International Code of Conduct on Information Security

On Friday 7 October 2011 during the United Nations General Assembly (UNGA) First Committee discussions in New York, China introduced the opt-in International Code of Conduct on Information Security (A/66/359) it co-authored with Russia, Uzbekistan and Tajikistan. The proposed code of conduct is opt-in.

Why is this code of conduct important?

The proposed code of conduct is one part of the large body of Internet-related proposals being discussed in various intergovernmental and national venues at the moment. In particular, cybersecurity is currently being discussed in a number of venues, including:

• The United Nations General Assembly
• The International Telecommunications Union
• The Council of Europe
• ICANN

To understand China's participation in the development of the code of conduct, it is useful to read the following:

• China's 2010 white paper on the Internet
• China's 2011 submission, Add new articles on network and information security to ITRs, to the preparations to the International Telecommunications Union (ITU) World Conference on International Telecommunications(WCIT) (Note: the proposal is only available to those who have an ITU TIES account)

Code of conduct at the First Committee

The UNGA First Committee discusses issues related to disarmament and international security. In the past, this committee has been dominated by discussions on nuclear weapons, land mines and other military matters. But with the increasing importance of the Internet, matters of Internet security are beginning to be discussed too.

Below is an extract of the Committee's discussions on Friday, containing China's introduction to the code of conduct (emphasis added by me):

LEI WANG (China) said that, during the first decade of the twenty‑first century, there have been profound and complex changes in the international security landscape.  The global security issue had become increasingly prominent.  It not only extended to political, economic and financial fields, as well as public health and energy, but also covered a wider spectrum, from outer space to such new frontiers as cyberspace and polar regions.

[...]

Also important, he said, was the active pursuit of preventative diplomacy in the prevention of turning cyberspace and outer space into new battlefields.  The twenty‑first century had become an era of information.  The increasingly wider application of information and cyberspace technologies has helped pick up the pace of development of human civilization.  Meanwhile, the security threats on the front of information and cyberspace have constituted a grave challenge to the international community.

He said it was against that backdrop that China had joined the Russian Federation, Tajikistan and Uzbekistan as co‑sponsors and submitted a draft "International Code of Conduct on Information Security" to the current session.  The co‑sponsors hoped the international community, on that basis, would enter into open, transparent and democratic deliberations, within the framework of the United Nations, with the objective of reaching early consensus on the relevant code of conduct, so as to safeguard the common interests of all parties in this field, and to ensure that information and cyberspace will be used to better promote international peace, security and stability, as well as the well‑being of mankind.

The full text of the summary of Friday's general discussion at the UNGA First Committee is available in the following UN press release:

• China Champions New Thinking on Security, Shaped by Mutual Trust, Mutual Benefit, Amid Calls in First Committee for Binding Pledges of Non Use of Nuclear Weapons

Going forward with a cybersecurity code of conduct

It will be interesting to see exactly what is meant by the framework of "open, transparent and democratic deliberations" China and its co-authors propose for the further development of the cybersecurity code of conduct. The Internet ecosystem has long had a mantra of "openness and transparency" and "rough consensus" in policy and standards development. However, many governments have been very uncomfortable with this process, feeling more at home with the structured decision-making at the United Nations.

The United Nations is at its core an intergovernmental organization, and while it does include non-government participation in its deliberations, that participation differs according to the UN body. Therefore, it is not yet clear how the "open, transparent and democratic deliberations" for the proposed cybersecurity code of the conduct may occur within the UN. Will the full range of stakeholders be involved, as happens in the Internet Governance Forum? Will WSIS-accredited organizations be invited to participate? During the 2011 Internet Governance Forum in September, civil society representatives  submitted a letter to the UN Secretary General expressing their concerns that civil society be included in any further development of proposed code of conduct:

• Open letter to President of the UN General Assembly on International Code of Conduct for Information Security

Watch this space for more developments...