At U.N. meeting, Access Now stresses cybersecurity must center and protect civil society

COVID-19 has made the internet vital to society. But bad actors are using it against civil society and human rights defenders. World governments must do more to protect us. On Tuesday, Access Now intervened at a meeting for non-government stakeholders in the third and final United Nations Open-ended Working Group (OEWG) session. We offered civil society input on a potential consensus report that addresses cybersecurity. Our message: while we strongly support the report, we believe governments can do better.

Established through U.N. General Assembly resolution 73/27, the OEWG first convened in 2019 and was tasked to report back to the General Assembly in 2020, which was extended to March 2021 due to COVID-19. Access Now has regularly engaged in the OEWG meetings. Following are the remarks of Raman Jit Singh Chima, Senior International Counsel and Global Cybersecurity Lead for Access Now, who was the first to speak at the multi-stakeholder event for this final OEWG session.

Thank you chair, delegates. The mission of the U.N. OEWG has been a challenging one from the beginning, and the pandemic made it tougher while simultaneously making it even more important. We therefore must commend the focus on ensuring a productive way forward that so many state delegates have shown in the recent discussions.

It is important for us to share our experiences over 2020. We are far too aware of the very real implications of the enhanced cyber threats that our communities have encountered, and the increased threat environment overall, as the pandemic made the internet and ICT tools even more vital to our societies. Access Now’s Digital Security Helpline, and the wider CiviCERT community, have seen an increase in malicious cyber behavior, including activity especially targeting civil society and human rights defenders. We therefore strongly indicate our support for the OEWG’s report, in paragraph 4, noting the dangerous consequences of malicious activities that have sought to exploit cyber vulnerabilities when our societies are under strain. We also agree with the report’s recognition of these harms being enhanced for vulnerable communities.

We need to safeguard the agreement and consensus shown in this OEWG, while challenging ourselves to do better.

It is crucial that the opening of the OEWG’s report explicitly — and consistently — seek to advance the promotion of an open, free, secure, peaceful ICT environment. An explicit reference to this effect should be included in paragraph 7.

One of the truly key achievements through this OEWG has been the repeated recognition and support for a human-centric approach when it comes to discussions about global cybersecurity. As we have noted in our previous comments to the OEWG’s meetings, as well as our submissions made available via the OEWG’s website, it is our view that cybersecurity requires a user-centric, human-centric approach.  This focus on a human-centric approach must remain in the OEWG’s report — it is indeed a key item of agreement to so many — and can form the basis for further common understandings and developments in the U.N.’s future discussions around cybersecurity. 

We further believe that this introductory section would benefit from noting how many states and stakeholders recognized that a human-centric approach in particular required the observance of human rights and fundamental freedoms, including those pertaining to access to information, privacy, and data protection. It might seem obvious to so many of us, but it is still crucial for us to note our agreement that our internationally protected human rights are complementary to cybersecurity — and not opposed to it.

The agreement on a tech-neutral approach in the OEWG’s report is crucial, and we caution against any proposal to alter this key shared understanding.

The recognition of the role that non-state actors play in the malicious use of ICT to undermine internationally protected human rights and international peace and security is important. This reference should remain, though we believe that it would have been better for the OEWG to have been able to further expand on this. We believe that the present OEWG report should set a good foundation for further expansion and elaboration of this, including enhanced recognition of the role of hacking-as-a-service providers and other problematic private sector activity in this area, for future work within the U.N. We hope that the OEWG’s final text ties in well with the work happening with the U.N.’s Expert Group on Cyber Mercenaries.

It is important to hold true to the position that international humanitarian law being applicable to cyberspace does not encourage militarization or legislate resort to conflict; this is the majority view, the responsible view, that must remain. We therefore caution against any watering down of para 30, and support calls to move para 84 into the main body

We support calls to strengthen the language in para 41, on informing the U.N. Secretary General on national views and practices. We also believe that the OEWG’s report should have continued with previous language on seeking increased international cooperation on vulnerabilities disclosures; this would have been a good, technically-focused measure that would have helped build confidence and aided in real world improvements to global cybersecurity.

I thank you, and look forward to seeing the progress that the international community can make here over this week.