Welcome back to the 21st issue of the NetMission Digest. Here, we have highlighted critical developments that are shaping the landscape of global digital governance. We’ll begin by examining the latest updates on the Global Digital Compact (GDC) and the UN Cybercrime Convention, offering a closer look at how both global and national efforts are influencing the future of digital governance, human rights protection, and societal resilience against cyber threats.
Stakeholder Concerns on the Global Digital Compact’s Third Draft
The Global Digital Compact (GDC), introduced in the United Nations Secretary-General’s “Our Common Agenda” report in 2021, aims to create an inclusive framework for a free, open, and secure digital future for all. Among its core objectives are overcoming digital divides, ensuring digital technologies benefit all of humanity, and maintaining the global nature of the Internet. However, the latest version of the GDC, circulated among UN Member States in July 2024, has raised concerns across various communities.
Civil societies are advocating for the GDC to more firmly ground its objectives in international human rights law, emphasizing the need for explicit references to these principles throughout the document. They urge to explicitly include references to international humanitarian and refugee law to ensure a comprehensive approach that integrates all branches of international law aimed at protecting individuals.
Meanwhile, the technical community expresses unease about the proposed new multilateral processes for implementing the GDC, preferring to strengthen existing mechanisms like the WSIS Forum and the Internet Governance Forum (IGF), instead of creating a new office for UN system-wide coordination and a High-Level Review with modalities to be defined through intergovernmental consultations. Another significant concern is the ambiguous language which could be misconstrued by the Member States in the document, which some fear could lead to increased state intervention and undermine the established understanding of an open and free Internet. For example, the Internet governance section in the document introduces a new term “reliable” to the Internet, which due to its ambiguity and potential for misinterpretation, could create uncertainty about the desired characteristics of the Internet as envisioned by the GDC.
Relevant Reading Material
- UN’s Global Digital Compact is looking like an authoritarian dream
- Civil Society Joint Brief on the UN Global Digital Compact
- Global Digital Compact Rev.3: Internet Society’s Views
- JPRS issued a statement about concerns about the Global Digital Compact process and its possible outcomes
Balancing Security and Rights: Controversy Over the New UN Cybercrime Convention
On August 8, 2024, the United Nations passed its first cybercrime treaty after nearly three years of negotiations, which now awaits a formal adoption by the General Assembly. The treaty aims to enhance the prevention and combatting of cybercrime by requiring member states to implement legislation that criminalizes unauthorized breaches of information and communication systems. It also mandates that states make the production or sale of explicit child sexual content online illegal. To enforce these laws, the treaty permits states to “collect or record” relevant data for convictions and “compel” service providers to hand over incriminating information or documents.
This revised draft of the treaty was found “ambiguous” by the Cybersecurity Tech Accord, a group representing tech companies. In their last minute open letter, they stated that this treaty doesn’t do enough for press freedom, gender equality, and human rights. Their concerns were that the states were allowed to share personal information without being detected and criminalize “legitimate” online activity due to the broader definitions of what crimes are considered fraud or child sexual abuse. This makes it harder for the victims of cybercrime to see justice. Nick Ashton-Hart, Head of the Tech Accord Delegation says, “Global business doesn’t support the text as it is – it should be abandoned“. The member states were urgently requested to draw their focus on the serious flaws that various communities have repeatedly identified and were asked not to adopt the convention without addressing all the issues.
Microsoft also shares similar concerns in their submission. It says several of the already harmful provisions are not broader, limitations on the scope have been removed and human rights articles are weakened. This treaty also saw unsupportiveness from various human rights groups including the UN’s Office of the High Commissioner for Human Rights (OHCHR). They want the negotiators to ensure the Cybercrime Convention complies with the existing international law and a list of criminal offenses should be narrowed down so that it doesn’t affect key rights like freedom of expression. The UN’s former special rapporteur on freedom of expression, David Kaye believes that passing this treaty would be a “disaster” for protecting human rights across borders.
Relevant Reading Material
- UN committee approves first cybercrime treaty despite widespread opposition
- UN cybercrime treaty passes in unanimous vote
- UN approves its first treaty targeting cybercrime
A Global Outage to an Opportunity for Cybersecurity Reform?
On August 23, Microsoft announced plans to hold a summit in September to address cybersecurity improvements following a global IT outage caused by a faulty update from CrowdStrike in July. The outage, which impacted around 8.5 million Windows devices and disrupted various industries, highlighted the vulnerabilities of relying on a single vendor for security solutions. The summit, set for September 10 at Microsoft’s headquarters in Redmond, Washington, will bring together government representatives to discuss enhancing the resilience of cybersecurity systems. CrowdStrike, which has lost about $9 billion in market value since the incident, is facing lawsuits from shareholders who allege the company concealed the risks of inadequate software testing. Delta Air Lines is also pursuing legal action against both CrowdStrike and Microsoft after the outage led to widespread flight cancellations, costing the airline at least $500 million.
Relevant Reading Material
- Explaining the largest IT outage in history and what’s next
- A dummies guide to the great CrowdStrike outage
- Recent CrowdStrike outage highlights vulnerabilities in tech-dependent world
What are we reading & listening
This week, we’re diving into key insights and discussions on cybersecurity and technology in Asia Pacific. PwC’s report on Cybersecurity in Asia Pacific (May 2024) examines the region’s rising threats and the adoption of generative AI to combat them, while Audrey Tang’s CNN interview highlights Taiwan’s strategies against cyberattacks. GSMA’s Mobile Economy Asia Pacific 2024 (July) report explores the economic impact of mobile technology, and EngageMedia offers a unique look at the 2024 tech-influenced elections from the perspective of the youth.
Written by Ankita Rathi (Edited by Kenneth Leung, Jenna Manhau Fung, Yukako Ban, Qurra Tul Ain Nisar)