The statement, delivered on behalf of the organizations by Ms Allison Pytlak, a Programme Manager at the Women’s International League for Peace and Freedom (WILPF), called on States to halt the development and deployment of intentionally harmful cyber capabilities, strategies, and doctrines, particularly those directed against critical infrastructure, including health and information infrastructure, and the public core of the Internet.
Media Rights Agenda (MRA) has joined 12 other civil society organizations and technology companies in calling on member States of the United Nations to recognise the human rights impact of international cyber operations and refrain from using cyber security-related laws, policies, and practices as a pretext to violate human rights and fundamental freedoms.
In a joint statement on cyber peace and human security delivered to the UN General Assembly’s First Committee on Disarmament and International Security on October 8, 2021, the 13 organizations urged States to implement the already-agreed norms for behaviour in cyber space while seeking a common understanding about how international law, including international humanitarian and human rights law, applies to state action in cyber space.
Besides the WILPF and MRA, the other organizations which signed on to the states are Acronym Institute for Disarmament Diplomacy, the Association for Progressive Communications, the Colombian Campaign to Ban Landmines, Cybersecurity Tech Accord, Derechos Digitales, Digital Peace Now Society, Global Partners Digital, ICT4Peace, Jokkolabs Banjul, Kaspersky, and Microsoft.
The organizations noted that 2021 has been an important year for multilateral efforts seeking to advance international cyber peace and security within the UN, stressing that both the First Committee-established cyber processes concluded their work in the first half of the year as the sixth Group of Governmental Experts (GGE) on advancing responsible state behaviour in cyber space and the first Open-ended Working Group (OEWG) on information and communications technologies (ICTs) both adopted reports by consensus that re-affirm past agreements and recommendations, while also setting out some new understandings.
They argued that despite the politicised establishment of the two groups, their respective outputs are substantive and highly complementary.
The organizations said the two groups had also generated momentum toward the establishment of new and potentially more permanent forums, pointing out that the high level of participation in the OEWG from diverse governmental and non-governmental stakeholders speaks to the importance of this issue.
They said: “It also demonstrates that a wide range of stakeholders, including those affected by cyber security, have a crucial role to play in the First Committee-cyber processes. Despite these developments, the threat landscape is bleak. Throughout the COVID-19 pandemic, operations targeting medical facilities and agencies worldwide have sought to undermine responses to the health crisis, spread misinformation, or exploit our reliance on digital connectivity for nefarious ends.”
The organizations contended that multiple high-profile operations involving supply chains, and critical physical and information infrastructure, have shown the far-reaching impacts of aggressive action in cyber space, adding that such actions demonstrate that the legal ambiguities surrounding the application of international law to state behaviour in cyber space are being exploited, and that relevant norms against such behaviour are not being respected.
According to them, “disturbing revelations about human rights abuses enabled by surveillance technologies have prompted warnings from the UN High Commissioner for Human Rights and calls for a moratorium on their sale. And within disarmament and arms control processes, there is rising concern about the digital vulnerabilities of existing weapon systems and the implications for illicit weapons trafficking.”
They argued that regardless of the form it takes, “technology-facilitated violence must be understood in light of its impact on lives and livelihoods. Human security is at the heart of cyber security and therefore demands humancentric and rights-based approaches to establishing a peaceful ICT environment.”
The organizations noted that it has been encouraging to see a growing number of states calling for such an approach, including the recognition of the differentiated impact of cyber operations on marginalised people, women and girls, and people of diverse sexualities and gender expressions.
Other recommendations made by the organizations to UN member states at the First Committee are:
States should follow through on the recommendations in the GGE and OEWG final reports to publicly release statements on how they understand their own obligations for responsible behaviour under international law.
States should also invoke international law or refer to the UN norms when condemning state-led and state-sponsored cyber actions to build awareness of and support for legal and normative limitations.
The UN should close the existing accountability gap by adopting multilateral mechanisms that will foster transparency, uphold state responsibility, and prevent conflict, as well as deter technology-enabled human rights abuses.
States should establish a permanent forum to consider international cyber peace matters as it is clear that after 23 years of UN cyber talks, ad-hoc deliberations do not go far enough to meaningfully address current and future threats. The added that while they welcome the establishment of the second OEWG, continuity is important and, therefore, the proposal for a cyber programme of action, which has now been supported by over 50 states, merits expedited examination.
Whether in the second OEWG or a future permanent forum, states should prioritise establishing accountability mechanisms, pointing out that proposals have already been circulated in the OEWG and elsewhere that outline possible peer review processes, surveys, reporting practices, and the creation of structures for independent and impartial attribution.
The UN should ensure the regular and meaningful participation of non-governmental stakeholders in the second OEWG and in any future UN forums as diverse actors have an established role to play in operationalising and promoting the cyber norms and relevant international law, building capacity and resilience, and in monitoring and responding to cyber incidents. They stressed that these experiences and expertise need to be better integrated into UN cyber dialogues.
The UN should seek complementarity and communication between and among the various processes on cyber-related issues and digital security, including those established by the First Committee, the Third Committee, the UN Secretary-General, and related human rights and technical bodies.