Relevance to Theme: In this workshop we want to put the focus on security and safety via cyber security of the people. Cybersecurity training should increase the capacity of citizens to become more secure online and therefore demand and defend their human rights safely if the state should infringe upon them. This workshop will take this aim. Furthermore, capacity building and collaboration with diverse stakeholders can ensure that users achieve certain levels of digital and legal literacy, so that if state practices infringe upon their rights and threaten individual security, there is recourse. A human rights centred approach to cybersecurity training is necessary so that vulnerable groups and minorities can benefit from access to technology and the infrastructure with which their state provides them. We are therefore asking in this workshop: How can we create cybersecurity trainings that aim to save these communities when principles of human-rights based cybersecurity fail? How can we properly ensure that programs that build cybersecurity capacity are actually human-rights based? Furthermore, how can these rights be operationalized in capacity-building programs for vulnerable groups through cybersecurity trainings? We will evaluate different roles of stakeholders and cybersecurity training set-up to gather best practices on achieving a human rights-centred approach to cybersecurity training that is sustainable at all levels of society - from the state to the individual. Here we specifically also want to include stakeholders that are usually involved in building capacity for cybersecurity and resilience of a state actor, such as Computer Emergency Response Teams asking what could their role be in achieving the same for citizens? Moreover, we want to connect stakeholders that are involved in capacity building programs and those who work on human rights and/or are affected by state actions against human rights and need cybersecurity training to protect themselves.
Relevance to Internet Governance: While recommendations on how to have a human rights-based cybersecurity policy, were spelled out IGF in 2018 (“The development of cybersecurity-related laws, policies, and practices should from their inception be human rights-respecting by design.”), this does not mean that states necessarily take this into consideration when crafting their cybersecurity practices. The issue of cybersecurity has been prioritized at the state level to protect national security. The focus on the state and “its” security crowds out consideration for the security of the individual citizen, not least because in some areas of the world, it has become the case that more security means infringing upon individual freedoms and liberties, by means of government hacking for example. The type of security that is currently prioritized is often not security (directly) relevant to the people --- examples that this is the case: Repressive laws, increased surveillance, and regulatory controls from governments such as China, Egypt, the United Kingdom, Canada, Germany and France have also increased. Additionally, calls to ban security and anonymizing tools such as Tor have come from Russia, Pakistan, Belarus, and was recently also called for at the European police congress. These varied policies and practices are changing the nature of the Internet and creating challenges regarding its technical and legal fragmentation
