Q2/2020 - United Nations
UN Security Council on Cyber Security, 22 May 2020 (virtual)
On 22 May 2020, the UN Security Council held its first separate session on cyber security. The meeting, which was organised according to the so-called "Arria Formula", had been scheduled by Estonia, which held the monthly rotating UN Security Council presidency in May 2020. Cyber security had appeared on the agenda of a regular meeting of the UN Security Council for the first time already in March 2020. At that meeting Georgia informed about a cyber attack that was assumed to be initiated by Russia. The case was acknowledged without discussion. The May meeting was not based on a specific incident. Estonia wanted to raise the general political awareness of cyber security of the members of the UN Security Council and thus of the global public by that special meeting.
The public meeting was attended by the 15 members of the UN Security Council and by 41 governments. The meeting was opened by Jüri Ratas, Prime Minister of Estonia. The keynote speakers were Izumi Nakamitsu, Under-Secretary-General and High Representative for Disarmament Affairs, and James Lewis, Senior Vice President and Director of the Center for Strategic and International Studies (CSIS) in Washington, and David Koh, Chief Executive of the Cyber Security Agency of Singapore.
Russia, a permanent member of the UN Security Council, boycotted the meeting. It accused the incumbent Estonian president of the UN Security Council of abusing UN rules with the “Arria Formula Meeting” in order to blame Russia for unproven cyber attacks. Yet the Russian UN embassy issued a statement on the subject of the UN Security Council meeting. In this statement, Russia advocates a “cyber peace” based on the principles of international law. It says that a cyber confrontation entails the risk of global escalation. The world literally finds itself now before a choice between global cyber peace or cyber warfare. An unspecified “elite minority” is accused of fuelling tensions in cyberspace and intending to unilaterally regulate cyberspace in its favour. This “elite minority” is said to actively pursue a “militarisation of cyberspace” and to propagate a concept of “preventive military cyber strikes”. Russia therefore supports in particular the OEWG and refers to the new UN committee on the elaboration of a convention for countering cybercrime, which could become an important building block for the promotion of global cyber peace.
As to content, the virtual session of the UN Security Council was more concerned with principles and how to handle the issue of cyber security within the UN framework in the future.
The activities of the two working groups UN-GGE and OEWG under the 1st Committee of the UN General Assembly was rated very positively. In particular, the fact that international law and the Charter of the United Nations are universally recognised to apply both offline and online and thus also provide the relevant legal basis for cyberspace is considered a major achievement. The eleven Principles for Responsible State Behaviour in Cyberspace adopted by the 4th UN-GGE in 2015, which have since been confirmed by the UN General Assembly on several occasions, were stated to constitute the framework for further steps to strengthen security in cyberspace. However, the voluntary commitments of states reflected in the eleven principles should be supplemented by confidence- and capacity-building measures.
The idea repeatedly put forward by China and Russia in recent years to draw up a new cyber security treaty that is binding under international law met with little response. The majority of the speakers preferred to concentrate on implementing the previous resolutions. Most important was to find a way how to apply existing norms of international law in cyberspace. In particular, the question of whether a cyber attack violates the principle of the prohibition of violence (Article 2.4 of the UN Charter) and thus can trigger the right to self-defence anchored in Article 51 of the UN Charter is controversial. However, the May discussion in the UN Security Council did not bring new insights.
No progress was made on the difficult question of attribution of cyber attacks. Technical and political attribution are seen here as two interconnected but independent processes. The decision on political attribution is considered a “sovereign right” of states. The idea of assigning the task of cyber attack attribution to a supranational, neutral authority found little support. A few years ago, Microsoft had proposed to elaborate a new “Geneva Convention” for cyberspace, within the framework of which an organisation based on the model of the International Atomic Energy Agency (IAEA) should have been formed. The IAEA monitors the production and use of nuclear material.
Many statements referred to the rapid growth of offensive cyber operations. It was strongly regretted that despite the verbal agreement on the validity of international law and the acceptance of the eleven principles for responsible state behaviour in cyberspace of 2015, the number of cyber attacks attributable to governments is constantly increasing. The Estonian Prime Minister condemned in particular recent cyber attacks on hospitals and medical research institutions. Governments that tolerated such misconduct should be held accountable. The U.S. Ambassador Cherith Norman Chalet, too, called for consequences for state misconduct, without specifying what these consequences might be. The Ukrainian Minister of Foreign Affairs, Dmytro Kuleba, attacked Russia directly. He accused Russia of leading a hybrid war against Ukraine and testing new offensive cyber weapons in that context. In 2019 alone, he said, Ukraine was the target of 1,500 cyber attacks on facilities belonging to the country's so-called critical infrastructure.
UN Roadmap for Digital Cooperation, 11 June 2020 (virtual)
On 11 June 2020, UN Secretary-General António Guterres presented his “Roadmap for Digital Cooperation“, he had announced in January 2020. The Roadmap is based on the recommendations made by the UN High-Level Panel on Digital Cooperation (HLP), which was established by Guterres. Co-chaired by Melinda Gates and Jack Ma, the Panel submitted its final report precisely one year before, on 11 June 2019. The “Roadmap for Digital Cooperation” shall serve as a guideline for the UN throughout the 2020s. According to the UN Roadmap, the United Nations shall not take on the role of a “world government of the Internet” but be a “platform for the multistakeholder dialogue” and act as a facilitator for all negotiations dealing with issues of digitalisation in cyber space. The dialogue shall be organised by a so-called Technology Envoy who is going to be appointed next year. The Roadmap defines eight fields of action and advocates a strengthened and enhanced Internet Governance Forum (IGF).
When presenting the Roadmap, the UN Secretary-General said that the world had reached a critical point with regard to the handling of technology. The Roadmap was pointing out how to maximise the possibilities offered by global digitalisation and how to reduce risks to a minimum. A combination of multilateralism and multistakeholderism was required to find the right way into the “age of digital interdependence”. The United Nations could and had to be a useful platform in this context and could and should assume the role of a facilitator. The overriding aim of the Roadmap was to connect, respect, and protect people in the digital age).
The list of speakers at the virtual presentation meeting also included the Presidents of Sierra Leone and Switzerland, Julius Maada and Simonetta Sommaruga, Sheikh Hamdan bin Mohammed bin Rashid Al Maktoum, Crown Prince of Dubai, United Arab Emirates, and Fekitamoeloa Katoa 'Utoikamanu from Tonga for the Least Developed Countries. Speakers of the non-state stakeholders were Tim Berners-Lee, the founder of the World Wide Web, Ajaypal Singh Banga, CEO of Mastercard and Vice Chair of the International Chamber of Commerce (ICC) in Paris, Nick Read, CEO of Vodafone, Andrew Sullivan, President and CEO of the Internet Society, and Klaus Schwab, Executive Chairman of the World Economic Forum in Davos. Speakers for the civil society were Baroness Joanne Shields OBE, who is combating child sexual exploitation on the Internet as President of the WePROTECT Global Alliance.
The presentation of the report was followed by two virtual panel discussions. The panellists included Audrey Azoulay, Director-General of UNESCO, Houlin Zhao, ITU Secretary-General, and the digital ministers of Finland, France, Norway, Sierra Leone, Mexico and Singapore. Other speakers were Michelle Bachelet, United Nations High Commissioner for Human Rights, Adrien Lowett, CEO of the World Wide Web Foundation, Amani Abou-Zeid from the African Union, Eamon Gilmore from the European Union and Brett Solomon from Access Now. On 12 and 14 June, Fabrizio Hochschild, Assistant Secretary-General in the UN, moderated two other virtual panel discussions with experts from different fields. The presentations reflected that the UN is willing to advance to a multistakeholder dialogue. While governments, the technical community and the private sector were strongly represented, not many delegates of civil society attended.
Follow-up zum Bericht des High-level Panels
The prime goal of the Roadmap is to offer the UN as a platform for a multistakeholder dialogue for all Internet-related issues. Since he took office, Guterres repeatedly emphasized that the UN did not intend to act as the “world government of the Internet” but wanted to make use of its authority and legitimacy to promote a multistakeholder dialogue on Internet governance. Accordingly, the key sentence of the Roadmap reads: “The United Nations is ready to serve as a platform for a multi-stakeholder policy dialogue on the emerging technologies.
The dialogue shall be organised by a so-called Technology Envoy that the UN Secretary-General will appoint in January 2021. This new UN Special Envoy is to become the UN Secretary-General's right-hand person for all Internet-related issues. She/he will coordinate the various initiatives distributed among numerous UN organisations and organise cooperation with non-state actors from the private sector, academia, civil society and the technical community. Guterres is thus responding to the long-standing criticism that the UN needs a holistic approach to global Internet policy, without claiming the role of a “world government of the Internet”, and that the various UN negotiating groups in their “silos” need to be networked both with each other and with non-state stakeholders. The Technology Envoy will become the central point of contact for all Internet-related issues in the UN ecosystem. De facto, she/he shall take on the role of a "clearinghouse" or "cooperation accelerator".
As regards content, a key aim of the Roadmap is to link global digitisation with achieving the UN sustainable development goals (SDGs). The central goal is to have overcome the digital divide by 2030 and provide access to the Internet for everybody at affordable conditions. This applies in particular with regard to the development and application of artificial intelligence. Linking the goals of the UN World Summit on the Information Society (WSIS) with the sustainable development goals of the UN (SDGs) has been a long-standing demand, especially from civil society. The 17 SDGs formulated in 2015 do not include digitisation as an independent goal in its own right. Commentators have therefore now referred to the Roadmap as “Goal 18” of the SDGs
The Roadmap defines eight fields of action:
- Achieving universal and global connectivity by 2030 that grants affordable access to the Internet to everyone;
- Promoting the digital environment as a public good with strong support for open source, open data, open standards etc.
- Ensuring digital inclusion for all, including the most vulnerable in particular;
- Strengthening digital capacity building for the future world of work;
- Ensuring the protection of human rights offline and online;
- Supporting global cooperation on the development and application of artificial intelligence;
- Promoting trust and security in cyber space;
- Building a more effective architecture of global digital cooperation by strengthening the IGF.
Regarding the three mechanisms for an improved political Internet governance architecture proposed by the HLP, the Roadmap prefers the IGF+ proposal. The Roadmap suggests seven measures to strengthen the IGF:
- Creating a new strategic and empowered multistakeholder high-level body with more comprehensive decision-making powers;
- Stronger focus on central policy issues;
- Establishing a high-level ministerial and parliamentary segment within the IGF;
- Strengthening the cooperation with the regional and national IGFs and the youth IGFs;
- Advancing the intersessional work of the IGF with a focus on policy issues;
- Providing better financial and personnel resources to the IGF and creating a fundraising strategy;
- Enhancing the visibility of the IGF both within the UN ecosystem and the global wider public.
Besides the appointment of a Technology Envoy and empowering the IGF by creating a new multistakeholder high-level body, the Roadmap proposes the formation of four other bodies. However, it does not provide any details regarding their establishment and composition. The proposed bodies are:
- a multistakeholder coalition for digital inclusion;
- a multistakeholder network for promoting a holistic approach to digital capacity building and sustainable development;
- a multistakeholder advisory body for global cooperation in the field of artificial intelligence;
- a group of global investors to finance the establishment and expansion of infrastructure and connectivity.
The Roadmap considers itself a milestone of a process that has started with the UN World Summit on the Information Society (WSIS) in 2002 and is currently targeted to the year 2030, with the WSiS+20 in 2025 as an interim goal. The Roadmap explicitly refers to the ongoing discussions and negotiations in other bodies, e.g. in the field of cyber security (OEWG & UN-GGE). Reference is also made to the eight “Roundtables” that were established after the 14th IGF in Berlin in December 2019 to implement the recommendations of the High-level Panel on Digital Cooperation (HLP). These Roundtables are currently working on “Opinion Papers” for the 75th UN General Assembly, which will start in September 2020. Their recommendations will form part of the implementation of the Roadmap. The Roundtables are chaired by so-called “co-champions”. They will possibly also be responsible for appointing the new bodies proposed in the Roadmap. It is not yet clear how long the Roundtables will remain active. Roundtables will be held on the following topics:
- Global Connectivity (co-champions are Uganda, ITU, UNICEF)
- Digital Public Goods (Norway, Sierra Leone, iSPIRIT, UNICEF, UN Global Pulse)
- Digital Inclusion and Data (Mexico, UN Women)
- Digital Help Desks (ITU, UNDP)
- Digital Human Rights (Korea, EU, Access Now, OHCHR)
- Artificial Intelligence (Finland, France, FLI, UN Global Pulse, Office Hochschild)
- Digital Trust and Security (Estonia, The Netherlands, Microsoft, UNODA, Office Hochschild)
- Digital Cooperation Architecture (Germany, United Arab Emirates, Office Hochschild)
Not taken up by the UN Secretary-General were proposals by the HLP for working out new documents.
The HLP had submitted two proposals: a “Global Commitment on Trust and Security” and a “Global Commitment on Digital Cooperation”. In the view of the HLP, both documents could have been adopted by the UN General Assembly on the occasion of the 75th anniversary of the United Nations on 24 October 2020. Yet the HLP had not proposed a procedure for preparing the text of the documents.
Instead, the Roadmap now proposes to create a general “Statement on common Elements of an Understanding on Digital Trust and Security”. Such statement should be negotiated by the governments and adopted on the highest level. However, it should not duplicate the work of the two UN cyber security negotiation groups (OEWG & UN-GGE). After adoption by the UN member states, such document should be open for endorsement by non-state stakeholders from the private sector, in particular global Internet companies, and the civil society (following the model of the Paris Call for Trust and Security in Cyberspace of 2018).