18 May 2016

Introducing GPD’s new travel guide to cybersecurity policy for human rights defenders

Internet policy can be difficult terrain for human rights defenders. Aside from its daunting technical aspects – and the vast array of acronyms, working groups and forums – the inherent characteristics of the internet mean that governance is often multi-jurisdictional. It can be hard to know who’s who, what’s what, and even where key decisions are being made.

GPD’s series of Travel Guides to the Digital World emerged as a response to this problem. Just as a travel guide introduces tourists to the customs, language and geography of a foreign land, the series aims to equip human rights defenders with the information needed to navigate complex areas of internet-related policy from a human rights perspective.

Previous guides in the series have focused on internet governance and digital surveillance. The latest entry, Cybersecurity Policy for Human Rights Defenders, shines the spotlight on an emerging, and increasingly crucial domain – and aims to fill a conspicuous gap. For while much valuable work has already been done on cybersecurity, there are currently few resources for human rights defenders on this issue.

A few years ago, cybersecurity was a word most likely to evoke dreary office trainings on password protection. Today, it is a top priority of states worldwide. 72 countries now have live national cybersecurity strategies, and 102 have National Computer Incident Response Teams (CIRTs). It remains however, a contested, elastic and shifting term which can cover a seemingly endless range of different issues, situations, and policy measures.

In spite of this, human rights defenders have so far been notable for their absence in cybersecurity policymaking spaces. Without the crucial scrutiny they provide, important decisions are being taken without any consideration for their broader implications on the enjoyment of basic human rights, including the right to freedom of expression, access to information, and privacy. The guide hopes in a small way to address this trend by helping human rights defenders to find their bearings and gain a solid grasp of the institutions, actors and issues at stake.

A few words on structure. In conceptualising the guide, an immediate challenge was the sheer range of definitions available within cybersecurity. We’ve tried to resolve this by grouping issues into three broad categories –  information security, cybercrime and cyber conflict – but we recognise that these overlap. Human rights defenders need to be active not only in challenging the impact of cybersecurity policies, but in reshaping its very meaning, which is why definition is a key focus of the guide.

The guide concludes with a list of recommendations, which are by no means prescriptive or comprehensive, but which hopefully offer some useful starting points for strategic engagement from a human rights perspective. The guide forms part of GPD’s broader work on cybersecurity, including our cyber capacity building programme, so watch this space for events and updates.