Trust and Security digest (October 2021)

11 Nov 2021

This extract is taken from the October 2021 issue of The digest, GPD’s newsletter. Sign up here.


Cyber norms at the UN: latest updates

This month saw continued discussions around cyber resolutions at the 76th Session of the UN General Assembly.

In the end, only one cyber-related resolution passed at the First Committee—a joint effort by Russia and the US. The resolution is largely symbolic, acknowledging the Open Ended Working Group (OEWG) and Group of Governmental Experts (GGE) reports adopted earlier this year, and looking forward to the forthcoming OEWG process. But it’s still a positive development—suggesting that we will not see duplicative, competing processes on cyber at the UN this time, and showing that consensus is possible.

Can this consensus last, however? As the ICT 4 Peace Foundation notes, the resolution text differs in how it refers to the OEWG and GGE, and makes reference to “information security”—a controversial term which has historically been deployed by some states to bring protected forms of expression (like dissident speech) under the aegis of security.

There’s also almost no reference to one of the key issues of contention within the OEWG: stakeholder inclusion. As we understand it, this question is still being discussed within the grouping, with a few formats for stakeholder input under consideration (including one day ‘non-governmental stakeholder’ meetings ahead of substantive meetings, and/or longer standalone stakeholder meetings). But, whatever the format, it’s clear that meaningful engagement will depend on the extent that stakeholders are able to actually attend and participate in the substantive meetings (at the last OEWG, this was only possible for a small number of ECOSOC-accredited groups). The OEWG Chair, Ambassador Burhan Gafoor, will be sharing a letter with member states in mid-November, outlining proposed plans for the forthcoming meetings, so we should have more updates on this front soon.

Elsewhere, applications have opened for attending the first meeting of the Ad Hoc Committee on Cybercrime in January. Interested stakeholders have until Wednesday 1 December to apply (note: the success of each application will depend on no objections being raised by member states).

Ahead of this meeting, some states have provided their views on the scope and aims of a proposed convention on cybercrime. From an initial review, there seems to be at least some support—particularly among the “Western grouping” of the US, Canada, UK, Australia, New Zealand, and the EU—for a narrower scope, with an emphasis on cooperation around tackling cyber-dependent crimes. These submissions also reference the need for the treaty to promote and protect human rights, a view also supported by Japan. Other country submissions—including those of Indonesia—indicate support for a much broader scope that would also cover ‘content-related offences’ such as disinformation. We’ll soon be taking a closer look at the submissions in an upcoming deep dive—stay posted for that.

Other news

  • As UN cyber discussions restart, the Let’s Talk Cyber initiative has relaunched with a new programme of events to support them. You can find out more here.
  • Last month, we reported on some controversial encryption-related provisions in Belgium’s draft Data Retention Legislation. Since then, it seems that concerns raised by civil society have been heard—the main Belgian opposition party has called for Parliamentary hearings on the proposals, resulting in the invitation of cybersecurity experts to meet with the Belgian government to further discuss the implications of the legislation for encryption, privacy and security.
  • This month the Trust and Security Roundtable of the UN Secretary General’s met to discuss next steps. There has been continued disagreement within the Roundtable, which is chaired by Uruguay, Netherlands, Microsoft and Estonia, over the need for adoption of a ‘political statement’ on trust and security. Instead, constituents have agreed a ‘food for thought paper’, which includes reference to the mutually reinforcing relationship between cybersecurity and human rights, as well as the importance of a secure digital environment for the achievement of the SDGs.
  • As preparation for the US-led Summit for Democracy gets underway, reports of a proposed ‘Alliance for the Future of Internet’ have made it to the press, with this Politico piece citing concerns raised by civil society and other stakeholders about the lack of timely and meaningful consultation with civil society ahead of the Summit, as well as the potential to duplicate existing forums and processes, such as the Freedom Online Coalition.
  • In the wake of the Pegasus scandal, US has blacklisted NSO Group—a welcome move that will hopefully trigger a domino effect. However, as noted in this joint letter we signed back in July, export controls are just one of the measures needed to address the actions of private companies on human rights in cyberspace.
  • The Freedom Online Coalition’s 10th Anniversary Conference is taking place 30 November—3 December, hosted by the current chair, Finland. Register here.
  • The annual meeting of the Global Forum on Cyber Expertise is taking place at the end of November. Register here.
  • The OAS has released all the outputs from its annual Cyber Symposium, including its tracks with civil society. Take a look here.

Listening post

Your monthly global update, tracking relevant laws and policies relating to the digital environment.

On the trust and security side:

    • Ecuador published its draft Cybersecurity, Cyber Defense and Digital Security Bill
    • Singapore and Georgia both approved new national cybersecurity strategies, and Namibia also held a validation workshop to present a draft of its updated national cybersecurity strategy
    • Ethiopia joined as the 95th member of the Global Forum for Cyber Expertise
    • Brazil’s Chamber of Deputies passed Draft Legislative Decree (PDL) 255/21, which approves the text of the Budapest Convention on Cybercrime