Over the week of November 20-24 Access Now participated in the Global Conference on Cyberspace 2017 in New Delhi, India. Our policymaker’s guide to the GCCS outlined a pathway for engagement at the conference, including our recommendations for addressing cybersecurity while safeguarding human rights. While the conference prompted important discussions, we see many ways the gathering could have been more inclusive, user-focused, and fruitful — fulfilling its promise as a vehicle for keeping the internet open, free, and secure.
A missed opportunity for engagement on critical issues
Over the week of November 20-24, 2017, representatives from government, industry, and civil society met in New Delhi to talk about the future of the internet. The event attracted several thousand experts and covered a wide range of important topics, including building the capacity of developing nations to defend their critical infrastructure. On a substantive level the event became ultimately a platform to showcase government plans — India’s, first and foremost — instead of what could have been: a robust, open dialogue on the crucial cybersecurity issues that impact every one of us.
Where are human rights?
The agenda allowed for very little focus on the many links between human rights and cybersecurity, or on the issue of putting the people who use the internet at the center of cybersecurity discussions. There was only one session on the topic of a free and open internet, and the conference disproportionately emphasised government-led initiatives that put privacy at risk (a quick look at the program and sessions like “Digital Identity for all: Global Best Practices” suffices as a demonstration). The omission of these issues is reflected in the Indian government’s official conference summary, the Chair’s Statement. In 42 paragraphs of text, there is not a single mention of “human rights.” The sole reference to “rights” is heavily qualified, reading, “Freedom with reasonable restrictions in the larger interests of societies and respect for the privacy rights of individuals and groups are prerequisites for creating Cyber Space for all.” Discussing the privacy “rights” of individuals and groups does not affirm the fundamental right to privacy that is recognised both domestically in India and through the international human rights instruments that India and other participant states have ratified.
The statement also calls for states to “balance privacy and openness on one hand, and national security on the other.” We however urge all stakeholders to reject the concept of “balance” between rights and security, and instead to see respect for human rights as the necessary prerequisite to building secure societies. When the fundamental right to privacy is respected, people will be more willing to trust in institutions and to assist authorities in identifying and mitigating threats.
Furthermore, the chair’s statement falls short of expectations for conference outcomes, since many stakeholders expected to see a stronger document arise from the many debates that took place. In the weeks prior to the conference, participants circulated a draft “Delhi Declaration” to (largely government) stakeholders, but then it was dropped, without acknowledgement or explanation.
Where is inclusion?
In the inaugural speech at the event, India’s Prime Minister Narendra Modi correctly asserted that, “The internet, by nature, is inclusive and not exclusive. It offers equity of access, and equality of opportunity.”
He also lauded “the large multi-stakeholder participation at this event.”
Unfortunately, we have to respectfully disagree with this characterisation.
GCCS 2017 did not promote equity of access, and the event did not adhere to expected practices in inclusion and multistakeholderism. Even before the conference started, civil society had only limited opportunity to shape the agenda. Although India’s Ministry of Electronics and Information Technology did participate in several workshops and briefings in the run up to GCCS — including a session at RightsCon Brussels and other events for engagement with civil society organisations —- the consistency and follow-up with stakeholders has been lacking. This lack of engagement continued through the conference, where some local civil society and groups working on privacy had either limited or no access, and many panels went without a speaker to represent communities most directly affected by an insecure internet. This approach marks a step backwards for GCCS, which became more open and inclusive, while still flawed, in The Hague in 2015.
Digital inclusion was supposed to be a prominent focus according to the conference agenda; actually including the groups who often struggle to be included was not a high priority at the conference. For instance, the conference agenda did not address gender disparities, online or off, and this was reflected at the event itself. When women were invited to participate in sessions, there were perhaps one or two women speakers, demonstrating organisers’ lack of outreach — although some moderators did try to compensate for this by calling on women during the Q&A discussion. The Chair’s Statement has a subtle reference to the gender gap, reading, “[t]he conference noted that women form a significant part of the IT workforce… In this way the IT sector has potential for gender empowerment.” But the statement could have recognised explicitly how important including women is to the operation of the internet and to reaping its benefits for our societies.
Overall, we see the lack of access for civil society at GCCS 2017 as part of a larger global trend closing public forums and limiting participation in platforms where policy is made. The exclusion at GCCS 2017 should not set a precedent, and we expect more openness in line with the recommendations of UN Special Rapporteur David Kaye on increased access to information in international organizations.
Substantive progress: minimal, but opportunities remain
Despite these challenges, the conference enabled important discussions about the future of the internet. At the main conference, government representatives openly discussed their visions of the future of cybersecurity, showing conflicting approaches to internet governance. Some governments pushed to maintain the multistakeholder model while others reiterated calls for UN-based multilateralism. Speakers also addressed past failures and future hopes for cybersecurity norm setting. After the failure of the UN Group of Governmental Experts to reach consensus on norms of state behavior earlier this year, delegates called for renewed commitment to norms established in earlier reports.
At a number of side events — organised by Indian government agencies and a mix of other stakeholders — participants addressed issues such as inclusion and accessibility and women and entrepreneurship in the digital age. Access Now’s own pre-GCCS convening brought together civil society and industry speakers to give voice to communities that were not well represented at the GCCS, exploring issues that might otherwise have gone unacknowledged, including the relationship between cybersecurity and human rights, mass surveillance, and the value in discussions between civil society and government. In addition, two institutions produced outputs that will help drive forward important conversations on the future of the internet. The Global Forum on Cyber Expertise released the Delhi Communique with a “Global Agenda for Cyber Capacity Building” and the Global Commission on the Stability of Cyberspace called for “non-interference with the public core of the internet.” We plan to address both in greater detail in the future.
As a whole, GCCS 2017 represents a lost opportunity to meaningfully advance global cybersecurity in a manner that secures — rather than undermines — our digital rights. The outgoing and former chairs and the next host can address the problem by ensuring that the next GCCS is a truly multistakeholder event that reflects the values the conference was created to advance — keeping the internet free, secure, and open to all.
- GCCS 2017 Chair’s Statement (PDF)