Q3/2018 - Quarterly Report Executive Summary

Q3/2018 - Quarterly Report Executive Summary

Current happenings in the Internet governance context July to September 2018:

In Q3/2018, there were quite a lot of meetings of intergovernmental organisations that proved that the trend to consider Internet Governance primarily as an issue of cybersecurity, which has been observed for some time, is firmly establishing itself. This is particularly true for the summits of NATO and BRICS, but also for conferences of the United Nations Commissions, Interpol/Europol, OSCE, ASEAN and other intergovernmental bodies.

Also increasing is the tendency towards unilateralism in the context of Internet governance. The major Internet countries, in particular, are currently developing their political strategies on cyberspace, the digital economy and Internet governance unilaterally and largely independently of the discussions in international organisations. One example is the new US cyber strategy published by President Trump in September 2018. But Russia, China, India and the EU also give priority to national Internet projects and their own cybersecurity strategy over involvement in multilateral bodies.

High expectations are placed on the UN High Level Panel for Digital Cooperation (HLP.DC) appointed by UN Secretary General Antonio Guterres, even though there are also very sceptical voices. The 22-member panel is composed according to the multistakeholder principle and chaired by a female American – Melinda Gates of the Microsoft Foundation – and a male Chinese – Jack Ma of AliBaba. The Panel met for the first time in September 2018 in New York and is expected to present a report with recommendations for the development of a global "digital cooperation" by May 2019.

At the non-state level, the controversial discussion of the “Trust Charta” and a “Digital Geneva Convention”, two projects launched by Microsoft and Siemens, continues. The “Cybersecurity Tech Accord” (CTA), which is meant to serve as a first step towards a convention, has been signed by 61 parties by now. In September 2018, the CTA and the “Global Forum on Cyber Expertise” (GFCE) based in The Hague signed a partnership agreement in Singapore. The GFCE emerged from the so-called “London Process”, which was launched by the former British Foreign Secretary William Hague at the Munich Security Conference of 2011.

The Global Commission on Stability in Cyberspace (GCSC) has put the drafts of six further standards for stability-enhancing behaviour of state and non-state actors in cyberspace up for discussion at a public hearing in Singapore in September 2018. The GCSC final report is expected by the end of 2019.

At the inter-governmental level, the following major activities in Q3/2018 are particularly worth to be mentioned:

  • On the eve of the 73rd UN General Assembly, the 22-member High Level Panel on Digital Cooperation (HLP.DC) appointed by UN Secretary General Antonio Guterres, met for its constituent meeting on 23 and 24 September 2018. The work plan was discussed. The final report should be available by May 2019.
  • On 29 and 30 July 2018, the 10th Summit of the BRICS States took place in Johannesburg. The presidents of China, Russia, India, Brazil and South Africa emphasized that the UN is the best place to negotiate Internet issues. However, the five heads of state could not agree on a joint proposal for a binding instrument under international law  ̶  as was desired by Russia.
  • At their meeting in Salta/Argentina on 23 and 24 August 2018, the Digital Ministers of the G20 states confirmed the “G20 Roadmap for Digitalisation”, which had been drawn up and refined at the previous G20 meetings in China (2016) and Germany (2017). In 2018, particular emphasis was placed on linking the G20 roadmap to the UN's sustainable development goals (SDGs) to be reached by 2030 and on strengthening a "Digital Agenda for Development".
  • At their meeting in Salta/Argentina on 23 and 24 August 2018, the Digital Ministers of the G20 states confirmed the “G20 Roadmap for Digitalisation”, which had been drawn up and refined at the previous G20 meetings in China (2016) and Germany (2017). In 2018, particular emphasis was placed on linking the G20 roadmap to the UN's sustainable development goals (SDGs) to be reached by 2030 and on strengthening a "Digital Agenda for Development".
  • One of the topics at the meeting of the Energy Ministers of the G7 countries in Halifax on 21 September 2018 was the risks of cyber attacks on energy suppliers. A document entitled “G7 Cybersecurity for Digitalized Energy Infrastructure Systems” was adopted. The already announced G7 multistakeholder conference on artificial intelligence is scheduled for 6 December 2018 in Montreal.
  • At the NATO Summit in Brussels on 11 and 12 July 2018, it was reaffirmed that given the growing number and scope of cyber attacks by state and non-state actors the cyber field is one of the core areas of collective defence in the NATO Alliance. It was agreed to set up a new Cyber Operations Center. Moreover, the Cyber Defence Pledge is to be further strengthened to enhance the Alliance's own defence capability and increase the costs incurred by cyber attackers.
  • The UN Group of Governmental Experts on Lethal Autonomous Weapon Systems (LAWS) agreed on ten Possible Guiding Principles at its 3rd meeting held from 27 to 31 August 2018 in Geneva. The principles are to be used as a basis for future negotiations and a possible international LAWS instrument (moratorium or convention).
  • By the end of September 2018, about 100 draft resolutions had been submitted to the Geneva ITU Secretariat in preparation for the ITU Plenipotentiary Conference starting at the end of October 2018. Some of them deal with topics relevant to the Internet. The four-yearly ITU Plenipotentiary Conference will take place from 28 October to 16 November 2018 in Dubai. The main issues to be expected to come up are the possible extension of the ITU's constitutional mandate to include cyber security, the Internet of Things and artificial intelligence, resolutions giving the ITU powers to manage domain names and IP addresses, and the option of holding another WCIT in 2020 to harmonise the International Telecommunication Regulations (ITRs), for which there have been two variants since the Dubai Conference in 2012.
  • At the 39th session of theUN Human Rights Council (Geneva, 10 - 28 September 2018), a report by the UN High Commissioner for Human Rights, Michelle Bachelet Jeria, on “Right to Privacy in the Digital Age” was one of the discussion items on the agenda. The High Commissioner's report does not take up the recommendation of the UN Human Rights Council's Special Rapporteur, Joseph Cannataci, to develop a new instrument of international law to protect privacy against mass surveillance, but instead recommends that states comply more strictly with their obligations under existing international treaties and enshrine them in national laws that take account of the technological changes since 1966.
  • UNCTAD presented its annual Trade and Development Report on 28 September 2018 in Geneva. The report warns of a new global economic crisis, also triggered by growing imbalances, new trade wars and a further deepening of the digital divide through the formation of global Internet monopolies. The countermeasures it recommends include breaking up Internet monopolies and aligning antitrust law more closely with the new realities of the digital economy.
  • The Global Commission on the Future of Work of the International Labour Organisation (ILO) has published several expert reports, including a report on the relationship between algorithms, automation and working conditions (Negotiating the algorithm: Automation, artificial intelligence and labour protection). The Commission's final report will be discussed at the next meeting on 15 November 2018. It will be published in early 2019 and will be a focal topic at the ILO's 100th anniversary celebrations in summer 2019.
  • On 21 September 2018, the Trump administration published a new US National Cyber Strategy. The document outlines the cornerstones of a holistic strategy to combine security, economic and human rights aspects ("whole-of-government") and strengthen the role of the USA as a global leading cyber power ("the world lone superpower"). Enhancing the multistakeholder principle for Internet governance is one of the priorities stated in the document. It proposes to form a coalition of like-minded countries against hostile state (Russia, North Korea, Iran, China) and non-state actors. A Cyber Deterrence Initiative (CDI) is to be established to show attackers from cyberspace that they will have to pay a price for their action. As to the reaction to a cyber attack, the US keeps all options open, including political, military, economic as well as diplomatic countermeasures.
  • On 28 September 2018, the Chinese government presented the program for the 5th Internet World Conference in Wuzhen. The slogan of the conference, which will take place from 7 to 9 November 2018, reads "Creating a Digital World for Mutual Trust and Collective Governance – Toward a Community with a Shared Future in Cyberspace". More than 1500 participants are expected.
  • On 6 July 2018, Russian President Vladimir Putin opened a high-level conference on cyber security in Moscow. Once again, he proposed to conclude a UN convention – in the form of a state code of conduct in cyberspace - and announced corresponding draft resolutions for the upcoming 73rd session of the UN General Assembly in September 2018 in New York. Putin's proposal to supplement such multilateral agreements with bilateral consultations, however, was rejected by the Americans at the summit between Putin and Trump in Helsinki on 14 July 2018.
  • On the occasion of the 100th anniversary of the end of World War I, the French President Emmanuel Macron invited to a high-ranking peace forum in Paris on 11 November 2018. The final document planned to be adopted shall include a “Paris Roadmap for Trust and Security in Cyberspace”. The Paris Peace Forum will take place at the same time as the 13th Internet Governance Forum (IGF).
  • The focus of a joint meeting of Interpol and Europol in Singapore from 18 to 20 September 2018 was on action against cyber criminals in the Darknet and an expanded strategy for fighting Ransomware.
  • A high-level OSCE conference in Rome on 27 and 28 September 2018 discussed the implementation and further development of the 16 Confidence-Building Measures in Cyberspace (CBMCs) adopted by the OSCE in 2016 were discussed.
  • At the 3rd ASEAN Ministerial Conference on Cyber Security held in Singapore on 19 September 2018, it was decided to establish a new “ASEAN-Singapore Cybersecurity Center of Excellence (ASCCE)”.

At non-state level, the following major activities in Q3/2018 are particularly worth to be mentioned:

  • Preparations for the 13th IGF in November 2018 in Paris are proceeding according to plan. The Forum has been shortened to three days, the number of workshops (over 400 proposals) has been reduced to 89. The Secretariat urges the organisers of the individual sessions to present more concrete results (tangible output). One third of the MAG members were exchanged. The new MAG members will begin their three-year term of office after the IGF in Paris.
  • The first preparatory meeting for EURODIG XIII took place on 25 September 2018 in The Hague. According to the “Call for Issues”, topic proposals are to be submitted by 31 December 2018. EURODIG XIII is planned to be held on 19 and 20 June 2019 in The Hague.
  • The Cybersecurity Tech Accord, signed in April 2018 by 34 companies, has won another 27 supporters. At the Singapore International Cyber Week (SICW), it entered into a partnership with the Global Forum on Cyber Expertise (GFCE). It was announced that the proposal for a Digital Geneva Convention (DGC) was intended to be developed into a cyberpeace campaign at the Paris Peace Forum in November 2018.
  • The 3rd full meeting of the Global Commission on Stability in Cyberspace took place on 19 and 20 September 2018 in Singapore. At a public hearing, the drafts of eight standards were discussed, which are meant to set guidelines for the behaviour of state and non-state actors in cyberspace.
"We know very well that cyber threats have reached a scale where they can be dealt with only through the joint efforts of the entire international community. Russia has always called for a joint and fair settlement of any arising problems, let alone disputes. At the same time, we believe that security measures and the regulation of this space must not hinder its technological and innovative development. As I already said, our turbulent digital era depends on freedom, including the freedom to communicate as well as to exchange experience and ideas. It is very important in this situation to develop common rules of the game and binding international standards that will take into account the rights and interests of all countries as much as possible and will be universal and acceptable for all. We have seen more than once that some countries’ egoism and self-centred policies are damaging the international information stability."

Wladimir W. Putin, President of Russia, Cybersecurity Conference, Moskau, 6. Juli 2018

Wolfgang Kleinwächter

Professor Emeritus of Internet Policy & Regulation at Aarhus University