IGF 2019 WS #63 Usual Suspects: Questioning the Cybernorm-making Boundaries

Organizer 2: Madeline Carr, University College London
Organizer 3: Duncan Hollis, Temple University Law School

Speaker 1: Sumon Ahmed Sabir, Technical Community, Asia-Pacific Group
Speaker 2: Mariko Kobayashi, Private Sector, Asia-Pacific Group
Speaker 3: Louise Marie Hurel, Civil Society, Latin American and Caribbean Group (GRULAC)

Policy Question(s): 

Cybernorms Development Processes have been different in how they reach agreement; how committed they are in implementing these norms; how open they are in including different stakeholders in their discussion and their adoption; how they account for technical consequences or mediate between political motivations. What can we learn from these processes? Which ones have been more successful? Is there scope for optimism in improving these processes for them to be more effective? More inclusive? More representative? More technically feasible? More impactful in improving cooperation on cybersecurity?

Relevance to Theme: Several groups, bodies, and organizations have been involved in developing "Cybernorms" as an answer to cybersecurity needs and promoting responsible State behavior in cyberspace. Most formally, there is the UN Group of Governmental Experts (UNGGE). But there are other initiatives that are fostering cooperation on cybersecurity: most recently G7 Dindard Declaration, the "Paris Call for Trust and Cybersecurity in Cyberspace" and the ongoing work of the "Global Commission on the Stability of Cyberspace". At the regional level, different organizations have been discussing "Cybernorms" as well: ASEAN, OSCE, OAS, AU, SCO, NATO, EU, etc. Despite the best efforts of all these groups, bodies and organisations, there has been little progress for these "Cybernorms" to have meaningful impact in improving cybersecurity. This is most true in the political domain. Be it the failure of the GGE or the emergence of two-track processes (GGE and OEWG), such developments have played a key role in resurfacing fundamental questions related to the implementation and objective of these Cybernorms. Meanwhile, in the technical domain, we observe a range of widely accepted norms, but not well known or understood in the political arena. These are widely acknowledged, agreed principles, practices and behaviours (or restraint from behaviors), such as MANRS, RIR policies, the IETF Best Current Practices, etc., efforts that have guided cybersecurity efforts and have had positive impact throughout the years. It is important, then, to discuss what is the appropriate role of the technical community in contributing to the Cybernorms Development Process. How to foster Cybernorms effectiveness, by eliciting an expectation of justification by States if meddling with technical norms. Whether multilateral norms making is better (or more likely to be effective) vs. other areas where norms for industry are more needed, and, of course, which areas most need multistakeholder processes (and which don't).

Relevance to Internet Governance: This roundtable will be the fourth in a series of efforts at the IGF to bring the global policy and technical communities into closer and more effective dialogue. By focusing on technical perspectives on "Cybernorms", we may be able to move the dial on stalled debates and, at the same time, we may develop useful insights into the inherent problems with the processes and mechanisms that have been leaned on to develop "Cybernorms" thus far. In our first workshop in 2016, "NetGov, please meet Cybernorms. Opening the debate", participants agreed that there are many elements in the Internet Governance history and processes worth considering when developing "Cybernorms". In our second workshop in 2017, "International Cooperation Between CERTS: Technical Diplomacy for Cybersecurity", we explored the importance and the value of the technical community's involvement in international discussions on cybersecurity. In our third workshop in 2018, "Whois Collected, Disclosed and Protected: CERTs Viewpoint" we deepened the discussion into an example of how State led regulatory efforts can have unintended consequences affecting cybersecurity cooperative efforts. We have strong foundations to argue that the Cybernorms Development Processes are and should be intrinsically related to Internet Governance debates and the former could greatly benefit by exploring best practices on more open and inclusive processes -- that is, including the views of the technical community. Moreover, the 2019 edition of the Best Practice Forum on Cybersecurity is currently working on exploring best practices in different Cybersecurity Initiatives and the implementation of suggested measures. Our workshop is relevant and complements the work of the BPF on Cybersecurity.


Round Table - Circle - 60 Min

Description: SETTING THE SCENE. 15 mins. This session will depart from a sequence of thought-provoking questions: (i) What do we understand by "Cybernorms"?; (ii) What sort of "Cybernorms" can be more effective in improving cooperation, whether in the technical arena or between States?. DISCUSSION. 20 mins. A facilitated discussion will deepen on the questions at hand: (i) What are the key characteristics (or best practices) guiding effective Cybernorms development processes; (ii) How do they differ when confronting different cybersecurity solutions? In particular, we will ask (iii). Whether more open and inclusive processes would deliver more meaningful "Cybernorms". PEAK. 10 mins. An open discussion will occur between participants: (i) Why there has been little progress of UNGGE "Cybernorms" to have meaningful impact in improving cybersecurity? (ii) What is the appropriate role of the technical community in contributing to the Cybernorms Development Process. CONCLUSION. 15 mins. How to foster Cybernorms effectiveness? Whether multilateral norms making is better (or more likely to be effective) vs. other areas where norms for industry are more needed? Which areas most need multistakeholder processes (and which don't)?

Expected Outcomes: Analyzing Cybernorms development as an Internet Governance process offers a new approach which has the potential to: 1. Offer practical solutions to solve the political impasse on the production of new Cybernorms. 2. Offer an appropriate and inclusive channel for the technical community to participate in the early stages of Cybernorms development, offering risk assessment and feasibility analysis for Cybernorms agreements, and practical steps for Cybernorms implementation. 3. Offer fresh ideas on what could constitute best practice in Cybernorm Development Processes.

Onsite Moderator: 

Madeline Carr, Civil Society, Western European and Others Group (WEOG)

Online Moderator: 

PABLO HINOJOSA, Technical Community, Asia-Pacific Group


PABLO HINOJOSA, Technical Community, Asia-Pacific Group

Discussion Facilitation: 

There are three key ingredients that have proved a successful recipe in the previous 3 IGF workshops that we have organized: strong moderation, fast pace interactions and diverse points of view. We have had an initial core team, which includes the organizers and an initial set of speakers (which are included below). As the attendants to the IGF are confirmed, we expand this core group adding other experts as speakers. This is the reason why we keep a round table as a desired format (and not a panel): the idea is that in a short time space, there will be as many points of view being put on the table. The art of the workshop relies in the capacity of the moderators to thread these views carefully, firstly, into an intense debate, secondly, into a fresh set of agreed conclusions, which will effectively take the discussion few steps further. We will juxtapose speakers from Academia, Government, Private Sector, Technical Community, Civil Society and Youth and then build possible tracks for agreement until we conclude with a list of innovative solutions for the questions at hand.

Online Participation: 

We will be promoting the workshop widely, not only to IGF registered participants, but also for people to follow it live through online channels. We will be using social media as additional channels for participation. In spite of technical challenges, we have successfully added voices from remote participants to our sessions. Via live video, just audio and also channeling questions and views through interventions via the chat boxes. We encourage remote participation.

Proposed Additional Tools: Maybe. We are open to use survey apps or other tools to facilitate the discussion.


GOAL 8: Decent Work and Economic Growth
GOAL 9: Industry, Innovation and Infrastructure
GOAL 11: Sustainable Cities and Communities
GOAL 16: Peace, Justice and Strong Institutions