This email is for information only.

 

Hi, everyone!

Hope you are all safe and healthy!

 

The chair of the UN OEWG has published a new letter (attached), in which he explains there will be a number of virtual meetings, with participation from capitals, to discuss the draft report, which he will publish in mid-May. GE will keep you posted on what’s happening there.

 

In case you cannot open the PDF, here’s the text from the letter:

 

 

Excellency,

 

I have the honour of addressing you in my capacity as Chair of the Open-ended Working Group on developments in the field of information and telecommunications in the context of international security (“OEWG”).

 

I would like to express my gratitude for the high number and quality of comments we received from delegations on the pre-draft, particularly in the context of the current difficult circumstances. While continuing to evaluate, together with my team, your comments, I would like to provide you with an update on our OEWG process.

 

As already indicated in my previous letters, due to the impact of the COVID-19 pandemic, our original work plan is no longer feasible. At the same time, current developments underline the importance of the issues that the OEWG is dealing with. To fulfill our mandate, I therefore intend to adapt the work plan for our way forward in preparation of our third and final substantive session.

 

Based on the comments received on the pre-draft, I will prepare, in collaboration with my Support Team, a revised draft of the report and send it to delegations around mid-May.

 

Subsequently, I will schedule a number of informal virtual meetings for a general exchange of views between delegations on the revised draft. I believe that at this point in the OEWG process, we need to continue our interactive discussions using the means at our disposal. I would like to reiterate that it is not my intention to discuss or negotiate the text line by line, regardless of the format of our meetings.

 

Within what is technically feasible, I aim to schedule the informal virtual meetings in a way that should allow capital delegations to participate. We are currently exploring the technical details and rely in this regard on the guidance from the Secretariat. Unfortunately technological constraints do not currently permit interpretation into official UN languages during virtual meetings, and our meetings will therefore have to be conducted in English only. I apologize for the inconvenience, and thank you for your understanding.

 

I shall send out the dates, agenda and technical details of the informal virtual meetings as soon as possible, to give you the opportunity to familiarize yourself with the details and make appropriate preparations for the exchange.

 

Following the informal virtual meetings, I intend to prepare the Zero Draft and send it to delegations in due time to allow for preparations ahead of the final OEWG session.

 

For the time being, we continue with the preparations for the third and final substantive session from 6 to 10 July 2020 in the traditional, in-person format, but are constantly reassessing the impact of the current situation on our OEWG process in consultation with the Secretariat. I will inform delegations in a timely manner if further adjustments become necessary.

 

I remain firmly committed to continue our work towards a successful completion of our mandate.

 

I also remain at delegations’ disposal at all times for bilateral exchange, albeit for the time being not in person.

 

Once again, as we all traverse a very challenging time, I would like to convey to all of you, as well as to your families, friends and colleagues, my sincere wishes of health, well-being, hope, and resilience.

 

Please accept, Excellency, the assurances of my highest consideration.

-------- Forwarded Message --------

Subject:	[ccwg-internet-governance] UN OEWG
Date:	Mon, 27 Apr 2020 11:49:38 +0000
From:	Veni Markovski <veni.markovski@icann.org>
To:	CCWG <ccwg-internet-governance@icann.org>

Hi, everyone.

Last week we prepared this note to inform you about the recent developments at the UN Open-Ended Working Group on cybersecurity. Hope you will find it useful.

 

 

On 28 February 2020 ICANN org published a paper to explain the processes at the United Nations  dealing with deliberations at the UN on cybersecurity and cybercrime in 2019 and 2020. One of these processes takes place within the Open-Ended Working Group (OEWG).

 

On 11 March 2020, the OEWG published its first pre-draft report, which was supposed to be discussed in a face to face meeting at the UN on March 30-31, but due to the COVID-19 pandemic the chair of the OEWG instead requested written contributions on it, which were published on the web page of the OEWG.

 

In the current informational document we look into some of the comments, submitted in response to the chair’s call for comments. We focus only on those comments that touch on ICANN’s remit.

 

***

 

Point 38 of the pre-draft report starts with: “States, during discussions and through written submissions, also proposed suggestions for the “upgrading” as well as further elaboration of norms. Proposals included, inter alia, that States should affirm their commitment to international peace and security in the use of ICTs; that it should be reaffirmed that States hold the primary responsibility for maintaining a secure, safe and trustable ICT environment; that the general availability or integrity of the public core of the Internet should be protected; [...cut...]”, and below are some of the responses by different stakeholders, relevant for this informational document.

 

 

Comments by member states (in alphabetical order)

 

China: “Given the limited amount of time we have, attention should also be drawn to avoid introducing concepts that have not gained global consensus yet (“public core” for instance) into the report.”
and: “During the previous two sessions, parties including China have put forward dozens of constructive proposals on issues such as cyber sovereignty, supply chain security, protection of critical infrastructure, refraining from unilateral sanction and fight against cyber terrorism. It is hoped that these proposals could be incorporated in the report.”

 

Egypt: “Member States should be encouraged to reach an agreed common definition of what constitutes “critical infrastructure”, with a view to agreeing, as appropriate, on prohibiting any act that knowingly or intentionally utilizes offensive ICT capabilities to damage or otherwise impair the use and operation of critical infrastructure.”

 

European Union: “Therefore, the protection of critical infrastructure is of such importance, that the EU and its Member States would suggest for the OEWG report to consider these threats, including the one posed against the general availability or integrity of the public core of the Internet.“ 

 

Germany: “State and non-state actors should neither conduct nor knowingly allow activity that intentionally and substantially damages the general availability or integrity of the public core of the Internet, and therefore the stability of cyberspace” [would be] guidance for implementation of UN GGE 2015 recommendation 13(f) and therefore bringing this also under the scope of UN GGE 2015 recommendation 13(g)
and: “Regarding paragraph 31, Germany would like to emphasize that the focus of the OEWG should be on enhancing existing norms and improving their understanding and implementation. In this regard we consider the proposals to protect the public core of the internet, not to disrupt the infrastructure essential to political processes, not to harm medical facilities and to highlight transnational infrastructure as useful additions to the already existing norms on the protection of critical infrastructure as contained in the 2015 GGE report.”

 

Iran: “The pre-draft has, however, failed to acknowledge some important corresponding threats, including unilateral coercive measures, monopoly in internet governance, anonymity of persons and things, offensive cyber strategies and policies, etc., which clearly affect awareness, resilience and capacities of the countries.”

 

The Netherlands: “To address these threats, the Netherlands would like to suggest that the OEWG considers the recommendation that “State and non-state actors should neither conduct nor knowingly allow activity that intentionally and substantially damages the general availability or integrity of the public core of the Internet, and therefore the stability of cyberspace” as guidance for implementation of UN GGE 2015 recommendation 13(f) and therefore bringing this also under the scope of UN GGE 2015 recommendation 13(g).”
and: “The Netherlands would like to suggest for the report of the OEWG to consider the threat that cyberoperations pose against the general availability or integrity of the public core of the Internet. Over the years, cyber operations against the integrity, functioning and availability of the internet has shown to be a real and credible threat.”

 

Nicaragua: notes the current “insufficient regulation of the private sector activities in the field of ICT” are a “major threat for the development of a peaceful environment of ICTs.”

 

Pakistan: “Member States should be encouraged to arrive at an agreed common definition of what constitutes “critical infrastructure”, with a view to agreeing on the prohibition of ICT activity that knowingly or intentionally damages critical infrastructure or otherwise impairs the use and operation of critical infrastructure.”

 

Russia: “The importance of “multi-stakeholder approach” with emphasis on the contribution of non-governmental sector, business and academia to ensuring responsible behaviour in the information space is artificially exaggerated. At the same time the problem of insufficient regulation of private sector activities in the ICT sphere and increasingly urgent issue of monopolization of this area is omitted as one of the key threats to the development of peaceful and competitive ICT environment.”

 

Switzerland: “For example, proposals relating to the protection of the public core of the internet, not to harm medical facilities, not to disrupt infrastructure essential to political processes and relating to transnational critical infrastructure could in our view provide valuable guidance to existing norms.”

 

USA:  “...selective elaboration of norms or identification of specific critical infrastructure sectors carries some risk of giving precedence to certain issues over others.”

 

***

 

Comments by non-governmental actors 

 

Global Partners Digital: “Recommendation: We support the recommendations by the Netherlands in the “non-paper”, to elaborate on and provide further guidance on norms (f) and (g) in the UN GGE 2015 report (Res 70/237)—namely that “State and non-state actors should neither conduct nor knowingly allow activity that intentionally and substantially damages the general availability or integrity of the public core of the Internet, and therefore the stability of cyberspace”.

 

ISOC: “The Internet’s public core encapsulates the Internet routing, naming and numbering systems (the Domain Name System), security and identity cryptography mechanisms, and communications cables. These are the core functions that make the Internet work and should be safeguarded to ensure that the Internet remains an enabling technology that has global reach and integrity. We encourage the OEWG to take due cognizance of the values of the GCSC Norm to Protect the Public Core, which emphasizes the need for both state and non-state actors to refrain from allowing any activity that could intentionally or substantially damage the general availability or integrity of the public core of the Internet, and therefore the stability of cyberspace.”

 

Microsoft: in submission one, says, “strongly supports several of the new norms that have been proposed by member states which we believe are critical additions to the existing foundation of cyber norms previously agreed in the GGE context: State and non-state actors should neither conduct nor knowingly allow activity that intentionally and substantially damages the general availability or integrity of the public core of the Internet, and therefore the stability of cyberspace.” Microsoft also calls on members to follow the Paris Call principle to “Prevent activity that intentionally and substantially damages the general availability or integrity of the public core of the Internet.”

Microsoft, in a second submission, states “Previous GGE commitments reflect this importance, and various statements since, including the Paris Call and the GCSC, reflect growing commitment to protect the technology that constitutes the backbone of internet itself from cyberattacks. Some efforts refer to this as protecting the general availability or integrity of the “public core” of the Internet, with some preferring reference to technical components of the internet. Importantly, states should agree on a new norm to protect those central components without which the global Internet would cease to operate. The GCSC defines these components as: packet routing and forwarding; naming and numbering systems; cryptographic mechanisms of security and identity; transmission media, software and data centers.”

 

Women’s International League for Peace and Freedom has raised the question about procedural issues that prevented non-ECOSOC accredited organizations to participate in the work of the OEWG, “While the decision to block any non-ECOSOC affiliated organisation from attending formal sessions of the OEWG in September 2019 and February 2020 is a procedural one, it has been addressed openly during substantive sessions, warranting inclusion in the summary paragraphs of the draft report.“

 

12 NGOs joint statement: “Attacks on critical infrastructure, and here also on "supranational critical information infrastructure" (which should be understood to include the Domain Name System and other elements of the public core of the Internet), pose not only "a threat to security but also to economic development and people’s livelihoods" (paragraph 19). We suggest that this human cost of attacks on critical infrastructure and their impact on human rights be directly and clearly referred to in the report.“

and 

“We support the recommendation in paragraph 38 that the general availability or integrity of the public core of the Internet should be protected, which should be understood as further specification or elaboration of the already agreed 2015 GGE norms to protect critical infrastructure. Public core refers to critical elements of the infrastructure of the Internet, namely packet routing and forwarding, naming and numbering systems, the cryptographic mechanisms of security and identity, transmission media, software, and data centers.“

(These 12 NGOs are: Access Now, Association for Progressive Communications, Centre for Communication Governance at National Law University Delhi, Derechos Digitales, Fundación Karisma, Global Partners Digital, Kenya ICT Action Network (KICTANet),  International Center for Not-for-Profit Law, R3D: Red en Defensa de los Derechos Digitales, Research ICT Africa, Media Foundation for West Africa, YMCA computer training centre and digital studio, the Gambia.)