Last week representatives from government, the corporate sector, civil society, and academia flocked to the Hague in the Netherlands for the Global Conference on Cyberspace (GCCS) to talk about freedom, growth, and security online. The conference provided an opportunity for various sectors to collaborate, but collaboration was limited. Despite two day’s worth of sessions and side events, little of substance was accomplished when it comes to protecting internet users’ freedom or bulwarking the security of the internet.
The Dutch government’s signature outcome of the conference, the launch of the Global Forum on Cyber Expertise (GFCE), demonstrates the failed opportunity. The GFCE is billed as “a pragmatic, action-oriented, and flexible platform for policymakers, practitioners, and experts from different countries and regions,” but representatives from civil society and the technical community aren’t put on equal footing, as they are asked to participate “when invited to do so by the initiators.” This lack of true collaboration will hurt the GFCE’s initiatives, and it might also result in policymaking that does not sufficiently protect users’ rights.
It is true that representatives from civil society were granted greater access to this conference than previous iterations of the GCCS in London, Budapest, and Seoul. But as the GFCE forum example demonstrates, it was not equal access. Further, excessive security measures created both literal and figurative barriers to full participation. Authorities conducted invasive sweeps of certain participant’s rooms. Security screeners required participants to open their laptops to gain entry to the conference. Participants were also required to download a mobile app with a schedule of the panels, without having been given enough notice to determine whether the app was secure.
Another weak spot for the GCCS is the Chair’s Statement. The organizers shared a draft statement for civil society input only days before the conference began. Although they accepted some input, they also failed to make a number of critical improvements. The Chair issued the final Statement once the conference ended.
In written feedback, Access called on the Chair to acknowledge that cybersecurity should encompass the entire security ecosystem, including protections for users. Unfortunately, the Chair did not embrace a more comprehensive, rights-respecting approach to cybersecurity. The Statement does not fully address the critical role that governments play in ensuring the security of online products and services. While it notes concerns that certain security measures can restrict the openness of the internet, it does not acknowledge that governments can undermine network security and endanger human rights by prohibiting people from using encryption or by requiring encryption back doors to facilitate surveillance.
The Statement does make multiple references to the importance of protecting human rights online, though not to the the International Principles on the Application of Human Rights to Communications Surveillance, which articulate human rights law in the digital age. In one instance, the Chair responded to a suggestion from Access by acknowledging the role of human rights in developing laws to counter crimes committed online. So-called cybercrime laws should not grant the government authority to trample on protections for human rights.
In a rousing and inspiring opening speech, Nnenna Nwakanma, the World Wide Web Foundation’s Africa Regional Coordinator, coined the conference’s unofficial slogan when she said, “All of the people should be free and able to access all of the internet, all of the time. All of the people! All of the internet! All of the time!” To ensure all of the people have access to all of the internet all of the time, rights-respecting cybersecurity policies must be established. No user will truly feel free to access all of the internet all of the time while under constant, comprehensive surveillance. We hope that Nwakanma’s message will be taken to heart and incorporated in the design of the next GCCS in Mexico in 2017.