Fork in the Road? UN General Assembly passes Russia-backed Resolution to fight Cybercrime

By Sharngan Aravindakshan

On 19 November 2019, the Third Committee of the United Nations General Assembly passed a Russia-backed resolution. The resolution called for the establishment of an ad-hoc intergovernmental committee of experts “to elaborate a comprehensive international convention countering the use of information and communications technologies for criminal purposes” (A/C.3/74/L.11/Rev.1). China, Iran, Myanmar, North Korea and Syria were also some of the countries that sponsored the resolution. Notably, countries such as Russia, China and North Korea are all proponents of the internet-restrictive “cyber-sovereignty” model, as opposed to the free, open and global internet advocated by the Western bloc. Equally notably, India voted in favour of the resolution. The draft resolution, which was passed by a majority of 88-58 with 34 abstentions, can be accessed here.

The resolution was strongly opposed by most of the Western bloc, with the United States leading the fight against what they believe is a divisive attempt by Russia and China to create UN norms and standards permitting unrestricted state control of the internet. This is the second successful attempt by Russia and China, traditionally seen as outliers in cyberspace for their authoritarian internet regimes, to counter cybernorm leadership by the West. The resolution, to the extent it calls for the establishment of an open-ended ad hoc intergovernmental committee of experts “to elaborate a comprehensive international convention” on cybercrime, is also apparently a Russian proposal for an alternative to the Council of Europe’s Budapest Convention.

Similarly, last year, Russia and China successfully pushed for and established the Open-Ended Working Group (OEWG), also under the aegis of the United Nations, as an alternative to the US-led UN Group of Governmental Experts (GGE) in the attempt at making norms for responsible state behaviour in cyberspace. Hence, we now have two parallel UN based processes working on essentially the same issues in cyberspace. The Russians claim that both these processes  are complementary to each other, while others have stated that it was actually an attempt to delay consensus-building in cyberspace. In terms of outcome, scholars have noted the likelihood of either both processes succeeding or both failing, or what Dennis Broeders termed “Mutually Assured Diplomacy”.

Criticism

The Russia-backed cyber-crime resolution, while innocuously worded, has been widely criticized by civil society groups for its vagueness and for potentially opening the door to widespread human rights violations. In an open letter to the UN General Assembly, various civil society and academic groups have expressed the worry that “it could lead to criminalizing ordinary online behaviour protected under human rights law” and assailed the resolution for the following reasons:

• The resolution fails to define “use of information and communication technologies for criminal purposes.” It is not clear whether this is meant to cover cyber-dependent crimes (i.e. crimes that can only be committed by using ICTs, like breaking into computer systems to commit a crime or DDoS attacks) or cyber-enabled crimes (i.e. using ICTs to assist in committing “offline” crimes, like child sexual exploitation). The broad wording of the text includes most crimes and this lack of specificity opens the door to criminalising even ordinary online behaviour;

• The single reference to human rights in the resolution, i.e., “Reaffirming the importance of respect for human rights and fundamental freedoms” is not strong enough to counter the growing trend among countries to use cybercrime legislation to violate human rights, nor does it recognize any positive obligation on the state to protect human rights.

• It is essentially a move to negotiate a cybercrime convention or treaty, which will duplicate efforts. The Council of Europe’s Budapest Convention already has the acceptance of 64 countries that have ratified it. Also, there are already other significant international efforts underway in combating cybercrime including the UN Office on Drugs and Crime working on various related issues such as challenges faced by national laws in combating cybercrime (Cybercrime Depository) and the Open Ended Intergovernmental Expert Group Meeting on Cybercrime, which is due to release its report with its findings in 2021.

• The resolution fails to adopt or even acknowledge a multi-stakeholder approach to combating cybercrime, something that has gained recognition in multiple other international efforts in cybernorm-making. The 2019 report of the Global Commission on Stability in Cyberspace, the UN Working Group on Internet Governance, the G8’s Declaration in 2011, the 2013 UNGGE Report, the 2018 General Assembly resolution on “Advancing responsible State behaviour in cyberspace in the context of international security” and the June 2019 report of the UN Secretary General’s High-level Panel on Digital Cooperation are some examples.

Wolves in the hen-house?

Russia’s record in human rights protection in the use of information and communications technology has been controversial. Conspicuously, this resolution comes just a few months after it passed its “sovereign-internet law”. The law grants the Kremlin the power to completely cut-off the Russian internet from the rest of the world. According to Human Rights Watch, the law obliges internet service providers to install special equipment that can track, filter, and reroute internet traffic, allowing the Russian government to spy, censor and independently block access to internet content ranging from a single message to cutting off Russia from the global internet or shutting down internet within Russia. While some experts have doubted the technical feasibility of isolating the Russian internet no matter what the government wants, the law has already come into force from 1 November 2019 and it definitely seems like Russia is going to try.

Apart from this, there have also been credible claims attributing various cyberattacks to Russia, including the 2007 attacks on Estonia, the 2008 attacks on Georgia and even the recent hacking of the Democratic National Committee (DNC) in the US. More recently, in a rare incident of collective public attribution, the US, the UK and the Netherlands called out Russia for targeting the Organization for the Prohibition of Chemical Weapons’ (OPCW) investigation into the chemical attack on a former Russian spy in the U.K., and anti-doping organizations through cyberattacks in 2018.

China, another sponsor of the resolution, is also not far behind. According to the RAND Corporation, the most number of cyber-incidents including cyber theft from 2005- 2017 was attributed to China. Also, China’s Great Firewall is famous for allowing internet censorship in the country. A Russo-China led effort in international cybernorm making is now widely feared as portending stricter state control over the internet leading to more restrictions on civil liberties.

However, as a victim of growing cyber-attacks and as a country whose current public stance is against “data monopoly” by the West, India is going to need a lot more convincing by the Western bloc to bring it over to the “free, open and global” internet camp, as its vote in favour of this resolution shows. An analysis of the voting pattern for last year’s UNGA resolution on countering the use of ICT for criminal purposes and what it means for international cyber norm making can be accessed here.

Fractured Norm-making

This latest development only further splinters the already fractured global norm-making process in cyberspace. Countries such as the United States are also taking the approach of negotiating separate bilateral cyberspace treaties with “like-minded nations” to advance its “cyber freedom” doctrine and China is similarly advancing its own “cyber-sovereignty” doctrine alongside Russia.

Add to this mix the private sector’s efforts like Microsoft’s Cybersecurity Tech Accord (2018) and the Paris Call for Trust and Security in Cyberspace (2018), and it becomes clear that any unified multilateral approach to cybernorm making now seems extremely difficult, if not impossible. With each initiative paving its own way, it now remains to be seen whether these roads all lead to cyberspace stability.

Budapest Convention on Cybercrime – An Overview

By Shalini S

The Convention on Cybercrime or Budapest Convention is the only binding multilateral treaty instrument aimed at combating cybercrime. It was drafted by the Council of Europe with active participation from its observer states in 2001. The Convention provides a framework for international cooperation between state parties to the treaty. It is open for ratification even to states that are not members of the Council of Europe. The Convention is the only substantive multilateral agreement with a stated objective of addressing cybercrime with convergent, harmonized legislation and capability building. Therefore, it is widely recognized as a decisive document on international best practice and enjoys compliance even from non-signatory states. Most model legislation and attempts at drafting a new international instrument on cybercrime have also relied on the principles expounded in this Convention. The Budapest Convention is also supplemented by an Additional Protocol to the Convention which was adopted in 2003.

Offences under the Convention

The Budapest Convention broadly attempts to cover crimes of illegal access, interference and interception of data and system networks, and the criminal misuse of devices. Additionally, offences perpetrated by means of computer systems such as computer-related fraud, production, distribution and transmission of child pornography and copyright offences are addressed by provisions of the Convention. The substantive offences under the Convention can broadly be classified into “(1) offences against the confidentiality, integrity and availability of computer data and systems; (2) computer-related offences; (3) content-related offences; and (4) criminal copyright infringement.”[1] The Additional Protocol makes the act of using computer networks to publish xenophobic and racist propaganda, a punishable offence. However, the full range of cybercrimes are not covered under the Budapest Convention. These include cybercrimes such as identity theft, sexual grooming of children and unsolicited spam and emails.[2]

Provisions of the Convention

The treaty functions on a mutual information sharing and formal assistance model in order to facilitate better law enforcement and lays down procedure to seek and receive such assistance. Article 23 of the Convention outlines the general principles under which international cooperation can be sought, as follows:

“Article 23 – General principles relating to international co-operation

The Parties shall co-operate with each other, in accordance with the provisions of this chapter, and through the application of relevant international instruments on international cooperation in criminal matters, arrangements agreed on the basis of uniform or reciprocal legislation, and domestic laws, to the widest extent possible for the purposes of investigations or proceedings concerning criminal offences related to computer systems and data, or for the collection of evidence in electronic form of a criminal offence.”

It is clear then that assistance facilitated by the Convention relies on pre-existing cooperative agreements between the parties. Thus, as also stated in Article 39 of the Convention, the provisions only serve to supplement multilateral and bilateral treaties already effective between parties. In addition, mutual legal assistance (MLA) between parties where no such mutual arrangements exists, can be facilitated through procedures laid down under Article 27. Principles and procedures related to extradition for criminal offences under the Convention is also detailed in Article 24 of the Budapest Convention. These sections primarily aid formal legal assistance between signatory parties to the Convention in case of a cybercrime (as defined under the Convention itself).

The Convention itself does not demand ‘dual criminality’ per se. However, the adoption of the Convention demands harmonization of national legislations and results in reciprocal criminalization. This is crucial as the Convention has mutual assistance and extradition provisions, both easier to process when dual criminality is established between the requesting and assisting parties.

The Cybercrime Convention Committee (T-CY) was setup to represent the interests of and foresee regular consultations between state parties to the Convention. The biannual plenaries conducted by the T-CY and working groups discuss developments, shortcomings, grievances and possible amendments of the Budapest Convention.

Significant Drawbacks of the Convention

The Convention on Cybercrime has also come under severe criticism for both its specific provisions that fail to protect rights of individuals and states, and its general inadequacy in sufficing to ensure a cyberspace free of criminal activity.

The 12^th Plenary of the T-CY (at page 123) concluded that the mutual legal assistance facilitated by the Convention was too complex and lengthy, rendering it inefficient in practice. The outdated nature of provisions of the Convention clearly fail to cater to the needs of modern investigation.

The provisions of the Convention have been critiqued for supposedly infringing on state sovereignty. In particular, Article 32 has been contentious as it allows local police to access servers located in another country’s jurisdiction, even without seeking sanction from authorities of the country. In order to enable quick securing of electronic evidence, it allows trans-border access to stored computer data either with permission from the system owner (or service provider) or where publically available. As Russia finds this provision to be an intolerable infringement of its sovereignty (amongst other things),^[3] it has categorically refused to sign the Convention in its current state. However, it is important to note that the claim that provisions infringe on sovereignty has been addressed and countered by the T-CY in its guidance note on Article 32

Russia’s displeasure with the existing multilateral instrument was evidenced by the introduction of a Russia-backed proposal for an international cyberspace treaty. The proposal, specifically for a convention or protocol on cybersecurity and cybercrime was considered and rejected at the 12^th UN Congress on Crime Prevention and Criminal Justice. US and EU refused to countenance a new cybercrime treaty, opining that the Budapest Convention sufficed and efforts should be directed at capacity building.

Regardless, Brazil and China which have expressed displeasure at the primarily-European treaty, have refused to adopt the Convention for the same reason. India also continues to remain a non-signatory to the inequitable Convention, having categorically declined to adopt the Convention which was drafted without its participation. India’s statements also reflect its belief that the Budapest Convention in its present form is insufficient in tackling cybercrimes. This may hold especially true as India routinely faces cyber-attacks from China. This is a problem that will not be resolved by mere ratification of the Budapest Convention as China is a non-signatory to the treaty. With multiple countries remaining a non-signatory, with little scope for change in their positions, the reach of the Convention is certainly limited. There is a demonstrable need for a unique, equitable and all-encompassing instrument that governs cybercrime. To ensure maximum consensus and compliance, this instrument must necessarily be negotiated with active participation from all states.

[1] Jonathan Clough, A World of Difference: The Budapest Convention on Cybercrime and the Challenges of Harmonisation, Monash University Law Review (2014) at page 702, https://www.monash.edu/__data/assets/pdf_file/0019/232525/clough.pdf (last visited Mar 2, 2016).

[2] Ibid.

^[3]Kier Giles, Russia’s Public Stance on Cyberspace Issues, in 4th International Conference on Cyber Conflict (2012) at page 67, https://ccdcoe.org/publications/2012proceedings/2_1_Giles_RussiasPublicStanceOnCyberInformationWarfare.pdf (last visited March 2, 2016).

Wuzhen 2015: Evaluating China’s Competing Vision of the Internet

By Puneeth Nagaraj

The 2^nd World Internet Conference (WIC) was held in the town of Wuzhen in China from 16^th-18^th December, 2015. Organized by the Chinese government since 2014, the WIC is China’s attempt to present an alternate vision of internet governance, with its pitch for increased ‘cyber-sovereignty’. This is in contrast to the prevailing notion across the world that internet should be governed by a multistakeholder model. The WIC is part of China’s effort to establish a stronger presence in the internet governance sphere, with many in China likening Wuzhen to an ‘internet Davos’.

One of the ways the Chinese government is attempting to make its presence felt is by attracting high profile names to the WIC. The 2^nd edition made news for the presence of Fadi Chehade, the ICANN CEO.  Chehade was also appointed to the High Level Advisory Committee of the WIC’s organizing Secretariat, a move that has come in for criticism from some quarters. He is among a list of appointees that include Jack Ma of the Alibaba group and Werner Zorn, the “father of the German Internet”. But the 2^nd edition was notable for its absentees as much as it was for those who attended it. The resistance to an event like the WIC is based on China’s idea of cyber-sovereignty and fears of creating a walled internet that limits access to the internet based on jurisdiction.

In his speech at the opening ceremony of the WIC, Chinese President Xi Jinping- on whose account the conference was suddenly moved from October to December– reiterated China’s case for sovereign control of the internet. China has traditionally made the contested claim that the notion of sovereign control of the internet is based on the principle of sovereign equality, as enshrined in the UN Charter. This position is completely in opposition to the idea that all stakeholders should play an equal role in the governance of the internet given the historical role of the different stakeholders in the creation and development of the internet.

However, China’s claim to sovereignty over the internet is not without its supporters. For instance, the ITU Secretary General Zhao Houlin spoke at the WIC of the difference between internet governance which should involve all stakeholders and cybersecurity where states should play a dominant role. This is also consistent with ITU’s position as a multilateral institution which facilitates inter-state discussions on issues like cybersecurity.

On the issue of cybersecurity, China’s position is on firmer ground. The Outcome Document of the recently concluded WSIS 10-year review, points to the consensus among States of the ‘leading role’ played by States in cybersecurity matters. The High Level Meeting of the WSIS Review which happened at the same time as the WIC presented the best evidence of this position. Countries from across the board pushed for language that reiterated the central role of States in cybersecurity issues, rejecting suggestions for a more human rights compatible approach that took on board other stakeholders. Thus, the opposition to China’s push for greater prominence in the internet sphere is not based merely on its support of cyber-sovereignty.

Rather, the resistance stems from a deeper of mistrust of China based on the government’s domestic stranglehold over the internet. Activists have long protested China’s blocking of many popular services like Google, Facebook and Twitter which continue to remain unavailable in China. Ironically, it has been reported that international participants of the 2^nd WIC were surreptitiously given access to these sites through special devices and ‘cheat codes’.

Yet, commentators are divided over whether the wider international community must engage with an event like the WIC. Some advocate a healthy scepticism towards China’s own policies, but point to the benefits of engaging directly with the Chinese government on what is meant to be an international platform for internet governance. Others argue that despite the marginal benefits of engaging with China, large scale attendance of the WIC would grant legitimacy to the arguably repressive policies Chinese government.

Criticism notwithstanding, China is committed to making WIC a platform where a competing vision of internet governance can gain traction. Whether this actually happens depends on 1) how open and accessible the next editions of the WIC are to the wider internet community; and 2) how willing the Chinese government is to engage in other internet governance fora that are more multistakeholder than multilateral. China has already succeeded in similar initiatives in other issue domains like trade where it hosts an annual trade fair that is widely attended. Appointing a High Level Advisory Board comprising of the CEO of a multistakeholder institution like ICANN and an internationally well regarded figure like Jack Ma (who is part of the coordination council of the NetMundial initiative) seems like a step in the right direction. It remains to be seen if this will lead to other such moves or if the WIC will be confined to a corner of the internet governance map.

Puneeth Nagaraj is a Project Managers at the Centre for Communication Governance at National Law University Delhi

No Recognition for the New Generation of Digital Rights

By Puneeth Nagaraj and Gangesh Varma

The original article was published on The Wire on 5th January, 2016.

Plenty of Loose Ends. Credit: Pascal Charest/Flickr CC BY-NC-ND 2.0

The international community’s attempt to shape a new agenda for the Information Society by taking forward the Declaration of Principles and the Tunis Agenda adopted over a decade ago has produced a mixed bag that disappoints more than it pleases.

The WSIS was a two-phase summit which was initiated in 2003 at Geneva and had its second phase in 2005 at Tunis. The summit was a reaction to the growing importance of information and communication technologies (ICTs) in development and a recognition of the crucial role the Internet played in shaping the landscape of the information society. The first phase in Geneva focused on a wide range of issues affecting the information society including human rights, and ICTs for development. The Tunis Agenda in 2005 was focused on developing financing mechanisms for ICT for development and governance of the Internet. The Tunis Agenda was also the first time a globally negotiated instrument articulated a definition of Internet governance and incorporated the notion of multistakeholder governance. However, it was a negotiated outcome in the debate between multilateral and multistakeholder models in global governance. This resulted in the inclusion of the ambiguous concept of  ‘Enhanced Cooperation’ which was conceived as a device to discuss unresolved contentions.

The ten-year review in 2015 was meant to take stock of the changes in the information society since Tunis and create a new agenda for the next decade. The conclusion of the high level meeting with an agreed outcome document means the negotiations were completed successfully. But the outcome itself is a qualified success at best.

Outcome document

The review process has revealed that while there are new concerns that have emerged from the evolution of the Internet and its uses, the underlying debates still remain the same. For instance, human rights and cybersecurity were both issues that were covered by the Tunis Agenda. But the fact that they have their own sections in 2015 highlights the increased importance of both these issues. Internet governance, on the other hand is an issue that has not moved in the last 10 years.

World leaders at WSIS 2003, Geneva, where the original Declaration of Principles were adopted. Credit: Jean-Marc Ferré

The inclusion of a separate section on human rights has received praise from all quarters. It is also a testament to the increasing importance of human rights in the information society. The acknowledgement of human rights resolutions from other fora like the Human Rights Council and human rights instruments like the International Covenant on Civil and Political Rights and the Universal Declaration of Human Rights is encouraging. This means that nations have an additional mandate to respect human rights obligations while dealing with the Internet and ICT issues. At the same time, it must be noted that no reference was made to the International Covenant on Economic, Social and Cultural Rights which is especially pertinent for countries from the Global South.

It is also disappointing that the document fails to recognise a new generation of ‘digital rights’ that have increased in importance over the last decade. There is only a passing reference to privacy and there is no mention of network neutrality at all. It appears from the statements at the General Assembly that countries like the US and UK were not very keen on privacy and network neutrality. On the other hand, many European countries, notably the Netherlands, were pushing for stronger language on these issues. The outcome text is a negotiated compromise on many issues and the human rights language is the best example of this. But the fact that it ignores widespread public sentiment on issues that will be at the forefront over the next decade is worrying.

On Internet governance, the outcome text calls for immediate, concrete action on Enhanced Cooperation and greater participation in Internet governance institutions. But if this section of the outcome document is compared with the Tunis Agenda, it would seem like nothing has changed in the last decade. The outcome document is an attempt to update many foundational concepts in Internet governance such as Enhanced Cooperation and multistakeholderism. India for its part, reiterated support for a multistakeholder model but also drew attention to the importance of greater representation and participation of actors from the developing world in multistakeholder platforms.  One such platform is the Internet Governance Forum (IGF), whose mandate was extended for another 10 years. Unfortunately the conditionalities of the extension, including showing tangible outcomes on issues like accountability and representation, were diluted during the final negotiations. The outcome document thus failed to adequately address many pressing issues like the need for greater accountability and meaningful participation on Internet governance platforms.

Increasing threats to cybersecurity and the difficulty in dealing with cybersecurity is a concern that all countries were alive to. For developing countries, the capacity to deal with such threats heightened the importance of this issue. The outcome document reflects this position with a separate section on cybersecurity. It recognises the central role of states in dealing with cybersecurity issues, but also acknowledges the role other stakeholders have to play. The role that cybersecurity measures have to play in securing development projects through ICTs and the Internet has also been highlighted. However, the cybersecurity language fails to acknowledge the need to create a safe and secure Internet ecosystem for all users. As it stands, this section takes a securitised view of the Internet. This is unfortunate given that an earlier version of the document circulated last week took a more nuanced approach that focussed on the cyberspace as a safe platform whereas the outcome document takes a protectionist approach . However, like the human rights text, it appears that this was a casualty of negotiated compromise.

India’s Role

India played a critical role in negotiations, and contributed to an international agreement around the idea that all stakeholders, and not just governments, need to be a part of conversations about Internet governance. Speaking at the high level meeting of the 10-year review of the World Summit on Information Society (WSIS), the Indian delegation emphasised the role the Internet and ICTs have played in the country’s remarkable growth story over the last decade. India, along with other developing nation delegations were also quick to point out there is still a lot of work to be done in connecting the four billion people worldwide who have no access to the Internet.

Broadly speaking, India played a crucial role in these negotiations as a key swing state. On many contentious issues, the country played a facilitative role. On issues where the stated government policy aligned with the middle ground, like multistakeholderism and human rights, India took strong positions that helped achieve consensus. This was evident from its statement at the General Assembly supporting multistakeholderism but calling for greater representation. Similarly, India supported the outcome document on many issues like Internet governance, access and development but highlighted its own priorities in the process.

India’s role in bringing the WSIS negotiations to a successful conclusion has not gone unnoticed. Its unequivocal positions on contentious issues have come in for praise in the international community. However, the most difficult part of the process lies ahead in realising the WSIS vision and achieving the SDGs (sustainable development goals) over the next decade. India certainly has a big role to play in fulfilling both these international mandates and domestic development goals. It remains to be seen if it can rise to the challenge.

Puneeth Nagaraj and Gangesh Varma are Project Managers at the Centre for Communication Governance at National Law University Delhi

Indian statement on ITU and Internet at the Working Group Plenary

Statement from Indian Head of Delegation, Mr Ram Narain for WGPL

Chairman of Working Group Plenary, Mr Musab Abdulla, Head of Delegations, delegates, ladies and gentlemen, good morning to you all. I was indeed impressed with the camaraderie with which discussions were held inspite of the fact that delegates discussing the issues have different cultures, languages, nuances, impressions and sometimes, interests.
Governance of Packet switched data Telecom Networks based on Internet Protocol (IP), popularly known as Internet, has become an important and contentious issue due to several reasons known to all of us. We proposed a draft resolution to address some of these key issues pertaining to IP based networks. When we put up the proposal, I had thought that the proposal would contribute in diminishing some of the differences. These issues and their probable solutions are given in our draft resolution, document 98, about which we were ready to take constructive inputs.

Information is power these days. The wise Lord Acton said about hundred and fifty years ago that Power tends to corrupt and absolute power corrupts absolutely. The countries in modern times have become great on the principles of equality, liberty and justice. As and when these principles were compromised great powers lost their hold. Broadband penetration and connectivity has been the important running theme of this conference. We believe this, like great empires, can only be built on the principles of fairness, justice, and equality. No Telecom Network whether IP based or otherwise can function without naming and numbering, which is the lifeline of a network. Their availability in a fair, just and equitable manner, therefore, is an important public policy issue and needs to be dealt that way. We believe that respecting the principle of sovereignty of information through network functionality and global norms will go a long way in increasing the trust and confidence in use of ICT.

There are number of existing Internet related resolutions, but they only touch the issue in general and, therefore, without focus concrete action does not happen. Our Resolution was with a view to deal with the issues in a focused manner. Some countries supported our draft resolution, while some others were not able to support it. Some stated since the proposal is a comprehensive one, dealing with a number of important issues, more time is needed for them to develop a view on it. Due to the number of proposals with Ad-hoc group lined up before our draft resolution, there was no time left for detailed discussion on the proposal. Therefore, India agreed not to press the resolution for discussion due to paucity of time, with an understanding that for these issues of concerns for many Member States, contributions can be made in various fora dealing with development of IP based networks and future networks, including ITU. India would like that discussion should take place on these issues and we look forward to these discussions. We would request that this Statement is included in the records of plenipotentiary-14 meeting.

We would like to express our thanks for the cooperation extended by various Member States, particularly USA, for appreciating our concerns and all those who shared our concerns and supported the draft resolution. I would also like to thank Mr Fabio Bigi, Chairman of Adhoc Working Group for giving patient hearing to all us and tolerating all our idiosyncrasies and still arriving at consensus. This is because of his wisdom, which comes with experience.

Thank you all.

Re-drafted resolution from India at the ITU Plenipotentiary

ITU’s role in Improving Network Functionalities for Evincing Trust and Confidence in IP based Telecom Networks

The Plenipotentiary Conference of the International Telecommunication Union (Busan, 2014),

recalling,

Resolution 101 (Rev. Guadalajara, 2010) of the Plenipotentiary Conference, on ‘IP-based networks’, in which Member States resolved to vest ITU with the mandate to collaborate and coordinate with relevant organizations involved in the development of IP-based networks and the future internet;

Resolution 102 (Rev. Guadalajara 2010) of the Plenipotentiary Conference, on ‘ITU’s role with regard to international public policy issues pertaining to the Internet and the management of Internet resources, including domain names and addresses’;

Resolution 130 (Rev. Guadalajara 2010) of the Plenipotentiary Conference, on ‘Strengthening the role of ITU in building confidence and security in the use of information and communication technologies’;

recalling further,

Paragraph 39 of the Tunis Agenda, on building confidence and security in the use of ICTs by strengthening the trust framework;

Paragraph 46 of the Tunis Agenda, on ensuring respect for privacy and the protection of personal information and data;

Action Line C5 of the Geneva Plan of Action, on ‘Building confidence and security in the use of ICTs in realizing Information Society’, of which ITU is the sole coordinator;

the ongoing work under SG17 of ITU-T on ICT Security Standards Roadmap and under other questions, and SG13 on Next Generation Networks;

recognizing,

that equitable, fair and just allocation and assignments of resources related to packet networks are necessary for telecom/ICT development, and require facilitation and collaboration among relevant organizations and member states for planning, implementation, monitoring and cooperation in its policies;

that for proper functioning of a telecom network, resources namely, among others, naming, numbering and addressing are necessary;

that, Council Resolution 1305, identified public policy issues related to International Internet (telecom/ICT management), such as security, safety, continuity, sustainability, and robustness of the Internet (telecom/ICTs), and Council Resolution 1336 adopted at its 2011 session established a working group of the council on Internet Public Policy (CWG- Internet) whose terms of reference are to identify, study and develop matters related to International Internet Public related issues including in resolution in 1305.
that for security and safety of telecom/ICT services, member states need to develop appropriate legal, policy and regulatory measures, which need to be supported by technical capabilities of networks;

that the private sector should play an active role in day-to-day operations, innovation and value creation;

that a multi-stakeholder approach should be adopted, to the extent possible, at all levels to improve the coordination of activities of international and inter-governmental organizations and other institutions involved in telecom/ICT networks based on IP technology;

considering,

that all future networks are likely to be packet-based, delivering several telecom services presently based on IP technology;

that modern day packet networks at present have many security weaknesses, including those relating to records of network transactions;
that at times, even for local address resolution, the system has to use resources outside the country, which makes such address resolution costly and to some extent insecure, and may result in violation of privacy by other State, even without any recourse to address the privacy violation issue citing non applicability of privacy protection laws to non-citizens or by having different laws for citizens and non-citizens;

that at times, communication traffic originating and terminating in a country also flows outside the boundary of a country making such communication costly and to some extent insecure, and may result in violation of privacy even without any recourse to address the privacy violation issue citing non applicability of privacy protection laws to non-citizens or by having different laws for citizens and non-citizens;
that IP addresses are not contiguously distributed, which makes the tracing of communication difficult in case of need as per national laws;

resolves,

to address systematically the issues in the considering part of this resolution, seeing their criticality to deliver ICT-based services through public telecom networks, in view of ITU’s role in “Building confidence and security in the use of ICTs”, fulfilling of which is a fundamental need in realizing Information Society,

instructs the Director of the TelecommunicationsStandardization Bureau,

to undertake study in collaboration with relevant organisations蜉 involved in the development of IP-based networks and future networks:

to explore the development of naming and numbering system from which the naming and numbering of different countries are easily discernible;
to develop principles for allocation, assignment and management of IP resources including naming, numbering and addressing which is systematic, equitable, fair, just, democratic and transparent;

to make recommendations on network capability which ensure effectively that address resolution for the traffic originating and intended to be terminated by the user in the same country/region takes place within the country/region;

to undertake study in collaboration with relevant organisations1 involved in the development of IP-based networks to recommend a system that ensures effectively that traffic originating and intended to be terminating in the same country remains within the country;

to undertake study in collaboration with relevant organisations1 involved in the development of IP-based to recommend effective ways for maintaining faithful records of transactions through the network;

to undertake study in collaboration with all stakeholders involved to study the weaknesses of present protocols used in telecom networks, and develop and recommend secure, robust and tamper-proof protocols to meet the requirements of future networks in view of the envisaged manifold increase in traffic and end-devices in the near future in the light of IoT and M2M needs.

invites Member States and Sector Members

to participate actively in the discussions around these issues and to make contributions.

On the international politics of ITU negotiations

Heading into the last week of the International Telecommunications Union Plenipotentiary in Busan, the fault lines on crucial Internet-related issues appears fairly clear. The ad hoc group on Internet governance, set up by the Working Group of the Plenary, has sought earnestly to churn out a final, agreed text of Resolutions 102, 103, 133 and 180 (see background here) but consensus has been far from elusive on substantive issues. At the time of writing, the Indian proposal on the ITU’s role in realising a secure information society is yet to be introduced (early indications are it will be moved tomorrow morning). For the most part of this week, India has carefully stayed away from some of the more contentious issues that have consumed the ADHG’s time. At the heart of this debate is the ITU’s role in Internet governance which the Plenipotentiary has the power to modify, if it so chooses. Russia has been at the forefront of a small, but vocal group of countries (the Arab states being an important constituent of this group) that want the Union to play a significant “policy-oriented” role in Internet governance. This includes, but is not limited to:

1. An enhanced role played by the ITU secretariat and the Council Working Group-Internet in submitting reports to the UN General Assembly on Internet-related public policy issues (Res 102)
2. Acknowledging at the ITU that the “management of the registration and allocation of domain names and IP addresses must fully reflect the international and multicultural nature of the Internet”. (Res 102)
3. Acknowledging at the ITU that all governments “should have an equal role and responsibility for international Internet governance” (Res 102)
4. Encouraging ITU member states to “protect their Internet Protocol-based networks from unlawful surveillance….through the development of international Internet-related public policy” (Res 101)
5. Getting the ITU to express concern about the “lack of international legal norms, elaborated under the auspices of the United Nations…with binding force for States and other stakeholders, for governance and use of the Internet” (Res 102)
6. Asking ITU member states to “refrain from using ICTs involving the extraterritorial interception and monitoring communications in a way which violates the privacy of communications and users’ personal data protection” (Res 130)

The response, or to be more precise, opposition to proposals of the sort mentioned above have come from an equally vocal group led by the United States (with UK, some EU states, Australia, Japan and Canada being constituent members). Broadly speaking, their response has followed these lines of argumentation.

1. The ITU does not have the regulatory capacity or mandate to take on substantive themes in Internet governance.
2. IG principles have already been agreed upon in avenues like the NETMundial and ICANN dialogue processes, and do not need rephrasing or articulation at the ITU.
3. Amendments mooted (on issues such as submission of reports to UNGA, regional and international cooperation on cybersecurity measures) already find place in ITU text in some version or the other.

The reason or motive behind each specific proposal (or rebuttal) may vary but the underlying narrative is the same. On one hand there are those who believe that the ITU must take on greater IG responsibilities, while on the other there are those who want no change to the Union’s mandate. In the larger debate on a “multistakeholder” model of Internet governance on issues including, but not limited to the IANA transition, this schism is important to take note of. Some countries are clearly comfortable with the ITU, whether on account of their principled opposition to multistakeholderism or concerns regarding accountability in the MSM model. Sample, for instance, this debate on Resolution 130 on Friday night regarding “regional and international cooperation” on cybersecurity measures. The original proposal by Cuba read:

…invites Member states

to strengthen regional and international cooperation, taking into account Resolution 45 (Rev. Dubai, 2014), through the conclusion of agreements and implementation of measures to facilitate the reduction of risks and threats to confidence and security in the use of ICTs;

In addition to the several objections it had on this specific proposal, the United States at the end of a long (and exhausting!) debate suggested that member states be invited to strengthen ….cooperation with “all stakeholders”, which the Russian and Iranian delegations took immediate exception to. Russia was of the opinion that issues concerning national security is a matter to be handled by States and not non-governmental entities, while the Iranians were more direct. “Who are these stakeholders?” asked the Iranian diplomat, “would any person on the street be considered a stakeholder?” Iran elaborated its point further, suggesting that domestic agencies that are in charge of cyber-issues should consult internally with stakeholders but that ITU member states cannot be held to a resolution that “invites” (and thus puts a legal-moral imperative on) them to cooperate regionally and internationally with them.

The merits of these proposals and counter-proposals aside, it is clear countries that are mooting Internet governance reform proposalsnat the ICANN-level are making careful interventions to ensure that the ITU and ICANN universes do not collide.

For instance during a discussion on Resolution 180 (Facilitating the transition from IPv4 to IPv6), Russia led a proposal asking the Plenipotentiary to facilitate the transition “considering that”

c)that many developing countries want the Telecommunication Standardization Sector (ITUT) to become a registry of IP addresses in order to give the developing countries the option of obtaining IP addresses direct from ITU, while other countries prefer to use the current system;

The United States raised its objections to this proposal, suggesting Res 180 is on transition from IPv4 to IPv6, and “has nothing to do with registries.”

On the other hand, states that have raised objections to the NETMundial/ICANN dialogue have made a concerted effort to voice their IG priorities at the Plenipot. India has not offered a hint as to where it stands on this debate, but more should become clear as the delegation moves its draft proposal tomorrow (post on that to follow).