Trust and Security digest (May 2021)

4 Jun 2021

This extract is taken from the May 2021 issue of The digest, GPD’s newsletter. Sign up here.


A busy month for cyber at the UN

In last month’s Digest we predicted a busy May for UN Cyber diplomats, and it was—with important developments at both the Group of Governmental Experts (GGE) and the UNGA Third Committee’s Ad-hoc Cybercrime Committee.

The big news at the GGE was the adoption of its consensus report last week, an outcome that was by no means guaranteed (the last GGE didn’t manage it). While the report isn’t yet public, we’ve heard that it includes guidance on the implementation of GGE norms—a longstanding ask from many stakeholders, including GPD. Importantly, it also affirms the applicability of international humanitarian law in cyberspace, which was a main sticking point in the last GGE, and something the just-concluded Open Ended Working Group (OEWG) process had to skirt over due to lack of agreement. We’ll reserve judgment until we read the full report.

Over at the Third Committee, the cybercrime grouping’s first round of discussions got off to a decent start. A Chair was elected (H.E Ms. Faouzia Boumazia Mebarki from Algeria) along with 14 Vice-Chairs. Member states then approved a list of international organisations that can participate as observers. Initial disagreements over location and the level of non-governmental involvement were later worked out in informal, “closed door” coordination between diplomats, and the resulting modalities are more open and transparent than those at the OEWG. Importantly, they make it more difficult for states to ban “non-ECOSOC accredited” NGOs from discussions—which should avoid a repeat of the mass exclusions of civil society we saw in that process.

As Human Rights Watch and others have argued, meaningful participation by NGOs in cyber discussions is crucial. Without it, the kinds of cybercrime measures we routinely see adopted at the national level which undermine human rights could be mirrored at the global level, with potentially grave consequences for the rights to freedom of expression and privacy.

Other news:

  • The OEWG has just had its organisational meeting, but decisions on the setting up of its “thematic sub-groups” and stakeholder modalities remain unknown. (See Reaching Critical Will’s in-depth overview for more). We do know that the first substantive meeting will take place from 13-17 December this year, and that the aim is to have it fully in-person. The tone from the floor was encouraging, with most states supporting more open modalities this time. Whether this is reflected in the modalities adopted, and in practice, remains to be seen.

  • Stakeholder engagement was also on the agenda at a Chatham House event last month, where a range of participants—from civil society, industry and government— reflected on the previous OEWG, and looked forward to the next one. Lots of good points were made around the important role of civil society in both discussions and norm implementation. Watch a recording here.

  • The co-sponsors of the proposed UN Cyber Programme of Action (PoA) also met to discuss next steps. While it wasn’t an open event, we’ve heard that many of the co-sponsors voiced support for formalised opportunities for stakeholder engagement. A resolution to set up the PoA will likely be drawn up over the coming months, and presented at this year’s General Assembly.

Listening post

Your monthly global update, tracking relevant laws and policies relating to the digital environment.

On trust and securityKiribati and South Africa have both approved cybercrime bills. The UK has also announced plans to review its cybercrime legislation by holding an open consultation on the Computer Misuse Act 1990.

Elsewhere, proposed amendments to the ICT Law in Mauritius and the publication of the UK’s Online Safety Bill have raised concerns about the future of end-to-end encryption.