By Deborah Brown 10 January 2019
Last month, the UN General Assembly (UNGA) wrapped up its main session, passing a record number of resolutions relevant for internet policy. This two-part article outlines major developments in UNGA’s First Committee, which are significant for the development of international norms in cyberspace, and in the Third Committee, which covers a range of internet-related human rights issues.
While internet-related issues have been increasingly on UNGA’s agenda, the 73rd session was significant for a few reasons. First, the sheer number of resolutions that substantively addressed internet issues was high (at least 10) on a broad range of issues including security (two), sustainable development (two), human rights (four), and crime (one). Second, this session created three forward-looking processes which promise to keep cybersecurity and cybercrime on UNGA’s agenda; and third, geopolitical dynamics at UNGA meant that for some issues, compromise was out of reach and votes were called on issues where delicate consensus was previously achieved.
These dynamics led to mixed outcomes. Generally speaking, the human rights-related resolutions led to positive developments contributing to norms to safeguard privacy in the face of new threats, combat sexual harassment, and protect peaceful assembly and association, both online and offline. Two resolutions related to sustainable development, adopted by UNGA's Second Committee, largely renewed and reinforced the need to harness ICTs for sustainable development and consider the impact of rapid technological change on the achievement of the Sustainable Development Goals. The resolutions concerning cybersecurity and cybercrime were more contentious, all going to a vote and creating new work streams, competing if not for what they aim to achieve then at least for resources and the attention of states.
The trend of states invoking sovereignty in UNGA debates, often at the expense of human rights, is cause for concern and calls into question the extent to which UNGA should even be the site of internet policy debates – which, according to the UN’s own principles, should be inclusive of all stakeholders. For the time being, however, it appears that internet policy issues are set to stay on UNGA’s agenda, and more attention and engagement are needed from civil society and other actors working towards a secure, stable and open internet that is rights-based.
Part one: Disagreement in the UN General Assembly’s First Committee over norms on international security in cyberspace results in two parallel processes
The UN General Assembly’s First Committee, which deals with disarmament and international security, has considered cybersecurity-related issues since the Russian Federation first introduced a draft resolution, “Developments in the field of information and telecommunications in the context of international security”, in 1998. The First Committee has broadly addressed cybersecurity by considering norms, rules and principles of responsible behaviour of states in cyberspace, confidence-building measures, and capacity building. As the idea of cyberconflict has grown from a threat to a reality in recent decades, the urgency and tensions over this topic also have grown.
While always controversial, the resolution has for almost always passed by consensus – the exception being four years (2005-2008) when the United States was the sole vote against, and 2016, when Ukraine abstained. Over the years, the Group of Governmental Experts (GGE) within the First Committee, which is tasked with deliberating on the topic, has made slow and steady progress. Through its reports, the GGE affirmed the applicability of international law and the UN Charter in cyberspace and agreed on various norms for peacetime behaviour, for example, that states should not interfere with each other’s critical infrastructure or target each other’s computer emergency response teams. Through the GGE’s work, states agreed that they should assist other nations investigating cyberattacks and that they are responsible for actions that originate from their territory.
In 2017, at UNGA’s 72nd session, discussions in the First Committee on this topic broke down. The fifth GGE was not able to issue a consensus report, reportedly due to disagreement on the right to self-defence and the applicability of international humanitarian law to cyberconflicts, especially with regards to countermeasures, i.e. what options states may have in responding to cyberattacks. Unable to issue a substantive resolution, UNGA adopted a one-sentence consensus decision to keep this issue on the agenda for the 73rd session.
Remarkably, negotiations in 2018 were even more divisive. Not only did the issue come to a vote, but two resolutions – one led by the Russian Federation and a second by the United States – were tabled. As a result, there are now two parallel work streams on this topic in UNGA, with different procedures, led by governments with competing visions for how the UN should address norms on international security in cyberspace.
Creation of a new open-ended working group
The Russian Federation tabled a resolution by the same name as its previous iterations, “Developments in the field of information and telecommunications in the context of international security”; however, the text that was ultimately adopted represents a marked departure from previous resolutions. Most notably, it initiates a “negotiation process on security in the use of information and communications technologies” in the form of an open-ended working group (OEWG) of the General Assembly. The OEWG will further develop rules, norms and principles of responsible behaviour of states in cyberspace and their implementation; introduce changes to previously agreed norms or elaborate additional rules of behaviour; and study the possibility of "establishing regular institutional dialogue [...] under the auspices of the United Nations.” The resolution, which selectively draws on previous GGE reports, has a stronger emphasis on state sovereignty and information control than previous consensus texts. However, some of the more controversial aspects, like the language drawing on the Shanghai Cooperation Organization's International Code of Conduct on Information Security, were removed from the final version that was adopted.
For a number of states from the Western Europe and Other Group (WEOG), which includes the US, Canada and allies, the idea of negotiating on cybersecurity norms and the possibility of establishing a new institutional arrangement within the UN is a non-starter. Some states contend that the shift away from an expert-based approach and the distortion of the meaning of already agreed upon norms “risks destroying hard won international consensus.” As a result, the US tabled a separate resolution calling for the continuation of the GGE process (see more below). Votes on the text (119 in favour, 46 against, 14 abstentions) fell largely along regional blocs, with WEOG voting against, Eastern Europe split, and the rest of the world (Latin America, Asia Pacific, and Africa) mostly voting in favour, with a few exceptions.
Aside from the OEWG, the resolution also includes controversial new elements that reinforce Russia’s approach to information security – the protection of national interests in the information sphere – as opposed to cybersecurity, i.e. the availability, confidentiality and integrity of information and its underlying infrastructure. For example, it reaffirms “the right and duty of States to combat, within their constitutional prerogatives, the dissemination of false or distorted news, which can be interpreted as interference in the internal affairs of other States or as being harmful to the promotion of peace, cooperation and friendly relations among States and nations.” It also recognises “the duty of a State to abstain from any defamatory campaign, vilification or hostile propaganda for the purpose of intervening or interfering in the internal affairs of other States.”
Expanding the focus of this resolution to include online content, such as false or distorted news or defamatory content, goes beyond what many states consider within the scope of cybersecurity and the First Committee’s mandate. The framing of “false or distorted news” as a matter of international security together with the lack of references to international human rights norms when it comes to restrictions on freedom of expression is particularly concerning. As the Freedom Online Coalition recommended, cybersecurity-related laws, policies and practices should not be used as a pretext to violate human rights, especially free expression, association, assembly, and privacy.
Perhaps some good news for non-governmental stakeholders who seek to engage in the development of norms in cyberspace is that because the Russian Federation presented this initiative as being more “democratic, inclusive and transparent” than the GGE process, the resolution provides for the “possibility of holding, from within voluntary contributions, intersessional consultative meetings with the interested parties, namely business, non-governmental organizations and academia, to share views on the issues within the group’s mandate.” The reference to voluntary contributions means that the consultations can only happen formally if a member state (or group of member states) offers to fund the process. The OEWG will hold an organisational session in June 2019 in order to agree on the organisational arrangements and is tasked with submitting a report on the results of its study to the General Assembly at its 75th session (end of 2020).
New iteration of the Group of Governmental Experts
The US led a second resolution on the same topic in the First Committee, entitled “Advancing responsible State behaviour in cyberspace in the context of international security”, which largely draws on the past consensus resolution, but with renewed emphasis on cooperation and coordination among states. This resolution uses stronger language in referencing the importance of human rights and fundamental freedoms in the use of ICTs than past iterations, and calls on states to “ensure an open, interoperable, reliable and secure ICT environment consistent with the need to preserve the free flow of information” in addressing the threats emerging in this field.
The US-led resolution, which was adopted by a vote (138 in favour to 12 against, with 16 abstentions), continues the GGE process by mandating the creation of a new GGE to continue to study how international law applies to state action in cyberspace, identify ways to promote common understandings and effective implementation of existing norms, as well as possible cooperative measures, including additional norms, rules and principles, confidence-building measures and capacity building to address existing and potential threats. The GGE will work from 2019 to 2021 and submit its report to the General Assembly’s 76th session (end of 2021). This sixth GGE will cost nearly USD 1.3 million.
It is worth noting that both the US- and Russian Federation-led resolutions stressed that while states have the primary responsibility for cybersecurity, “effective international cooperation would benefit from identifying mechanisms for the participation, as appropriate, of the private sector, academia and civil society organizations.”
What this means for UNGA’s work on norms in cyberspace moving forward
Considering there is already a proliferation of spaces and processes in which cyber-related policy issues are being discussed and debated, creating an additional work stream within UNGA’s First Committee will challenge both the capacity of smaller, less-resourced missions to engage in such discussions, and the coherence of the UN on this issue going forward. It is not clear at this point to what extent states that opposed the resolution will engage with the OEWG. However, it is worth noting that the majority of member states voted in favour of both resolutions and do not see the two initiatives as mutually exclusive.
Practically speaking, states will have to choose whether to invest their resources into the OEWG, whose modalities are currently undefined and which will work until a state proposes to end it, or the time-bound GGE, which consists of a rather small group of states (15-25), or both. For smaller, less-resourced missions, especially those coming from countries in the global South, it is unlikely they will be able to participate in both. Given that the OEWG is open to all and has a broader mandate – to build on previous efforts, or introduce changes to previously agreed norms, and potentially result in the establishment of new institutional mechanisms to address this issue in the UN system – this may be a more attractive option.
A likely result of the creation of parallel processes in UNGA on cybersecurity is that states will engage in forum shopping. For states such as, for example, those that had unsuccessfully proposed “to start with urgency the development of an international convention on securing cyberspace” at the recent International Telecommunication Union Plenipotentiary meeting, the OEWG presents a new opportunity to advance proposals for new institutional arrangements or agreements on cybersecurity.
Due to distinct positions between the proponents of the two initiatives on thorny topics – like what self-defence in cyberspace looks like, what countermeasures should be available to states, whether misinformation is even a cybersecurity issue, and fundamental issues of whether a state has sovereign control over cyberspace – the trajectories of the OEWG and GGE may be quite far from one another. It is important to keep in mind that both initiatives are meant to work on a consensual basis, and that the currently volatile geopolitical relations on cybersecurity between their respective proponents, the Russian Federation and the US, mean that the ability of either initiative to find the compromises necessary to achieve consensus is very much an open question.
But it would be a mistake to write off either the new GGE or OEWG as doomed to end in stalemate or as diametrically opposed. As noted previously, most UN member states voted for both initiatives. Additionally, in recent years there have been efforts to advance norms, through for example the Global Commission on the Stability of Cyberspace and the Freedom Online Coalition’s “An Internet Free and Secure” Working Group, and to build cyber capacity, through for example the Global Forum on Cyber Expertise, as well as important work done at the regional level, such as the Inter-American Committee against Terrorism’s Cybersecurity Program, which serve as a reminder that there is more room for common ground and progress than outcomes at UNGA’s First Committee would suggest. Both the OEWG and GGE would do well to build on these initiatives and engage outside actors, particularly civil society and the technical community, who have valuable expertise to offer.
Why developments at the First Committee are important for human rights
Meaningful access to the internet has become a necessary precondition for the exercise of human rights, online and offline. The same cyberattacks that threaten international security threaten the availability, confidentiality and integrity of digital communications, which are essential to the enjoyment of rights and to daily life more broadly. Cyberattacks targeting public institutions, in particular electoral systems, as well as hospitals, banks, hotels and newspapers, both undermine a range of rights, including freedom of expression, privacy, assembly and association, and economic, social and cultural rights, and undermine the very institutions that are meant to safeguard those rights. Therefore, the development and implementation of norms for responsible state behaviour in cyberspace is critical for the promotion, protection and enjoyment of human rights.
If states, through the GGE and/or OEWG, can reach common ground on measures that should be prohibited, what a proper response is, and how to cooperate to reduce cyberthreats, the possibility of further escalation of conflict in cyberspace might be avoided. However, there is also the possibility that these initiatives could reinforce worst practices by providing cover and justification for practices that undermine human rights by tightening control of information online, expanding the reach of government surveillance, and normalising measures that further militarise cyberspace. Unfortunately, strengthening cybersecurity for some means strengthening the security of the state and extending sovereignty into cyberspace at the expense of the human rights and security of individuals.
The topic of negotiating norms on international security in cyberspace was the subject of considerable discussion at a Day 0 event, “A Rights-based Approach to Cybersecurity”, that APC co-organised at the 2017 Internet Governance Forum (IGF). A number of civil society participants raised concerns about their participation in such a process, which is likely to be restricted and only possible through inclusion in national government delegations – a practice which very few governments currently embrace. Many raised the point about who would be setting the agenda for such negotiations, and to what end. Most seemed to agree that negotiations, particularly ones aimed at a treaty, would not result in greater respect for human rights in the context of security, but would instead lead to increased control by governments over their citizens.
Part two: UN General Assembly’s Third Committee adopts a number of resolutions reinforcing human rights in digital contexts, in particular the right to privacy, and also establishes a new stream of work on cybercrime
The meeting of the UN General Assembly’s Third Committee, which deals with social and humanitarian affairs and human rights issues, was held 2 October through 20 November 2018. It adopted 57 resolutions, which were then adopted at the plenary level in UNGA on 17 December. The Third Committee is increasingly addressing a range of internet-related human rights issues, from the right to privacy to cybercrime. In 2018, five resolutions substantively addressed digital issues, in addition to references to internet rights in recurring resolutions. Below is a wrap-up of key resolutions for internet rights from UNGA's 73rd session.
The most positive outcome for human rights online at this UNGA session was the adoption of the latest resolution on the right to privacy in the digital age, which once again passed by consensus. Led by Brazil and Germany, this resolution built on important normative gains that had been advanced through other UN resolutions since the biannual resolution was last adopted in 2016, and also addressed newer, g issues, like threats to privacy that result from the use of biometric data and artificial intelligence (AI). Highlights from the text include:
Gender dimensions of privacy: The 2016 privacy resolution touched on the issue of gender by recognising that privacy violations can have particular effects on women. The 2018 resolution goes further by recognising that promoting and respecting privacy are important for “the prevention of gender-based violence, abuse and sexual harassment, in particular against women and children, which can occur in digital and online spaces and includes cyberbullying and cyberstalking” and calls upon states “to consider developing, reviewing, implementing and strengthening gender-responsive policies that promote and protect the right of all individuals to privacy in the digital age.” In calling on states to provide effective guidance to businesses on how to respect human rights, the resolution also specifically suggests that businesses effectively consider issues of gender, vulnerability and/or marginalisation.
Government surveillance: The impetus behind the original UNGA privacy resolution in 2013 was the Snowden revelations around mass government surveillance. The 2018 resolution renews focus on government surveillance by emphasising that states must respect international human rights obligations regarding the right to privacy, including when they “share or otherwise provide access to data collected through, inter alia, information- and intelligence-sharing agreements,” and calling on states to “refrain from employing unlawful or arbitrary surveillance techniques, like hacking.” Intelligence sharing and government hacking remain some of the most pervasive, and least regulated, surveillance practices and pose substantive risks to human rights and the rule of law.
Artificial intelligence: Reflecting increasing awareness about the potential of AI to deepen discrimination and perpetuate human rights violations, the resolution notes with concern that “profiling, automatic decision-making and machine-learning technologies […] without proper safeguards, may lead to decisions that have the potential to affect the enjoyment of human rights, including economic, social and cultural rights,” and recognises “the need to further discuss and analyse these practices on the basis of international human rights law.” It also calls on businesses to ensure that respect for the right to privacy and other international human rights is incorporated into the design, operation, evaluation and regulation of automated decision-making and machine-learning technologies and “to provide for remediation of the human rights abuses that they have caused or to which they have contributed.” Finally, the resolution encourages the Human Rights Council (HRC), the Office of the United Nations High Commissioner for Human Rights and all relevant stakeholders to further discuss this issue. The HRC will next take up the issue of the right to privacy in the digital age at its March 2019 session, when it can decide through its own resolution how to take up the issue of AI, as well as other privacy-related issues.
Biometric data: The processing of biometric data by governments and the private sector alike is becoming commonplace, exposing people, especially people in vulnerable or marginalised positions in society, to human rights violations. Responding to this emerging threat, the resolution notes “the increase in the collection of sensitive biometric information from individuals” and stresses that states “must respect their human rights obligations and that business enterprises should respect the right to privacy and other human rights when collecting, processing, sharing and storing biometric information by, inter alia, considering the adoption of data protection policies and safeguards.”
Strengthening safeguards for privacy: The resolution makes important references to principles of international human rights law and to data protection, which are based on the last HRC privacy text, but are new to UNGA. For example, the resolution recalls that any interference with the right to privacy should take into account its legality, necessity and proportionality. This is slightly weaker text than the HRC resolution, which called for states to ensure consistency with these principles, but it is still a stronger message to states than what the previous UNGA resolution included. The 2018 text also calls on states to consider adopting and implementing data protection legislation, regulation and policies, and goes on to detail what types of measures this could include, such as “the establishment of national independent authorities with powers and resources to monitor data privacy practices, investigate violations and abuses and receive communications from individuals and organizations, and to provide appropriate remedies.” In the age of data, such measures are critical for making the protection of privacy a reality.
Private sector responsibility: The 2018 text elaborates further on steps that the private sector should take to uphold its responsibility to respect the right to privacy. For example, it calls on companies to “implement administrative, technical and physical safeguards to ensure that data are processed lawfully and to ensure that such processing is limited to what is necessary in relation to the purposes of the processing and that the legitimacy of such purposes, as well as the accuracy, integrity and confidentiality of the processing, is ensured,” and to inform users “in a clear and easily accessible way” about how their data is being processed.
Another notable gain is that the resolution embraces multistakeholder approaches to privacy more than it did in previous iterations. There were, however, a few areas where text from the 2017 HRC resolution were not taken on, or were watered down. The loss of an operative paragraph calling for encryption and anonymity online is perhaps the most glaring example.
A sign of the times, the focus of the biannual resolution on violence against women in 2018 was sexual harassment. It builds on the recent HRC resolution on “Preventing and responding to violence against women and girls in digital contexts” by recognising the online dimensions of sexual harassment.
The resolution, which was led by France and the Netherlands and adopted by consensus, addresses sexual harassment as a form of gender-based violence (GBV), and as something that exists in private and public spaces as well as in digital contexts. It includes in its definition of gender-based violence “trolling, cyberbullying and other forms of cyberharassment, including unwanted verbal or non-verbal conduct of a sexual nature with a view to discrediting women and girls and/or inciting other violations and abuses against them.” It recognises that such sexual harassment, including in digital contexts, has “a negative impact on women and girls in the enjoyment of their rights and equal opportunities, has negative physical and mental health consequences for the victims and may negatively affect their families.”
With respect to sexual harassment on social media, the resolution specifically points to the impunity and the lack of preventive measures and remedies, and underlines the need for action by member states, in partnership with relevant stakeholders. It calls upon states to “encourage digital technology companies, including Internet service providers and digital platforms, to strengthen or adopt positive measures with a view to eliminating violence and sexual harassment, including sexual harassment in digital contexts.”
Finally, the resolution encourages states to systematically collect, analyse and disseminate data on all forms of violence against women and girls, including sexual harassment, also in digital contexts, “in order to monitor all forms of such violence, such as data on the relationship between the perpetrator and the victim and geographical location, with the involvement of national statistical offices and, where appropriate, in partnership with other actors, including law enforcement agencies, in order to effectively review and implement laws, policies, strategies and preventive and protective measures, while ensuring and maintaining the privacy and the confidentiality of the victims.”
This last part of the text is critical. While the data gap can be a real challenge in formulating laws, policies, strategies and preventive and protective measures, to address online GBV, victim/survivor-centred approaches are critical. Data must not be collected without the consent of the persons whose rights such measures are meant to protect, especially as data breaches are becoming everyday occurrences and could result in their further victimisation. Victims/survivors’ right to privacy must be reinforced, not undermined, in efforts to address sexual harassment online, including by ensuring that encryption and anonymity-enabling technologies are available to them.
The resolution passed by consensus; however, the US called a vote on two paragraphs, which included text on sexual and reproductive health and rights. The US was the only state to vote against the two paragraphs in question (130 states voted in favour, while 31 abstained). This marks an unfortunate new direction in US policy on sexual and reproductive health and rights at the UN in recent months, which reflects the growing influence of conservative Christians in the Trump administration seeking to undermine any outcomes at the UN that they see as promoting abortion and normalising sexual activity for young people.
In a first, UNGA adopted a resolution on freedom of assembly and association. This new resolution, led by the US, builds upon and reaffirms several previous HRC and UNGA resolutions on related issues, including resolutions on human rights defenders, the safety of journalists, and the promotion, protection and enjoyment of human rights on the internet, among others. Last July, just after the US withdrew from the HRC, the body adopted resolutions on peaceful protests and civil society space, so it is easy to view this resolution as a reflection of the US prioritising this issue, but also as part of its strategy of redirecting its efforts on human rights from Geneva to New York, a strategy that has already had negative consequences. Nonetheless, with freedom of assembly and association under attack around the world, this resolution is a positive development. The text makes a number of references to freedom of assembly and association online, including by:
Expressing grave concern about the growing “threats, risks and dangers faced by all individuals, online and offline, for exercising their rights to peaceful assembly and freedoms of expression and association, particularly members of civil society, including but not limited to human rights defenders, including women human rights defenders, indigenous human rights defenders (…).”
Stressing the responsibility of member states and encouraging “respect to all individuals exercising their right to peaceful assembly and freedoms of expression and association, online and offline, in cases of threat, harassment, violence, discrimination, racism and other violations and abuses committed against them.”
Calling upon all states to ensure “that the same rights that individuals have offline, including the right to freedom of expression, peaceful assembly and association, are also fully protected online” and refrain from “Internet shutdowns and content restrictions on the Internet that violate international human rights law.”
As the International Service for Human Rights reported, at the committee level, seven states – China, the Russian Federation, Bolivia, Venezuela, Iran, Belarus, Nicaragua and Syria – called for a vote on the resolution, criticising the text for being unbalanced as it failed to include proposals made, including proposals to limit the exercise of these fundamental rights. During negotiations, the US withstood pressure to include a greater number of references to sovereignty and the importance of national laws, among other suggestions. At the plenary level it faced more opposition, but still passed with 121 states in favour, 35 against and 32 abstentions.
Another first for UNGA's 73rd session was the adoption of a resolution on cybercrime. Tabled by the Russian Federation, the resolution “Countering the use of information and communications technologies for criminal purposes” was adopted by a vote, with 94 states in favour, 59 against, and 33 abstentions. Opposition to the resolution came mainly from Australia, Canada, the European Union and the US.
The resolution raises concern about the use of ICTs for criminal purposes and calls for the need to enhance coordination and cooperation among states in combating this phenomenon, such as through technical assistance and capacity building. Importantly, it mandates a report by the Secretary-General with the views of member states on the challenges they face in countering the use of ICTs for criminal purposes, which is to be presented at the next UNGA session.
The relatively short resolution is problematic not so much for what it contains, as for what is missing, and the new process it kicks off . For starters, the resolution never defines what is meant by “use of ICTs for criminal purposes”. Is the resolution aimed at addressing cyber-dependent crimes (i.e. crimes that can only be committed by using ICTs, like breaking into computer systems to commit a crime or DDoS attacks) or cyber-enabled crimes (i.e. using ICTs to assist in committing “offline” crimes, like child sexual exploitation)? The text is so broadly worded that it includes everything from trafficking in persons to crimes that “impact on the stability of critical infrastructure of States and enterprises.”
Aside from it setting an impractically broad mandate for the Secretary-General to address in one report, the lack of a definition in this resolution is cause for concern. States around the world (from Kenya, to Pakistan, to Saudi Arabia) are criminalising online behaviour that is protected under international human rights law and doing so through cybercrime laws. Specifically, cybercrime laws are being applied in ways that stifle dissent and government criticism, outlaw peaceful protests, gain indiscriminate access to people’s data, and crack down on tools that enable encryption and anonymity. Even when aimed at protecting citizens from criminal acts that put their safety and security at risk, such laws may be too broad in scope or not tailored narrowly enough to the harms they seek to address, and may therefore present undue restrictions on human rights, which can have a disproportionate impact on human rights defenders, journalists, artists and whistleblowers, among others.
In light of the above, the lack of references to human rights in the resolution is additional cause for concern. Given how both the use of ICTs for criminal purposes and measures to address cybercrime can restrict the exercise of human rights online, it is a glaring gap that the resolution does not at least affirm that the same rights people have offline must also be protected online, or cite the numerous UNGA and HRC resolutions that establish this. The sole reference to human rights in the resolution relates to the “importance of respect for human rights” in the use of ICTs, a lower standard than the state duty to protect and promote human rights online.
Furthermore, the resolution was criticised as duplicating work on cybercrime being done elsewhere in the UN, namely in Vienna at the Commission on Crime Prevention and Criminal Justice and its Open-Ended Intergovernmental Expert Group on Cybercrime, which was established in 2010. The multiple work streams within the UN system on similar issues encourages forum shopping among those who have resources and makes it difficult for smaller states with fewer resources to meaningfully engage.
Most importantly, this resolution is widely seen as an attempt to create a new global treaty on cybercrime, as an alternative to the Council of Europe’s Budapest Convention. The Budapest Convention has signatories beyond Council of Europe member states, but it is not universal. When addressing UNGA at the start of the 73rd session, Foreign Minister Sergey Lavrov signalled Russia’s intent for this resolution to start a process of a new convention on cybercrime. As Lavrov put it, “We also think it important to start developing a convention of fighting cybercrime, making provisions for respective discussions in the Third Committee.” Last year, the Russian Federation submitted a draft United Nations Convention on Cooperation in Combating Cybercrime, which did not gain any traction. While short of mandating a new treaty, the adoption of this resolution sets off the necessary steps to do so by creating an agenda item that UNGA will come back to next year.
For the past several years, UNGA has adopted a resolution addressing Nazism, racism, xenophobia and other forms of intolerance. Naturally, the internet has become more prominent in such debates as digital technologies provide tools through which intolerance can be spread and counterbalanced. In recent years, this resolution took a relatively balanced approach in how it dealt with the online aspects of the issue. It previously included text recognising the positive role that the exercise of the right to freedom of opinion and expression, including on the internet, can play in combating racism, racial discrimination, xenophobia and related intolerance, the need to promote the use of ICTs and the internet to contribute to the fight against racism, and called on civil society, states and other stakeholders to use all opportunities, including through the internet and social media, “to counter, in accordance with international human rights law, the dissemination of ideas based on racial superiority or hatred and to promote the values of equality, non-discrimination, diversity and democracy.” The resolution had also expressed concern about the increased use of the internet to promote and disseminate racism, racial hatred, xenophobia, racial discrimination and related intolerance, and specifically reminded states of their obligations under Articles 19 and 20 of the International Covenant on Civil and Political Rights in calling on them to counter the dissemination of racism online.
The 2018 resolution took a dramatic turn. The number of paragraphs addressing internet issues almost tripled, with nearly all of them highlighting the negative contribution of the internet to neo-Nazi, violent nationalist, xenophobic or racist speech, organising and indoctrinisation. The preamble of the resolution includes the addition of these four new paragraphs:
Concerned by the use of Internet platforms by groups that propagate hate to plan, fundraise and circulate information about public events aimed at promoting racism, xenophobia and related intolerance, such as rallies, demonstrations and acts of violence,
Seriously concerned that neo-Nazi groups have increasingly targeted susceptible individuals, mainly children and youth, by means of specifically tailored websites with the aim of their indoctrination,
Noting with concern that the variation in national standards prohibiting hate speech may provide safe havens for neo-Nazi, violent nationalist, xenophobic or racist speech owing to the fact that many neo-Nazi and relevant extremist groups of a racist or xenophobic character operate transnationally by relying on Internet service providers or social media platforms,
Expressing its concern about the use of digital technologies by neo-Nazis and other hate groups to disseminate their ideology, while recognizing that digital technologies are of great importance for the enjoyment of human rights and for combating racism, racial discrimination, xenophobia and related intolerance.
In the operative section, the resolution expresses concern regarding the use of the internet and social media by neo-Nazi groups to amplify their hate-filled messages and recruit new members across borders, and as well as at the increase in instances of groups and individuals espousing ideologies of hatred through the internet to disseminate ideas based on racial superiority or hatred, organise meetings and violent protests, fundraise and engage in other activities.
There is no denying the fact that the internet can contribute to the spread of racist, xenophobic and neo-Nazi ideology and that it can enable individuals and groups to organise on the basis of such beliefs. However, by pointing to the negative role of the internet, without a single new reference to international human rights law, the new text in the 2018 resolution can easily be used to justify, if not encourage, undue restrictions on human rights online. Already, internet service providers and social media platforms face considerable pressure to take down content, delete accounts, and gain access to personal data, either through government requests, intimidation or self-regulation.
There are plenty of UN resolutions concerning human rights online that could have been drawn on in this resolution, which could have both raised concern about the utilisation of the internet to propagate racism, while taking a human rights-based approach to addressing this issue, including by calling on the private sector to respect human rights in line with its responsibilities under the UN Guiding Principles on Business and Human Rights. While the resolution does correctly note that the internet can play a positive role combating racism, xenophobia and neo-Nazism, it misses the mark in providing safeguards to ensure that the internet can actually be used for this purpose.
This annual resolution led by the Russian Federation was once again adopted by a vote. At this latest UNGA session, the vote was 129 states in favour and two against, with 54 abstaining. As was the case in the past three years, the US and Ukraine were the sole “no” votes.
Mehar Gujral and Sebastián Becker Castellaro contributed to this article.