Trust and Security digest (September 2021)

Cyber norms at the UN: latest developments 

• At the First Committee, it’s now looking possible that we’ll only see one resolution tabled on cyber, following the decision by the US and Russia to combine their resolutions. This resolution is likely to be procedural—welcoming the adoption of the Group of Governmental Experts and Open Ended Working Group (OEWG) outcome reports, as well as the new OEWG, which should begin its deliberations in December.
• Also at the First Committee, the proposal for a Cyber Programme of Action (PoA) continues to move forward. Sponsors met in September to discuss a range of issues related to the proposal, including stakeholder engagement. They’re also putting together a concept paper to advance the proposal for the PoA, which should be made public in a few weeks.
• Over at the Third Committee, we expect to see states respond to the Chair’s request for views on the scope, aim and elements of the cybercrime convention in the coming weeks. In preparation for that, we were pleased to see New Zealand put into action its commitment to inclusive multistakeholder policy, by launching an open consultation on its draft principles (read our response here). So far, Russia’s input is the most extensive—its 69 page submission is presented as a draft of a treaty text. Our colleagues over at Chatham House have published a helpful assessment of the proposal, which presents a wide range of concerns from a human rights perspective. Kuwait is the only other country to have provided its response to the Chair, although for now it is available in Arabic only.

Other news

• GPD joined a diverse group of civil society and industry stakeholders in raising concerns about the trend towards internet fragmentation in this joint letter, which has been sent to key stakeholders and decisionmakers at the UN, the G7 and G20. Relatedly, a new report by the UN Secretary General—Our Common Agenda—has also called for efforts to address internet fragmentation, including as part of a proposed Digital Global Compact, which would be adopted by the UN at the Summit of the Future in 2023.
• We also signed onto a joint letter calling on the Belgian Government to halt legislation to undermine end-to-end encryption. The draft legislation introduces a derogation from the guarantee that the use of encryption is “free” (which Belgian law currently provides for). Those who provide services which use encryption would be under a legal obligation to ensure that they can always provide the data for law enforcement—which, as we point out, would require the installation of backdoors, undermining the privacy and security of all users. The Belgian government is set to meet to discuss the legislation this week.
• Global Encryption Day (October 21) is fast approaching. You can join GPD and hundreds of other groups and individuals in declaring your support for strong encryption by signing onto the encryption day statement. For more about Global Encryption Day, see the Global Encryption Coalition’s dedicated campaign website.