The Informal Multi-stakeholder Cyber Dialogue, an initiative of a number of United Nations member states and the community working on cybersecurity, took place at the end of last year, from 4 to 10 December 2020. The event aimed at contributing to the UN General Assembly’s Open-Ended Working Group on ICTs (OEWG), which seeks to discuss responsible state behaviour in cyberspace. Although this dialogue series was not part of the formal OEWG process, the event was a platform for dialogue between civil society, the technical community, academia, companies and UN states.
The thematic sessions addressed, among other topics, how international law applies in cyberspace; the implementation of the UN Group of Governmental Experts (GGE) norms adopted in 2015 and how governments and other relevant stakeholders can work together on this; cyber threats; cyber policy capacity building; regular mechanisms for dialogue on international cybersecurity; and gender approaches to cybersecurity.
The dialogue presented an opportunity to collect perspectives on the OEWG pre-draft, and create opportunities for dialogue between states and other stakeholders on the issues addressed by the OEWG.
On 25 February, there will be a follow-up to the "Let's Talk Cyber" informal OEWG multistakeholder event. This time, the event seeks to gather stakeholder feedback on the latest version draft of the OEWG substantial report. This new informal consultation will provide an opportunity for non-governmental actors and organisations to highlight their views to government stakeholders ahead of the next – and possibly final – round of discussions, and will focus on each of the topics of the report. More information and registration is available here.
The summary reports of the past series and the video recordings are available on the event website, www.letstalkcyber.org. Below, we present some of the main issues that emerged during the dialogue and APC’s key messages during the event.
Rules, norms and principles
APC together with Canada, Global Partners Digital (GPD) and Microsoft co-chaired the session on rules, norms and principles. Together with GPD, APC presented joint stakeholder input from a wide range of organisations, aimed at providing guidance on cyber norms implementation with a human-centric perspective.
During our intervention, we emphasised three key issues:
-
Humans are the ones impacted by state behaviour in cyberspace, and therefore a human rights-based approach to norm implementation is needed.
-
Cyberspace is not equal: cyber incidents have differentiated impacts on people and groups in positions of marginalisation. Women, as well as people of diverse sexualities and gender expression, are more often targets of online violence. Increasingly, disinformation campaigns further alienate minority groups.
-
Relevant discussions, including on cyber norms implementation, need to be open, inclusive and transparent.
As the session’s report states, during the session, the main themes and areas of convergence were that the implementation of agreed norms is key and that, at this stage, it is important to operationalise them; in the implementation of norms, input from all relevant stakeholders should be systematic, rather than ad hoc; international law and norms are complementary and voluntary norms do not affect the obligations that states already have under international law; without frameworks and mechanisms that ensure they are implemented and not violated, norms fail to have real-world impact; and regional organisations can play a key role in norms implementation, including through developing frameworks for implementation that are tailored to regional context and gathering of best practices.
Cyber capacity building
OEWG’s discussions have reaffirmed the role of cyber capacity building (CCB) in addressing the systemic, transnational risks and vulnerabilities associated with digital transformation, the lack of ICT security, disconnected technical and policy capacities at the national level, as well as the associated challenge of digital inequalities. In addition to technical skills, states recognised during these discussions that there is a pressing need for building expertise across a range of diplomatic, policy, legislative and regulatory areas.
The main objective of the CCB session was to address problems, needs and ways forward to achieve meaningful participation of all countries involved in discussions on peace and stability in cyberspace, building on the agreement that international cooperation can play an essential role in enabling states to secure ICTs and ensure their peaceful use. Some of the main areas of agreement during this session included the need for certain principles such as the diversity of stakeholders and the important role of the private sector; the need for research to measure impact, and the inclusion of the sustainable development goals, in particular goals on inclusive and equitable education and gender equality; the need to bridge gaps between technical and policy communities; how local ownership of capacity building is important for sustainability; the need for developing CCB impact metrics; and that respect for human rights and participation of civil society must form the basis of cyber capacity partnerships.
APC has been calling for more open, inclusive and transparent processes that engage civil society and academia in the development and implementation of cyber capacity building efforts, and, among other things, that the OEWG report should explicitly recognise the need to build capacity also in human rights law and its application in cyberspace.
In our intervention during this session, we also highlighted another stark reality: the chilling effect some capacity-building interventions may have on the work of human rights defenders online. Even more authoritarian states are engaging in surveillance technologies disguised as technical solutions to silence dissenting voices and in criminalisation of digital security expertise. We also raised attention to the limited resources and lack of local expertise and the need for evaluation and accountability mechanisms that should be put in place to safeguard domestic ownership of CCB efforts, as well as the need for gender to be mainstreamed in CCB efforts.
Gender approaches to cybersecurity
This session aimed at discussing practical measures that governments, international organisations, the private sector and civil society can take to advance gender-sensitive approaches to national and international cybersecurity policies.
Some of the key issues discussed during this side event were the nexus between gender sensitivity and an “open, secure, stable, accessible and peaceful ICT environment”, women’s meaningful participation and leadership in cybersecurity governance processes, gender mainstreaming in norm implementation, gender-sensitive capacity building, and the gender digital divide.
APC has produced research and raised awareness regarding why gender matters in international cybersecurity.
Alongside this, APC stressed the persistent digital divide, which is experienced even more acutely by women and people of diverse genders and sexualities. Globally, 48% of women are online, and in the global South, this percentage is even lower at 28%. The current trend towards accelerated digitalisation is speeding up the global uptake of digital solutions, tools and services, taking a toll on less digitally equipped communities, and further widening the chasm between the connected and the unconnected. Questions of privilege in access and connectivity extend to how tech corporations shape and mediate power in cyberspace singling out women’s needs and concerns. Unless cyberspace and digitalisation more broadly adequately address the realities of the most structurally discriminated communities, gender in cybersecurity will remain an afterthought. Equally necessary are policy processes for the creation of an enabling regulatory environment rooted in the principles of inclusion, equality and due diligence where women take on leadership positions.
Putting cybersecurity on the rights track
The cyberattacks figures registered in the wake of COVID-19 made it clear that we do not only face health threats but also threats in the cyber ecosystem. And half of the world’s population is still not connected.
There is no trade-off between tackling cybercrimes and promoting the enjoyment of human rights online. On the contrary, cybersecurity is a human rights issue and should be treated as such. A human-centric approach to global cybersecurity, guided by principles of equity, inclusion and multistakeholder dialogue, is the prerequisite for a safe, open, reliable and peaceful cyberspace.