GCCS2015 is the latest installation in a series of conferences sometimes referred to as the “London Process”. This year the general themes of GCCS are Freedom, Security and Growth. The addition of “growth” as a theme this year risks putting rights in the background and is a term that generally coincides with a “development equals growth” view, as opposed to a sustainable development approach. Leading up to The Hague event, it is clear that more emphasis has been placed on civil society participation than in previous years. Not only are there more civil society representatives in attendance, but more prominent representation has been given to civil society in sessions. Several pre-conference events include civil society capacity building and strategy sessions.
What is the London Process?
Established in November 2011 in London, the conference presented a set of principles “for governing behaviour in cyberspace” that was discussed by around 700 participants and resulted in a Chair’s statement. The second GCCS, held in Budapest on 4-5 October 2012, honed in on emerging issues, particularly the relationship between internet rights and internet security. Even though very few civil society organisations were invited to speak, the networking was valuable, and had more longer term impact than the Chair’s statement which represents the outcome of the event.
By the third event in Seoul on 17-18 October 2013, the conference had grown to approximately 1,600 attendees with greater representation from countries in the global South. Arguably the most significant outcome of the London Process is the Seoul Framework for and Commitment to Open and Secure Cyberspace, which highlights the importance of universal internet access, emphasises that the same rights that people have offline must also be protected online, and echoes a UN report that established that international law is applicable online and is essential to maintaining peace and stability and promoting an open, secure, peaceful and accessible ICT environment.
It is worth noting the political context in which the Seoul meeting took place, just a few months following the revelations of mass surveillance by the U.S. and other governments, which likely contributed to the references to human rights and international law.
Who will participate and how?
Confirmed delegates from national governments and delegates from international organisations are listed by name on the website, as well as private sector companies, civil society organisations and academic institutions. Civil society participation was prioritised for GCCS2015 and an advisory board led efforts to identify, as far as possible, a representative and inclusive group of civil society participants for funded participation and to support engagement through several special activities.
There will be a pre-event for civil society participants comprised of a capacity building session and a strategic planning session. A series of webinars were also held in the lead-up to the event. Civil society was given a brief period to comment on a draft of the Chairperson’s statement, an outcome of the conference. A call for a second round of comments on the unified document will be circulated in the week of the Conference.
What will happen during GCCS2015?
The programme for the two-day meeting is a mix between high-level sessions, focus sessions, and parallel sessions clustered around the conference themes – Freedom, Security and Growth. At the end of the first day, a new initiative called the Global Forum on Cyber Expertise (GFCE) will be launched. According to the GCCS2015 website, GFCE is envisaged as a global platform that contributes to cyber capacity building. It aims to match “countries that lack knowledge in certain cyber areas” with knowledge and expertise of countries and companies with more experience in cyber matters. A political declaration that emphasises the need for more capacity building, exchanges of best practices and strengthened international cooperation is also expected to be adopted.
Why is APC participating in GCCS2015?
APC is participating in GCCS2015 because we care about cyber security and we think everyone in civil society should too.
The online security of all individuals, businesses and governments is under threat from other individuals, businesses and governments. While tackling cyber threats is a matter of public interest, cyber security issues are often seen in a category of their own, warranting extreme responses that disregard international human rights norms. Because security issues are given a sense of urgency and importance, governments often respond with extraordinary and often secret measures, which enable them to censor, control or surveil internet use, and sometimes to shut down communications.
This approach is actually counterproductive, since human rights and security are mutually reinforcing: one cannot exercise one’s rights without security and one cannot be secure without being free. States have the responsibility to ensure both security and human rights, and cannot prioritise one obligation at the expense of the other.
When an issue is securitised, it usually shifts into the realm of states, specifically their military, or “cyber-military”, units, and away from the typically more diverse and inclusive internet governance ecosystem. This typically has the effect of removing civil society from the discussion. APC is participating in GCCS2015 because we believe it is an opportunity to hear what governments are saying, to talk with them, and to encourage transparency and inclusion in cybersecurity discussions.
What are some of the issues to watch out for?
The two-day conference and numerous satellite events will cover a wide range of topics related to cyber security and can be found here. Here are a few issues that APC will be focusing on that we expect to be discussed over the course of GCCS2015.
- Militarising of the internet
One theme that will be discussed across several sessions at the GCCS2015 relates to armed groups and conflict in cyberspace. The Chair’s statement is expected to address this issue, asking states to be transparent about the roles of their armed forces in cyberspace.
APC is alarmed by the increasing discourse we are seeing that cyberspace is the fifth domain of war. Civilians, particularly those living in war-affected areas, depend on communications infrastructure for their health, safety and security. We believe unequivocally that the internet should be a demilitarised space. A demilitarised internet contributes towards international peace, safety and stability. Furthermore, terms like cyber warfare, cyber attacks and cyber weapons can be misleading. In many instances, cyber weapons and cyber attacks can be indistinguishable from exploits and methods used in cyber crime. A secure internet infrastructure should be able to secure civilians from all forms of exploits, regardless of who the actor is.
There is increasing concern about cyber conflict, and states engaging in conflict in cyberspace. International legal frameworks do not currently address this issue sufficiently. Any efforts taken by states and intergovernmental bodies in regulating this domain must seek to: restrict acts of cyber warfare; establish cyberspace as a demilitarised space; and set the norm of cyberspace used only for peaceful purposes.
- Mass surveillance
Online mass surveillance and right to privacy online are concerns that have been central to human rights advocates for years, but since the Snowden revelations, the issues have reached global attention. There are no sessions at the GCCS that address directly mass surveillance, however it is expected to be a focal point of a Friday afternoon session on Privacy, which is hosted and organised by Privacy International. It remains to be seen how many government officials will attend. Dutch activists organised an action in a public square in The Hague with the message “Mass Surveillance is the Elephant in the Room“, demanding “that the international human rights framework will be applied to the technical architecture of communications and surveillance systems, and that the Necessary and Proportionate principles will be respected.” APC will continue to focus on the right to privacy in order to address the issue of mass surveillance against the world’s citizens.
- Export controls: Reframing the problem
The GCCS2015 will hold a session on “Updating of export controls of dual use surveillance technologies”. Governments are becoming increasingly reliant on the use of surveillance and monitoring technologies, often technology developed in the global North and exported worldwide for repression and human rights violations. Export controls are seen as a policy to address this problem, but they are highly ineffective, and governments facing export sanctions often find ways of circumventing them. Export controls on dual-use technologies and sanctions often only restrict civilians, rather than the governments targeted by the restrictions, and often put human rights defenders and other activists at a greater risk than if they had access to the restricted technologies.
While the use of surveillance technologies for repression and other human rights violations is undoubtedly a problem, export controls frame it as a problem of “bad states”, when in fact it is a global human rights concern. Companies selling surveillance technology in a retail market that amounts to billions of dollars per year, are profiting off the sale of tools of repression and have a share in the responsibility for the human rights violations that their sales enable.
There is no simple solution to the issue of export controls, but all actors involved must hold up their obligations. This includes states, which are the primary duty bearers of rights. But responsibility must also lie with the private sector actors that use exploits for material gain for any purpose, in accordance with the UN guiding principles on business and human rights, which emphasise “the state duty to protect against human rights abuses by third parties, including business; the corporate responsibility to respect human rights; and greater access by victims to effective remedy, both judicial and non-judicial.”
- New space: Global Forum on Cyber Expertise
As was mentioned above, the Global Forum on Cyber Expertise will be launched at GCCS2015. While it would not be fair to pre-judge the value of such a forum before it has been publicly announced in any detailed way, we are concerned at the proliferation of internet governance-related forums in recent years. GFCE may have more of a focus on security than the IGF, Global Commission on Internet Governance, and NETmundial Initiative (to name a few), but it is not clear that there is actually a need for a new forum. We are in particular concerned by the increased burden on stakeholders from developing countries to engage in all spaces annually.
- Internet engineering: Human rights and internet protocols
Sessions at GCCS2015 will address internet protocols and standards, but mostly in the context of the security and resilience of the network rather than from a rights perspective. However, the way in which the internet is engineered has profound impact on the exercise of human rights. As the IETF draft proposal “Human Rights Protocol Considerations” contends, standards and protocols form the basis of the human rights enabling infrastructure of the internet. The proposal asserts that the direct relation between internet standards and human rights is still something to be explored and more clearly evidenced.
The working group behind the proposal intends to map human rights concerns to protocol elements and to frame possible approaches towards protocols that satisfy the implications of human rights standards. APC agrees that there is a need for such research and would like to see more discussions of the human rights implications of internet protocols and standards, in addition to security and resilience.
Who from APC will be at GCCS2015?
A number of people from the APC network will be participating in GCCS2015. You can follow our activity and impressions online, on this Twitter list .
- Anriette Esterhuysen: @anriette
- Deborah Brown: @deblebrown
- Mallory Knodel: @chaoticfree
- Mohammad Tarakiyee: @tarakiyee
- Shahzad Ahmad: @sirkup @bytesforall
- Rafik Dammak: @rafik
- Nica Dumlao: @nicadoom @fma_ph
- Grace Githaiga: @ggithaiga @kictanet
- Rolf Kleef: @rolfkleef
- Aida Mahmutovic: @Aidazzles @owplatform
- Lillian Nalwoga: @lilna @cipesaug
- Byoung-il Oh: @antiropy @jinbonet
- Paz Pena: @pazpena @derechosdigital
- Claudio Ruiz: @claudio @derechosdigital
- Am Thaweeporn: @isamare @thainetizen
- Vivian Zuniga: @vivianzuniga @SulaBatsu
Where do I find more information on GCCS2015?
- Livestreaming of GCCS2015 via YouTube will be available for portions of the programme from the conference website: https://www.gccs2015.com/programme
- Programme: https://www.gccs2015.com/programme
- Official social media account and hashtag: @GCCS2015 #GCCS2015
- Cyber-Security-Week: http://www.denhaag.nl/en/residents/to/Cyber-Security-Week-13-to-17-April...
- Community calendar: http://www.denhaag.nl/en/residents/news-and-events/community-calendar.htm
- Unconference: http://www.gccs-unplugged.net/
- GCCS webinars: https://www.youtube.com/watch?v=RK2PvMI60T4