Q4/2018 - 73rd session of the UN General Assembly

New York, October - December 2018

Already in his keynote at the opening of the 73rd session of the UN General Assembly (UNGA), UN-Secretary General António Guterres addressed the issues of cyber security, digital economy and human rights in the digital age. Three of the six Main Committees of UNGA had Internet-related topics on their agenda. After several weeks of negotiations, each of the three Main Committees adopted two resolutions with an impact on Internet matters:

  1. The 1st Committee adopted two resolutions that stipulate that the work of the so-called Group of Governmental Experts (UNGGE) shall be continued at an expanded scope;  
  2. The 2nd Committee acknowledged in its annual resolution on the WSIS follow-up that the UNCSTD Working Group on Internet Governance (WGEC II) had failed and recommended to continue the debate. Another resolution on the "Impact of Rapid Technological Change on the Achievement of the Sustainable Development Goals (SDGs)" recommends linking the discussion on the sustainable development strategy of the 2030 agenda (SDGs) more closely with Internet issues and the WSIS objectives;
  3. The 3rd Committee adopted a resolution on the “Right to Privacy in the Digital Age”. In addition to that, they approved a resolution on cybercrime.

The 1st Committee, which deals with issues of securing peace and disarmament, discussed if and how the mandate of the Group of Governmental Experts (UNGEE), which had failed in 2017, should be renewed or supplemented. The UNGEE of 2017 had been unable to solve the question under which circumstances a cyber attack was to be considered a use of force in terms of Article 2.4 of the UN Charta. A violation of the prohibition of force would activate the right of self-defence enshrined in Article 51 of the UN Charta.

The 1st Committee had now been submitted two draft resolutions – one from Russia and one from the United States – making proposals how to handle the matter. There was general consensus that it was highly recommendable to continue the discussion within the framework of a new working group. There was no consensus, however, about the composition and the mandate of such new working group or with regard to the question to what extent non-state players should be involved in related negotiations.

  1. While the American draft resolution suggested to set up a new UNGEE with the previous mandate, the Russian proposal aimed at an extended mandate that would include all UN member states in an “Open Ended Working Group” (OEWG). This draft resolution follows up on the proposal submitted by Russia back in 1999 to draw up a new international treaty in the form of a UN Cyber Security Convention. The proposal has been modified repeatedly by Russia since then and supplemented by a concept of a code of conduct. Western states have always rejected the modified drafts, in particular because they would restrict the freedom of opinion in some respects.
  2. Attempts of the Committee’s chairperson to combine the two submitted drafts into a single resolution did not succeed. In the end, two resolutions were adopted and two new groups with very similar mandates were established: A new sixth UNGEE shall submit a report on how to apply international law in cyber space to the General Assembly’s 76th session in 2021. At the same time, the new OEWG shall report to the General Assembly already at its 75th session in 2020 how cyber security can be enhanced through international cooperation. How the two groups with their very similar mandates are going to coordinate their future work has not yet been determined.
  3. The UN resolution 73/266 “Advancing responsible State Behaviour in Cyberspace in the Context of International Security” confirms the conclusions of the 2nd, 3rd and 4th UNGGE reached in the reports of 2010, 2013 and 2015, in particular with regard to confidence-building measures in cyber space and to the relevance assigned to international law and the Charter of the United Nations for assessing the behaviour of states in the digital world. Building on this consensus, the new 6th UNGEE shall submit a report to the General Assembly’s 76th session in 2021 explaining how to apply international law in cyber space. The aim “to ensure an open, interoperable, reliable and secure information and communication technology environment consistent with the need to preserve the free flow of information” is confirmed. And so is the idea that governments have a primary responsibility for maintaining a secure cyber space. New however is the suggestion that appropriate participation of non-state players from the private sector, the technical community and civil society organisations might be beneficial to international cooperation. But a new mechanism to involve the non-state players in the new UNGEE is not being created. It has only been defined that the 6th UNGEE shall collaborate closely with and consult relevant regional inter-governmental organisations, such as the African Union, the European Union (EU), the Organization of American States (OAS), the Organization for Security and Cooperation in Europe (OSCE) and the Regional Forum of the Association of Southeast Asian Nations (ASEAN). Moreover, two two-day informal open consultations are planned. The UN resolution 73/266 was adopted with 139 votes in favour, 11 votes against and 18 abstentions. The resolution was rejected, among others, by China, Cuba, North Korea, Egypt, Iran, Russia, Syria, Venezuela and ZimbabweThe UN resolution 73/27 “Developments in the Field of Information and Telecommunications in the Context of International Security” is also based on the previous work of the UNGGEs. It explicitly lists the 13 standards again that are contained in the 4th UNGGE report of 2015 and were adopted by the UN General Assembly on 5 December 2016 with the UN resolution 71/28. On the basis of these 13 standards, the newly established “Open-Ended Working Group” (OEWG) shall investigate both national measures and strategies for enhancing cyber security and new forms of international cooperation in this area. The OEWG shall report on the results at the 75th session of the UN General Assembly in autumn 2020. However, the resolution does not include a mandate to develop an independent international instrument. The group shall constitute itself in June 2019 and make the necessary organisational arrangements, for instance clarify how to involve non-state players. The resolution 73/27 was adopted with 109 votes in favour, 45 votes against and 16 abstentions. Those voting against it included Australia, all EU member states, Georgia, Israel, Japan, Montenegro, New Zealand, Ukraine and USA. Brazil, Switzerland and Turkey abstained from the vote.

The 2nd Committee deals with issues of the economic development. Its traditional task is to monitor the progress made with implementing the resolutions of the World Summit on the Information Society (WSIS). The related resolution is based on the annual report of the “UN Commission on Science and Technology for Development” (UNCSTD) and is renewed every year. The Committee is also responsible for renewing the mandate of the IGF and has set up the two UNCST Working Groups on Enhanced Cooperation (WGEC). It further discusses the impact of the technological evolution on achieving the Sustainable Development Goals of the UN (SDGs) and deals with the “High Level Forum on Science, Technology and Innovation” (STI-Forum) founded in 2015.

  1. The UN resolution 73/218 “Information and Communications Technologies for Sustainable Development” summarises in 39 paragraphs the progress that has been made in achieving the WSIS resolutions and lists the fields where more intensive efforts are required to catch up. Even though the document acknowledges progress in overcoming the digital divide, it also finds that 50 percent of mankind are still offline. It further identifies a persistent gender digital divide that also calls for intensifying related action. The resolution repeatedly emphasises the multistakeholder principle as the cooperation basis for implementing the WSIS resolutions and requests more investments of the private sector in the developing countries. Additionally, efforts must be made to better involve the developing countries in the global digital trade. The WSIS goals and the Sustainable Development Goals (SDGs) should be linked closer to each other. The resolution welcomes related activities of the UNESCO, UNCTAD, UNCITRAL and ITU. The ITU’s annual WSIS forum and the IFG as “a forum for multistakeholder cooperation on public policy issues to key elements of Internet Governance” are appreciated as initiatives particularly worth mentioning. Decisive however, so says the resolution, is to implement the recommendations of the UNCSTD Working Group on IGF Improvements issued in 2011, in particular those demanding a stronger involvement of the developing countries in the IGF process. The failure of the Working Group on Enhanced Cooperation (WGEC) is noted with indirect regret and a continued dialogue recommended. But no concrete action, such as the idea discussed by the WGEC to hold an annual workshop on enhanced cooperation, is proposed.
  2. The UN resolution 73/17 “Impact on Rapid Technological Change on the Achievement of the Sustainable Development Goals and Targets” wants the discussion about the Agenda 2030 SDGs to focus more on the challenges of the digital age. On 18 October 2018, a special plenary session chaired by the President of the UN General Assembly was held on this issue. The resolution also requests the multistakeholder principle to be applied more extensively in the SDG discussion. The UN High-Level Panel on Digital Cooperation (HLP.DC) established by UN-General Secretary António Guterres in June 2018 is expected to facilitate an improved linkage of the SDGs to WSIS. The Forum on Science, Technology and Innovation for Sustainable Development“ (STI Forum) established by the UN World Summit on Sustainable Development in 2015 shall have a stronger focus in the coming year on the developments in information and communication technologies, including artificial intelligence. The 4th STI Forum will be held in New York on 14 and 15 May 2019.

The 3rd Committee deals with Social, Humanitarian & Cultural issues. Since the position of a UN Special Rapporteur on “The Right to Privacy in the Digital Age” was created, human rights are a standard issue on the agenda of the 3rd Committee. In 2017, Russia had put a draft convention for fighting cybercrime on the agenda under the headline “Crime Prevention and Criminal Justice”.

1. The UN resolution 73/179 “The Right to Privacy in the Digital Age” summarises the discussion of the UN Human Rights Council (HRC) on the basis of the reports of the HRC Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression (David Kaye) and of the HRC Special Rapporteur on the right to privacy in the digital age (Joseph Cannataci). It lists both the possibilities of the Internet to enhance the protection of human rights and the risks inherent in the new technologies with regard to granting and executing individual human rights. It is found that not only governments present a risk with regard to human right violations but that private companies also are ever more often identified as a source of it. Their way of handling personal data and the privacy of their customers – be it due to individual profiling or non-transparent algorithms or else – can endanger the performance of individual human rights as severely as censorship and mass surveillance by governments. The resolution expressly criticises unlawful or arbitrary surveillance measures by states. Interference of the state with individual human rights must be based on objective reasons, be required to protect other legal interests and comply with criteria of the rule of law (legality, necessity and proportionality). The resolution includes 14 recommendations for states and four recommendations for private enterprises.         

  • Governments are recommended to consult closely with all relevant stakeholders when drafting new legislation. The resolution further asks to strengthen independent institutions that can adequately investigate individual complaints from citizens.Governments are further recommended to provide effective guidance to enable private companies that handle personal data to comply with human rights standards. In addition, governments should refrain from requiring private companies to take steps that interfere with the right to privacy, such as keeping back doors open for hardware and software used to monitor citizens.Governments should also make greater efforts to promote education and qualification (digital literacy) in order to enable their citizens to better protect themselves in an adequate and effective way in the digital age.
  • Companies are recommended to base their business practices on the "Guiding Principles on Business and Human Rights" – the so-called "Ruggie Principles". According to the resolution, the "Protect, Respect and Remedy Framework" contained therein applies to all companies and also includes the task of providing customers with detailed information on how personal data are processed and on their related rights. When developing new software and hardware, data protection regulations must be an integral part of the design of new services (privacy by design).
  • The discussion initiated by HRC Special Rapporteur Joseph Cannataci in the UN Human Rights Council on gaps in international law and the need to develop new legal instruments was no issue at the 73rd UN General Assembly.

2. Under the agenda item "Crime Prevention and Criminal Justice", Russia had made another suggestion in October 2017 to develop a "United Nations Convention on Cooperation in Combatting Cybercrime" and had submitted a draft convention of 72 articles. The draft convention as such was not discussed, but the assembly adopted the UN resolution 73/187 "Countering the Use of Information and Communication Technologies for Criminal Purposes". The resolution makes reference to various cybercrime discussions that were held in the UN context in the recent years. It requests the UN-General Secretary to report to the 74th session of the UN General Assembly 2019 on the use of IT technologies for criminal purposes. However, no budget was granted for such a report. The cost shall be covered by "voluntary contributions". 88 states voted in favour of the resolution, 55 (including all western states) voted against it and 29 states abstained from voting.

  • The reason for this new convention project is Russia’s refusal to sign the "Budapest Cybercrime Convention" of November 2001. By now the Budapest Convention has been ratified by 62 states. Russia, China, India, Brazil and other developing countries, however, did not sign it on various reasons. Brazil and India reject the convention because they were not involved on an equal footing in drafting it. Many developing countries view the convention rather as an instrument dictated by the developed western countries that pays little attention to the developing countries‘ specific issues and interests.

  • Russia rejects in particular Article 32 of the Budapest Convention because it grants a right of pursuit to law enforcement authorities on the Internet in real time without consent by the government of the state concerned. For Russia, this legitimises non-controllable cyber espionage beyond national borders. Russia already had concluded a separate multilateral agreement with other states of the Euro-Asian region in Minsk, an amended version of which was now submitted to the 3rd Committee. The Russian draft convention adopts some of the wordings of the Budapest Convention, such as the definition of unlawful intrusion into networks and databases. It is based on the principle of unrestricted respect for state sovereignty, also in cyberspace. Article 3 (2) of the draft convention explicitly forbids to “exercise in the territory of another State the jurisdiction and functions that are reserved exclusively for the authorities of that other State under its domestic law”. Instead, it is proposed to conclude so-called "Mutual Legal Assistance Treaties" (MLATs).

After its first official session on 24 and 25 September 2018, the High Level Panel on Digital Cooperation (HLP.DC) established by UN-Secretary General António Guterres in June 2018 implemented a range of outreach activities and held bi- and multilateral consultations. In particular the two directors of HLP.DC secretariats in Geneva and New York, Jovan Kurbalija and Amadeep Singh Gill, attended a multitude of conferences (the IGF in Paris, the Web Summit in Lisbon, the World Internet Conference in Wuzhen, the Freedom Online Coalition Annual Conference in Berlin and more), informed about the panel’s activities and invited stakeholders and experts to support the panel’s work by proposals and comments. The second and last F2F session of the panel is scheduled for 21 and 22 January 2019 in Geneva. After that, it is primarily the secretariats that will be responsible for completing the draft of the final report. At the end of May, the report shall be made available to the public and then be discussed at the 74th UN General Assembly in autumn 2019 in a format still to be defined. 

Mehr zum Thema