[Read more session reports and live updates from the 11th Internet Governance Forum]
The best practice forum on cybersecurity opened with an introduction from moderator Mr Matthew Shears, Director for Global Internet Policy and Human Rights activities at the Center for Democracy and Technology (CDT). Shears introduced the session as an opportunity to share best practices and discuss concrete learnings which came out of the cybersecurity dialogue.
Dr Tatiana Tropina, Senior Researcher, Max Planck Institute for Foreign and International Criminal Law, Freedom Online Coalition Working Group 1, indicated that sometimes cybersecurity is treated as a maze, and different areas become confused. She suggested that there needs to be an understanding of the main issues before we can dialogue. In her presentation, Tatiana noted that cybersecurity discussions take place on two levels, the national level and the international level. Governments have unique mandates and the private sector has a different mandate.
This difference results in closed spaces being filled by for example, groups of global experts representing government agencies. The multistakeholder dialogue should aim at creating spaces on the national or local level and broadcast ideas from that level. Civil society and academia can focus on areas where they can contribute, which may lead to some of the closed doors being opened.
Tropina suggested we listen to problems of law enforcement and be open to dialogue, not only bringing our own ideas, but being willing to compromise.
Ms Carmen Gonsalves, Head International Cyber Policy, Ministry of Foreign Affairs, The Netherlands, Global Forum on Cyber Expertise Co-chair (GFCE) described the GFCE as an organisation whose aim is to create a pragmatic and action-oriented platform that supports a free and open Internet. The GFCE serves as a repository of knowledge, a place to exchange ideas. It focuses on capacity building and combines expertise, organising initiatives amongst governments, academia, and the private sector.
The group’s focus is the exchange of good practices in a sustainable manner.
Mr Belisario Contreras, Cyber Security Program Manager, Secretariat of the Inter-American Committee against Terrorism, Organization of American States (OAS) described the work of the OAS as being collaborative. He indicated that the OAS has several initiatives with different partners. OAS member states have adopted several declarations which give the OAS its mandate to work in different areas
The OAS has collaborated in areas such as cybersecurity, cybercrime, and legal issues, and has conducted trainings and various workshops promoting cybersecurity awareness.
Ms Sowmya Karun, Project Manager, Centre for Communication Governance, National Law University Delhi talked about civil society’s experience in India. Karun indicated that very limited policy exists in India, however in recent years increased attention is being focused on this area. This is fueled by increased budgetary allocations to this area and the involvement of the private sector and NGOS.
She described the processes as often being ad hoc, reactive, and not open to multistakeholder processes. The processes are theoretically supposed to engage all stakeholders; however, the level of this engagement is not always inclusive. Reference was made to a recently-issued draft encryption policy that was recalled within 24 hours of being published because of feedback from stakeholder communities.
Karun suggested that possible reasons for this type of process could be the cross-cutting nature of cybersecurity issues, as well as national security concerns. She however affirmed that participation in the consultative process by academia is key and fills a vacuum, as well as helping build awareness and facilitating active engagement.
Mr ‘Gbenga Sesan, Executive Director, Paradigm Initiative Nigeria said that one of the challenges he observed was that civil society was speaking to civil society about digital rights. Once the discussion was broadened to include other groups such as security agencies, more meaningful discussions were held. He suggested that one of the learnings was that if we are open enough we can have meaningful discussion; the goal should be to engage other actors rather than continue speaking to your peers.
Gbenga also noted that aspects of the conversation can be difficult, but since we are all looking for a better society, the aim should be to not short circuit the conversation. People should be willing to frame their conversations from the perspective of another person.
Gbenga concluded that in creating a space for collaboration we must be willing to do the hard work that we cannot take credit for. We must keep in mind the overall goal or aim… the big picture that we are working toward.
Dr Walid Al-Saqaf, Member of the Board of Trustees, Internet Society (ISOC) addressed ISOC’s role in making the internet open, reliable, and available for all. He indicated that the notion of cybersecurity is engrained in the meaning of the Internet. Al-Saqaf reported that ISOC has adopted a collaborative security framework also known as a trust framework that is built on four components.
User trust focuses on the end-user; technology trust focuses on the building blocks of the network; network trust focuses on a trusted network - the ISPs that interconnect; and ecosystem trust focuses on the governance of the Internet.
This model or framework is used to reinforce the awareness that cybersecurity is not just the responsibility of governments, it is the responsibility of each of the four components of the trust framework. Al-Saqaf also highlighted the importance of the local Internet Society chapters, which are responsible for translating the Internet Society’s global activities to actions on the local level.
He also highlighted the Internet Society’s involvement in drafting guidelines on privacy and data flows, as well as its involvement in a blockchain interest group to study and explore this new technology.
The session was summarised by one participant by saying that although different intergovernmental models exist that are based on multilateral discussions, the issues raised today highlight the comparative advantage of the multistakeholder and Internet Governance Forum processes. It was agreed that these should be sustained.
By Trevor Phipps