Trust and Security digest (July 2022)

18 Aug 2022

This extract is taken from the July 2022 issue of The digest, GPD’s newsletter. Sign up here.


Notes from a challenging OEWG meeting

At the end of July, the Open-ended Working Group (OEWG) on ICTs—which is currently discussing how states should and shouldn’t behave in cyberspace—concluded its third meeting.

This was a particularly critical meeting in the process. In it, member states were tasked with agreeing a “roadmap” for the rest of the OEWG discussions; a big ask, given their many persisting (and often foundational) disagreements. It also came at a particularly fraught time for state relations in cyberspace, amid the ongoing conflict in Ukraine, and on the back of several recent high-profile cyberattacks.

So, what were the meeting’s outcomes—and what do they mean for human rights? Our Head of Global Advocacy and Engagement, Sheetal Kumar, has an engaging and comprehensive read-out and analysis, including some concrete recommendations on what needs to happen next.

In other news

  • For those following the OEWG process, a small but important bit of intel. The intersessional work plan—which will set out recommendations for what member states can do between now and the next session in March 2023—is expected to come out in early or mid-September.
  • Another process we’ve been following at the UN is the Third Committee’s Ad Hoc Committee on Cybercrime, which is negotiating a possible convention on cybercrime. Last month, we had the opportunity to provide input on several chapters of the convention: international cooperation, technical assistance, preventive measures, the mechanism of implementation, the final provisions and the preamble. Discussions will continue at the next session, which kicks off on 29 August.

Listening Post


On trust and security:

  • Uganda advanced a bill which would amend the 2011 Computer Misuse Act to strengthen data protection provisions but also to punish the sharing of hateful, unsolicited or misleading information online with up to seven years’ imprisonment;
  • Syria introduced Cybercrime Law No. 20 of 2022, containing harsh penalties for “cybercrimes” including calling for regime change online or disseminating disinformation;
  • Bangladesh advanced its draft Digital Security Act, which includes harsh penalties of up to life imprisonment for spreading “negative propaganda through digital services”; and
  • Finally, in relation to the Budapest Convention on Cybercrime, Nigeria has ratified the Convention; Côte D’Ivoire has been invited to accede to it; Cameroon’s President has signed a decree authoring Cameroon’s accession to it; and legislators in Uruguay are working to adapt legislation to conform to the Convention as well.