In Paris, protecting human rights through cyber peace

During Paris Digital Week, November 11-14, Access Now is headed to the Paris Peace Forum and the Internet Governance Forum (IGF). Near the top of the wide-ranging agendas will be an effort to bring stakeholders together to support “cyber peace.” We will bring the message that cyber peace is about supporting user rights and resisting the militarization of the internet that threatens our security and the free and open internet as we know it.

About the events

The timing this year of these events is important. All around the world, elections have recently taken place or soon will, and we want confidence our democracies are secure and the machines we will use to vote cannot easily be manipulated. Meanwhile, government hacking appears to be on the rise. We hope to see from Paris a commitment from all stakeholders to protect rights and resist these harms through cybersecurity policy that is user-centric, systemic, and anchored in open and pluralistic processes. Our goal at Access Now is to  engage strategically at events to achieve cybersecurity policies that meet those standards.

The IGF is convened by the United Nations and hosted by a different member state annually. This will be the 13th IGF, and since its inception in 2006, the event has been an important place for academia, civil society, governments, and the private sector to discuss challenges and opportunities brought by the internet. The Paris Peace Forum, on the other hand, is a new fora and will be a unique opportunity for more in-depth engagement on specific issues. It will also be an opportunity to further cybersecurity norms that will be debated elsewhere. French President Emmanuel Macron was the impetus for the event, which aims to find “solutions for today’s transborder challenges.” Given the conferences’ proximity to each other, there will likely be overlapping themes and attendees.

Unfortunately, while the Paris Peace Forum will include “states, international organizations, local governments, NGOs and foundations, companies, experts, journalists, trade unions, religious groups, and citizens,” participation is limited to those who have received invitations, so important voices will likely not be present. In future years, we hope to see a more inclusive event.

What we hope to see in Paris

In the discussions in Paris and beyond, user rights should be prioritized. That means commitments need to be made to integrate digital security into general education, support security research, and improve awareness of digital security threats. It also means stakeholders should further commit to support good cyber hygiene by promoting and enabling technical solutions to secure and protect the confidentiality of digital communications, so that users have the knowledge and skills to protect themselves and are empowered to do so. Finally, stakeholders should recognize the necessity of implementing robust data protection and security measures, breach notification schemes, and privacy by design principles.

Systemic digital security approaches focus on the full range of threats to the security of the users. Any such solutions should therefore address the risks of government hacking and implement best practices for dealing with omnipresent vulnerabilities. Stakeholders should commit to the further proliferation of vulnerability reporting programs to limit risks to users whose data rests in or moves across those platforms. Stakeholders should also pursue stronger norms against corporate or government hacking that undermines human rights and the security of the internet. Finally, the stakeholders should agree to limit the spread of malicious ICT tools for human rights abuses.

To improve cybersecurity, stakeholders should commit to supporting effective and pluralistic incident response. The decentralized networks of technical experts, including Access Now’s Digital Security Helpline and the teams behind FIRST, collaborate with a range of stakeholders to prevent harm and reduce risk to users. These decentralized networks will need greater support from the global community as threats expand.

The road ahead

The Paris Digital Week comes at a consequential time for cybersecurity policymaking. The outcomes from IGF and the Paris Peace Forum can create positive momentum toward stronger user protections. They could also fail to create progress for user protections and have little impact. The success or failure of the Paris Digital Week can be judged based on whether the outcomes of the events can be to leveraged elsewhere for stronger protection.

There will be a number of events through the end of 2019 where cybersecurity and human rights will be on the agenda. At the United Nations General Assembly, both Russia and the United States have advanced resolutions that would establish another Group of Governmental Experts (GGE) for next year. Through several iterations, the GGE has issued reports on norms of nation state use of information and communications technology, including limits on that use, though  the 2016-2017 GGE failed to reach consensus on a report. The International Telecommunications Union is also holding a quadrennial plenipotentiary meeting that wraps up just after Paris Digital Week. The Freedom Online Coalition, composed of governments that aim to promote internet freedom, will also be hosting its annual meeting later in November right next door in Berlin. Access Now plans to extend our message of cybersecurity that promotes peace by protecting users at all of these events. The conversations at these events will continue through RightsCon Tunis in 2019, which is now open for proposals.