Cybersecurity digest (January 2019)

1 Feb 2019

This extract is taken from the January 2019 issue of The digest, GPD’s flagship newsletter. Sign up here.


As 2019 kicks off, the key locus of activity around cyber norms is the United Nations, where two parallel processes – the UN Group of Governmental Experts (GGE), established by a US resolution, and the Open Ended Working Group (OEWG), set up by a Russian resolution – will be addressing the same question: what norms, rules and principles should guide and inform responsible behaviour of states in cyberspace?

(Some background and context to this complicated situation in our November 2018  newsletter.)

So far, we know a few things about how the process will work in practice. We know both have been tasked to submit a report to the UN General Assembly – the OEWG in September 2020, and the GGE a year later. And we know that the OEWG will be looking at “regular institutional dialogue” within the UN – a potentially concerning development for those who oppose state control of the internet.

A few things we don’t know yet. Who will be in the new GGE? (applications close at the end of January). Who will chair the OEWG and its working modalities? (this should become clearer after the first OEWG meeting in June).

The big unknown, of course, is how these processes will relate to each other (and to the broader landscape). Will they be complementary (and if so, how)? Will they be used as channels to push competing visions of state behaviour in cyberspace? (This seems likely.) To a certain extent, of course, these questions depend on geopolitical factors, which are outside the influence of civil society. What then, as human rights defenders, should we be demanding? Three suggestions:

  • Movement on critical issues like how certain terms and concepts in international law like ‘armed attack’ and self-defense apply to cyberspace. These have stalled in previous conversations, as has the discussion about the role of different stakeholders in implementing the norms – but greater clarity is needed, especially if recommendations from the GGE and OWEG are to be operationalised.
  • An inclusive process for engagement with non-governmental stakeholders – both in the development and the operationalisation of norms. This is especially crucial for the GGE, which is, by design, a closed forum of select states. With cyberattacks becoming more frequent and severe, it’s crucial we leverage a broad set of expertise to tackle them.
  • Consideration of the work undertaken in other forums and spaces where the conversation continued over the past couple of years, like the Global Commission on Stability of Cyberspace (read our submission here), the Freedom Online Coalition’s “An Internet Free and Secure” Working Group, the Global Forum on Cyber Expertise, and the Global Conference on CyberSpace. This will help avoid duplication and confusion in norm creation, and make it more likely that important human rights-related recommendations from these processes are followed.

Further reading

  • Deborah Brown of APC has a useful recap of resolutions and other activity at the UN’s 73rd main session (held last month), unpacking what it means for human rights in the digital environment.
  • Signatories to the Cyber Tech Accord have made the case for a multistakeholder approach at the UN High Level Panel on Digital Cooperation.

GPD has responded to a consultation by the Global Commission on the Stability of Cyberspace (GCSC) on its proposed new “Norm Package“, issued on 8 November 2018.