Trust, norms, and freedom in cyberspace

Event report

[Read more session reports and updates from the 14th Internet Governance Forum]

This open forum was devoted to the discussion of cyber norms development, mainly at the Open-Ended Working Group (OEWG) and how human rights are addressed when speaking about cybersecurity and norm development.

It is increasingly challenging to make sure that human rights stay high on the general UN cyber debate agenda, says Ms Heli Tiirmaa-Klaar (Ambassador, Estonian Ministry of Foreign Affairs and a representative of the UN GGE – United Nations Group of Governmental Experts 2019-2021). She noted that roughly 200 NGOs are coming to New York next week to participate in an informal consultation process under the OEWG mandate. These informal consultations should serve to raise awareness on the issues of human rights, freedom online, privacy, and data protection, which are parallel to questions of cybersecurity, state behaviour, and hard security measures.

Previously, all UN GGE reports have mentioned adherence to human rights in a general sense, however, the First Committee of the UN is not the most suitable place to discuss human rights, since it deals with disarmament issues. The Third Committee is now discussing a new instrument for combating cybercrime that potentially may have negative effects on human rights online.

The observance of human rights online has not really improved since 2012, and reports from Freedom House clearly indicate this trend, said Ms Carmen Gonsalves (Head of the International Cyber Policy Department at the Ministry of Foreign Affairs of the Kingdom of the Netherlands and a representative of the next UN GGE 2019-2021). Human rights protection and cybersecurity are not at odds with each other. Though there are already UN resolutions on this issue in place, it is important to track adherence and the implementation of the principles embedded in them, while holding states accountable.

For civil society, it is important to have some level of technical expertise for engaging in cybersecurity debates, notes Ms Mallory Knodel (Head of Digital for ARTICLE 19). If individuals are the primary concern as beneficiaries of a secure cyberspace, then privacy and security go together hand-in-hand. But in order to promote this idea, civil society must engage heavily in ongoing discussions with government and industry. Kondel pointed out that today the spaces of such discussions have immensely proliferated and that makes it hard for civil society to follow them all and participate.

Mr Goncalo Carrico (AT&T, Associate Director EU Affairs) shared how AT&T participates in cybersecurity and capacity-building through collaborations with FIRST, national CERTs, IETF, IEEE, and others.

The panellists also briefly discussed the ongoing OEWG and UN GGE processes and what their meanings and main tasks are. ‘Basically, OEWG has a road to socialise the already existing achievements in the First Committee to the wider international community, whereas the GGE should focus more on the implementation of the current norms and discuss particular international mechanisms to preserve cyber stability’, said Tiirmaa-Klaar. Gonsalves agreed with her, saying that although the UN GGE was established on the principle of rotation and geographic representation, it did not engage all countries in the cybersecurity discussion.

During the open discussion, the audience raised questions about capacity-building, the applicability of international humanitarian law and its meaning for potential cyber war, and the attribution of cyber incidents. Tiirmaa-Klaar noted that on the technical level, the attribution of cyber incidents is currently not a big problem, otherwise we could not investigate cybercrime properly. However, political attribution has some challenges.

By Ilona Stadnik