Trust and Security digest (April 2022)

5 May 2022

This extract is taken from the April 2022 issue of The digest, GPD’s newsletter. Sign up here.


State inputs to the Chair of the AHC 

At the Ad-Hoc Committee on Cybercrime (AHC), April saw states provide inputs to the Chair on the three elements of the Cybercrime convention that will be discussed at the next meeting in May: General Provisions, criminal provisions and law enforcement and safeguards. The inputs vary in specificity, with many offering specific text and/or wording for definitions of key terms. This means that Russia’s input (which is also on behalf of Belarus, Burundi, China, Nicaragua and Tajikistan) is no longer the only input on the table with text provisions. However, Russia’s is one of the most detailed. As expected, it criminalises a wide range of offences including “the creation and use of digital information to mislead the user”, and does not include adequate safeguards.

From a human rights perspective, as ever the devil is in the details. Many NGO inputs to the AHC so far have reiterated how important it is that the convention focus on crimes against computer systems, not content based offences. However, most of the state inputs (apart from the European Union) largely recommend that the convention should criminalise content based offences,  although there are differences in opinion over whether the definition of such offences should be broad or narrow in scope. Some (US, UK, Australia) suggest this should be select crimes for which the scope, speed, and scale of the offence are substantially enhanced by the use of a computer (in keeping with the Budapest Convention). Others (Mexico, Brazil, Malaysia) suggest a broader scope; Mexico, for example, wants States Parties to “recognize as crimes for the purposes of this Convention, all criminal acts recognized by the existing International Law that are perpetrated by information technologies and electronic means.”

There is general agreement that the scope should include the criminalisation of child sexual abuse material or “online child abuse offences”, and many also support addressing offences against women and children, such as sex trafficking (e.g. UK).Most others reiterate the importance of human rights protections, with many specifying human rights instruments and relevant protections in their proposals for the chapter on “conditions and safeguards”. Ideally, from a human rights perspective, human rights should be included as an objective of the proposed treaty and included in its general provisions and preamble as well as integrated into the convention’s chapters. Yet there is no agreement over the inclusion of a specific section dedicated to human rights safeguards. This has, so far,  been only briefly discussed, and is not listed for discussion under the agenda for the second substantive meeting at the end of May recently published by the Chair. This begs  the question of when and how it will be discussed—and what the process for deliberations on the text more generally will look like.The inputs shared so far illustrate just how difficult it will be for countries to agree on any substantive areas, and also the huge risks for human rights that could arise from any agreed text and compromises reached.

Conclusion of OEWG stakeholder modalities debates

This April, the long stakeholder modalities saga at the Open ended working group on responsible state behaviour in cyberspace (OEWG) concluded with the adoption of stakeholder modalities by consensus. This follows the continued disagreement about how stakeholders should be able to engage in OEWG discussions—which limited the proceedings of the second substantive session of the OEWG to informal mode—and the unprecedented tabling of a resolution at the UN General Assembly by the UK (which would have broken with the consensus approach so far and made  meaningful progress on key topics very unlikely). The UK’s resolution was withdrawn after numerous bilateral meetings, informals, and side meetings, and the newly agreed modalities will come into effect with the third meeting of the group in July.

The agreement provides for more transparency on the rejection of non-ECOSOC accredited NGOs when they apply for sessions, and clarifies that accredited stakeholders will be able to attend formal OEWG meetings, make oral statements during dedicated sessions, and submit written inputs to the OEWG webpage. Nonetheless, some countries—including Russia—have already indicated that they will continue to use the veto as they like, potentially resulting in a repeat of the blanket vetoes of non-ECOSOC accredited NGOs. It will therefore continue to be vital for member states and stakeholders to not only call out this behaviour if and when it happens, but also utilise informal methods of engagement, including national and regional consultations to input. Our guide, published at the outset of the first OEWG, offers some examples and tips.

This continued possibility of blanket vetoes also means that the proposed “Cyber Programme of Action”, a proposal for a permanent mechanism at the UN First Committee to discuss state behaviour in cyberspace, may offer a more promising avenue for stakeholder engagement in these discussions at the UN. After slow progress, to some extent stymied by the inability to meet in person but also due to disagreements over whether and how the mechanism differs from the OEWG, some of the Programme’s co-sponsors will host a multi-stakeholder workshop on the PoA in Geneva in May, with the aim of garnering stakeholder input on the proposal, and generating further support for it. Open to all, you can register here.


In other news

  • GPD has launched two new tools to support the development of human rights-respecting cybercrime legislation and national cybersecurity strategies. Building on our longstanding work in this area, the tools offer a comprehensive framework for assessing the different elements of cybercrime legislation and national cybersecurity strategies from a human rights perspective, as well as examples of good practice, and other considerations.
  • In June, GPD will co-host a session at RightsCon with Freedom House entitled “Putting the internet back together again”, focusing on the human rights risks of internet fragmentation and the principles needed for an open, interconnected and interoperable internet. We’re also working with ICANN to deliver a RightsCon session entitled “Throwing the internet into reverse?”, and with the Global Encryption Coalition Steering Committee and the Internet Governance Forum to organise two community labs focused on encryption advocacy and building community amongst cybernorms practitioners, as well as a social hour called “Let’s save encryption!” To view the full program of events, and to get your ticket, visit the RightsCon2022 website here. Registered participants will be able to log-in to the platform, view the full agenda, and build their own personal schedule from 23 May.
  • Executive Director Lea Kaspar moderated an expert panel on Digital Authoritarianism and technology-facilitated threats to journalists and human rights defenders at UNESCO’s World Press Freedom Conference in Uruguay this week. The session was organised by the Dutch and Canadian governments, in collaboration with the Media Freedom Coalition and the Freedom Online Coalition.