybersecurity practitioners.

Christopher Painter:
Thank you, Olga, and it’s great to be here, and I should say that you’re wondering what I’m wearing around my neck. I’m wearing a white top and I’m not wearing a black top. And I’m wearing a black top because I work in cybersecurity work. So that shows in a sense that cybersecurity is matured as more of a policy issue. But I wanted to express my gratitude to the government of Japan who I worked closely with when I was in the government in terms of cybersecurity and cybercrime issues. And I have had a long experience as a federal prosecutor doing that, and I’ve had a long experience in the U.S. as well as in the U.S. government, and I’ve also followed these negotiations, both the open-ended working group in New York, I’ve been at several of those meetings, and the ad hoc negotiation on cybercrime. And of course, those are not the only games in town. There are things that are outside the U.N. as well. I think that’s really an important question. How do you incorporate real on-the- ground experience? Because often the people who negotiate, and I think that’s a big challenge, is that they’re not necessarily the people who are the practitioners or understand some of the real challenges on the ground. And then the other thing that happens, particularly at the U.N. level, it’s great because it brings every country in the world together, but it’s not built for other stakeholders. It’s built for countries, and it’s also, you know, just as a natural course of matters, there’s a lot of geopolitical aspects, so a lot of the things that happen in those venues are driven by geopolitical issues more than sometimes practical issues, and bringing that expertise, especially when, say, you’re negotiating a cybercrime treaty, it’s really important to know how things work, how investigations work, what has worked, what hasn’t worked, what are impediments, making sure that you’re respecting human rights. So having those experts in the room, I think, is really important, both from government, but also from outside government, and the same with the OEWG on the cybersecurity issues. There is a lot of work that needs to be done on the cybersecurity issues, and I think, you know, it’s really important to have those experts in the room, and the same with the OEWG on the cybersecurity issues. There is a lot, a wealth of experience and knowledge outside of those rooms normally, and so you need to figure out how to bring them in. So I’d say they’ve done a pretty good job at reflecting a lot of the things going on, but imperfect, and we’ll talk more about this later in terms of multi-stakeholder involvement, but, you know, I have, I do think the cybercrime treaty is building off the Budapest Convention, it’s looking at where that’s going to go. I can’t tell you where it’s going to end up right now. There are, again, geopolitical differences in terms of scope of this treaty, et cetera, and the open-ended working group, you know, it’s good that all these countries are meeting. That wasn’t happening before. Every country is seized with this issue. At the same time, it’s sometimes it’s like listening to paint dry. You’re sitting there and it’s like nothing’s really happening, and they’re not moving very quickly. So I do think that there’s been activity, there’s been movement, there’s been more of a political priority of countries on these issues, which is important, but I also think there’s a gap between that political level and the practitioner level, which we really need to do everything we can to bring together, because you need both. You need that information, you need to translate between policymakers and people on the ground. whether it’s cybercrime or cybersecurity, so that the trade space, you understand what the trade space is, and the policies you’re making reflect reality and also help the people who are trying to protect our networks and also to go after cybercriminals. The one thing I’d say before I wrap up, it’s interesting that ransomware and the scourge of ransomware over the course of the last few years has really converted this more than ever before into a priority for countries around the world. Because it’s become a pocket bush, a poke issue, where people have to wait in line for gas, or they can’t get their health insurance, or they can’t get their hamburger, or other kinds of food. That makes it not just a pocketbook issue for people, but also in a backyard issue. It makes it a political issue. And so that’s raised this more than I’ve seen before. And I hope we can sustain that effort, because we need sustained attention on this. Not just here in this room, which is a great forum, and the whole IGF to talk about it, but beyond that.

Moderator 1 – Olga Cavalli:
Thank you, Grishan. I think you emphasized the importance of the dialogue in between technicians and non-technicians, government officials, and diplomats. I consider myself a technician. I’m an engineer. So we should develop this ability of explaining concepts, not very technical things, but really conceptual things. So other colleagues that are involved in other stakeholders can understand concepts. Once you get the concept, sometimes it’s easier to.

Christopher Painter:
And I think that helps. A lot of policymakers are afraid of this issue, because they think it’s technical. But they deal with complex issues every day. And you don’t have to be a coder to understand the key geopolitical and other issues here. I’m a recovering lawyer, and I can still talk to people.

Moderator 1 – Olga Cavalli:
Excellent. Thank you. Thank you very much. And we will follow up with you with other questions in a moment. I will go now to Katica, that she is in New York. Katica, are you there? Hi, Katica. I’m here. Nice to see you virtually. It’s been a while we haven’t met. I hope to see you somewhere in the future in person. Katica, considering the role of the media, how can effective communication about cyber attacks and cybersecurity risks contribute to bridging the gap between negotiations and practical efforts, fostering public awareness, and facilitating informed decision making? The floor is yours.

Katitza Rodriguez:
Thank you, Olga. It’s nice to hear from you. Hi, everyone. Well, first, I will start saying that my work focuses on global privacy topics, including cross-border data exchanges in the context of criminal investigations. And I have been involved for a long time in discussions on cybercrime policy and legislative issues from a civil society perspective. And right now, that focus of the grand part of my job is in the United Nations Cybercrime Treaty, the negotiation that is currently being held in Vienna or in New York. That’s been a large process at the global level, involving, as it was said by the previous speaker, by different member states around the world. Over six negotiation sessions and a lot of controversy about the scope of the treaty, even at the basic level of defining what cybercrime is and how cross-border law enforcement and evidence guided data assistance should work. But back to your question, we see in the media security problems everywhere, from data breaches to rastonware, infections to botnets. The harms are obvious, and we read it all the time in the media. Cybersecurity must make people more secure, however, against such threats, and not less, and should not undermine our privacy and human rights. And we would like to see the media help people better understand the threat’s landscape, and also the importance of a rights-based approach to cybersecurity. To protect a free and open internet from malicious attacks, we need to address the underlying problem. Far too many programs, devices, and systems are woefully insecure, and the process of the internet is not safe. discovering, disclosing, and patching vulnerabilities is often underfunded and disorganized across the public and private sector at the domestic and international level, at the federal or state level. End users often have little or no awareness of how to protect themselves against such attacks. Media narrative responding to crisis like ransomware need to address this whole landscape of vulnerability. And legislators should not just demand expansions of surveillance and law enforcement powers, including across borders. The media can also shed light on the key roles of security researchers, digital security trainers, journalists, and others, improving and safeguarding our rights. And many of these professionals are also working inside of technology companies that have made security research a priority. By presenting their stories, challenges, and contributions, the media can humanize the often technical world of cybersecurity. This narrative is essential to contrast with the UN Cybercrime Treaty current stance, which potentially jeopardize these professionals’ work, the work of security researchers. To address cybersecurity challenges, we need better incentive to make software, devices, and networks secure, better education for users and developers, and better sharing of information about threats, vulnerabilities, and solutions. And we need legal protections for security researchers. Unfortunately, high-profile efforts like the UN Cybercrime Treaty, which is currently under negotiation, have focused almost exclusively on enhancing law enforcement powers, including across borders, while giving minimal attention to a positive cybersecurity agenda of making systems and networks stronger at the technical level. Sometimes this focus only on law enforcement powers is short-sighted and even counterproductive, I will say, because it can undermine human rights, for instance, by sweeping in online dissent, speech, political activities, as supposed form of cybercrime. And because it can interfere with the work of people who are actually trying to make us safer, to improve security at the technical level. Some provisions in the treaty threatens to criminalize the essential work of independent security researchers in identifying vulnerabilities and getting them fixed. Other provisions threaten to allow governments to compel engineers to undermine and bypass security measures in the name of furthering an investigation. These proposals can be interpreted in a very broad way, which could require, compel an engineer, someone with knowledge on computer systems to secretly turn over keys and password even without their employer’s knowledge. So these go against cybersecurity and these tariffs are complex, but the media has a responsibility to try to explain these issues in an easy way, to understand not only the criminal landscape of ransomware, which is important, but also the whole importance of the whole cybersecurity ecosystem. So this broader perspective is important. For one reason, it would show how the landscape of cybersecurity is just not cops and robbers. So many people, than law enforcement and criminals play a crucial role. Second, because it might emphasize that cyber attacks are not magic and their perpetrators are not wizards. All of the core of cybercrime attack have detail grounded in the operations of ICT systems and protection fixes and countermeasures. So the media can demystify those attacks. Demystifying those attacks can also reduce the public’s sense of powerlessness in the face of them. And finally, to conclude, it could also show opportunities for cooperation on strengthening our infrastructure. For example, between tech companies and independent academic researchers, or for cooperation between government and technologies in proactively strengthening ICT systems and promoting cybersecurity research and testing. And that’s something that the media can also promote in their own narrative. Thank you.

Moderator 1 – Olga Cavalli:
Thank you very much, Yaltitza. You bring very important concepts. For example, the importance of security by designing all the devices. The importance of knowing the vulnerabilities. For example, in the national search of Argentina, we have a policy that once we know about a vulnerability, we do communicate it to other areas of the government that we are in contact with. And also, you mentioned the important role of the media in getting to know and informing the public about what is happening. And we were talking yesterday in an open forum that we organized exactly that. That sometimes we get to know about attacks only by the media. And sometimes those who have been attacked or in vulnerable situation not usually share all the information. And so the role of the media is really relevant. Thank you for your comments. And we will get back to you in a moment. Now I would like to ask Elisa a question. Elisa, how can the Internet Governance Forum, where we are now, play a proactive role in promoting a human-centric approach to cybersecurity and facilitating the exchange of insights and experiences between governments? I’m the director of the global cybersecurity organization, and I’m here to talk about the global cybersecurity initiatives and practical on-the-ground efforts which is mainly the purpose of this session. And welcome, and thank you for being with us.

Alissa Starzak:
Thank you for having me. I’m very excited to be here today. I actually think it’s worth a little bit of background about why I’m here on the stage to begin with, and then I can actually tackle that question. Cloudflare is a global cybersecurity organization, and we are a global cybersecurity organization that’s been around for a long time. We have a lot of customers in many countries. We protect people all around the world with millions of customers. In fact, something like 20% of all of the websites in the world pass through our network on a daily basis. One of the things that’s interesting for me on this stage is that we fit in a couple of different places as a member of industry. We’re both a cybersecurity company that is involved in cybersecurity, but we’re also a cybersecurity company that is involved in cybercrime and in internal networks. So we play sort of on both sides of that game and really have an opportunity to think about what those issues look like. So thinking about that question, you know, one of the things that we do at Cloudflare is we try to make it easy for people to protect themselves, recognizing in this space that prevention is actually better than addressing cybercrime in many ways. If the goal, there’s a goal in cybersecurity to protect in the first instance, to prevent cybercrime, to protect in the second instance, to protect in the third instance, to protect in the fourth instance, to protect in the fifth instance. So those questions are really tied very closely together because it’s not just about enforcement. If you can prevent cybercrime in the first place, that is a much better place to be overall. So from the point of industry, thinking about what those solution sets look like, making sure that you have things that are secure by design, that are easy to implement from a protection standpoint is incredibly important. So, you know, one of the things that Cloudflare does is, you know, it’s a global organization. It’s a global organization, but it’s not in, you know, if cybercrime is global, let’s just be honest, it crosses borders, and practically sometimes that means international collaboration on the law enforcement side. And so some of the discussion points have to be about making sure that those barriers are addressed, and addressed in a sort of human-centric way that protects rights. So, you know, I think, you know, I think it’s really important to think about what those solutions look like, and what those solutions look like. So, you know, IGF in particular, you know, one of the things that Cloudflare does is we offer a bunch of initiatives that actually provide protections to vulnerable groups in particular. We think about secure by design, and we try to think about what those offerings look like, and make sure that people understand what they can do to protect themselves. So we actually think a forum like IGF is a place where you can have those discussions about what initiatives are available currently and what it looks like in the future. are thought through and that people are aware of what is out there, even before you get to the cybercrime side. I think the other thing, the amazing thing about IGF is that it’s multi-stakeholder. So you actually have not only governments in the room, but civil society in the room. You have industry in the room. You have a lot of different players who all bring a different piece to that puzzle and can have a conversation together. And there aren’t that many forums like that. So thinking about that practically, that is, I think, one of the biggest things that IGF can do, really thinking about that piece. How do we make sure that people know what initiatives are out there? And then also, what are the real barriers to enforcement? What are the challenges that come into play?

Moderator 1 – Olga Cavalli:
Thank you, Elisa. I think you really made a good point about the role of the IGF in bridging gaps in between the different stakeholders, which I think it’s fantastic space. And also, this concept of equal footing, that you can find authorities, ministers, experts from, a person from civil society, experts from the technical community, and exchange some ideas, and have a coffee or share a bento and some sushi. And that, bridging that gap is really important. That sometimes in this multilateral meetings, which are also very important, it’s not so easy. And there are some barriers that prevent some of the stakeholders in participating freely and exchanging information with other stakeholders. So, I will give the floor to my dear colleague, Tracy. Now, the floor is yours to continue with questions to other panelists.

Moderator 2 – Tracy Hackshaw:
Thank you very much, Olga. And just a few housekeeping guidance. Just at the end of this round of questions, we’ll be asking you to come to the mics or go on Zoom and ask your questions. So, get ready for that. So, you can probably begin lining up as soon as we begin the question period. And secondly, one of our speakers in this round will be speaking in Spanish. So, if you don’t have an interpretation available, and you don’t speak Spanish, it’s a good time to try and look for those devices. Or, I guess if you speak English, you can follow the transcript. All right, so moving on now to one of our remote speakers, Elisabetta. She’s from the Alliance for the Protection of Children in Digital Environment. So, Elisabetta, how can we promote the adoption of best practices such as self-regulation mechanisms and social initiatives to foster collaboration in combating digital threats and reducing risks with a particular emphasis on safeguarding children in the online environment? Elisabetta.

Elizaveta Belyakova:
Hello. Let’s not forget that one of the most important part of our society is, of course, children. And so, protecting children from cyber security and cyber crime is of utmost importance. And that has been increasing over the last couple of years. And this is the reason why we created the Russian Alliance for the Protection of Children in the Digital Environment. This trend is something that we saw beginning in 2023 in the BRICS Summit, where the ministers of the Digital Development of Prospective Country openly expressed their commitment to the issue of protecting children in the digital environment, calling for the creation of this interstate alliance for the protection of children. And these statements, once again, emphasize the relevance of this topic, not only in Europe, but in countries of the global south. Now, speaking on behalf of the Russian IT society, I can safely argue that voluntary commitments of digital platforms and major players in the IT market are the most effective way of public mobilization aimed at protecting children on the Internet. Let me once again emphasize that this is precisely an independent initiative of the largest IT companies of Russia. The alliance promotes the protection of the youngest generation from cyber crime through not restrictions, not through restrictions, but through education, creation of positive content, such as games, podcasts, et cetera. And as an example, for more precise measures, allow me to mention that we created the Digital Ethics of Childhood Charter, which reflects the recommendations concerning the issue of child safety, parents, it’s from parents, teachers, and others. And this is soft law. It’s based on ethical principles, the respect for the child as an individual, shared responsibility, the protection of privacy and values in the online space, as well as inclusivity. One of the key points expressed in the Charter is self-regulation of digital platforms in terms of proactive content moderation. This means that platforms themselves have to vow to take steps to prevent the spread of negative content that could potentially harm children. In addition, the Alliance also works to improve digital literacy for children and adults. This, for example, has led to one-point years of existence of the Alliance, making more than 20 events. And this is an important step in protecting children and the digital environment. What it demonstrates is that given the right conditions, major digital platforms are actually willing to admit their responsibilities and take actions to shield children from negative content and other online threats, Considering the risk for children in the era of global digitalization means that it should be noted that the greatest concern here is the threat of sexual exploitation and abuse on the Internet. It has never been easier for sex offenders to contact their potential victims, share images, and encourage others to commit crimes. And here is an example. Let me mention the fact that about 80% of children in 25 countries report feeling at risk of sexual abuse or exploitation online. That’s a UN statistic. Indeed, the problem of sexual exploitation and sexual violence and, in general, the abundance of content that exists on the Internet containing images and scenes of sexual nature that can cause mental trauma to a child is the most acute issue that really needs to be solved. Unfortunately, this is something that we have not yet solved. Despite the efforts of the global community and international organizations, we are still very far from solving this problem. The World Health Organization in its 2022 report on preventing online violence focused on child sexual abuse and highlighted that the particular issue is very, very important. The We Protect Global Alliance emphasizes in its information resource that, and I quote here, access to child sexual abuse material online is becoming easier and easier and the volume is growing so much that we could say we’re experiencing a tsunami of child sexual abuse material online, end quote. So we all are well aware that a primary school child can easily, with literally three clicks, access content that is so highly traumatic and can cause serious psychological trauma. And something has to be done about this, of course. I would also say that there are general statistics about the number of incidents and cases with negative consequences for a child’s health, and this clearly does not reflect the real picture because children themselves, and especially their parents in many cases, do not take such incidents out into the public space. They don’t complain about it. So therefore, law enforcement and other agencies aren’t asked for help. So what additional steps can we do here to protect children from sexual exploitation and sexual abuse online? How can we strengthen the fight against the spread of this sexual abuse material? And in general, how can we prevent the spread of sexually explicit content that threatens the mental health of children? The most effective and practical measures, in our opinion, are the following. First of all, exchange of data on the localization of materials that are harmful and dangerous to children. The exchange of data on new methods, for example, and mechanisms that are used by criminals. The creation of black lists of resources with these materials on them in child pornography. As well as the exchange of data about attackers and criminals themselves. And… we call them predators. Also, we need to look at blocking content creators, downloaders, and think about the consciously malicious distribution of harmful content. Moreover, such data exchange should be carried out at the interstate level and between authorized organizations to protect children on the Internet. We need to also have campaigns and look at digital fingerprints and hashes. For example, in 2022, 9,126 units of content were removed in the category of sexual content, and this was using the hash database. Again, hash digital fingerprints here. The largest tech players on the Russian IT market have participated in this. In conclusion, I’d like to invite my distinguished colleagues to join forces with me and work together. We’re always open to cooperation and invite participants in today’s discussion to join our digital ethics of childhood charter together, and we can help to protect future generations. I thank you very much for your kind attention.

Moderator 2 – Tracy Hackshaw:
Thank you very much, Elisabetta. I thought there were some very interesting stats you gave there. Eighty percent of children feel at risk of being exploited. That’s fascinating. I mean, I have children myself, and they’re online, and 80 percent feel at risk. That’s really, really troubling, especially in our part of the world where I’m from, the child trafficking is very big, and it seems to be coming from the online world a lot. I think we do have to take a look carefully at that. I also like the fact that you gave some practical examples of how we can combat this, utilizing data exchange, blacklisting, and, you know, working with the authorities to get things moving as well as self-regulation. So I’m hopeful that we could take this up in the question-and-answer session, find a little bit more about what you did in Russia to get this moving. So moving on to our next question now, I’m going to ask Deputy Minister Ernesto Rodriguez-Hernandez, the threats faced by states in cyberspace are increasingly worrying. It is a topic that is widely debated on international stages. What is your opinion on the matter and what actions do you consider could contribute to mitigating these threats? Deputy Minister?

Ernesto Rodriguez Hernandez:
Thank you very much, Trevi, and Olga, thank you for allowing me to be able to share my thoughts on these topics, which I feel are of paramount importance for all of our humanity. I believe that, first and foremost, we need to characterize cyberspace, where everything is being developed. Undoubtedly so, there is a growing development of cyber offensive capabilities, and as a matter of fact, there are national security strategies of some states, which also include the possibilities of using offensive cyber weapons and also to undertake cyber offensive operations, undoubtedly. There are now preventive cyber attacks with a view to deterring adversaries, and they can turn all of these issues, they can turn cyberspace into a new scenario of conflict. This is a danger that has now been heightened by the doctrines, which consider the use of force as a response, a legitimate response to a cyber attack. Increasingly, there is a more covert and illegal use of other nations’ computer systems by individuals, organizations, and also states to carry out computer attacks against third countries. In addition, this can also be a trigger for international conflict. The misuse of information and communication technologies and media platforms—I’m referring to social networks and radio and electronic broadcasts—as a tool for interventionism by promoting hate speech, incitement to violence, subversion, destabilization, the dissemination of false fake news, all of this with political purpose against other states. This is a pretext for them to use this force. This also constitutes an increasing threat to nations, and where it is more important to abide by these international principles of international law. Where are these actions being undertaken? They are being part of a so-called fourth-generation warfare, which is rooted in manipulating emotions, the use of information that has been stored and processed, in the clear violation of issues that are so important, like protecting personal data rights. Many companies are also involved in this. They turn all of this into a business model. All of this is taking place in an international context. various threats, with armed conflicts, unconventional wars, attempts at regime changes, and frequent violations of the United Nations Charter, as well as violating international law. This is the environment where these actions in cyberspace are being carried out. Now, the question is, what is it that we can do to counteract all of these threats? First and foremost, I think that we must undertake a global commitment so that the use of ICTs are used only for peaceful purposes, for the benefit of cooperation and the development of peoples. We must also do away with the colossal technological gap, which are obstacles and a hindrance for these developing countries to invest in the security of their ICTs, and that is the current state of affairs. It is dire, it is essential, and we have also spoken about this in many states. We need to adopt an international instrument, which is legally binding, which complements the applicable international law, which also should respond to the significant legal gaps in the sphere of cybersecurity and to effectively address the growing challenges and threats through international cooperation. It is of paramount importance to increase cooperation in order to grapple with cyber incidents, and as part and parcel of others’ exchange, we need to exchange information which does not compromise the privacy of states, nor should it violate any national legislation. We must also implement technical assistance mechanisms to exchange good practices, which would enable us to grapple with all of these incidents and also should bolster the operational capabilities vis-à-vis a cyber attack. As much as possible, we should also standardize all of these cyber attacks. We should use common terminology which fosters exchange, international exchange. And finally, I think that is also of paramount importance, we need to set a multilateral mechanism under the auspices of the United Nations to determine impartially and unequivocally the origin of all of these incidents related to the use of ICTs.

Moderator 2 – Tracy Hackshaw:
Thank you very much, Deputy Minister. Again, some very valuable points raised. You pointed to the violation of international law that is used to involve state actors in cyber space, but I think your call for the use of ICT to be used for development purposes and for peace, I think that is really something that we need to take a closer look at, and as you said, the call for an international instrument to complement existing international law I think is something we could discuss as we get into the question and answer session. Thank you very much for your comments. Again, questions and answers coming up after this round of questions, so I’m going to go to Fulake Olagunyu, who’s from the ECOWAS, and she’s going to give, I think, a very practical take on what’s happening in West Africa. So Fulake, the economic community of West African states comprises 15 states. Which are the main challenges that these countries face in relation to cybercrime and cybersecurity? Over to you.

Folake Olagunju:
Thank you very much, Tracey. So rightly, as Elisa rightly said, the issues we’re talking about today are completely global, so that would actually put into context what I’m about to say. So what we’re seeing within the West African region is obviously just a quick geographical background here. The 15 member states, 11 of them are actually classified as LDCs, so you can already envisage the sort of issues and challenges they already have without even putting cyber into place. So what we’ve seen over the last few years is that we’re lacking a national coordination at the national level, which is then leveraging into an effective cooperation at the regional level. We’ve seen that not only cyber is global, it is also a trust game, and for that to actually happen effectively, countries actually need to speak to one another. And for them to do that, they have to be willing to collaborate to actually combat the cyber threats. This obviously requires adherence to international conventions. We’re talking about the Budapest Conventions. On the African side, we’re talking about the Malabo Convention. But aside from that, we’re talking about the member states actually having the capacity and the capability to actually coordinate and collaborate with one another. Resources is a big thing that is lacking on the side of the world, and resources has three levels. We’ve got the technical, the financial, and again, the human. Globally, we do acknowledge that there is a death of cybersecurity workforce personnel. But on this side of the world, I think it’s a little bit different. It’s a little bit more critical. We do have personnel that are highly qualified that can do the job, but we don’t have enough of those people available. So it’s an issue of how do we then cascade down the little knowledge that we have so that it actually makes an impact across the region. Finances, a lot of our budgets are actually not concentrated on cybersecurity. I think one or two member states have actually put into their national budgets a very thin line on cybersecurity. We’re trying to see how we can encourage member states to do a bit more. Again, on the technical front, there’s a lack of the requisite equipment and facilities actually required to actually do the job. Aside from that, I think we’re not only – the region hasn’t gotten to the point where you’re seeing cyber as a warfare like other parts of the region. So the mentality is still sort of boots on ground. We’re still looking at physical security, and I think that conversation needs to be leveraged a bit more. I will say that there was a watershed moment. I think everyone talks about pre-COVID and after COVID, and I think COVID was a watershed moment for the West African region because a lot of conversations prior to that had revolved around the socioeconomic development issues that the region faces. But what COVID actually did was it brought digitalization to the forefront because everyone was obviously not prepared, and then you had to now make sure your citizens could actually meet their daily needs and requirements. And I think the good thing – if I can say that, and I use that very loosely – the good thing about COVID is that because conversations about digitalization were brought to the forefront, member states now have to start thinking about security. It’s getting the attention it needs, and I’m going to borrow Chris Painter’s word here about sustained attention. I think what we’re trying to do from the Commission’s perspective now is to actually ramp up and promote that our member states actually start doing a bit more when it comes to cyber security. Some are doing very well, others are not. But it’s our mandate to ensure that as the 15 member states come together that they actually do more because the region promotes free movement of goods and people. So you can imagine if we’re promoting free movement of goods and people, we’re also indirectly promoting the free movement of cyber threats across the region. So we need to do a bit more. I think also one of the things that is a really big issue is the weak critical infrastructure that we have. I don’t know if a lot of people know about what goes on in Africa. I’ll speak specifically about West Africa. The grids are down, sometimes telecommunication maps are down. It’s a calm w-2 for the people on this side of the world not having energy or sometimes not having lights, power grid, social infrastructure. So if we do sort of go two, three years from now and a cyber attack occurs on any of our critical infrastructure, a lot of people will be nonetheless wiser because they’re already used to not having this infrastructure. So it’s a key challenge. within the side of the world, we’re trying to see how we can promote the development of these infrastructure, make sure they’re actually built to a capacity that can actually help its citizens, trying to promote a bit more cooperation and coordination amongst our member states. We’re trying to ensure that there’s that peer-to-peer cooperation. It’s not constantly looking towards the global north because the nuances are different, the environments are different. We’re talking to member states that have done fairly well. And actually, I will take that back. Member states that are doing really, really well within the side of the region to actually pick up other countries that have not, show them what they have done so that we can actually collectively address these challenges together. Like Elisabetta rightly said, one of the things that she has seen in her own thematic in terms of child protection is the exchange of data. That is not just about children, which is very important, but I think it’s a cross-section of actually promoting information sharing on cybersecurity, on cybercrime as a whole. And that is still lacking within this side of the world, and we’re trying to see how we can do that. Like Khatisa rightly said, incentives. A lot of the workers within the sector, the public sector, are not incentivized enough to actually do more. So it’s a way of trying, we need to try and figure out a creative way to encourage government, public sector, to actually do more, to incentivize their people to actually stay, train them, retrain them, or make them pivot to other areas where they can actually use the skills they already have. Involve the private sector and see how we can use that PPP collaboration to sort of move the cybersecurity landscape, improve the resilience and strengthen it across the West African region. I’ll stop here for now. Thank you.

Moderator 2 – Tracy Hackshaw:
Thank you very much, Falake. And I think you had some extraordinary points there on how we can work together, collective action. What I pulled that out as a small and developing state citizen myself, I think we do have opportunities to work together, to learn from each other and share best practices. In my particular field of work at the UPU, we are establishing an ISAC, an innovation sharing analysis center. And I think that’s very useful for the postal sector in this case, but maybe sectoral ISACs within West Africa, within other regions can be one way we can look at this. You also mentioned the issue of limited resources, limited resource budgetary and people. Again, and that’s a problem in many least developed countries and SIDS, underserved regions as a whole. So I think we do need to get that support, but again, with collective action, working together, we can probably drive this forward. I really appreciate your thoughts on that. So now we’re moving to questions. Questions and answers. And answers. So Olga, maybe we could see what’s happening on the floor and online.

Moderator 1 – Olga Cavalli:
Do we have colleagues in the room that would like to make questions to our speakers or comments or remarks adding to what we have been hearing? There are mics in the room that you can line up or we may have questions from remote. Do we have questions from remote? It’s a quiet afternoon. In the meantime, I would like to thank Folake for her comments. I think she summarized very well all the major concerns that we all have, especially in developing countries, not only in West Africa, that we share the same challenges in all the developing countries in the world. No comments, questions from audience? I don’t see hands. Some comments, questions from remote? Okay, one minute.

Audience:
We have one question online and it’s from Riyad Hassan, Vice Chair, Bangladesh Youth IGF and a member of the Bangladesh Remote Hub. And the question is, how can we ensure effective use of emerging technologies to ensure cybersecurity?

Moderator 1 – Olga Cavalli:
Is addressed to any speaker? No, no, no. So the question is?

Audience:
How can we ensure effective use of emerging technologies to ensure cybersecurity?

Moderator 1 – Olga Cavalli:
How do we ensure the use of emerging technologies to ensure security? Okay.

Audience:
Effective use of emerging technologies to ensure cybersecurity.

Moderator 1 – Olga Cavalli:
Okay, who would like to address? Yes, please, Elisa, go ahead.

Alissa Starzak:
You know, one of the reasons I wanted to take that one is because I think one of the things that we’re talking about a lot right now is really that idea of secure by design, just secure by default. So that would be one. And the other piece on the emerging tech side, I think it’s been said a lot at IGF, but there is a reality that AI is coming for cybersecurity as well. And actually. I think we see both the negative potential for AI and cybersecurity in the world of things that you could use for exploitation. But the positive of that is that there are a lot of systems where AI can actually help. If you’re talking about big data sets, for example, identifying vulnerabilities quickly, being able to patch quickly, being able to identify them in sort of real time and correct, all of those things are coming. And I think that the reality of being able to make sure that we have systems that enable that is incredibly important. I think that we are going there. I think that’s one of those areas for global collaboration as well. Because when you start talking about data sets and information sharing, a lot of tech, a lot of requires, and AI certainly requires big data sets. So being able to do that for cybersecurity systems, making sure that you have adequate access to data to enable that protection is important.

Moderator 1 – Olga Cavalli:
Fantastic. Chris, do you want to add something?

Christopher Painter:
Yeah, I might add that I agree with everything you said. I’d say that emerging technologies are part of the larger problem, but we can’t lose sight of the larger cybersecurity issue too. And one of the things that we didn’t talk about yet, and something that my colleague from ECOWAS mentioned, is when we’ve had these UN meetings, when I’ve talked to countries from around the world, almost to a person, especially for the developing world, the global south, their number one interest is they need help. They need capacity building. They need the ability to actually deal with these threats, whether they be nation state threats or criminal threats. They need to be able to actually take things that have been decided in the UN, like norms of behavior and international law, and apply them. They need to be able to have certs, emergency response teams. They need to have national strategies. They need all of these things. And of course, when you’re looking at new technologies, you build that in. So the fear a little bit is you see these new technologies, and it becomes a bright shiny object, and you forget about the foundation you have to build for all of these things. And what the GFC does, what the Global Forum on Cyber Expertise does, is it really does that, coordinates that capacity building around the world. It’s multi-stakeholder. We have 200 members and partners, countries, civil society, industry, academia, and the whole idea is to work around the world to make sure that countries and others are up to speed. You know, they have these basic things in place, and it’s a sharing platform where they can work with each other. So I think that’s, you know, as I think about practical aspects of this, as opposed to sort of the political and other aspects, the most practical aspect is just helping countries protect themselves, both from new threats, but also from existing threats, and really build that capability. the world. So, I think it’s important for us to make sure that we have the capability around the world.

Moderator 1 – Olga Cavalli:
Thank you, Chris. We have two colleagues lining up. I didn’t see who was coming first, so.

Audience:
Colleague on the right came first. Okay, thank you. Go ahead, please. Okay, thank you very much. My name is Christopher, and I’m the director of digitalization, and I’m very happy to be here. So, thank you very much for all that you’re doing, Chris, Olga, and everyone in particular. The first comment is to corroborate what Folake has been saying concerning scenario in West Africa that is really awakening, you know, like, with regard to the good part of COVID. So, digitalization is a serious business, and with it, of course, the trend, you know, of sewing pieces into pieces are definitely important, and we are hoping, indeed, because lot of things are moving online. Secondly, the United Nations Commission for Africa sponsored a kind of research to measure the link between cyber security and development. The objective is to present to policy-makers to take cyber security seriously, and we are hoping that by the end of the year, we will be able to see that, in fact, cyber security will have a kind of maturity, kind of yield between 0. 6 and 5.4% increase in GDP per capita, so with these, you can see that, indeed, if you take cyber security seriously, then there will be value-add even to the economic power of the citizens. So just to bring that to the discussion. Thank you.

Moderator 1 – Olga Cavalli:
Thank you very much.

Christopher Painter:
I’m going to turn it back over to you, Mr. Kudlow. Thank you for that, and I was at the IGF in Addis last year where they launched that study, and I would say that that is really critical if you think, and other speakers have said this, a lot of the interest around the world pre-pandemic, but even now, is seizing the digital economy, digitization, you know, often the economic parts of government don’t talk to the security parts of government, or their communities don’t even talk, but they talk to the security parts of government, and I think that is really critical, and I think that’s where capacity-building comes in, but having statistics like that, which really makes it for the sustainable effort that we need over time and not just another boutique effort, but one that’s really important as part of it.

Moderator 1 – Olga Cavalli:
Thank you, Chris. Any other comments from colleagues? Speakers remote, would like to make any remark or comment about the two questions that we have received or comments? No?

Folake Olagunju:
Can I join in for some strange reason? I can’t find my raise hand. Okay. Thank you very much. So just to quickly tap into what Chris said. Yes, the GFC is actually doing amazing work, but I think the approach the GFC is taking is the best approach or it’s a good approach because they’re also trying to leverage on regional economic communities such as the ECOWAS. And the ECOWAS Commission has been working with the GFC over the last few years to see how they can actually drill down that capacity building to make it more meaningful to the member countries that are involved. Because obviously, if you think about it, if you’re trying to do capacity building from a global level, it would not actually tap down into what really matters to me working and living in West Africa, for example. So that was just one point. The second point was to what Jimson was saying. Yes, we are aware of the UNESCO report, but I also wanted to say again, it needs to be drilled down again. We’re looking at trying to promote cybersecurity or encourage more member states to be more cyber aware. To do that, we need the awareness, we need the evidence, and we need the practicality of how it has worked. We cannot, for example, take what has worked in the US and bring it to West Africa and expect it to work without actually having meaningful engagements with the people on the streets. So for that to work, there needs to be a practical angle. And one last point, just to quickly sort of go back to what Tracy was saying about ISACs, that’s a very important point you have mentioned there. It’s one of the approaches the commission has taken. We’ve just started a new program that was launched under the G7 German presidency. It’s the joint platform for advancing cybersecurity in West Africa. And one of the things we’re looking at is actually setting up an ISAC. So it will be good to see how we can also see what you have done and how we can leverage on that. Thank you very much, Olga, for giving me the floor. Thank you.

Moderator 1 – Olga Cavalli:
Yes, please.

Christopher Painter:
I don’t mean to hog the mic, but just. Relating to that comment, a couple of years ago, or maybe more than a couple of years ago, we recognized exactly what was being said, that this has to be a demand-driven approach. It can’t just be layered on. You just can’t say, here are some programs, go run with it. That’s not sustainable. So having it both globally and regionally driven is really important, and we work to create an African experts group. We’ve worked in the different communities. We’re having a big conference in Ghana at the end of November, bringing the development community and the cyber community together. We also have a hub with the OAS in the Latin American, Caribbean, and North American region. We have something in ASEAN. We have just launched a Pacific hub for the Pacific Islands. It’s important to have both of those together, and they can share information across them, because although the lessons might be different, there might be lessons that can be learned from other approaches.

Moderator 1 – Olga Cavalli:
Thank you, Chris. Tracy, you would like to ask, let our colleague to make the other question.

Moderator 2 – Tracy Hackshaw:
Of course. So over to you, colleague at the mic. Yes. State your name and where you’re from.

Audience:
Yes. Thank you very much. My name is Jacopo Pembelliet. I’m from the Ministry of Foreign Affairs of the Netherlands, and I do have a question. First of all, thank you very much, everyone, and I think it’s very great that we have this panel talking about end cybercapacity building and cybercrime and responsible state behavior, because I think all those three topics are equally important when we are discussing how to increase cyber resilience. And I do have a question for the Deputy Minister, but also for the other panelists maybe. The Deputy Minister was talking about the proposed or the perceived need for a legally binding instrument on responsible state behavior in addition to international law. And well, I mean, we’ve had a lot of discussions on international law at the U.N. level, and I was wondering regarding these discussions and also considering that already at the U.N. level it was agreed that international law is applicable in cyberspace, and of course we are all working out, or tech real experts are actually working out, other than me, how international law is exactly applicable to cyberspace and how these specific rules would be applicable. And so I was wondering if you could elaborate on how a new or new negotiations on a legally binding instrument are actually related to this ongoing effort to find out how these existing rules apply to cyberspace and how – because, of course, I don’t think we want to be premature in starting that. I think it’s very important that all countries do that before we go to see whether there are gaps that we need to fill with a new treaty. And also, since we are here at the IGF, I think it’s important to say that when we are talking about international law and cyberspace, that really it should not only be international lawyers, but it should also be international law firms. And I think it’s very important that all countries do that before we go to see whether there are gaps that we need to fill with a new treaty. And also, as Remember that we do have, some of the, you know, indicators that we need to look at that, but we also really need the technical community and civil society and all stakeholders to think about that, because it’s, really, an issue that is not only for those writing about international law. Thank you very much.

Ernesto Rodriguez Hernandez:
talents First and foremost, there is, indeed, an international debate that is deeply rooted in both of these issues. There is a need to have a binding regulatory framework. Also, the applicability of international law, and very specifically, in terms of international humanitarian law, in terms of security vis-a-vis ICTs. I feel that there is one scientific element that’s important, what we are going to have to grapple with. This is a completely different environment. Cyberspace is highly dynamic. The various topics that trigger conflicts and also safeguard international security are very different from the traditional ones that we knew before, from yesteryear. Therefore, I feel that we cannot think that the current existing standards, the good practices which strive to proliferate their use and the responsible use within cyberspace that are necessary, indeed, for us to be able to have a safe cyberspace where we work together geared toward development. As a matter of fact, I feel that we have addressed this topic here. We’ve talked about disruptive technologies, emerging technologies as well. This means that there are new standards and that they need to be binding. It cannot be voluntary, and the state should not decide whether they will be abiding by these laws. I think that we need to all be on an equal footing, all countries. We must abide by them. They need to safeguard, they need to favor, foster a peaceful cyberspace geared toward cooperation and the development of peoples.

Christopher Painter:
So, first of all, thank you for that question, and thank you to the Netherlands because they launched the GFC, so thank you for that. But taking my GFC cap off for a moment and based on my prior experience, look, I think that the norms of behavior that have been agreed to by every country in the UN, every one of them, they are voluntary, but they’re political commitments by those countries, and so if they agree to do that, they should be held accountable for that. Other countries should hold them accountable, and we’ve seen violations, and the accountability hasn’t been there. So it doesn’t matter if you had a new treaty or not. We’ve seen treaties violated all the time, and if there’s not accountability, they end up just being words on paper. I do think doing a treaty at this point is premature. I think the norms are a good step. I think there’s more development that needs to be done. A lot of countries, even though they agree to the norms, don’t know what they mean, so you have to build, I think, on this. And also, you know, there’s a challenge because some countries, when they think of a treaty, think of a treaty about information. They worry about what they think is harmful information, and so that gets very much into human rights and free speech, and I worry about how the that plays out as well. So I think a treaty is far down the pike right now. I think there’s a lot we have to do, including capacity building, which is a more urgent thing to do right now.

Alissa Starzak:
I just wanna add, actually, I agree with that, Chris. I think from the industry standpoint, one of the things that becomes challenging for us is that when you try to define things in a treaty, one of the fears from industry is that you might end up actually less secure. So one of the challenges from a practical standpoint that has come up in some of the treaty negotiations, for example, is the question of access for researchers trying to do security research, what that then means. If you try to define that prematurely, you actually risk a world where vulnerabilities don’t get patched because there are too many legal, challenging legal questions around it. And I think that’s really concerning from a practical standpoint for industry. So I will say I think industry sort of watches these questions really carefully. We’ve been sort of strong proponents of norms in the space, really trying to think about, we look at it very much from a protection across the board from an industry standpoint. So we’ve been trying to look at what actually promotes that primarily, and really thinking about what that looks like just for everyone on the ground.

Moderator 2 – Tracy Hackshaw:
Yes, thank you very much. And I know time is short, but we do have one more question from the floor for this round. State your name and proceed.

Audience:
Hello, my name is Dr. Mona Hauck, and I’m from Germany. And I have been working in EU projects, AI, medical area for the last few years. And I’m not an AI technique, I’m working with experts. And I have been responsible of supporting the doctor networks within the EU. So my experience, I just got triggered by what was Falak saying, is that I wonder, I have seen so many experts. I have been working with more than 16 nations, and it’s amazing, but the knowledge and all the lessons learned, and I work in business, industries, big, major companies, the knowledge gets lost, and I wonder if I listen to Falaka if there’s not a way of somehow creating a knowledge pool with all the technology that is available to not only think about, like, cybersecurity, but the people who create cybersecurity, the people who you want to teach kind of like a certain mind-set, so in order to avoid bias and to include gender aspects on all the things, so we’ve been creating kind of like a certain best practice case for the EU, and it was the first time that we did it by applying, by kind of like, sorry, coaches who supported the tech experts, people who were trained, like, from a social psychologist and social science, and I was wondering, and all these things, because so much gets lost if people are focusing on tech and not including the other aspects, if there’s anything, so my vision is that there is a worldwide knowledge pool where people from Africa and South West Africa can just kind of like access to it. It’s a dream.

Moderator 2 – Tracy Hackshaw:
There are questions on the corners. I’m wondering if you could just take the other questions and then pull them together. What do you think?

Moderator 1 – Olga Cavalli:
Yeah, that’s a good idea, and I was wondering if remote experts would like to make any comment or respond to any of the comments that we have received. All right, so thanks for your question.

Moderator 2 – Tracy Hackshaw:
Let’s go to the colleague on the right and then colleague on my left and my right, and then we will pull them together and get them all answered. So go ahead, sir.

Audience:
Thank you, Tracey. I’m from Benin. I’m from the Ministry of Economy and Trade. I’m missing from Benin. I’m from Ministry of Economy and Finance of Benin. I thank Folake for her intervention. I have just one question for her. I want to know if it’s possible to use solar technology to solve the gap of lack of electricity for critical telecommunication infrastructure in West Africa. Thank you.

Moderator 2 – Tracy Hackshaw:
Thank you very much. And colleague on my right. Go ahead.

Audience:
Thank you very much. Let me introduce myself. This is Ganesh. I work for the government of Nepal as a secretary in the Ministry of Energy. in the prime minister’s office. We discussed a lot about the cyber security as well as the cyber crime. And we discussed a little about the cyber security and the children. UN report shows that one in five girls and one in 13 boys have been sexually exploited or abused before reaching the age of 18. Don’t you think this is the serious thing to our future challenge? So concerning this, I would like to raise some of the things that need to be considered. First of all, having a kind of holistic approach for all cyber security may not be functioning. So we need a separate compact to address the challenges of the cyber security related to the children because of their specific necessity and the specific characteristics of the children. The second thing I would like to emphasize that one of the speakers already said about building the capacity of the children themselves through the internet governance as well as some of the internet technology by giving digital literacy about making aware about their right. So this might be one of the most important things to save from the online safety measures. The third thing that is most important due to the nature of the cross-border issue of the cyber security, we need cross-border, regional, international collaboration across member state and the private sector and the ICT companies. That is very important in addressing technology facilitates child sexual exploitation and abuse. This is the third thing I would like to emphasize. Thank you very much.

Moderator 2 – Tracy Hackshaw:
Thank you very much. And I think we have an online intervention.

Audience:
Thank you, Tracey. We have some questions online. From Rwanda, from Sri Lanka, what is the impact of cyber crimes conventions to cyber crime investigations? And another question from Amir, what should be done when some cross-border digital platform refuse to cooperate with national competent authorities regarding cyber crime cases and refuse to establish official representative in the country? Thank you.

Moderator 1 – Olga Cavalli:
I would like to address the question made by a colleague from Germany. I agree with you. This is a relevant desire from many of us of having this pool of knowledge and especially to be shared among different countries and regions. Just to let you know that there are some efforts in preparing a database of experts, at least in the Organization of American States, or correct me if I’m wrong, Chris, the open-ended working group on cyber security in the United Nations, they were working on a database of all the experts of different countries, which is not the whole picture, but it’s a start, and it should be an ongoing process. What is difficult from these efforts is to keep them updated, and sometimes it’s expensive and complicated, but I think it’s an idea that we all have in mind.

Christopher Painter:
I think the UN effort is more points of contact for CBM, so it’s more limited. And I’d say that it’s a great idea, and part of what you’re saying is being able to translate between the policy and technical people, too, which I think is important. I’d mention the Sybil portal again, which is what my organization has, which now has over 800 best practices, guides, tools that can be used, and it’s open to everyone, not just members of the GFC at sybilportal.org, but there are other things out there, and I think we’re building toward that.

Moderator 1 – Olga Cavalli:
And who would like to …

Katitza Rodriguez:
Olga? Do you hear me? Sorry? Olga?

Moderator 2 – Tracy Hackshaw:
Yes, Folake, I think Folake is trying to speak. No, Katica. Olga?

Moderator 1 – Olga Cavalli:
Ah, pardon. Sorry, Katica. I didn’t see you. Thank you. I’m so sorry. Please go ahead. I’m so sorry. And we have Qsai in the queue. We will go to you in a moment, Qsai. Nice to see you there. Katica, the floor is yours.

Katitza Rodriguez:
Okay. The challenge of remote participation, but I’m very grateful to be able to participate online, so thank you, Olga. So there were many questions that were very interesting through the discussions. One of them is related to the application of international human rights law, or international human rights, or international law. I will respond to this when it comes to the negotiation of the UN Cybercrime Treaty. I don’t want to confuse my answer with the other negotiation of the WEEG, which there is no treaty. But when it comes to the UN Cybercrime Treaty, we have seen that many of the powers for criminal investigations, including across borders, are obligatory, while some of the safeguards are optional. Moreover, the chapter on international cooperation should be subject to international human rights law. They should be in the treaty-specific safeguards that protect or are the baseline for international cooperation. But instead, the treaty deferred to national law what the level of protection of privacy. This means that when one country wants to assist another on cooperating in investigating a crime, the law that will apply is the law of the country that is providing the assistance in collecting the evidence. But as we see in a joint negotiation with 1,900 countries and more, the level of privacy protections and the level of human rights deferred country by country. So if we don’t have a minimum baseline on the chapter on international cooperations that all states should comply with, we are allowing very strong cross-border surveillance powers with almost minimum of just leaving to national law to decide the level of protection what it is. And that could be very bad in many countries. And we are talking about surveillance powers that are very invasive, like real-time intersection communication, real-time location of data, or even data that will identify a subscriber. The people who speak to Truffaut, who are just criticizing their governments, end up being criminalized just for posting a tweet. And sometimes people get criminalized in many countries just, for instance, for being LGBTQ, for being themselves, because that sometimes trumps the country. So the issues that provide international cooperation and letting countries decide what the crimes that will be allowed for that cooperation, without restricting it to the core cybercrimes that have to be in the treaty, open the door of providing a legal basis of international cooperation for crimes that, for some countries, could be crimes, and I call it ding crimes, but it could be also an act of expression in many other countries. So without clear respect of international human rights law, clear say that’s in the treaty that are the basis for the negotiation, and a narrow scope limited to core cybercrimes and crimes that are specifically defined in the treaty, the treaty could be too broad that we could lead to abuse. So that’s one of the things that are concerning. Two other questions about the grounds of refusal in criminal investigations. So it depends, you know, sometimes companies refuse to cooperate on human rights grounds. As I said, sometimes some countries criminalize someone for being LGBTQ themselves, if sometimes or sometimes a journalist for writing an article, or sometimes an activist for writing a post. And so sometimes there are grounds for refusal because the request is disproportionate, because the request is in violation of human rights law, and in those terms, it’s valid for the company to be able to refuse cooperation, to deny or challenge requests that are disproportionate. Obviously, we are not talking about the requests that are necessary for the investigation for crimes that respect human rights law that are necessary to fight cybercrimes. But the problem that we’re having in the treaty right now is that this international cooperation will be based for any crime as defined by national law by any country, which will be a lot of crimes, and it will be very difficult for the authority to be able to even know what the crime is about and in which grounds they can refuse it, which will create a lot of, it will be even very difficult for democratic countries who will be willing to refuse a request and will end up failing to, failing to, failing to be able to actually notice that the request is a proportionate, that the request is not compliant with the legality principle, that doesn’t follow all the criminal procedure safeguards, and it will be able not to deny the request. We’ll end up handing over the information, and when we hand over information on a, of of an activist in places where speaking get you in jail, you can lead this type of investigation, can lead to torture, disappear, and very serious human rights abuses. It’s opened the door for what we call transnational repression. So I just want to flag that, that grounds of refusals are important in the safeguards. Are important not to undermine criminal investigations, but to be able to deny requests when these are disproportionate in violation of international human rights law. Thank you.

Moderator 1 – Olga Cavalli:
Thank you, Catista. I think that you have summarized very well the complexity of transnational concept of all these activities. I suggest that we take the question from QSY, and then we let our experts to do final comments. QSY, welcome.

Moderator 2 – Tracy Hackshaw:
And perhaps we just close. And shall we close the queue after that?

Moderator 1 – Olga Cavalli:
We have to close the queue after QSY, and then we will get some final comments and wrap up. QSY, nice to see you, and welcome.

Audience:
Thank you, Olga. QSY Alshati from Kuwait. There was a talk about the need of an international convention or a treaty on cybercrime, and I agree with the panelists when they said this is a long way to go. Actually, we have the early in the century, we have the Budapest Declaration, which was about cybercrime. And there are countries that were about 40 or more that signed that declaration. But yet, the cooperation or international cross-border cooperation in cybercrime did not become. I wonder if we need a treaty rather than, let’s say, improve or expand the role of current organizations like the Interpol, for example. Interpol currently is working from country to country when it comes to cybercrimes, whether in exchanging information, criminal investigation, and facilitating the relation between a country to a country when it comes to such an issue. Is it an option or a possibility to improve that role of an organization like, for example, the Interpol, rather than going for the track of a cybercrime treaty or a new convention on that? Thank you.

Moderator 1 – Olga Cavalli:
Thank you. I suggest that we give the floor to each of our panelist experts and then we wrap up. You can answer the questions and do some final comments. Chris?

Christopher Painter:
Yeah. Thank you, Olga. Just in answer to that question, while there are now negotiating, we have the Budapest Convention where many countries, I think it’s north of Haiti now, have either signed or acceded. There’s negotiations now happening in the UN for new cybercrime as opposed to Cybersecurity Treaty, which we were talking about, and I think that’s very many years down the line. But even there, there’s major differences between countries, between thoughts. Some want a very expansive view where it covers everything, including things I think would be protected human rights. Others want a view that’s more focused on cybercrime. We’ll see what happens. But I do agree that we need to continue to improve operational coordination. Interpol is a great vehicle. We have, when I was in the government, I used to chair something called the G8 and G7 High Tech Crime Group. We created the 24-7 point of contact network that now has over 80 countries, I believe, to share information. So that operational coordination is key. And just in my wrap-up comments, look, this is a space that continues to evolve and become more and more important for everything we do. And if you’re not following these negotiations in the UN, if you’re not following these things that are happening on a regional basis, you should. Because it really impacts all the stuff we talk about, the IGF, but even much broader than that. And I think, again, one of the keys is capacity building. The keys are working with countries who need help. And that’s something that, you know, I invite you to join us in that. If you’re a country and you’re not a member of the GFC, we welcome you to become one. If you’re a stakeholder, we want to engage with you too. This is, I think – and one of the reasons I’m doing this role after leaving government is I think that foundational thing about capacity building, which both helps us defeat all the bad things, but also enable all the good things, is critically important, and it’s a practical thing we can achieve.

Moderator 1 – Olga Cavalli:
Thank you. Alisa?

Alissa Starzak:
So I just want to pick up on that theme of capacity building. I think industry has a role in that as well. I think that one of the things that we see and are looking for are really to think about how we improve security for everyone. That is not necessarily being done on the government-to-government side. It’s really thinking about what resources are available – again, capacity building straight up – and then thinking about that collaboration that happens. Sometimes that collaboration is on information sharing related to threats. I think there’s a lot of work that can be done there. But again, first and foremost, I think there are a lot of people that just need tools, understand how to protect themselves, how to make sure those attacks don’t happen in the first place.

Moderator 1 – Olga Cavalli:
Thank you.

Ernesto Rodriguez Hernandez:
I feel that we are debating a highly complex issue. We do not have much time to make headway with the necessary resolve. The criteria that we use are divided. The standards, the abiding standards as well. the treaties, the conventions, how they are also violated, how they are not abided by with good practices, with good coexistence, with no binding criteria. This is something which we need to continue addressing. We need to continue speaking about it and to reach a consensus. For developing countries, it is a very difficult situation, and capacity building, which we mentioned here, they are not comparable between the developing world and the developed world. What are the capabilities that a developing country has to ascertain where the cyber attacks are coming from, where there’s such a gap in terms of the digital divide, in terms of the information that we have access to, financing as well for development, where there isn’t parity. In a few words, I think that these are topics which we need to continue discussing. With the understanding and the responsibility that we cannot, we do not have the time to put everything in order and to fix everything in the world of cyberspace. As I said, we need to foster all of these conventions for the development of all of our peoples. Thank you.

Moderator 2 – Tracy Hackshaw:
Thank you, Deputy Minister. And let’s go to our online panellists. Elisaveta, please, final words and responses. We literally have 30 seconds left.

Elizaveta Belyakova:
Well, in conclusion, I just wanted to thank my distinguished colleagues for this debate and call upon them to join our efforts and so that we work together because cooperation and participating in today’s discussion has allowed us to further our work to protect childhood, as I’ve mentioned, and you can find a link to our website in the information. I hope that we will be able to protect children from these cyber threats, and I hope that we’ll have a more open world. Thank you very much.

Moderator 2 – Tracy Hackshaw:
Folake?

Folake Olagunju:
Thank you very much, Tracy. So I think more needs to be done to promote the development of a cybersecurity culture, which I think hopefully will lead to better communication and coordination. at the national level, which then leverages to effective cooperation at the region that is required. Thank you very much.

Moderator 2 – Tracy Hackshaw:
And maybe five seconds from Katitza. Five seconds, Katitza.

Katitza Rodriguez:
Thank you. I just will conclude that for me, human rights are universal, and we don’t have to view them as fundamentally conflicting with sovereignty. In principle, these are rules that a state have already accepted and already agreed upon to govern their own behavior. So in the treaty discussions on cybercrime, we have been saying that we want to see minimum safeguards that are strong for both the domestic and international surveillance powers as a minimum basis for international cooperation. But this has not made it into the current test, and this is really concerning. Instead, international cooperation may be provided by the privacy protection of the national law of the country providing the assistance, which can vary enormously, and we may not meet international human rights standards. So to conclude, to the question if sovereignty and human rights inherently conflict, I will say that not necessarily. The perceived tensions extend from the state’s geopolitical views and tensions, not for the principles itself. The treaty requires a minimum anchor in international human rights law and standards, ensuring that the state’s collective actions respect not just individual sovereignties, but the shared universal human rights. This is not about sidelining domestic standards. On the contrary, it’s about elevating global standards to ensure that not human rights are compromised in the name of international cooperation, in the name of mutual assistance. Our goal should be clear, a convention that not only acknowledges but actively champions strong human rights. Instead of using sovereignty as an argument to undermine human rights, a state should craft a convention that authorizes criminal investigations only for core cybercrimes, as defined in the convention, while providing concrete and detailed human rights safeguards for both domestic and international cooperation. We would like to see human rights not only referred in the preamble, but throughout all the chapters. And we would like to have well-documented, and we would like to have a very narrow scope that is limited to such core cybercrimes. That’s all for now. Thank you so much for inviting me.

Moderator 2 – Tracy Hackshaw:
Thank you very much, Katitza, thank you very much.

Moderator 1 – Olga Cavalli:
Tracy, your final comments?

Moderator 2 – Tracy Hackshaw:
No, I’m gonna cede my comments to you, Olga. Thank you all for coming. We have three minutes over. So, Olga, final words to you.

Moderator 1 – Olga Cavalli:
Okay, so thank you for the constructive dialogue. Share information, cooperate, be active. I am always positive towards technology. I trust human ingenuous and human capacity. So, the journey is the destination with this issue. So, let’s keep on talking, keep on interacting, keep on learning, and I wish you enjoy the session. And thank you all very much. Thank you, our panelists. Thank you, the audience. And thank you, the remote participants. And thank you, the remote experts. Thank you all.

Speakers

Alissa Starzak

Speech speed

239 words per minute

Speech length

1391 words

Speech time

349 secs

Audience

Speech speed

159 words per minute

Speech length

1761 words

Speech time

664 secs

Christopher Painter

Speech speed

231 words per minute

Speech length

2517 words

Speech time

654 secs

Elizaveta Belyakova

Speech speed

190 words per minute

Speech length

1318 words

Speech time

416 secs

Ernesto Rodriguez Hernandez

Speech speed

132 words per minute

Speech length

1249 words

Speech time

570 secs

Folake Olagunju

Speech speed

193 words per minute

Speech length

1738 words

Speech time

539 secs

Katitza Rodriguez

Speech speed

153 words per minute

Speech length

2319 words

Speech time

908 secs

Moderator 1 – Olga Cavalli

Speech speed

177 words per minute

Speech length

2085 words

Speech time

707 secs

Moderator 2 – Tracy Hackshaw

Speech speed

174 words per minute

Speech length

1386 words

Speech time

479 secs