UN GGE, Power Asymmetry and “Cyber Inequality”: a reflection exercise
By Bernardo Beiriz Marques Barbosa
Abstract
The participation model adopted by the UN GGE has similar flaws to those present in the UN Security Council, as it privileges a group of states. This makes the GGE become a space where more powerful states, such as the United States, Russia and China promote their interests in cyberspace from the cybersecurity norms that are constructed, deepening a structural power asymmetry already existing in the International System and generating a “cyber inequality”.
“The Internet presents social and economic attributes of a global public good” (CANAZZA, 2018, p. 17). Mario Rodrigo Canazza’s statement, based on the study of Inge Kaul’s work, among other authors, allows for the development of the idea that the Internet is not only a global public good but also one that enables the existence of other global public goods. That is, the Internet and its developments, such as cyberspace (a mélange between hardware and software, between physical infrastructure, code, and human interaction), depends on good global governance, to ensure that the benefits of these technologies are accessible to “all countries, people and generations” (KAUL et al., 2003, p. 23).
Internet Governance, in turn, is defined as “the development and application by Governments, the private sector and civil society, in their respective roles, of shared principles, norms, rules, decision-making procedures, and programmes that shape the evolution and use of the Internet” (WGIG, 2005, p. 4).
I consider, however, that the “good governance” of the Internet is crossed by two issues that hinder it: (I) the inequality of communication and information technology (ICT) infrastructure that exists among countries and (II) cybersecurity.
The UN GGE (“UN Group of Governmental Experts (GGE) on Advancing responsible State behaviour in cyberspace in the context of international security”) is the main forum responsible for such governance. Established in 2004 under the United Nations General Assembly First Committee on Disarmament and International Security Issues (UNITED NATIONS, 2004), the emergence of the UN GGE is related to the development of the Internet and the consequent proliferation of threats operating in cyberspace. The group aims to assess the applicability of international law to the “cyber” dimension and to develop norms, rules and principles for the behaviour of states in this sphere. In other words, the UN GGE is one of the initiatives created to contribute to Internet Governance, dialoguing directly with the responsibilities of States in relation to cybersecurity through the creation of norms, avoiding conflicts and their negative consequences for the international community.
My goal in the present paper is to assess how the UN GGE contributes to the deepening of an asymmetry of power among states in the International System and to the development of a “cyber inequality.” I argue that these effects occur for three reasons: (I) the adoption of an exclusionary participation model, which reinforces power concentration dynamics in the International System and the UN; (II) a focus on issues of less urgency for states with a lower level of ICT development; (III) a lack of concrete and objective actions that address the technical capacity building of less developed states in ICTs, all of these reasons being interconnected.
Criticism of the UN GGE’s participation model is similar to that of the UN Security Council (SC): it is simply too restrictive. The SC is composed of 10 rotating members and 5 permanent members (Russia, China, the United States, France, and the United Kingdom, the first three of which are currently considered “cyber powers”), with the power to veto resolutions. The UN GGE, in turn, is composed of 25 representatives appointed by the states, 5 by the same permanent members of the SC and the other 20 chosen by states pre-selected by the “High Representative for Disarmament Affairs”. The GGE’s decisions are based on a consensus among the participants, so the disagreement of one makes it impossible to issue a final report with the conclusions of the work done over two years.
A first question may be raised by the attentive reader: the definition of Internet Governance provided here refers to different stakeholders that go beyond the State, but in the GGE we have only the participation of officials appointed by member countries. The “reduced participation multilateralism”, or state-centric and excluding format of the UN GGE, is incompatible with the demands of the Internet Governance field, which has as its “gold standard” the “multistakeholderism”, a model more adapted to the need of listening to different actors involved in Internet maintenance and cyberspace security. Internet Governance needs to be cross-cutting and address the interests of all countries in their population pluralities, including the poorest and least developed countries in terms of ICTs.
Moreover, some of the issues about the legitimacy of the SC raised by Ian Hurd (2008) can be translated to the case of the GGE, including his argument that advocacy of SC reform may be grounded in a desire by states to ensure the promotion of their interests. However, without a reform of the GGE, for example, the tendency is that, regardless of the need for consensus to produce the final report, the focus of discussions will be given to matters of interest to the “cyber powers”, to the detriment of the real needs of other states.
The GGE then becomes a new political arena where these three “cyber powers” dispute the guarantee of their interests through the promotion of certain norms and interpretations of international law. An important example of this political dispute appears in the GGE 2016/17: the disagreement of the Cuban representative, supported by Russia and China, on paragraph 34 of the report, which dealt with Article 51 of the UN Charter, the right of self-defence and its relation to cyber-attacks, made it impossible to publish the document (CUBA, 2017). In this sense, the GGE reinforces the power asymmetry existing in the IS (reason I) by allowing the political clashes between the two blocks that form in cyberspace (Russia, China and allies vs US and allies) to occupy a central position in the committee. Is the “great powers politics” described by John J. Mearsheimer beginning to take hold in cyberspace and Internet Governance mechanisms?
The two other reasons I cite as responsible for the GGE’s influence in producing a “cyber inequality” are related to ICT infrastructure and the idea that policies that are set at the international level have effects at the local level. What is “cyber inequality” anyway? I understand it as the intersection between the normative power that countries exert/can exert and their level of ICT development. It refers both to the power/influence/agency that countries exercise/possess in the context of Internet Governance and in relation to national infrastructures, which dictate how countries access the benefits of the global public goods that are the Internet and its extensions.
The UN GGE establishes guidelines and parameters for Internet Governance in relation to cybersecurity, dialoguing, therefore, on global issues, from the input of 25 states, three of which are the most interested and prepared for these discussions. The participation of countries in the GGE through their representatives is not limited only by the lobbying needed to secure a temporary membership: the expertise and material conditions to afford the participation in the discussions are indispensable, which excludes countries that do not possess them.
The letter “k” standard agreed upon at the 2015 EGM states that national CERTs, cybersecurity incident response teams, should not be attacked by other states (UN GENERAL ASSEMBLY, 2015, p.8). Interestingly, the African continent, according to data from the international forum for security incidents, FIRST, has only 23 registered cybersecurity teams out of a universe of 54 countries (FIRST, 2021). That is, several countries on the African continent have no CERTs affiliated with FIRST. At the same time, Europe has 260 CERTs, North America 113, Asia 114, and South America 47 (FIRST, 2021).
This is just one of the objective expressions of the inequality of ICT infrastructure that exists between countries. The International Telecommunication Union (ITU) reports that by 2021 approximately 90% of individuals in developed countries use the internet, while the percentage is only 27% in “less developed countries” (ITU, 2021). Analyzing the 2010, 2013 and 2015 reports of the GGEs, we find a progressive increase in mentions of the need to build the capacity of states for cybersecurity and digital infrastructure from “capacity-building” programs: after all, cybersecurity standards produced in the GGEs only make sense if (all) states have the capacity to comply with them.
Even so, the language used in the reports is that of a recommendation, without going into detail or presenting concrete strategies to ensure that capacity building programs are actually developed. Expressions such as “it would be beneficial”, “it should be considered”, among others, mark the maximum expression of concern of the GGEs with the need to try to decrease the technological inequality between countries.
Martha Finnemore, who has written alongside Duncan B. Hollis and Kathryn Sikkink, describes (in her theorizing about norms and their diffusion process) the processes of “emergence, cascading, and internalization,” which would constitute the “life cycle” of norms. In a brilliant passage, Finnemore and Hollis point out that ” The success of a norm rests not just in what it says, but in who accepts it, not to mention where, when, and how they do so” (FINNEMORE, HOLLIS, 2016, p. 427). Taking the different GGEs as the object of analysis, it is possible to state that there is an inherent difficulty posed to the life cycle of the norms that are produced in this committee. In the first place, if the norms are perceived as coming directly from a specific political narrative, that is, mechanisms of diffusion of American power, for example, they already have great chances of being promptly rejected and persuasion (stage one mechanism, “emergence”), would not occur. Moreover, the socialization of these norms and their internalization into habits and practices (FINNEMORE, SIKKINK, 1998, p. 898) depends again on the implementation capacity, thus ICT infrastructure, and the recognition of their usefulness by the actors involved.
By placing the need for technological capacity building and matters of urgency for less developed countries in ICTs in the background, while adopting the character of a political arena, the GGE deepens an asymmetry of power among states in the International System, as it reinforces the control that Russia, China and the US hold over issues with global implications. The GGE also contributes to the development of a “cyber inequality” by preventing the exercise of normative power by less developed countries in relation to ICTs in the context of Internet Governance, since it creates barriers to entry, both explicit (the reduced and pre-selected number of members) and implicit (the level of expertise and material conditions preventing certain countries from participating in the discussions).
Thus, the GGE, while attempting to contribute to the development of “good Internet Governance”, faces challenges to do so. International forums such as the GGE must aim to ensure that the benefits of the Internet and global public goods alike are accessible to all “countries, people and generations,” thus promoting true “good governance” of the Internet.
The views expressed in this article are the author’s own, and may not reflect the opinions of the Sciences Po Cybersecurity Association.
REFERENCES
ASSEMBLEIA GERAL DA ONU. Report of the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security. AG Index: A/70/174, 22 of July, 2015. Available in: https://undocs.org/A/70/174
CANAZZA, Mario Rodrigo. The Internet as a global public good and the role of governments and multilateral organizations in global internet governance. August de 2017. Meridiano 47. p. 1-18. DOI: http://dx.doi.org/10.20889/M47e19007
CUBA. Cuba at the final session of Group of Governmental Experts on developments in the field of information and telecommunications in the context of international security. 23 of June, 2017. Available in: 71 UNGA: Cuba at the final session of Group of Governmental Experts on developments in the field of information and telecommunications in the context of international security. | CUBADIPLOMATICA (gob.cu)
DIGWATCH, GENEVA INTERNET PLATFORM. UN GGE and OEWG. 2021. Available in: https://dig.watch/processes/un-gge/#Open-issues
FINNEMORE, Martha; SIKKINK, Kathryn. International Norms Dynamics and Political Change. 1998. International Organization, 52. p. 887-917.
FINNEMORE, Martha; HOLLIS, Duncan B. Constructing Norms for Global Cybersecurity. July, 2016. The American Journal of International Law, vol. 110. p. 425-479.
FIRST. FIRST members around the world. 2021. Available in: https://www.first.org/members/map
GRIGSBY, Alex. The UN GGE on Cybersecurity: What is the UN’s role?. 15 of April, 2015. Available in: https://www.cfr.org/blog/un-gge-cybersecurity-what-uns-role
HURD, Ian. Myths of Membership: The Politics of Legitimation in UN Security Council Reform. 2008. Global Governance, vol. 14. No. 2. p. 199-217.
INTERNATIONAL TELECOMMUNICATION UNION, DEVELOPMENT SECTOR. Measuring digital development: Fact and figures 2021. 2021. Available in: https://www.itu.int/en/ITU-D/Statistics/Pages/stat/default.aspx
INTERNATIONAL TELECOMMUNICATION UNION, ITU REGIONAL OFFICE FOR AFRICA. Establishment of CERTs/CIRTs in the region. August, 2018. Available in: https://www.itu.int/en/ITU-D/Capacity
Building/Documents/IG_workshop_August2018/Presentations/Session5_SergeZongorev.pdf
NAÇÕES UNIDAS. Charter of the United Nations. 26 of June, 1945. Available in: https://legal.un.org/repertory/art51.shtml
KAUL, Inge et al. Providing global public goods: managing globalization. July, 2022. United Nations Development Programme, Oxford University Press.
RUHL, CHRISTIAN et al. Cyberspace and Geopolitics: Assessing Global Cybersecurity Norm Processes at a Crossroads. 1 of February, 2020. Available in: https://www.jstor.org/stable/resrep24286.5?seq=1#metadata_info_tab_contents
SCHOLTE, Jan Aart. Towards greater legitimacy in global governance. 8 of February, 2011. Review of International Political Economy, 18. p. 110-120. DOI: https://www.tandfonline.com/action/showCitFormats?doi=10.1080/09692290.2011.545215
THE HAGUE PROGRAM FOR CYBER NORMS. A table of cumulative recommendations in the UN GGE Reports (2010-2015). 2021. Available in: https://www.thehaguecybernorms.nl/cumulative-recommendations-in-the-un-gge-reports
UNODA, UNITED NATIONS OFFICE FOR DISARMAMENT AFFAIRS. Fact sheet: Developments in the field of information security and telecommunications in the context of International Security. July, 2019. Available in: https://unoda
web.s3.amazonaws.com/wp-content/uploads/2019/07/Information-Security-Fact-Sheet-July 2019.pdf
VÄLJATAGA, ANN. Back to Square One? The Fifth UN GGE Fails to Submit a Conclusive Report at the UN General Assembly. 2021. Available in: https://ccdcoe.org/incyder articles/back-to-square-one-the-fifth-un-gge-fails-to-submit-a-conclusive-report-at-the-un general-assembly/
WGIG, WORKING GROUP ON INTERNET GOVERNANCE. Report of the Working Group on Internet Governance. June, 2005. Available in: http://www.wgig.org/docs/WGIGREPORT.pdf