Trust and Security digest (November 2022)

20 Dec 2022

This extract is taken from the November 2022 issue of The digest, GPD’s newsletter. Sign up here.


Notes from the 2022 Internet Governance Forum 

After two successive IGFs held mostly online, the 17th edition—held last month, in Addis Ababa, marked the return of the forum’s in-person dimensions (with online access retained). Several GPD team members attended IRL; and we were involved in hosting or speaking on several sessions—from platform regulation, to online disinformation and encryption.

A few trends and takeaways our team picked up from sessions and conversations at the event:

  • Internet fragmentation—or, the process by which the digital environment is becoming less open and interoperable—was a dominant theme at this IGF. Our general sense was that despite its seasoned existence in the IGF space, the discourse around this phenomenon remains somewhat embryonic. Sessions on this theme felt siloed with definitional issues (e.g what is internet fragmentation) still at the forefront. Solutions proposed did not seem to be anchored in a common understanding of the core problem, or how different measures which are commonly defined as a problem under the larger rubric of fragmentation—like data localisation, shutdowns, proposals to set up alternative root servers, or economic sanctions—interrelate and impact each other. A crucial next step in the evolution of this discourse is more open and inclusive discussions around what fragmentation is, how it is manifesting, and what should be done to safeguard an open, interconnected and interoperable internet. One possible step in that direction is the IGF’s own Policy Network on Internet Fragmentation, which has developed a Draft Framework.
  • Heavy handed government responses to online threats were another core focus, with IGF sessions covering a range of emerging trends: from cybercrime laws to tackle disinformation (see our LEXOTA tool for an analysis of how this is playing out in Sub Saharan Africa), to regulatory proposals that have the potential to undermine encryption, and internet shutdowns (which attracted particular scrutiny at this IGF, in light of the Ethiopian government’s ongoing suppression of internet access in the Tigray region).
  • The importance of broader stakeholder participation and how to meaningfully engage different actors was highlighted during a number of discussions. Concrete opportunities to do so are less obvious—with the exception of the Global Digital Compact, where representatives from the UN Secretariat encouraged coalitions and networks to provide thematic feedback to the open consultation.

Next year’s IGF will take place in Japan; date and other details TBA.

OEWG Update

On December 5-9, the Chair of the UN’s Open-Ended Working Group (OEWG)—which is discussing state behaviour and international peace and security in cyberspace—presided over an informal intersessional meeting. The aim of the meeting was to focus on moving forward with recommendations from the 2022 Annual Progress Report.

A snapshot of what happened:

  • One of the key agenda items was the “Points of Contacts Directory”—a proposed confidence building measure between states, which has attracted broad support from states. While this broad support remains, interventions by states at this meeting showed that there is disagreement about the detail: from its scope (whether it should be limited to state contacts or also include, non-state stakeholders), to who should do what (the role of UNODA, for example, in maintaining its upkeep), and whether or not it should support capacity building (e.g. table top exercises for directory contacts).
  • A proposed initiative focused on implementing the responsible state behaviour framework—a Cyber Programme of Action (PoA)—was also discussed at the meeting. The proposal has a fraught history; it is now relegated to discussion within the OEWG only. Supporters of the PoA proposal urged states to share their views on it with the UN Secretary General, and also called for dedicated PoA sessions within future OEWG substantive meetings. They also suggested that, in response to widespread concerns about ‘duplicative’ or ‘parallel’ processes, that the PoA only begin after the OEWG’s mandate wraps up in 2025. However, the viability of the proposal still has a big question mark hanging over it—and its future will depend on forthcoming discussions at the OEWG.
  • On international law, there was much reference to Canada and Switzerland’s proposal for taking forward discussions on international law at the OEWG, and moving beyond the refrain that international law applies in cyberspace towards a deeper shared understanding of how specific tenets of international law apply. Some states, including Russia, Pakistan and Cuba, are still pushing for a legally binding instrument, but it seems that most favour what is generally seen as the alternative approach—increased understanding of how international law applies in cyberspace, with more capacity building to develop national positions. Nonetheless, there was disagreement about where to start the discussion: for example, which concepts of international law to focus on. Going forward, the Chair may decide to include more specific and focused guiding questions in the fourth and fifth substantive sessions (March and July respectively) to encourage this deepened understanding.
  • At times discussions became heated, and politicised, mainly as a result of references to Russia’s illegal invasion of Ukraine and the erosion of trust that has engendered. At one point, the Chair remonstrated with states for bringing ‘dynamics from elsewhere’ (read: the UN’s First Committee) into the OEWG, reiterating the consensus based (not voting based) nature of the OEWG. This didn’t go down well with some; after all, the UN is by its nature politicised. However, his appeal—and the response—testify to the continuing challenging nature of the dynamics that will shape the OEWG’s forthcoming sessions.

The meeting was an informal one so its specific impact on future discussions is unclear. Much lies in the hands of the Chair and his team; he has shared a letter with plans for future meetings outlined, including a virtual intersessional in February 2023. Ahead of that he expects to share an ‘elements paper’—a proposal for the scope and structure of the PoC directory.