A U.N. board of security experts representing 20 governments has released a report critical to the future of the internet. This iterative report — prepared by the Group of Governmental Experts (GGE) on Developments in the Field of Information and Telecommunications in the Context of International Security — aims to identify areas of consensus and prevent conflict between nation states. The latest iteration of the report, released in July, fails to mention encryption, and includes underwhelming statements about rights online. However, it does help to establish boundaries for proper state behavior that are critical to maintaining a secure and free internet.
What the report leaves out
Unfortunately, much of the content in the 2015 report remains unchanged from previous iterations published in 2010 and 2013. It is also notable for what it leaves out.
The report acknowledges that international law applies online, largely focusing on state rights and responsibilities, but touches only lightly on individual rights. For example, it cites a number of important resolutions by the U.N. Human Rights Council (20/8 and 26/13) and General Assembly (68/167 and 69/166), but does not make note of the important reports by Frank La Rue, former Special Rapporteur for Freedom of Opinion and Expression, or by Navi Pillay, the former High Commissioner for Human Rights. Most egregiously, there is no mention of the new report on encryption by David Kaye, current U.N Special Rapporteur for Freedom of Opinion and Expression, which specifically addresses online security and affirms the importance of protecting the rights and security of individuals.
A few steps forward
In one welcome but narrow change from previous iterations, the report calls more explicitly for governments to be transparent in reporting information about vulnerabilities in information and communications technology (ICT). The authors ultimately recommend that government disclosure of these vulnerabilities be voluntary rather than mandatory. Access and other civil society groups argue for mandatory, not voluntary, disclosure.
Another welcome development that’s evident in the report is the defeat of a proposal by the United States that could have increased the militarization of the internet. During the negotiations over the report, the U.S. fought for a provision that would have recognized a sovereign government’s “right” to self-defense online. The provision could have justified the use of countermeasures, despite the difficulty in finding the source of a cyber attack. Such countermeasures could have led to unintended victimization and expanding conflict.
Access has previously highlighted concern over militarizing the internet, since it threatens the integrity and usefulness of the internet for the everyday user. We believe the internet must remain a tool for people to communicate with their loved ones, or to speak out against government corruption.
The authors have asked the U.N. to reconvene the GGE in 2016 (while other norm setting processes continue outside the U.N.).
We hope to see the next members of the GGE work to maintain the integrity of the internet by giving more than just lip service to the concerns of the private sector, academia, and civil society. The GGE could start by lifting the veil of secrecy around its work, engaging more deeply with stakeholders, and creating a more inclusive drafting process.
The next report could be much stronger if the GGE broadens the scope of the report to consider not only how countries treat each other, but also how countries treat individuals. If the GGE takes a more comprehensive approach, it’s much more likely that the internet will maintain its status as a critical platform for the expression of human rights.