Trust and Security digest (November 2021)

16 Dec 2021

This extract is taken from the November 2021 issue of The digest, GPD’s newsletter. Sign up here.


Cyber norms at the UN: latest updates

  • At a November briefing, the Chair of the Open ended Working Group on responsible state behaviour in cyberspace (OEWG) sparked controversy by suggesting that the new iteration of the process should carry over the same modalities as the previous one. Under the previous OEWG’s modalities, many NGOs were refused accreditation to attend and engage in meetings—and it had been widely hoped that the new process would rectify this. In response to the Chair’s comments, a group of states, civil society and industry stakeholders have penned a joint letter with suggestions on how to ensure that his commitment in the Programme of Work to ‘substantive, sustained and systematic’ engagement with stakeholders is meaningfully realised. The modalities will be agreed at the (ongoing) December OEWG meeting. Stay posted for updates.
  • Over at the Ad Hoc Committee on Cybercrime (AHC), the agenda for the first meeting (17-28 January 2022) has been agreed, with a focus on agreeing the objective, scope and structure of the cybercrime convention. The general exchange of views is likely to mirror the inputs already provided (read our analysis here), although we will likely hear from more states in January. The modalities adopted on stakeholder engagement are promising, and suggest that non-ECOSOC accredited NGOs will not be dismissed in the way that they were at the first OEWG. However, questions remain over the scope of opportunities for input from civil society. No dedicated time has been allocated for NGO statements, and details on the format of intersessionals are currently scant. We’ll hopefully know more next month.

Other news 

  • December kicked off with the 2021 Freedom Online Conference, marking the 10th anniversary of the Freedom Online Coalition. A range of issues were on the agenda, including the OEWG, AHC and other multilateral cyber processes.
  • On last week’s Summit for Democracy: it seems that stakeholder concerns around the planned Alliance for the Future of the Internet have been heard by those behind the initiative. The Alliance was not launched and was not mentioned in any press releases from the Summit. Panel discussions relating to the Alliance suggested that it would be discussed during the ‘Year of Action’ (2022), and would focus on developing a set of high-level principles and “do’s and ‘don’ts” to guide democratic governments in their behaviour online. Despite many unanswered questions, we now at least have some time to push for a more open and inclusive discussion with stakeholders on what the Summit can do to support existing efforts.
  • Despite initial technical difficulties, the Internet Governance Forum (IGF) was a success. We were involved in several sessions relating to trust and security: watch them here—Protecting the Public Core: Next Steps after the OEWG & GGEMain session on Trust and Security Main session: Best Practice Forum on Cybersecurity
  • Applications for the IGF Leadership Panel opened in November, and it is expected that the selections will be unveiled, along with the new Multistakeholder Advisory Group (MAG), by the end of the year.
  • Last month, Global Encryption Coalition member Mozilla published a blog outlining how proposals for the EU’s new Digital Identity Framework will weaken encryption and impact the open, secure internet through proposed new rules on website verification. The Internet Society and Mozilla have also conducted a useful Internet Impact Assessment of these proposed rules. Relatedly, we’ve heard that draft European Commission legislation on tackling child sexual abuse material, including provisions affecting encryption, will be shared in March 2022.

Listening post

Your monthly global update, tracking relevant laws and policies relating to the digital environment.

On the trust and security side:

  • Mauritius passed its controversial Cybersecurity and Cybercrime Bill. In response to widespread criticism, the final version removed reference to local routing and forced decryption of all social media traffic. However, it still contains vaguely defined terms, such as cyberbullying, which, as we’ve seen elsewhere, could affect protected speech. The bill comes as part of a broader crackdown on freedom of speech in Mauritius which includes a proposed law to regulate the country’s Independent Broadcasting Authority
  • Liberia is also reportedly in the process of passing its Cybercrime Bill & approving its first national cybersecurity strategy
  • Luxembourg and Somalia have joined as the 97th and 98th members of the Global Forum for Cyber Expertise (GFCE)
  • Finally, the Council of Europe has invited Trinidad and Tobago to accede to the Budapest Convention on Cybercrime