APC is implementing an exploratory project called “Putting cybersecurity on the rights track” with the support of the Mozilla Corporation. The goal of the project is to develop a research and advocacy strategy to ensure that cybersecurity policy and norms are influenced by civil society and progressive techie voices, so that these policies consistently integrate a rights-based approach.
APC’s basic assumption is that human rights and cybersecurity do not need to be “balanced” or set off against one another. They not only can co-exist; in our view, they have to co-exist if security is to be sustainable and user-centred. A rights-based approach, focused on the security of users, their data and their communications, is the primary enabler for greater overall cybersecurity.
This initiative builds on the pre-event on a rights-based approach to cybersecurity APC organised at the 2017 Internet Governance Forum. As a starting point for this particular initiative, APC has defined a list of what it believes to be the primary challenges in the current landscape:
-
Civil society is on the sidelines of cybersecurity processes.
-
Fragmentation of cybersecurity processes.
-
The rights and security “balance” myth.
-
The “cybersecurity is a national security issue” myth.
-
Lack of common understanding and strategy among progressive non-state actors (rights defenders, civil society organisations, technologists, internet companies and ethical hackers).
APC considers that these challenges can be overcome, at least to some extent, through the following strategies:
-
Deepening discourse: by connecting and combining the “rights” approach used by civil society organisations working in the digital space with the “network security” approach used by engineers and cybersecurity tech experts.
-
Debunking myths: through research and evidence we can debunk the “security vs rights” approach, as well as the idea that cybersecurity should be dealt with primarily through “national security” strategies.
-
Connecting people, movements, sectors: in particular, bringing technologists and human rights experts together so that they see the challenges through one another’s eyes. We also want to use opportunities such as the Global Commission on the Stability of Cyberspace to develop rights-based norms.
-
Moving out of civil society’s comfort zone: by promoting opportunities for civil society to participate in and speak at mainstream cybersecurity events, we will contribute to breaking down silos, gaining knowledge and developing tactics which will strengthen rights advocacy.
The activities planned as part of this initiative include:
-
Mapping the ecosystem of who the key actors are and where critical cybersecurity decisions are being made (globally and regionally) to identify opportunities to advance human rights-based approaches to cybersecurity and identify where the main threats to human rights-based approaches to cybersecurity lie.
-
Developing case studies of how to approach a cybersecurity challenge from a human rights perspective.
-
Developing briefs that break down key concepts and issues, which will translate technical issues for a non-tech audience and make human rights implications clear for tech communities.
-
Visualising the ecosystem to map the issues, actors, institutions and processes making up the cybersecurity universe.
-
Organising convenings with key tech and civil society groups working in this area, and facilitating interaction between organised civil society and forums such as the Global Commission on the Stability of Cyberspace, among others.
-
Building a longer-term research agenda.