In late September 2019, 26 nations convening at the United Nations General Assembly issued a Joint Statement on Advancing Responsible State Behavior in Cyberspace that reaffirmed their consensus on how states should behave in cyberspace.
1) the need for “international rules-based order;” 2) the applicability of international law to cyber-related state-on-state interactions; 3) voluntary state adoption of responsible activity during times of peace; and 4) developing confidence building measures as a way to mitigate the potential escalation of tensions as a result of cyber incidents. The signatories to this agreement were primarily the United States, major European countries, and stalwart Western Allies.
The symbolic move is nothing new as these principles have been expressed in previous multi-national working groups such as the UN Group of Governmental Experts in the Field of Information and Telecommunications in the Context of International Security. These iterative meetings had slowly yielded positive results until June 2017 when further attempts of gaining consensus failed, halting the limited progress that had been achieved. States like China, Cuba, and Russia pushed back on three core areas: the right of a sate to respond to international wrong acts; the right of a nation to defend itself; and the application of international humanitarian law.
Failure to gain incremental success is a legitimate setback for the GGE. At the time, it just appeared to be another stumbling block that was at least moving in the right direction. Now with the establishment of another group, the GGE’s influence in such matters may be drastically reduced, and by extension, the strength of the influence of Western interests as well.
An alternative to the GGE, the Open-Ended Working Group (OEWG) was established in December 2018 in order to make negotiations on the use of information and communication technologies more transparent. While the GGE is comprised of approximately 25 states, the OEWG by definition is more inclusive, accepting participation of any interested state. The two entities are separate and independent, although many of the same issues are discussed by both groups (e.g., cyber norms, international humanitarian law (IHL), etc.). The OEWG addresses other areas of potential collaboration to include existing and potential threats and concepts to secure international IT systems.
The OEWG met in mid-September 2019 and some of the larger issues such as IHL and that had previously prevented consensus surfaced again. While states like China and Russia have pushed back on IHL in the GGE, the OEWG meeting showed more states like Egypt for instance would be more inclined to back that position by placing less emphasis on its importance than other areas. More importantly, states that hadn’t been able express their opinions in the GGE now have a vehicle to accomplish that. States like Iran have been able to submit written statements highlighting their positions on issues.
The larger OEWG may be the preferred avenue for states like China, Iran, and Russia that share the same philosophies with regards to cyberspace. Moreover, the opening of discussions to any UN member enables these governments to push for their preferred issues like cyber sovereignty (and by extension all that comes with it such as the controlling of potentially harmful information) by gaining the backing from other, smaller states, that might not otherwise have a say in the state-limited GGE. More authoritarian or closed countries may find themselves supporting the positions of their Chinese/Russian counterparts for the same reasons. Considering this, it comes as no surprise that Western countries like Australia, the United Kingdom, and the United States voted against OEWG’s establishment.
The longer the GGE continues to fail to gain any creditable gains in cyber norms, the more opportunities are available to replace it, and other multilateral initiatives that have stalled or have not made notable advancements. Another topic covered in the OEWG was the potential creation of a new international cyber convention that would ostensibly take into consideration inputs from countries like Iran and Syria that run contrary to current Western positions. Although this was only talked about, it’s easy to see how the OEWG is a potential avenue for states to quickly gain ground and influence on cyber issues.
It is difficult to argue against the inclusive nature of the OEWG. If the Internet is championed as a global asset, then it makes sense that the global community have a voice in how states operate within it. It is clear the establishment of the OEWG shows there is an appetite for it. However, getting a majority to support a position may be more challenging than just counting on allies to vote a particular way, as state priorities will alter depending on how they impact their unique interests. Emerging nations like Brazil and India have been known to sometimes align themselves with China and Russia on how the Internet should be governed but divert from their positions when it comes to content censorship and filtering. Add the “one voice/one vote” principle of OEWG, and it’s easy to see why trying to get support could prove to be difficult.
While Western states would like to maintain its dominant voice when it comes to the Internet, that is likely
MORE ALONG THIS WAY
Going forward, the United States is clearly eager to maintain its control over how the Internet works, and what the rules of cyber governance will be. This is good news for human rights activists and for free market advocates. The current system of cyber governance has been remarkably efficient and resilient in producing new platforms for free speech and the creation of tremendous economic value. The only question now is whether a system that has been set up to favour the United States and its allies is now in need of a re-fresh in order to reflect the shift to a multi-polar world filled with emerging economic powers and diverse political viewpoints.
The US invented the internet and for fifteen years after it commercialized the internet, American ideas dominated views and shaped policy. That period has come to an end but what will take its place is unclear, given the growing role of states in cyberspace and the declining power of the US (perhaps accompanied by the growing power of other countries) in shaping global governance. As cyberspace has become a central domain for international conflict (and not the millennial vision of an end to conflict), security and the role of states has become more important.
Absent a binding agreement, states will continue to operate independently as they see fit to promote, bolster, and protect their strategic objectives.
About the Author
Emilio Iasiello, Cyber Intelligence Consultant. Cyber intelligence analytic and managerial professional supporting both private and public sectors. I’ve published strategic cyber pieces in peer reviewed intelligence journals; led and developed analysts; implemented analytic production plans; and increased customer satisfaction via customised intelligence products.
Featured image: ©Skorziewiek