IGF 2019 – Day 3 – Convention Hall I-D – OF #22 Trust, Norms and Freedom in Cyberspace

The following are the outputs of the real-time captioning taken during the Fourteenth Annual Meeting of the Internet Governance Forum (IGF) in Berlin, Germany, from 25 to 29 November 2019. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the event, but should not be treated as an authoritative record. 



>> Good morning, everybody.  There are lots of open seats at the time.  So if you want to come around the table, I highly recommend it.  That way you have access to a mic in case you want to ask questions.

So we're going to get started and, um, we have an excellent panel this morning.  So the session is as you can see.  Open forum.  So it's an Open Forum.  I really encourage you to ask questions.  The whole purpose of this is to really engage in a dialogue and what we're going to be really focused on here is having a dialogue around human rights and the activities which are occurring in different spaces.  In particular, there is related to cyber forms in the open ended working Group and experts on cybersecurity.  And we have an excellent panel.  I will introduce them and then we will jump straight into the opening comments.  We won't have too many opening comments.  So hopefully we can go straight into an open discussion on this subject.

So let me introduce the speakers.  We have Ambassador from the Estonia foreign affairs and governmental representatives on the IN GGE.  We have Ms. Carmen Gonzalvez at the ministry of foreign affairs and also on the UNGGE, we have Miss Mallory Netel from AT&T associate director for EU affairs and I am Matthew Shears.  So I will turn it over to immediately to get started.  Please write down your questions.  If there is anybody in the zoom chat, if they can put there are questions into the Zoom chat, that be really helpful.  So over to you.

>> Thank you for everyone in the room because I think the human rights in Internet almost rights in the domain of cyberspace is an increasingly important topic where not only us, the governments in the European union, but also civic society, academia and Private Sector is paying attention.

As much as we're introducing to panel, we have several work streams in our how we call it cyber diplomats and processes right now where we see increasing challenge to make sure the human rights agenda will stay high on general UN cyber debate agenda.  We have been part of the open ended working Group which already took place in September.  And I think, ah, the first committee of the United Nations is usually, of course, discussing the questions of state behavior, of disarmament, of international security, peace and security.  It was still overwhelming majority of anti‑democratic government of the working Group in September.  When it comes to broader outreach, then we are quite glad to see roughly 200 NGOs and Civil Society actors coming to New York next week.  It is the working Group will have informal consultations with Global Civil Society.  And we hope that these informal consultations with global Civil Society will serve also the role of raising awareness on the issues of human rights, freedom online and, um, the privacy and data protection which are important also in parallel with the questions of signer security, state behavior and all the hard security issues.

As Carmen opposed in GGE a Group of governmental experts, maybe the audience will be wondering how and (inaudible) the GGE which is this small Group of countries which have most of cyber expertise over cyber capabilities and how the GGE is taking to issue of human rights forward.  All the consecutive GGE reports which we have mentioned the adherence to human rights and then we hope to also continue in the next GGE  in order to make sure the issue is not forgotten.  Of course, when we look at the informative discussions in the UN right now, the first committee is still meant to discuss the state behavior and international peace and security as it its primary goal.  There is another committee which is maybe more suitable and many other committees that the second committee dealing with social and economic affairs and the first committee is also the committee where we should be looking for the issue of human rights.  And just to raise awareness, maybe of those countries in the room that can influence their own governments in the issues of cyber discussions in the third committee, we have a resolution in the third committee this fall in the United Nations General Assembly which is calling for the new United Nations cyber crime instrument.  And, ah, the European governments, the U.S. and some other countries are quite concerned that this new cyber crime instrument that the resolution is now supporting because it was passed will have detrimental effect to the human rights because one of the cyber crime conventions where we are all having human rights safe guards is the national Europe convention and we have been supporting promotion of the Council of Europe for therapy union and amongst the democratic countries.  So we think still that the convention provides all the necessary elements for global community and all the countries in the world to be used as a blue print for domestic legislation on cyber crime.  And very importantly, it has all the safe guards on human rights and therefore, we will support the convention will be the primary document or primary instrument to be taken as a model in order to deal the cyber crime.  And we are a bit cautious of supporting any new instruments exactly because we think that human rights safe guards will be difficult to be introduced into those new instruments.  Either in the first committee or in the third committee.  Maybe my (inaudible) was government centric, but I think we also have to raise awareness about the facts that there is a small Group of the western governments diplomats in the UN sitting that are burning this agenda ‑‑ pushing this agenda.  It would be good if we also have support from the largest Civil Society and multi‑stakeholder community because then the voice would be reaching into the wider audiences.  And we will continue our work, but our work is still confined very much within the governmental government business.  Maybe this panel can also serve the purpose of providing the ideas how we could amplify our message in the broader community also outside of our technology advanced countries.  Thank you.

>> Thank you very much.  Carmen, over to you.

>> Thank you for kick off our discussions today with a very clear overview of what is going on and I completely share your observations.  What I can add from my side, the Dutch side is that the issue of human rights online is very close to our heart.  And, ah, not only that, we also remain quite concerned about developments related to that issue over the last couple of years.  Even though the assertion that human rights online are equal to human rights offline has already been made in UN framework in 2012, um, the situation globally hasn't really improved as far as abidance by human rights online is concerned.  I think we all agree and the reports of Freedom House are clear evidence also in that regard apart from Internet shutdowns increase censorship, but also surveillance practices that are not in line with diplomatic principles.  We're not really going in the right direction at this moment.  So attention and clear and awareness raising about the risks that are at stake here is very important.  We are convincing that human rights protection and cybersecurity are not at odds with each other.  There are two sides of the same coin that go hand in hand with each other.  They can only be a society built on a respect for human rights.  As our public life more and more moves to the digital world, it becomes more and more important that we assert and implement those principles there.  We also try to find ways to increase accountability because it's one thing to have recognition in the UN and also UN in resolutions like the resolution on the promotion protection and enjoyment of human rights on the Internet, but also the resolution, for example, and resolution on privacy in a digital age.  Although we have this resolutions having that on paper is not enough.  They should not become paper tigers.  We should try to somehow collectively hold those who do not respect them accountable by means of ‑‑ well, statements in general about issues that are not to be condoned.  In that regard, establishing 2011 and doubled in size since.  Estonia is also a very important member.  They account 31 member states now.  Switzerland, I am incredibly happy with that is the latest addition to the freedom online coalition community.  This community governmental initiative start ‑‑ is endeavoring together with Civil Society to issue statements on important problems that have to be tackled that has been ‑‑ that have been important statements issued on internet shut downs, on censorship.  And there is an important new statement in the making on the importance of human rights based cyber ‑‑ service execute of policy and practice.  So a clear plea for cybersecurity policies and practices that are human rights by design.

So that's ‑‑ why is that important along side the discussions in the UN?  We have other initiatives supporting those global UN in discussions is because indeed, UN is an important platform, but it's also a platform where things move very slowly and they also clear differences of opinion in the UN.  Not the least about issues that are very closely related to human rights online, issues in relation to the role of the state in the Internet.  So the effort with its statements it can have informative value and can help us as triggers for discussions in the UN continues to do that work and influence the discussions.  In UN itself indeed, they will differ as far as the particular UN discussion is concerned.  There are some limitations because they focus on international security, but every time we sit around the table in the UN and talk about cybersecurity, we reassert that human rights are just as all the other bodies of international law.  The BASIS for the regulation of behavior in cyberspace.  Human rights law has to be asserted there also in this round of the GGE as well as very important in the open ended working Group.  I hope it will figure permanently with Civil Society next week in New York.

I think I will just stop here because otherwise I will take too much of your time.

>> CHAIRMAN:  Thank you, Carmen.  I will come back to the two of you after the other speakers because I think it's important to put the WWG and GGE and if you can briefly think about outlining the differences between the two and what the timelines are.  I think that will be useful for some of those that are not familiar with the processes.  I will turn it over to Mallory.

>> Mallory:  Thanks, everyone.  Thank you for the grounding and also why framing is important.  I wanted to from my perspective of Civil Society think about what is really important here and also how we engage, how we get to have our voices heard.  So I work for ARTICLE 19.  It's a freedom of expression organization that has a global presence.  Work is out of the (inaudible) office and my team engages in technical standards for it in fact.  But you can imagine that there's a lot of issues related to cybersecurity that come up in all this for it and having the technical expertise can be really useful in the settings.  So, of course, we feel it's important that Civil Society be part of the conversation around norms and trust in cyberspace because as Carmen was mentioning, privacy and security are really ‑‑ they're not at odds and they're especially not at odds if you shift the frame to center people.  So if people are the primary concern as recipients of a secure cyberspace, then you can imagine that sort of dichotomies goes away and really it is privacy and security together hand in hand.  And so multi‑stakeholder participation in cybersecurity processes is really critical so that the concerns of people that are now centered in the processes can be represented.  And also I would say in addition to the what we all know very well at the IGF about what multi‑stakeholder is in terms of bringing the right sectors in the room, I also think it is important to insure the right competencies are in the room and there's a diversity of them.  So it's not only policy folks, lawyers who also include technical experts and so on especially when we're talking about the internet that can have a profound impact on the outcomes of debates and discussions.  I would just say that things still need to solve with respect to multi‑stakeholder participation.  One of them is clearly capacity which I mentioned when I was talking about competencies.  But the other is that spaces are really proliferating.  These conversations are happening in every corner of the world and in many different ways and we're not previously talking about the internet at all and they're now discussing cybersecurity and implication to cyberspace.  So it's very intense for Civil Society to have to keep up with and that is why you often see Civil Society coordinating amongst itself to make sure we're covering all the different for and spaces for these conversations happening.  But I would also indicate too which is something that's been said before that there's also a need for countries with less capacity to also be involved.  Countries from the global south who don't have as much time or ability to travel to all the spaces and small businesses.  We do have a lot of participation from the privacy sector, but we have participation from large Internet companies and you can imagine that small and medium size businesses as well had a particular stake in how the Internet is governed.  We have tongue about not just the stakeholders are represented, but that the stakeholders themselves are diverse in well representation and multi‑stakeholder discussions around trust and norms and cybersecurity.  And I think that this is important for two reasons.  One, of course, is to obviously just engage and norm setting to establish the role of the state in cybersecurity as Carmen said, but also the responsibility of the state in cybersecurity.  And then the second reason is to generate buy in because once those norms are established, once those policies are set, you have to implement them and you can't implement them without many stakeholders working together.  When you include the voices in the room and the stakeholders in the room, you have the people and the energy and the capacity who can then go out and help you make them a reality for citizens around the world.  So that am be where I would start and things that I'm interested in there a Civil Society perspective.

>> CHAIRMAN:  You want to take a minute and explain your engagement in the freedom online coalition and how the Civil Society works and that particular construct?  Thanks.

>> It came from my work and the freedom coalition that began some years ago as working Group that was established, but also included Private Sector and Civil Society.  We were tasks with ‑‑ the tamp force was called an Internet free and secure and we wanted to discuss ‑‑ investigate and research how human rights would play into discussions in cybersecurity and the two main ‑‑ well, we have a definition that was people centric is one.  But then the two outputs was being able to center people in cybersecurity and sort of eradicate this push and pull between privacy and security which was really important in the years 2014 through 2017, I would say.  And then ‑‑ well, remains today actually.  And then we have several recommendations that was one of the first norms documents in 2016 that were launched around people centric and human rights respecting cybersecurity policy making.

>> CHAIRMAN:  Thanks, Mallory.  Thank you.

>> Thank you for inviting me.  I will bring a perspective cybersecurity perspective from a corporate point of view.  We think that diplomacy and global dialogues are perhaps more urgently today than ever before.  We are all hyper connected and connections that take place in one corner of the globe, maybe positive or negative, they can (inaudible) everywhere.

So the global diffusion of computing power and this position are here to stay.  So the question is:  How do we all come together to make sure we capitalize on the potential of global Connectivity and technological progress?  Why remain clear about the challenge and risks we have ahead?  I think that we must work together across international borders because assessing the Internet page must reflect the smart balance of interest of consumers, business and national governments.  Global leaders must remain stead fasts in their commitments to build greater consensus, transparency and open dialogue across borders.  We must also recognize that security requirements requires a similar wholistic approach that includes people, process and things.  We all have a responsibility and a role to play.  So policies designed to facilitate collaboration on cybersecurity and harmonize international standards can streamline international trade industry, foster continued growth and innovation in similar technical expert ease.  And the best practice is security across the digital ecosystem.

We think that international standards are a foundational component that can protect innovation and build safer and more secure digital ecosystem.  For example, ongoing efforts on the 3 GPP to develop secure, technical standards for the income generation networks are essentially necessary if you are to look the full potential of 5G technology and preserve today's vibe rapt and competitive markets.  For AT&T cybersecurity is business imperative.  It's our responsibility to protect our customers and their data.  So AT&T operates critical communication infrastructure and provides security service to governments and business customers.  We also maintain a strong cybersecurity practice for our affiliates and services.  Just as states are organizing through the united nations, they are securing digital ecosystem.  AT&T collaborates in various international security organization such as the U.S. assert and first, UK center for the protection of national infrastructure, and Australia national exchange and so fort.  We also support activities within the internet engineer task force, the institute of electronics engineers, GDPP and other organizations.  We also participate in a variety of third‑party coalitions such as the coalition to reduce cyber risks and we are working with countries in their cybersecurity proceedings to promote (inaudible) framework and IZO as a standard for verbal approach.  Cybersecurities standards are powerful work that help industries to protect themselves against the rising that against cyber threats, accountable and transparency.  So I think AT&T in a way we support volunteer risk based approach to cybersecurity requirements that starts with overarching framework and reach companies have appropriate flexibility to best tomorrow and mitigate risks which vary from sector size and sophistication.  They should then base national programs on widely adopted international standards to approach.  They should not adopt one size fits all approach or (inaudible) check list of cybersecurity requirements.  I will stop here now.  Thank you.

>> CHAIRMAN:  Thank you very much.  I will very much appreciate if you have questions and where we stand on international processees.  I'm looking to the audience to really engage here.  It might be useful to cover where you think the two OEWG and processees are and the different focus areas and how they're going to play out given they're running in parallel if you can make a couple of comments on that, it would be great.  And the role for human rights.

>> Well, those two working groups have been established.  It's a fact.  And we are working in parallel in order to support both open ended working Group and DGG.  We have an approach to make sure that those two working Groups are complimentary.  I think majority of us in the room would see the favorable outcomes as consensus reports of both working Groups.  And if you ask what is exactly the focus of one of the Groups or the other, I think the GGE has already done serious ground work in setting the norms of state behavior or confirming to international law applying to cyberspace and promoting confidence building measures and capacity building.  The open ended working Group can take this BASIS forward by including more of the nations into the thinking of what are those elements of the stability framework that has been set by the GG reports.  So basically the open ended working Group has road to socialize the already existing achievements in the first committee to wider international community.  Whereas the GGE in our view should focus more on the implementation of the current norms and the discussions on maybe international law and what kind of mechanisms will make sure that the cyber stability is preserved.  The room of maneuver to include human rights is there in both reports.  And this will be about state behavior mostly.  So I think the stress will be made on international law or concerning human rights and the fact the countries are holding up the different pieces of international law that are concerned with human rights.  This is the language we could include into those reports, but, of course, the first committee of the United Nations is about disarmament as you know.  So it's about in order to ‑‑ it is set up for different purposes, but as we have been able to put consumer rights language in there.  So we hope to continue to notice.

>> I can only briefly add.  We are very like minded.  I can add to that that perhaps the open ended working Group will also lead to more countries around the world publicly and embracing the norms that were previously set or defined in the Groups of governmental experts.  That's important because the Groups of governmental experts although they varied composition and were based composed on the principle of rotation and geographic representation have not been able to indeed, engage all the countries in the world in this discussion.  The open ended working Group is a chance to do that and hopefully this will not only lead to a greater awareness that these norms are out there and ideally we should all abide by them, but I hope also they will talk about it publicly more and more and that will help to consolidate the power of these norms.  We'll foster implementation and it will help us also to call out behavior that we consider as going against those norms, as breaking those norms.  That would help.  The GGE has also one particular feature this time that might also help in particular also human rights respecting cybersecurity policies around the world.  In the mandate of the GGE it is written that every member of the GGE is supposed to submit itself views on how international law applies to cyberspace.  So that means that at least 25 countries will have to sit down and think carefully about how they see that and get had our older agencies at home behind those views and send them out there in the world.  That's important because that means that those countries will also have to at least I hope they will, speak out about the importance of the applicability of the whole purpose of human rights law to cyberspace.  So that will help the cause of human rights in cyberspace.  The Netherlands minister of foreign affairs sent a letter to parliament last June setting out the Dutch ideas on how international law applies is to cyberspace and how human rights applies to cyberspace is one of the important chapters of that letter.  I hope that practice will help.  I hope it helps others outside the UN GGE and will follow suit and also issue in public in writing their views on how international law including notably international human rights in cyberspace.

>> CHAIRMAN:  Thank you, Carmen.  Anybody want to open really important that we get the questions going.  We have a half hour and it will go quickly.  So if you have a question, please raise your hand and just introduce yourself and then put the question.  If it's going to someone else, please mention who that is.  Yes?

>> Hi.  Chris Painter among other things of the global commission and early in the state department.  Global form for cyber expertise.  A couple comments and questions.  One I think it's great that we continue to push in the GGE and now in the open ended working Group for language on human rights.  I worry though is what your sense is and the language is in.  It's a compromise.  I thinks more like‑minded countries like the two of you have your interpretation of it and some of the more repressive countries take different parts of it more of the restrictions on human rights and the benefits of it.  And I guess the question is:  With the limits of the first committee, what venue do you think made more progress?  Is the freedom Ron line or something ‑‑ online or something else?  The comment I wanted to make is I do think this fits in with the international security issue, the global commission for the assistant of cyberspace I have been serving on issued a report two weeks ago at the Paris peace form and one of the guiding principles we put in the there is respect for recommend rights.  I think it has two aspects.  One is it efforts to insure disability of cyberspace must respect human rights.  When you do measures whatever they are, you shouldn't infringe on human rights.  You should make sure you're doing this sensitive to human rights.  But the other is the various protensions and norms can protect human rights those communities know about them.  When we talk about the UNGG norms the one about protension of certs and they should be used for good.  Interestingly, many people don't even know about that from the UN.  I think we have to do some work to make sure the community is meant to be protected on that.  And the last thing I would say is you mentioned this.  I think there's really a need when I heard some of the discussions of the open ended working Group, there is some what of a consensus for capacity building on this space.  That is another initiative and the global form for cyber expertise is one major role they have, but I think the idea of implementing the norms and making people aware of them, but also doing it in such a way they mentioned human rights in conjunction with things like the freedom online coalition.

>> Thanks.

>> CHAIRMAN:  Thanks, Chris.

>> Chris, you're right.  There's always a risk of a ritual dance in international diplomacy.  That's part of our trait.  But always possibilities to be ingenious and somehow move in a best direction step by step.  One thing I do hope is that by forcing countries whatever the nomination or (inaudible) or less Democratic or more, everyone would have to show face or will have to ‑‑ if countries can start to write down and publish their views indeed, on application law on cyberspace and also how human rights respecting signer security policy issued along like, then they will ‑‑ they're forced to unveil what their views are and perhaps also forced by the peer pressure to improve and to perhaps also try to sell a beauty contest to at least try to be as human rights abiding as possible and hopefully is that commitment on paper will also help because that's the other issue.  It will force them a bit more to put it into practice.  It's all a matter of a combination of efforts and same time efforts by Civil Society calling out bad behavior by states in this regard remains incredibly important.  You hope that you can make small, but significant things in advance.  That's how (inaudible) (no sound)

>> I think there are some initiatives related to open ended working Group on behalf of some NGOs to collect the good human rights stories related to freedom online and different related topics.  I think one of the European union institutes is working EU ISS is working on putting together the compilation of the good cases and models.  I think we also need to get a bit more practical to show that there is a way, a possibility.  I'm not talking about (inaudible) our countries, but the broader UN membership where security and freedom can be balanced in cyberspace because I think not all nations have understood that the balance is possible.  But it is possible and I think there is also a way to lead the nations to think about this balance.

>> CHAIRMAN:  Chris, I liked your characterization as a dance.  We touched on this before the panel started is the issue of proliferation of spaces.  So there are order spaces where these agendas can be moved and pushed, but many times for Civil Society, I think as Mallory said, it is certainly a matter of resources and being able to cover in those different spaces as well.  I don't know if you want to add to that, Mallory.  Any other questions?  Raise your hand.  Yes, please.  Introduce yourself.

>> Hi.  My name is MASA.  I am a colleague of Mallories of ARTICLE 19.  I focus on digital rights and the middle eastern contacts specifically recently I have been working a lot on Iran following events that happened there.  And I am particularly interested from the representatives from the government to know how when they engage within these Groups, they mentioned to the UN and GGE, how does this work in coordination with other spaces where a lot of governments are actually engaging on issues of rights online like shut downs, privacy especially within the ITU.  How do you coordinate the engagement between these bodies?

>> I think there are different parts of the government for countries in charge of the issues of content and so on.  This is more an internal services, internal ministries and not really foreign affairs.  And the foreign affairs communities are usually engaging with more NGOs and the other foreign affairs experts.  When we talk about the UN system, I think we are not reaching too far in the UN system into the domestic constituencies, of course.  It is not clear cut link between the first committee cyber Groups and domestic constituencies.  I think we have to be quite clear there is the way also to reach the domestic constituencies in order countries, but usually it is mod the UN Groups in New York.  There is a different way to do it.  Let's have this consensual clarity.  Neigh commit to certain principles of how they will be implemented.  It is a matter of each capital.

>> I wanted to confirm and I think there is more work to be done.  State is coordinating internally and are costing different for it.  Civil Society fills that role.  So because many different organizations coordinate together, and some of them cover different spaces and so on, there's a bit ‑‑ I think a lot more awareness and knowledge within that sector around what states are doing.  So often, past of our advocacy is remind states that they have made commitments in one space and that those can translate into this current space and so on.  We have to make this connection.  It is not necessarily something that has to be fully solved or could be fully solved, but maybe also an argument for why Civil Society does have a lot to offer and a lot of expertise that can be useful in the debates because we try to cover so much ground in our advocacy work already.

>> CHAIRMAN:  Other questions?  We have a moving mic if anybody wants to put their hand up.  Yes, please.

>> Hi.  Member of the Icam board.  I had a question because as I was listening from the panelists to AT&T, I was thinking that's really a lot of resources in terms of participating in all the different initiatives to really get the multi‑stakeholder view.  How do you actually incorporate inclusiveness undeveloped nations who have economic challenges and participating in these initiatives and what is some capacity building initiatives to help with that situation?

>> We work on those associations and organizations in order to help foster the broader understanding about cybersecurity.  What is important for us is that we have most comprehensive cybersecurity standards and norms in order to operate.  That's our understanding.

>> Thank you.  If I may, just add something because you also raised the issue of capacity building and how do we reach countries that are less developed and less capable in cyberspace and also perhaps less aware of the importance, for example, of human rights based signer security policy.  I think we need to step up states, but also other stakeholders in reaching out.  There are many relevant capacity around the world.  But there is still a lot of scope for improvement, for more coordination, for deconflicting and insuring that resources go to the right places.  In October,s global forum on cyber expertise met for annual meeting in Africa.  That was the first time the global forum public‑private platform with more than 100 members and partners from the states international organizations, Private Sector, society from around the world went to Africa and reached out really physically was there and we had more than 40 African countries there present around the table.  And, um, and it was revealing in the sense that it was obvious.  There is a lot going on in Africa.  I am not saying there isn't going on, but there is still a huge need for more interaction and capacity building.  There's a responsibility not only for governments, but also from the stand points of corporate social responsibility and also additional effort necessary from Civil Society to go there because if we don't do that, if we do not bring the discussion about responsible cybersecurity, policies, et cetera to those countries, they will not be ‑‑ they won't, aware of the added value and they won't feel capable and supported in their endeavor to develop multi‑stakeholder base responsible.  I think it's ‑‑ I would like to comment the working Group on norms and on strategy and policy focusing very much also on the implementation of norms led by Chris in the form of cyber expertise.  That's also one of those venues where, um, not only states, but also other stakeholders sit together to help members and non‑members to empower them to implement those norms that we are adopting in the UN.

>> CHAIRMAN:  Thanks, Carmen.  Other questions?  Yes, please.

>> My name is Hans.  I am from Georgia Tech.  I haven't really kept up on these issues, but perhaps I'm the only one who is not completely up to date.  The big issue that always stood out in my mind was the question on proportionate response on cyber attack and at what point do they justify a kinetic operation.  I believe as I recall, that was a contentious issue in the GGE.  I hope I got this right.  And could you perhaps comment on that or relate that to the discussion that we're having here today?  Thank you.

>> Well, the GGE actually has been discussing the four different topics.  One is the applicability of international law in cyberspace.  Both based on law and (inaudible) on law meaning IHL, UN charter and (inaudible) as well.  So this is one element of discussion.  The second element of discussion is voluntary Peacetime non‑binding norms that governments are adhering to.  The 2013 report listed few of those and the 2015 report listed 11 of those.  It is openly available online on the UN in website.  The third element is confidence building.  The confidence building measures with all the safe guards and contact points.  The countries are establishing the contact points.  If there is a crisis, they will issue the warning and all the contact points will be actuated.  And then there is a capacity building element for countries that have less capacity to implement the norms that they have agreed in the UN.  So those are the four different elements and four different work streams.  When it comes to response to cyber attacks, then the existing international law is very clearly stipulating what is allowed and what is not allowed for the governments to do in this space.  That's why we have the law.  The UN charter is, of course, applying in cyberspace and this has been debated in the GGE and those the debate has been the IHL law applies in cyberspace.  And the customary law also applies in cyberspace.  The international law discussions are difficult because not all countries that are a part of the GGE are agreeing on how the law applies.  It is not about the response so much.  It is about international law applying.  Carmen has been part of the last GGE.  Maybe you can explain what happened and why we did not produce a report.

>> Carmen:  Yeah.  I can say a few ‑‑ I make a few comments.  I think what's happened in the last GGE is geo political context was not very favorable.  It hasn't really become much favorable since, by the way.  That's been daunting with in mind we've going to sit together around the table again.  I think in 16, 17, it was much more than in doing the GGE in 15 that took place after some momentous events that changes the situation.  It was more and more obvious it was just the context was not very inviting and not very helpful in that regard.  And what happened was that unfortunately, some of the issues that we had already reached agreement about in the area of international law notably indeed there the report in 15, for example, in the applicability of the principles that sent ‑‑ that support international humanitarian law principles like professionality, humanity, distinction.  These were suddenly contested again to such an extent that we threatened to go backwards.  We weren't even ‑‑ there was a threat and we weren't able to consolidate what we had, but we were really pushed back.  That was very daunting.  Also other elements and other elements of the charter of the UN charter.  For example,s rights of self‑defense was in cyberspace was suddenly questioned by some participants to such an extent that even there it was difficult to hold the line.  So that was ‑‑ the reason why it wasn't possible in the end to reach an agreement and consensus report.  It was a pity because in other areas of work of the GGE like voluntary non‑binding norms of behavior and confidence building measures and capacity building and also the section on the ‑‑ with the definition of threats, some good work has been done during that GGE.  And we were really ‑‑ we could have made progress there.  For example in the norm section, we have elaborated more on how these norms, 11 norms, foundational norms that were defined in 15 like do not attack each other's critical infrastructure and Peacetime.  Do not attack and Chris referred to it as do not attack computer emergency response teams in Peacetime work together, assist each other when there are cross‑border cyber incidents, et cetera.  We were ‑‑ we did a lot of work in 16, 17 to provide more guidance to countries on how to do that.  For example, we were discussing critical is infrastructure and we were discussing about the importance to insure to safe guard the general availability of the Internet alluding to protecting the core of the Internet, the logical layer, et cetera.  A lot of good work has been done.S circumstances were not very (inaudible) then.

>> CHAIRMAN:  Yes, please.

>> Yes.  (inaudible) remember that I was there in the 16 and 17 GGE as member of the Cuban delegation.  And what she said is correct.  There was some issues and there was no agreement, but I want to explain what are the concerns of delegation because it is not that it was not agreement because they're going back wards.  Regarding the international law, the concerns were that if you accept all those principles of a priority in a way, you are legitimizing that psyche or war concept.  That was explained in the final declaration including ours.  And that is why the red cross made a clarification for this new open ended working Group that in a way explained and confronts this thing that they put explicitly that by upholding this international monetary law does not mean the legitimizing the concept of civil war.  Once those are going on, it applies.  That was what we were defending at that time.  It was unfortunate.  You know what happened in that GGE that we left all the chairman left for the end all the Sony things and we didn't have time.  We had a couple more sessions and we could have gotten this resolved, but it wasn't.  And about the question that was made.  It's really very concerning.  The concept needs to be more clarified because when it says international law and the charter applied it in its entirety, a concept that we did not agree from previous GGE because it says that it's almost just like that and it's not just like that.  It needs clarification because the concept of arm attack that is in the charter does appear to cyber attack.  Is it equivalent to the concept of or attack that it can trigger counter measures and counter measures in the kinetic world?  That is very dangerous.  It's very dangerous because as you know, it is not old and even where it is more directly.  You have false flag, vents.  In the cyber world, we have seen many computers of a country are taken from other countries and from there to launch an attack.  It could be some retaliation to this country and that is very dangerous for international security.  What we are saying in several countries is that all those principles applied in principle there should be specific clarifications of how to implement that in practice.  Those are not surf mount am concerns.  Many countries, even western developed countries has concerns along the same line.

Some have proposed for attribution, something like that.  It's things that need some work.  It's not that some countries didn't want to agree and think what already agreed.  Those are legitimate concerns.  It's going to be met in this open ended and working Group and we hope that we could get because everybody should gain by having someone understanding.  If this is a thing, there's no understanding, we keep it on hold until we get the understanding.  I think that's the BASIS of the diplomacy going step by step.

>> CHAIRMAN:  Thank you.  I realize we have very little time left.  But I wanted to give you a chance to comment and I think we'll have to wrap it up.

>> Thank you very much and thank you for your comments.  To briefly clarify or clarify or comment on that, um, as far as applicability of international humanitarian laws are concerned, indeed, the ICRC in a report issued this year underscore of that, the fact that also the ICRC clearly and explicitly underscores the applicant of humanitarian law to cyberspace does not mean that that is ‑‑ that does not mean that this is ‑‑ how do we say a cart launch for military conflict in cyberspace.  But no where do the countries that have applicable humanitarian law during the previous GGE.  There we can find each other.  We're not advocating conflict.  We're being realistic.  There is just like airplanes that were designed‑for‑civil use, they were very quickly used.  So just like that cyber means will be used or used in conflict and then the civil population has to be protected.  And as far as the applicability of the UN charter in its entirety is concerned, may I kindly refer to the fact that the UN GA, the UN General Assembly has embraced 15 and 13 and has about the 15 report has explicitly concluded that members will be answer and seek guidance from those principles from those recommendations.  And one of those recommendations was indeed, by the UN charter as it stands in its entirety is applicable in cyberspace.  Thanks.  Chairman change last word and I'm afraid we will have to wrap it up so they can prepare fors next session.

>> I wanted to respond to that comment.  I wanted to say that attribution is possible.  Attribution wasn't possible, then we couldn't do anything in the cyber crime.  But we can investigate all sorts of incidents and we can investigate cyber crime incidents.  As we have increasing capabilities to do that in all of our countries, so we already have been attributing in a coordinated manner several important cyber attacks and we are notice reaching the stage where attribution is not a problem anymore.  The question is highway we do it, when we do it and whether it will help to solve the issues or whether it will help to escalate.  But this is already the political question.  This is what I wanted to say.

>> CHAIRMAN:  So, um, I wanted to take us back to just to leave you with a thought.  I think it's good to walk away with a thought.  I want to take you back to the comments made in the very beginning which is how do we insure that human rights are incorporated into these processees and how do we insure that we continue to promote them in the processees recognizing all the various challenges?  I think that was a call to action from the panelists in the first round of comments.  I think that is something we should very much take forward with us how in the various stakeholders we can continue to insure that human rights and cybersecurity are considered hand in hand.  With that, I think we will have to wrap it up.  Just a round of applause for our panelists and thank you very much for your comments and questions.