People sitting in conference hall showing cyber governance issues take on high-profile status at the United Nations
Cyber Governance Issues Take on High-Profile Status at the UN by Nicole Lindsey

Cyber Governance Issues Take on High-Profile Status at the UN

If this year’s General Assembly at the United Nations is any indication, then the next two years are going to be absolutely fundamental to the future development of cyberspace. On one hand, there are nations such as Russia and China that are pushing their own view of “state sovereignty” for cyberspace. And, on the other hand, there is the United States and its allies that are pushing for a “free, open and secure” cyberspace. While there is some overlap between these two competing visions of the future of cyber governance, there are some important distinctions.

United States reaffirms commitment to a free and open Internet at UN

In fact, the United States and its allies (a group of 26 other predominantly Western nations) felt so concerned that the UN might be headed in the wrong direction as a result of the whole “state sovereignty” approach backed by Russia and China that it sent out a joint statement on what constitutes responsible state behavior in cyberspace ahead of the UN General Assembly’s General Debate. The signatories to this joint statement included all of the “Five Eyes” nations (U.S., UK, Australia, New Zealand, Canada), all the major European nations, Colombia, Japan and South Korea. As they point out directly in the statement, these nations are opposed to any “efforts to undermine democracies and international institutions and organizations, and undercut fair competition in our global economy by stealing ideas when they cannot create them.”

Although this joint statement did not specifically mention Russia and China by name, it is clear that the group of 27 nations had them in mind. In the past, Russia has been accused of meddling in elections in Ukraine (2014), the United States (2016) and France (2017). Russia has also been linked to attempts to destabilize the UK before, during and after the Brexit vote in Britain. Thus, the whole mention of “efforts to undermine democracies and international institutions and organizations” was clearly aimed at Russia. And, just as notably, the mention of “efforts to undercut fair competition in our global economy by stealing ideas” is clearly aimed at China. The Western alliance is clearly rebuking both Russia and China, and warning them that their efforts to shift the debate on cyberspace will not be successful (or tolerated).

The joint statement also reaffirmed the 27 nations’ commitment to an “international rules-based order,” as well as a “free, open and secure cyberspace.” Again, it is possible to read this as a rebuke of both Russia and China. As the Western alliance nations are quick to note, it is authoritarian states such as Russia and China that are attempting to chip away at the cyber rules supporting the international world order, including rules related to human rights, freedom of expression and the right to free speech. As the West sees it, Russia and China are looking for ways to censor their citizens and crack down on opposition groups online, and the way to do that is by changing the rules of cyberspace with a new Russian resolution or new Chinese resolution.

Russia, China and the push for state sovereignty in cyberspace

In all fairness to Russia and China, they do not see their actions as fundamentally inconsistent with the international rules-based order. However, they see the United States and its allies as using the current status quo to reinforce their own power on the world stage, while refusing to listen to the legitimate concerns of other nations. Thus, they are looking for a more favorable international code of conduct to apply to cyberspace.

One good example here is the current situation involving Chinese tech giant Huawei. As the West sees it, Huawei is essentially a “front” for the Chinese government, and simply a tool for expanding the power of Chinese intelligence agencies around the world. According to the U.S., for example, Huawei is building “back doors” into all of its 5G networking equipment and attempting to get private corporations and governments to buy this 5G equipment so that they can continue to snoop around for valuable intellectual property.

China, as might be imagined, feels that that the U.S. has overstepped its boundaries in cyberspace, and needs to be restrained. As China sees it, Huawei is a legitimate Chinese tech company, and the West simply can’t stand the fact that a homegrown Chinese tech company is as powerful and influential in the world as it is. So, as the Chinese argue, the West is using rules currently in place to hold back Huawei. In order to get around this problem, the Chinese have argued that rules for cyberspace should be changed so that nations can not interfere with the economy or global supply chains of other nations. This would prevent the U.S. from turning Chinese tech companies into global pariahs.

Another good example of state sovereignty in action concerns the ability of nations to ensure social stability. A sovereign state, Russia and China argue, should not be the subject of external intervention that is meant to destabilize the nation or influence citizens to vote in a certain way. Thus, they are pushing for new rules that make it harder for states to interfere in the affairs of another nation. Thus, for example, the United States should not be able to use social media in order to influence the people of Hong Kong to think or act in a certain way.

This is where things get a bit tricky, though, because Russia and China are also claiming that the international rules-based order gives them the right to censor content, collect data online, or restrict Internet access as they see fit within their own borders, as long as they are doing so for purposes of “social stability.” As Beijing has argued again and again, China should have the right to control the Internet and technology for social stability purposes. What China and Russia fear above all else, of course, is a sort of “Arab Spring scenario,” in which the West uses the Internet as a tool for regime change. Thus, they want to have all tools at their disposal if they sense that a foreign, hostile state is seeking to diminish the legitimacy of their sovereign nation.

Cyber governance in action at the UN

Until recently, these two approaches to cyber governance were simply theoretical or philosophical differences. At the United Nations, however, there are now two different groups that are vying for control over who gets to make the rules for cyberspace, and by extension, the rules for international peace and security.

On one hand, there is a long-standing approach dating back to 2004 that involves a UN Group of Governmental Experts (GGE). There are five different times that a GGE has been convened at the UN with the primary intention of establishing new rules and norms for cyber governance. Each GGE usually consists of anywhere from 15 to 25 members, and are designed to meet only for a specified amount of time. Each time that they have met has resulted in a GGE report outlining current thinking on norms and regulations for cyber governance. If there is one takeaway from these GGE consensus reports, it is that cyberspace law is simply an extension of international law, and that all laws and conventions agreed to in the “real world” (such as the importance of human rights) should also be mirrored, as best as possible, in the “virtual world.”

However, Russia and China have begun to view each GGE as simply an “exclusive club” of Western nations looking to consolidate their economic, diplomatic, and even military power by carefully crafting all the rules of cyber governance. Thus, for the first time ever, the 2019 meeting of the UN General Assembly included an Open-Ended Working Group (OEWG) and not a GGE. This was at the direction of Russia, which wanted to include as many nations as possible in crafting the rules of cyberspace. Each OEWG, by its very definition, can feature the participation of any of the 193 member states of the UN. Thus, if it wanted to, a nation like Morocco or Venezuela could have the same input into the rules of cyber governance as a superpower like the United States. Each OEWG also can exist for as long as needed, without any clear deadline for wrapping up their work.

Just to give you an idea of how deep the distrust is between the United States and the rival powers of Russia and China, even this shift from a GGE approach to cyber governance to an OEWG approach to cyber governance came with a bit of controversy. As the U.S. sees it, the sheer size and diversity of the OEWG makes it impossible to reach any kind of consensus. Moreover, the U.S. sees the OEWG as just an obstacle to spelling out the rules for good and bad state behavior in cyberspace. It is for this reason that the United States and its closest European allies felt that they had to issue a joint statement at the UN about cyber governance. Instead of celebrating the first-ever global meeting on cyber norms for Information and Communication Technologies (ICT), they instead criticized it.

Important consequences for changes to cyber governance

It is vitally important to recognize that each change to cyber governance norms carries with it some important consequences. For example, any language that makes a nod to “state sovereignty” makes it easier for Russia and China to move ahead with their own view of the Internet. As they see it, the Internet is not global and without borders. Instead, as they see it, the Internet has borders, much as airspace has borders. The U.S. is free to do as it likes within its own airspace, just as Russia is free to do as it likes within its own airspace. However, if they want international flight traffic to be possible, then both have to abide by international laws for airspace. The same type of thinking should also apply to cyber governance, they argue. For example, Russia should be free to censor whatever content it wants to online, or to require that foreign tech giants store all of their data on servers physically based within Russian borders. If foreign tech giants such as Facebook and Google don’t want to play by those rules, then they can simply pack up and move out of Russia.

To make its case for changing the rule of cyber governance, Russia often invokes The Law of the Sea, which relies on adapting international norms for maritime activity. That same type of thinking, says Russia, should also inform any binding laws or agreements for cyber governance. In short, international norms need to be adapted to the shifting realities of cyberspace, and the potential for cyber war to develop into armed conflict. Otherwise, say Russia and China, the United States will be able to increase its economic hegemony and engage in offensive-minded cyber attacks against any military rivals. If there is one thing that Russia and China want above all else, it is a level playing field reinforced by strong cyber governance.

Future scenarios for cyber governance

The good news, at least for now, is that these fundamental tensions at the very heart of future cyber governance have not yet become acrimonious. Participants at the most recent OEWG at the UN, for example, said that the atmosphere was positive and cordial, filled with ideas for new confidence-building measures and joint approaches. Moreover, a majority of nations actually voted for both the GGE and the OEWG approach to cyber governance, so it’s not like the UN is no longer a place for reaching needed consensus. In fact, some of the nations that voted against the more inclusive OEWG approach actually ended up participating in the meeting rather than abstaining (as was initially feared).

U.S. and its 26 allies issued a joint statement on what constitutes responsible state behavior in cyberspace ahead of UN General Assembly. #respectdataClick to Post

Going forward, the United States is clearly eager to maintain its control over how the Internet works, and what the rules of cyber governance will be. This is good news for human rights activists and for free market advocates. The current system of cyber governance has been remarkably efficient and resilient in producing new platforms for free speech and the creation of tremendous economic value. The only question now is whether a system that has been set up to favor the United States and its allies is now in need of a re-fresh in order to reflect the shift to a multi-polar world filled with emerging economic powers and diverse political viewpoints.