Trust and Security digest (September 2020)

6 Oct 2020

This extract is taken from the September 2020 issue of The digest, GPD’s newsletter. Sign up here.


Cyber at the UN: a middle way?

From the very beginning of discussions about ICTs in the context of peace and security at the UN First Committee—back in 1999—one of the main sources of tension between states has been on whether or not a new treaty is needed for cyberspace, or whether existing international law suffices. 

This long-standing disagreement led, in 2018, to the establishment of two processes in the First Committee to discuss the same topic: responsible state behaviour in cyberspace. Member states in both processes continue to discuss (and disagree on) whether a new treaty is needed—with states associated with Russia and China strongly in support of it, and other states, including the US, against it.

Now, some member states, spearheaded by France, are proposing what they hope is a “middle way” out of this impasse—the “Programme of Action for Advancing Responsible State Behaviour in Cyberspace”—a new initiative unveiled at the United Nations Institute for Disarmament Research (UNIDIR)’s annual cyberstability conference last month.

This approach would go beyond the current loose “Group of Governmental Experts (GGE) framework” (the application of international law in cyberspace, combined with a set of capacity building, confidence building measures and voluntary norms). It would embed a reporting mechanism to support compliance with existing agreements, like the GGE norms, and provide more concrete guidance to states on responsible behaviour in cyberspace—but would avoid the binding provisions associated with a treaty.

There are many details still to be agreed on this Programme of Action (PoA), but the conference provided some insight on what such a mechanism might consider—with many highlighting three key “building blocks”: national-level implementation, synergies with international cooperation mechanisms, and information exchange and transparency (e.g through reporting mechanisms and periodic review meetings). Encouragingly, the French Ambassador also referred to the importance of multistakeholder engagement if the PoA were to succeed—and the current version of the proposal includes some provisions for that, although they could be strengthened.

The PoA proposal, even if it garners sufficient member state support, wouldn’t get passed this year. Instead, the proposers want the Open ended Working Group (OEWG) and the GGE to refer to it in their upcoming reports, and the next UNGA session in 2021 to adopt a resolution to set it up.

As a potential complicating factor, Russia has also indicated that it may propose a resolution in October to “streamline” the processes already underway: in other words, to initiate negotiations on a treaty. If this passes, it will likely make the upcoming First Committee negotiations even more fraught—and could lead to resolutions setting up parallel, competing processes yet again. One to watch…

Other news

  • The OEWG intersessionals on international law wrapped up at the end of September. We’ll have a rundown on how those went in next month’s Digest.

  • September saw the publication of an Options Paper on digital cooperation mechanisms, as part of the ongoing work around the UN Secretary General’s Roadmap for Digital Cooperation (which we discussed a few months back). It proposes the establishment of a new high-level multistakeholder advisory group (MAG) at the Internet Governance Forum (IGF). This new MAG would institutionalise information sharing between “deliberative bodies” that discuss digital policy issues (e.g. the IGF) and “decision making bodies” (e.g. the UNGA). The current MAG has set up a Working Group to facilitate discussions on these proposals, and set out a preliminary response to the proposals, including some ideas on how to operationalise it.