Last week, GPD attended the first substantive session of the Open Ended Working Group (OEWG) in New York.
The purpose of the meeting—which ran from 9 to 13 September—was to discuss the mandate of the OEWG and more specifically, the six main areas referred to in the OEWG’s resolution: 1) existing and potential threats in cyberspace 2), norms, rules and principles 3) the application of international law 4) regular institutional dialogue 5) confidence-building measures and 6) capacity building. The first two days of the session were dedicated to general statements on the mandate of the OEWG, namely “developments in the field of ICTs and security”, followed by three days of interactive discussions on the six main areas.
The only non-governmental organisations (NGOs) able to participate were those accredited by the UN Economic and Social Council (ECOSOC). They were given the chance to make five-minute statements on the second day of the meeting, following the delivery of the statements by the international governmental organisations (IGOs)—you can read those statements here.
The meeting ended on a positive note and there were many comments from delegates about the OEWG itself, particularly its usefulness in and of itself as a capacity building and confidence building measure: whether or not it should remain the primary mechanism to take forward these discussions within the UN was floated, but far from agreed. As one of the delegates observed at the end of the session, while the group seemed to agree on about 80 percent of the issues, it’s the remaining 20 percent that success of the group hinges on.
Below we offer highlights from the meeting, identifying the areas where common ground could be emerging, and where—by contrast—controversy remains. We then conclude by looking ahead to the meetings which remain before the end of this OEWG’s mandate.
Emerging common ground
- There was broad agreement that discussion around responsible state behaviour in cyberspace is essential, and that threats are growing in frequency and severity.
- Whichever way the threats were framed, most states agreed that the OEWG was “not starting from scratch” and that existing recommendations in the 2015 GGE report should form the basis of discussions. This includes: general notions around the applicability of international law; the eleven norms identified in the report; and recommendations around confidence-building measures (CBMs) and capacity building. There was general agreement that these needed to be shared more widely and implemented.
- There was support from a range of states for regular institutional dialogue, but no agreement on what form that should take, or under whose auspices it should be convened. Instead, the mantra seemed to be “form should follow function”—meaning that any mechanism which discusses the issues of responsible state behaviour shouldn’t duplicate existing mechanisms.
- There was a lot of support for confidence building measures (CBMs) in general and their role in reducing “mistrust” and the risk of escalating tensions was widely acknowledged. There were many references to the existing efforts of regional and multilateral organisations (in particular the OAS, OSCE and ASEAN) in implementing CBMs and the need to link regional and global efforts, with a number of states suggesting that the OEWG could offer a “global level space” to share lessons regarding implementation of CBMs.
- A number of countries referred to the need for targeted capacity building, and to share more specific information on gaps and needs when it comes to capacity building. There was a reference to the need to see capacity building as a “two way street”, with developing countries sharing experiences and practices, instead of simply being on the “receiving end” of good practice.
- There was some disagreement on what the focus of discussions should be in terms of defining threats and addressing them. A number of states mentioned attacks emanating from non-state actors including cybercrime and “cyberterrorism”, with others pressing for a focus on addressing threats emanating from “state behaviour”.
- A few countries, including Canada and Australia, pointed out that threats tend to disproportionately affect marginalised groups, including women. The Netherlands made reference to the need to protect human rights and fundamental freedoms, using Freedom Online Coalition statements on network disruptions and cross-border attacks as the basis for its definition of threats in cyberspace; while Finland urged a “positive” human-rights approach to defining threats, focusing on the “promise of ICTs”, and pointing out that threats to human rights should be considered as threats too. At a few points, the discussion seemed at risk of derailing over the issue of threats emanating from the spread of “content”— in particular, “terrorist content” caused by “freedom of expression”; though fortunately the meeting moved on from this relatively quickly.
- Even though most states reinforced the 2015 recognition that international law applies in cyberspace, many questions remained around “how” this should be effected. A number of states (including China, Russia, Iran, Syria, Egypt, and Qatar) argued that this should entail the development of a binding framework, like a new instrument of international law specifically focused on cyberspace. Others argued that states should prioritise implementing existing agreements through voluntary means. In the end, no clear answers emerged.
- Should international humanitarian law apply in cyberspace? Again, there was little sign of agreement on this question, with particularly strong objections to the idea coming from China and Cuba.
- There was discussion on the need for new norms, but no agreement on this point. The potential for a norm regarding “intellectual property theft” was suggested, while others simply acknowledged that new norms “might be necessary”.
Notes on stakeholder engagement
The meeting was relatively well-attended by UN member states, with around 75 taking the floor in the first two days of the session, which was dedicated to general statements on the mandate of the OEWG. More states were present in the room, or were represented by their country’s membership of a grouping (e.g the Non-Aligned movement, EU, Caricom, Pacific States).
There was low participation from the African group in particular (South Africa, Kenya, Ghana and Botswana being exceptions). Still, discussions were generally acknowledged to be interactive (at least by UN standards), with a number of states departing from prepared statements and taking the floor on multiple occasions to respond to and refer to interventions and comments made by other delegates. The interactive segments were also preceded by expert presentations, intended to inform the discussions. However, as with the NGO statements, these were classified as “informal segments”, and weren’t webcast. The main part of the discussions can be streamed on UN Web TV here.
A cross-cutting issue over the five days was the role of stakeholders—with a number of states raising the importance of stakeholder inclusion in implementing capacity building efforts and in regular institutional dialogue. However, there was a missed opportunity to highlight the role of non-government stakeholders in the implementation of the norms and CBMs. This was particularly apparent, and even ironic at times: for example there were discussions around the implementation of norms relating to incident response and the importance of involving stakeholders from the technical community— many of whom had just been denied access to the very same OEWG meeting.
The meeting ended on Friday with a brief summary by the Chair and an outline of next steps:
- The Chair intends to come up with a paper by the end of the year, which includes a suggested structure for the outcome report and the proposals put forward in the September session.
- The request for background papers—including a mapping of relevant forums and processes, and questions to inform the discussions—has been noted and will be considered.
- The summary paper and any other documents—including concrete working papers submitted by states (available on the ODA website)—will inform the second substantive meeting scheduled for 10-14 February 2020.
- After February, the Chair will prepare a “pre-draft” of the report.
- From February—July 2020, the Chair will host two informal intersessional meetings to gather reactions to the pre-drafts. The first will be in April, following which a new draft will be presented for comments at a second informal meeting in May.
- Based on input received during the intersessionals, the Chair will produce a zero draft to form the basis of negotiations in July.
The Chair also noted that they are open to meeting delegations informally and to receive feedback and proposals but that it is important for discussions to be brought back to the open format for transparency.
It was also revealed that the multistakeholder intersessional (2-4 December) will be supported and chaired by Singapore. They will produce a Chair summary of the discussions, which will be submitted to the members of the OEWG for “consideration.”
However, a few unanswered questions remain:
- Do non-ECOSOC accredited NGOs that previously applied for all the sessions need to apply again to attend the intersessional and the subsequent meetings? Many NGOs are unsure of their position, after having their accreditation for the September meeting refused.
- What format will the intersessional take?
- Will the new intersessionals in April and May to gain feedback on the pre-drafts be open to NGOs, either to observe or to input?