IGF 2019 WS #159 Towards a Human Rights-Centered Cybersecurity Training

Organizer 1: Civil Society, Western European and Others Group (WEOG)
Organizer 2: Civil Society, Western European and Others Group (WEOG)
Organizer 3: Civil Society, Western European and Others Group (WEOG)

Speaker 1: caroline sinders, Technical Community, Western European and Others Group (WEOG)
Speaker 2: Farhan Janjua, Civil Society, Asia-Pacific Group
Speaker 3: Adli Wahid, Technical Community, Asia-Pacific Group
Speaker 4: Chris Kubecka, Private Sector, Western European and Others Group (WEOG)

Policy Question(s): 

What role should different stakeholders play in cybersecurity capacity building approaches? How can resilience and security of cyberspace be increased by means of capacity building, media literacy, support and guidance in the digital environment? How can consumer rights and consumers’ capacity to protect themselves and their data be reinforced?

(please see agenda for more specific policy questions to be discussed in the session)

Relevance to Theme: In this workshop we want to put the focus on security and safety via cyber security of the people. Cybersecurity training should increase the capacity of citizens to become more secure online and therefore demand and defend their human rights safely if the state should infringe upon them. This workshop will take this aim. Furthermore, capacity building and collaboration with diverse stakeholders can ensure that users achieve certain levels of digital and legal literacy, so that if state practices infringe upon their rights and threaten individual security, there is recourse. A human rights centred approach to cybersecurity training is necessary so that vulnerable groups and minorities can benefit from access to technology and the infrastructure with which their state provides them.

We are therefore asking in this workshop:
How can we create cybersecurity trainings that aim to save these communities when principles of human-rights based cybersecurity fail? How can we properly ensure that programs that build cybersecurity capacity are actually human-rights based? Furthermore, how can these rights be operationalized in capacity-building programs for vulnerable groups through cybersecurity trainings?

We will evaluate different roles of stakeholders and cybersecurity training set-up to gather best practices on achieving a human rights-centred approach to cybersecurity training that is sustainable at all levels of society - from the state to the individual. Here we specifically also want to include stakeholders that are usually involved in building capacity for cybersecurity and resilience of a state actor, such as Computer Emergency Response Teams asking what could their role be in achieving the same for citizens? Moreover, we want to connect stakeholders that are involved in capacity building programs and those who work on human rights and/or are affected by state actions against human rights and need cybersecurity training to protect themselves.

Relevance to Internet Governance: While recommendations on how to have a human rights-based cybersecurity policy, were spelled out IGF in 2018 (“The development of cybersecurity-related laws, policies, and practices should from their inception be human rights-respecting by design.”), this does not mean that states necessarily take this into consideration when crafting their cybersecurity practices. The issue of cybersecurity has been prioritized at the state level to protect national security. The focus on the state and “its” security crowds out consideration for the security of the individual citizen, not least because in some areas of the world, it has become the case that more security means infringing upon individual freedoms and liberties, by means of government hacking for example. The type of security that is currently prioritized is often not security (directly) relevant to the people --- examples that this is the case: Repressive laws, increased surveillance, and regulatory controls from governments such as China, Egypt, the United Kingdom, Canada, Germany and France have also increased. Additionally, calls to ban security and anonymizing tools such as Tor have come from Russia, Pakistan, Belarus, and was recently also called for at the European police congress. These varied policies and practices are changing the nature of the Internet and creating challenges regarding its technical and legal fragmentation

Format: 

Other - 90 Min
Format description: "World Cafe" Format: Three tables for (rotating) group discussion, flip board at each table, online participation provided by online document and video conferencing, moderators will wrap-up group discussions while participants can enter contributions and thoughts into the online document.

Description: "World Cafe" format: Different tables with different themes - this will encourage diverse conversations, exchange of diverse perspectives, and allows for flexible and inclusive discussion.

Brief input from journalist,"Why I needed cybersecurity training"

Intro to World Cafe on "Gathering best practices to human rights centered cybersecurity trainings"

Rotating - Three rounds for gathering best practices on human rights centred cybersecurity training at different tables. Each round is 20 minutes, before the start of the rounds, moderators will summarize the discussions and work of the previous round. Participants are free to rotate to different tables or stay at one table the whole time. The themes of the three tables are as following:

Table 1: Focus on roles of stakeholders (at this table, the goal is to understand how different stakeholders can take a human rights-centered approach to cybersecurity training. For specific input as well as policy questions to be discussed, see "Agenda and Methodology" attached as PDF)

Table 2: Focus on human rights-centered IT-security solutions that are needed in cybersecurity training (at this table, we will discuss which IT-security solutions are needed in cybersecurity trainings and can be promoted as human rights-centered, and ultimately raise capacity of vulnerable groups. For specific input as well as policy questions to be discussed, see "Agenda and Methodology" attached as PDF)

Table 3: Focus on overcoming challenges to human rights-centered cybersecurity training (at this table, a journalist from Pakistan will share anecdotal evidence for why cybersecurity trainings need to consider human rights at their core and how challenges to such cybersecurity trainings can be met. For specific input as well as policy questions to be discussed, see "Agenda and Methodology" attached as PDF)

Wrap-up discussion by moderators and summary of table discussion.

For more detailed agenda and methodolgy, please see "Agenda and Methodology" attached as PDF in Additional Documents.

Expected Outcomes: - Some best practices of achieving sustainable human rights centered cybersecurity training for vulnerable groups
- A better understanding of what human rights centered capacity building means for different stakeholders and their responsibility for implementation
- Putting the focus on security and safety via cybersecurity of the people by shifting away from solely looking at "national" security of the states, which sometimes violates security and safety of the citizens

Discussion Facilitation: 

We will be present at the different tables and encourage discussion and inclusion, so that the speakers have the forum to discuss what they, as practitioners, think is crucial. We will also moderate the online discussion and make sure the online document is kept up-to-date during discussion for transparency and increased inclusion.

Online Participation: 

To gather input and contributions from online participants throughout the session. Both a document to gather thoughts and be transparent about ongoing discussion, as well as video conference tools to allow for remote participation.

Proposed Additional Tools: Flipcharts, post-its, and online document to engage participants in different means so that it is not just round-table discussions.

SDGs: 

GOAL 4: Quality Education
GOAL 5: Gender Equality
GOAL 9: Industry, Innovation and Infrastructure
GOAL 10: Reduced Inequalities
GOAL 12: Responsible Production and Consumption
GOAL 16: Peace, Justice and Strong Institutions
GOAL 17: Partnerships for the Goals