Trust and Security digest (March 2021)

6 Apr 2021

This extract is taken from the March 2021 issue of The digest, GPD’s newsletter. Sign up here.


The OEWG’s consensus report: what’s the verdict?


March saw the final meeting of the Open ended Working Group on ICTs (OEWG), which began with no guarantee that a consensus report would be adopted.

The fact that one was adopted, after three days of discussion in a hybrid virtual format, represents a success in and of itself—something that seems to be widely agreed by stakeholders reflecting on the final meeting: from business (see Microsoft) to civil society (the Diplo FoundationICT4 Peace FoundationAPCReaching Critical Will and Council for Foreign Relations, among others).

A deeper look at the text, as we’ve undertaken in our key takeaways piece, illustrates the costs that came with agreeing a consensus report. The report affirmed past agreements and made progress in some areas (namely norms and capacity building), but it didn’t move forward discussions on other key issues, particularly on international law. This reflects the areas of disagreement that are still present among member states, and which will no doubt resurface at the next OEWG (the organisational meeting for which is already scheduled for early June).

However, some of the more concrete and actionable recommendations in the report—including reference to the “cyber Programme of Action”—may help to progress the discussion on responsible state behaviour in cyberspace. It’s essential that these discussions do progress, and that states implement what they have committed to; that understandings of how international law applies in cyberspace are advanced; and that states are held accountable for their actions. Without this, states will continue to act in ways which have documented human impact and which imperil cybersecurity.

As we also note in our takeaways piece, the OEWG report unfortunately falls short on recognising the role of non-governmental stakeholders in multilateral cyber discussions, including in the implementation of their outcomes. This was unsurprising, considering the well-documented challenges to meaningful NGO participation at the OEWG, which blocked all NGOs without ECOSOC status at the first two meetings. One initiative that could help to make these processes more inclusive is the recent launch of the Paris Call Working Groups, which includes a group focused on supporting meaningful stakeholder engagement at UN cyber processes. GPD recently joined the Paris Call and three of its working groups (on engaging emerging economies; advancing cyber norms; and supporting the multistakeholder approach in UN cyber negotiations)—and we were pleased to hear a lot of agreement on what needs to be done, including concrete recommendations for institutionalising stakeholder engagement which apply lessons learned from relevant processes at the UN and elsewhere.

The plan for that working group—and the one for norms, which also had its kick off call in March—is to collectively prepare a series of recommendations to present to the Paris Peace Forum later this year. We’ll keep you updated here.

Other news: 

  • We’ve just launched an interactive hub on UN cyber processes, which aims to support civil society engagement there with a range of resources and insight: including in-depth explainers, a rolling feed of key news and updates, and an interactive tool tracking the positions of African states on UN cyber issues. Explore it here.
  • We joined 15 other civil society groups and networks in sending a letter to the Office of the UN Secretary General’s Envoy on Technology regarding the future of the IGF, including the possible set up of a “higher-level multistakeholder advisory body” (MHLB). The letter provides some guiding questions and recommendations to consider as part of ongoing discussions following the IGF’s launch of a consultation on the Secretary General’s proposed Roadmap for Digital Cooperation. A top-level summary of the inputs to that consultation can be found here.
  • The Global Encryption Coalition’s response to the EU consultation on its strategy to deal with child sexual abuse material (which we covered in last month’s Digest) can be accessed and signed onto here.
  • Our friends over at the Internet Society are hosting a webinar on 8 April on the importance of encryption for SMEs in the EU: find out more here.
  • We’ve launched a new report, examining the state of human rights in the context of the digital age in nine Commonwealth Pacific Island countries, and offering recommendations to policymakers.
  • Our Senior Programme Lead Daniela Schnidrig moderated a webinar co-organised by GPD and Oxford’s Global Cyber Security Capacity Centre, focused on stakeholder engagement in cyber policy. Read our highlights thread here.


Listening post


Your monthly global update, tracking relevant laws and policies relating to the digital environment.

On the trust and security side, cybersecurity and cybercrime legislation progressed in several countries:

  • Sierra Leone’s Cybercrime Bill text was published, resulting in a backlash due to its punitive nature and potential to suppress freedom of expression online.
  • Following protests around Bangladesh’s Digital Security Act, the Law Minister has announced plans to amend provisions of the Act, but ruled out abolishing it altogether.
  • Malaysia’s Communications and Multimedia Ministry (KKMM) is preparing a Cabinet paper on anti-cyberbullying laws.
  • In Fiji, the controversial Police Powers Bill has been withdrawn by the government.

In other news, Sierra Leone approved its National Cybersecurity Strategy (NCSS), and Jamaica announced plans for a new NCSS to be brought to cabinet later this year.

Finally, the Global Forum on Cyber Expertise welcomed Papua New Guinea as its 89th member, and the Bahamas launched a new project with the ITU, towards developing a national Computer Incident Response Team.