The following are the outputs of the captioning taken during an IGF intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.
***
>> MODERATOR: So hi, everybody, who is behind us and welcome to everyone online. We're happy to be hosting the paradox of inclusion in governance. I'm James Shires, I work in cybersecurity and Internet Governance research, education, and public engagement. We have a fantastic lineup of speakers today.
We have Yasmine Idrissi Azzouzi to my right in person. We have Louise Marie Hurel online. And we have Corrine Casha who is in a taxi coming from a similarly named conference center that she was accidentally taken to and will arrive soon. These things happen.
I'll say a little bit about the purpose of the panel overall and I'll hand over to our speakers. I'll start with Louise online, then I'll go to Yasmine, I'll talk a little bit about my perspective on the paradox of inclusion, and hopefully by then Corrine would sorted out her travel issues. We'll then open the floor for questions in person and on line. Thank you everyone for being here early on a Thursday morning.
We put together this panel because we felt there was a real issue with Internet Governance and inclusion. We call this a paradox of inclusion. The idea here is that we see a proliferation of efforts to bring in different actors in Internet Governance, when they're multi stakeholder forums, whether they're efforts to include developing countries and smaller states, or states with fewer resources, and there's lots of different efforts do these. Through different conferences, initiatives, meetings, so on.
In fact, there's so many of these efforts, keeping up with them all and keeping track of them all and participating in all of them is in itself a high resource burden. And that's what we term the paradox of inclusion.
Internet Governance recognises it has to be inclusive, it has to bring in multiple stakeholders.
But those who are really able to track the real range of Internet Governance forums from this one to those of the UN such as the OEWG on cybersecurity through to the Global Digital Compact, through to the cybercrime convention, to the multi stakeholder in Paris, the Paris call, et cetera, et cetera. This is what we want to talk about today is the starting point, recognising the inclusion matters. That there are genuine and very well developed efforts to make Internet Governance inclusive, but sometimes these efforts, for want of a better phrase as we would say in English, shoot themselves in the foot.
They require such a thin spread of inclusion across the Internet. That's the idea behind this session. We'd love to hear your thoughts on this paradox of inclusion, but before we do so, I'll turn to some short opening remarks from each of our speakers.
I'll first speaker is Louise Marie Hurel who is an associate fellow with Virtual Routes and is also working at the Royal United Services Institute. I'll leave you do a much introduction of your own work than I can and the floor is yours.
>> LOUISE MARIE HUREL: Thank you very much, James, and thank you all. I would love to be there with all of you and sadly, and thankfully also, talking about inclusion, just being able to connect, the IGF has always been great in that sense.
And I think James already kind of set a very interesting tone to our conversation here. I am Louise Marie Hurel, and James said, I work in the cyber program at RCI. And we've been reflecting a lot on different elements related to that.
Personally I've been attending the IGF for ten years now, which is kind of like baffling. And I think there's no other better place actually to have this conversation, because being involved in the IGF throughout different cycles of maturity and also other spaces such as ICANN, but also being increasingly involved in the cybersecurity discussions which is the bit I'm going to talk a little bit more about, I think you see those different communities of practice emerging and specializing.
So when we look at, in particular, you know, at the proliferation of initiatives, especially when it comes to cybersecurity, and that has something like if you look from 2017 or 2015, right, to today, it's quite impressive to see how many initiatives especially on cybersecurity, that have emerged.
Back then you'd have the group of governmental experts and it was a multilateral it's still a multilateral process, but you would have 30 governments or so discussing what is state responsibility and how international law applies to cyberspace.
And back then also you would have the global forum cybertese which was in London starting to mature and become a bigger platform.
Today these initiatives have consolidated quite a bit. Obviously the negotiations at the UN have been taking place for at least 20 years when it comes to state responsibility. But the traction that these others have had is quite substantive.
Just to frame this a bit, right now I think we see two much. And one is, we can look at the proliferation of these initiatives firstly as the specialization of the debate, right?
I remember I used to attend the IGF like in the again, like ten years ago and I would look where is the cyber community here. You would have one or two panels talking about this from more cyber diplomacy representative. And you would be trying to talk about the GGE. But now there's the ransomware initiative, the process that looks at cybersecurity proliferation, looking at state responsibility, and to some degree the interdependence between state and non state responsibility in cyberspace. We have the GFCE which is looking at cyber capacity building, and obviously Yasmine will touch upon capacity building from the I.T. perspective.
We have the tech accord spearheaded by Microsoft but tries to create this Community of Practice and thinking within the private sector and different parts of the private sector and norms they see when it comes to cybersecurity.
James already mentioned which is kind of a mix of different stakeholder groups.
So one way in which we can see that discussion, as I said, the proliferation as a specialization of the debate where we think that, you know, we cannot have this etherial conversation, we need to get to the other bits and pieces. But the other side is looking at the political strategy. Which it is in many ways. So if you think about the Ad Hoc Committee on cybercrime, that's the result of long friction at the geopolitical level of Russia trying to push forward in some ways the discussion of actually not just Russia, but in that case the presentation of the resolution to have a legally binding instrument on cyber cry and that really just contemplates the vision of many other countries that have not been involved in the Budapest convention or that don't necessarily agree that they should just subscribe to something that they should be part of the development of it. Which is, you know, increasingly and very valid point from their standpoint.
So you have those movements such as the Ad Hoc Committee which has ended right now that becomes part of that, let's say, political strategy.
Another example of proliferation being a political strategy is precisely to specialized debate because then you can control a bit more what the scope is and who's involved in this conversation. So on the other hand, you know, if we look at the counter ransomware initiative, it started out as something that was very much State Department led, right, the U.S. spearheading that. But then it has increased throughout, you know, the last couple of years.
And that requires, again, kind of how do you create a platform for a particular dialogue, but that you ensure that you are still open and flexible to bring others on board. I'm sure they'll talk more about the pal mall process that's interesting as well in terms of that proliferation as a political strategy.
But I'd say from James, flag to me if I'm speaking to much, but I wanted to give a little bit of a glimpse of the OEWG as part of this paradox of inclusion, right?
I think it comes as this proposed solution, so back in 2019 when you had the start of, like, two simultaneous processes, the GGE, the last GGE and the OEWG, you had this narrative that the OEWG as an open ended working group, as a UN mechanism for a particular type of dialogue, it would be more inclusive firstly because it would include all Member States. It would shift the conversation to the all of the GA members, the General Assembly members.
So from a composition standpoint, it would seem it seems that, you know, it would probably be more inclusive. And also it would have some participation from non state actors.
The enabler is that we're going from 30 to 193 countries. The challenge there is obviously that enabling effective participation of Member States as part of this process is a whole different ball game, right?
We've been working quite a lot to facilitate workshops on responsible cyber behavior and just working with other governments, like let's say small island states, like talking about ransomware, and trying to really kind of democratize the access to some bits of the debate or go deeper that the OEWG agenda.
There's structural element, they're just reproduced in these spaces, which is normally you have one person, if it is a small UN mission, you have one diplomat, one person that's there covering a myriad of themes, right?
So even if you have a process that has gone to the 193 countries, is it actually an effective participation. Because again, many countries won't see that state responsibility in cyberspace is the first topic on their national priority and they only have one person in the UN covering these topics.
And on top of that, they they really don't prioritize, because that's also challenging. And if they want to bring someone from the capital to participate, that's the cost of meaningful inclusion as part of that expansion of those that can participate.
So you have an enabler from a process standpoint, but that is it not address the structural challenges over there. Obviously there's some solutions such as the women in cyber fellowship which is funded by State Department, UK government, Australia, and a couple of others that seek to bring women diplomats or let's say representatives of national cybersecurity agencies to be the representatives at the OEWG.
So again, how do you kind of you enable a process, but then how do you make sure that process is actually inclusive at the end of the day so it's more a walking the talk paradox that we're thinking over here.
And you know, in some ways the second logic of inclusion within the OEWG, so we talked about the state one, the non state actor inclusion, again, the process does enable non state actors to participate, unlike the GGE, as I said, which is 30 states that participate. It was just them. No opportunity to look at what they were discussing or even, like, webcast at the UN. And the OEWG does all of those things, which is great.
But the disabler, I'd say, or let's say the paradox of inclusion for non state actors is obviously that it becomes it has become a weaponized discussion. Since the start of this latest OEWG, the 2021 to 2025, what we've seen is right at the start, at least a year of the process or more than half of the first year of the process there was the stalemate between states that wanted to promote effective modalities for stakeholder participation. So that they would be able to provide their speech, to give a speech over at the UN or that they would be able to listen in through the UN webcast, or that they would be able to be accredited.
And there were other states that said, no, we don't need to have those stakeholders. They also said well, if we have to have these stakeholders, we need a veto power over who gets to be in the room.
So that has led to a stalemate for most of the first bit. And after that, to the to the effectively [?] of different organizations. Including my organization. And also let's say really important technical community experts such as the Forum Incident Response Team which could effectively provide input into some of the conversations but they were also vetoed by some Member States.
So you see that there is a process enabling, but that there are political challenges or things when it comes to the meaningful inclusion of non state actors in these spaces.
And just to finalize, because I'm sure that I'm almost, like, done with my time, is looking at a third logical conclusion. We talked states, non state actors, and I think the third one is thinking about the context where this dialogue is being held, being more inclusive.
So this is a first committee process. Which means that, you know, usually it's the highest level of the conversation on international peace and security when it comes to cyber. So obviously the chair of this process has a lot of responsibility to shape meaningfully that inclusion.
So the enabler there for thinking about this broader context of the dialogue is the chair, for example, hosting online convenings. He organized the high level roundtable on cyber capacity building where organizations from different parts of the world could effectively share their experiences in implementing cyber capacity building.
You see also in this process different proposals from developing countries gaining traction, such as Kenya suggesting and tabling recommendation for a portal to look at, you know, threats so that other states that might not have as much cyberthreat intelligence or that might have less access to information, that they can share.
So you also have coalitions of different states coming together, both you know, developing cross regional representatives, which is not something specific about the OEWG, but it says that the process is enabling those types of interaction in spite of geopolitical tension between two poles that you see effectively happening in the room.
But you see, for example, El Salvador working with Estonia, working with Switzerland to think about the applicability of international law in cyberspace and tabling documents for further conversation.
But the outcome or let's say the background tension in this third bit of, like, the space of this dialogue is really that is the question of what comes next. So I don't know how many of you are familiar, but the OEWG is coming to an end in 2025 in July, and there is another proposal for a Programme of Actions. So let's say another way in which we structure the dialogue of the UN within this regular institutional dialogue for cyber.
And there is this dichotomy between these two proposals. One is obviously the OEWG was the result of a Russia tabled proposal which has effectively been, you know, successful in the past five years and actually pushing the conversation forward at least maintaining that dialogue. But there's a need for more dynamic dialogue that can go deeper into topics that can include stakeholders. There's different proposals for how that dialogue should happen. And the Member States will need to decide.
So within the context of these three paradox, in many ways, how do you think that going forward?
I think there is a very politicized tension between threes two proposals. And I think right now is is thinking about the design of the process, right? And I don't think that necessarily we're always tackling those underlying inequalities.
But in any case, I just wanted to stop there. I think there are other bits in terms of the relationship between the IGF and the OEWG or the coexistence of UN processes, especially on cyber. But I'm very happy to talk about that afterwards. But I just wanted to maybe set the scene from an OEWG standpoint of what are these different logics of inclusion and what are the challenges to these three logics of inclusion.
>> JAMES SHIRES: Thank you so much, I appreciate you breaking it down between this question of states with non state actors and also these other modalities of inclusion as well.
Given that you covered so much ground there, I do just want to give the people in the room and online the chance to respond or ask a few questions while it's fresh this their minds and then we will turn to our next panelist.
So if there is anyone who is would like to come in online, please do put your question in the chat. If you'd like to come in in person, obviously just raise your hand and we will bring the mic to you.
So while you're maybe thinking of that and if anyone is thinking of questions, I would just highlight one recent publication from Virtual Roots through our site Binding Hook. Now Binding Hook is a way to disseminate academic research in an accessible way to a wide audience. There's a new piece from last week on Pacific Island cybersecurity. How to codesign cybersecurity governance for and with Pacific Island states.
So if you're interested in that part of Louise's remarks, please do check out that piece that has just come out on Binding Hook.
If there are no questions in the chat and everyone here seems very content, I will move on to our next panelist who is Yasmine Idrissi Azzouzi. And Yasmine, again, please do introduce yourself a little more and the floor is yours.
>> YASMINE IDRISSI AZZOUZI: Thank you very much, James and Louise for that incredible overview. Good morning. I'm Yasmine. I'm a cybersecurity program officer at the ITU. The ITU, as many of you know, is the UN specialized agency for ICTs.
And indeed given my role, I will be focusing more on cybersecurity processes. But I think it's a pivotal moment for Internet Governance.
Next year we have the WSIS+20, we're navigating the Global Digital Compact, open working ending group, talk everything about cybercrime. And we're seeing there's a proliferation of fora. And I think the number of fora that are addressing overlapping issues, and this being compounded by duplication and silos at times.
For example, I can give a specific example from the I.T. So agreements that Member States and resolutions that Member States have voted on, I.T. statutory meetings on the topic of cybersecurity capacity building at times are often sometimes also discussed at the open ended working group agenda item on cybersecurity.
And this is partly due to Member States representation in the I.T. being mainly ministries of ICTs, Ministry of digitalization, while the open ended working group first committee diplomats at times, but also representatives of national cyber agencies. This shows basically a lack of coordination at national level.
And of course many developing states are facing capacity constraints that prevent them from being represented in these. It's about financial resources, at times it's also the technical expertise and ability to navigate the interspecific nature of the digital policy making.
This I think is the core of why the paradox exist. Because the silos that are present at national level are being reflected internationally. In fact, digital issues touch upon multiple disciplines, so it can span from national security to economic development to human rights to sociological change. And this also contributes to the fragmentation while enriching.
I'll take cybersecurity as an example. As recommended the open ended working group focuses on business security. At the committee on cybercrime operates. Third committee. Yet cybersecurity can have implications on the second committee on economic development. Critical role in securing and in parallel to that, at the same time, at WSIS processes, we are exercising technical cyber building for the purpose of sustainable economical development and social development. This is far removed from aspects being discussed elsewhere.
The Global Digital Compact makes cybersecurity more an enabler, enabler of securing digital space in general and focuses very much on the harms, on privacy protection, and calls for safer international cooperation in a high level way.
So this way of compartmentalization makes it challenging for stakeholders, particularly from low resource nations, to align their priorities and also to maintain continuity across the different which causes the silos and duplication.
Paradoxically, given also the (broken audio) the solution may lie in the fragmentation at national level by improving (broken audio) focusing on fostering interdisciplinary teams that are effect to engage cooperatively in fora. First offer, countries need to establish multidisciplinary teams that can have expertise in technical, diplomatic and policy making agencies.
For example, national computer incident response teams tep open ended (broken audio) after results in they're a bit different say to the career diplomats. This requires a pipeline of trained professionals.
So being able to operate in that nexus, in a way.
Second, with inclusivity in mind while building is key. So you must priority technical and policy silos. For example (broken audio) that bring together those two communities at national level. So that they are custom to interagencies in that manner. Programs should focus on enabling countries to engage in Internet Governance Forum in a holistic manner.
And it can be, let's say, a very eutopic goal. But what we can focus on is enhancing coordination and eliminating duplication by creating mandates and better linkages between the companies.
On the cybersecurity capacity building, these agendas can be harmonized across open ended working group, ITU, the Global Digital Compact to reduce redundancy.
Lastly, government should incentivize at national level, which can actually create these interdisciplinary teams. And this can include having coordination mechanisms in place that can regularly consult across disciplines so that there is consistency when it comes to international negotiations and international fora.
So just to as we're looking at the future of Internet Governance at the WSIS+20 and others, important to focus on the very disciplinary nature, bridges between national and international levels, bridges between interagency bridges at national of course between well resource and underresourced actors.
Internet is one that really reflects (broken audio) and can enable all nations regardless of capacity. (Broken audio) and so we can open this (broken audio).
Thank you very much.
>> JAMES SHIRES: Thank you, Yasmine. And to repeat my call from earlier, if anyone has questions for Yasmine or Louise at this stage, bring them into the discussion. We'd love to hear from you whether you're in person or online.
I'm extremely pleased to have our third speaker here, Corrine Casha from the ministry of foreign affairs in Malta. Corrine, please do come up to the table. You snuck in behind me and I didn't even see you. Clearly operating in stealth mode.
Now, Corrine will probably follow on with her perspective on the paradox of inclusion and maybe also the paradox of travel in Riyadh as well. So Corrine, it's a pleasure to have you here. I'll hand over the mic to you.
>> CORRINE CASHA: It's a pleasure to be with you hear today. I don't have much to add actually to what Yasmine already said, because I think she really encompassed the discussion very well and I noticed that she really sort of hit the nail right on the head about the paradox of inclusion.
So I just really wanted to add on to what Yasmine said, I think it's important to avoid having the fragmentation of all these processes through the also the fact that you need both the technical and the political level to work very closely together.
And the issue of resources was one that really struck me. I know it's this is one of the main issues that there are a lack of resources and from our perspective, as Ministry of Foreign Affairs, we're working hard to fund to fund resources so that we we aim to actually provide resources where necessary.
So if it's, for example, the fact of the lack of representation, we fund we fund fellows, we fund also diplomats from, let's say, least developed countries, et cetera, so that they're able to be represented at the highest levels of decision making.
One other aspect that struck me was the need to harmonize the processes and also to enhance coordination. I think this is this is really key, and obviously the Global Digital Compact only came into, let's say, adoption last September at the UN general assembly. So we'll see how it will fit in with the other processes.
But that's all from my end. I will add some closing remarks as well, but I really wanted to hear what participants think about this and what the reviews are on how to promote more inclusion, to promote more inclusion and also to avoid the fragmentation of the processes. Because this will be really sort of key in in our governments to factor in what needs to be done for this to to be, let's say, a more harmonized process.
Thank you.
>> JAMES SHIRES: Thank you, Corrine. And we look forward to your concluding remarks as well.
So before we turn to an open discussion, and at that point I will be asking everyone what your perspective is on the paradox inclusion, so please do get some interventions ready.
What I'm going to do is reflect a little bit on one example of the paradox of inclusion that I've been working on very closely. And what I'll do is I'll use Louise's framework, because I think it's a very helpful one, of inclusion at a state level, inclusion at a non state or multi stakeholder level, and inclusion in terms of modalities as well to illustrate how this paradox emerges through a particular process.
And the one I want to talk about isn't the OEWG or the Global Digital Compact, these sort of very high profile major ones. It's a little bit more niche. It's the Pall Mall Process. Can I get a show of hands if you know about the process? If anyone does, put your hand up. Glad the panelist do as well.
If you don't, I think I'll give a quick overview of what it is. So recently, there's been a recognition among many states that many offensive cyber tools otherwise known as cyber intrusion capabilities, have both positive and negative uses. They have positive uses because they are necessary for cybersecurity, they help organizations test their defenses and improve their defenses through things like penetration testing within cybersecurity. So asking someone external to try and hack into your networks so you know where the holes are and you can fix them.
They have negative uses when they are used by cybercriminals for ransomware or other theft. And also when they are misused by state actors. All right.
So this is where companies would offer cyber intrusion capabilities commercially, often known as spyware, and then states would buy that and then use it. This is a, in many cases, perfectly legitimate activity. States need such surveillance capabilities for reasons of national security.
But often in many cases they have overstepped the line, right? They have used capabilities in ways that are not proportionate that lead to significant human rights violations as well. This is a recognized issue in Internet Governance.
There have been many efforts to try to address this at a national and multi stakeholder level. So for example, you have the U.S., which is a major producer of these capabilities, right? It's a major center for spyware development research and sale. The U.S. poses sanctions on particular companies that it thinks has violated the norms or boundaries that it wants to impose.
So there are very high profile cases of U.S. sanctions and indictments and other measures such as restrictions on government procurement. So U.S. Government agencies can't buy from certain companies in order to shape this market.
There are also efforts at the multi stakeholder level. Some of you may have heard of the Cyberattack Accord. And this is a group of tech companies, industry companies who came together to develop their own voices on Internet Governance. They produced principles for what they called curbing the cyber mercenary market. They put a different frame on it, but again, they're trying to intervene in this in this sphere.
Now again, that wasn't especially effective, and so what happened last year is a new initiative was launched called the Pall Mall Process.
This aimed at both bringing in industry, including the spyware industry itself, including the companies worried about that, such as the big tech companies, including the states buying and using spyware and intrusion capabilities, and those being affected by it.
So in short, it was a big tech initiative. They wanted to get everyone together to find a solution to this complex problem.
And let's unpack that initiative which has now been running for just under a year in the three levels that Louise mentioned.
Firstly at a state level, was it inclusive?
Well, in one way, yes. Anyone who wanted to in the state to sign up to the Pall Mall declaration published in February could do so. They could attend the conference, they can engage in discussions, and put their name at the bottom. And now the state interaction on these discussions is getting more detailed.
But it was still not completely equal, right? The sponsors of this initiative, the funders and organizers, are the British and French governments. They are the ones running it. They are aiming to include as many other states as possible, but ultimately, conferences are in Europe, UK and France, most attendees from and organizers are from these states, and so there's a tension there between having a very stereotypical sort of European perspective on the issues and making it as as wide an invitation as possible.
So that's at the state level.
At the multi stakeholder level, yes, there are efforts to include multi stakeholders. So Virtual Routes is a multi stakeholder participate in the Pall Mall Process. And multi stakeholders from the voice, the opportunity to engage at these conferences. They can submit responses to a consultation that closed a couple of months ago on these issues. And they will continue to be able to feed into the process.
But again, it's clearly a two tiered system. You have in each event a day reserved for multi stakeholder discussion and a day reserved for state only discussion. So while the multi stakeholders are able to input, they're not able to observe or have any understanding of what is going on in the state negotiations.
So in a way, it's a bit like the OEWG on one side and then the GG on the other side, where it's just the states in a closed forum. So multi stakeholder yes, but also two tier.
And then finally, in terms of modalities. This is where it is very interesting. The open consultation that ran for three months over the Summer this year was on the declaration on the way forward for the Pall Mall Process. And what was interesting was a lot of industry coalitions and companies contributed to this consultation.
Most of them were from the cybersecurity industry. They were contributing from the defensive side. But what the aim was, was for also to get the companies who build and make and sell the spyware to contribute as well, right? It's a genuinely multi stakeholder process. It didn't quite succeed in that. They were looking for more and more contributions from smaller parts of industry as well as Civil Society as well.
And so again, when you good into each of these processes, and that's just one example, you can unpack the layers in which efforts of inclusion are both very laudable, they increase inclusion, but on the other hand, they only go so far. Indeed the barrier to entry to these processes, the amount ever knowledge you have to have to enter is far beyond that of an embassy diplomat or a nonspecialist. You need to be engaged in these processes to contribute effectively.
So with that example, I will now open the floor. And so how we'd like to run this second half of the session is just to ask the participants in person or online, if you're online please put it in the chat, I'll read it out and we can ask the panelists to reflect on your remarks. To ask you some very simple questions.
Firstly, does the paradox of inclusion ring true to you? Is it something that you recognise in your own work? Is it something that you think, na, what are you talking about? Why are we even here, right?
So that's question one.
Question 2 is, where do you see it most relevant to your work and how might you try and overcome it?
So maybe first is it something that you recognise. And then where and how do you see it happening.
I'll pause. In the room put your hand up if you'd like to contribute. Online, please do come in on the chat.
>> Thank you so much. I'm Julia from the Austrian foreign ministry currently working in Geneva and I've been involved in some of the processes that you talked about.
It was very enlightening to see kind of a full overview, because I can very much resonate with the questions that you've raised that as a diplomat we tend to work on a couple of these processes, but not all of them. So I wouldn't want to bring up the Pall Mall declaration because I've been on a mission abroad and not working on the processes holistically, for example.
So that was very interesting. Thank you very much for bringing that up as a question. Like I wanted to make three points on everything that has been discussed.
And one was from my point of view, we need different expertise in all these processes. And what you've brought up, for example, cybercrime, cybersecurity, when we look at it from a national point of view, cybercrime we had a lot of our criminal law experts involved nationally looking at actual criminal law provisions and how it would be applied for us.
When we talk about cybersecurity, we get a lot of the defense side in, national law questions in. So this requires expertise also from a national level.
But I do hear the need for also coordinating better nationally so that is something for sure. And we always try to bring national experts also into our delegations when we have these discussions on different processes and negotiations.
But Austria also funds other like developing country diplomats to come to certain processes. We did this, for example, in the cybercrime process that we wanted to get developing countries with capitals to be part of the process. We want to talk to the people that have to implement this at a national level. That's something we did and I know the council of Europe is very active on capacity building when it comes to that.
So there are initiatives and there's a wish to bring in the people that actually work on these issues. At least when we talk about government participation.
One thing that resonated with me is what Yasmine said about what the ITU does and then when the different committees in New York do. And having worked in both environments, I do see that there's a bit of a lack of communication between Geneva and New York on things like that. And then of course you have the capitals in it as well.
And that's a bit of my question also to the panelists, have you seen any best practices or do you have any ideas of how to help both from a member state perspective and state perspective and from a UN agency perspective. How can we strengthen the communication between these processes to avoid duplication, which is a strain for all of us, really.
>> JAMES SHIRES: Thank you for your intervention and insight and good question to push us to sort of identify best practices as well. Yasmine, given a little bit on the ITU I'll turn you to first and then Louise online to give a response. Over to you.
>> YASMINE IDRISSI AZZOUZI: Thank you for the question. It's a decade long problem. But when it comes to good practices, one thing that pops into mind is the kind of work that we do, the national level in particular. If I give you an example, when we're supporting developing countries in particular when it comes to their development or establishment of something like national cybersecurity strategies, part of that agreed upon methodology is to actually have consultation workshops prior that are inclusive of many different stakeholders. At times we found ourselves in context where those same actors had never actually been in the same room together.
But this is sort of a prerequisite that we put in terms of if you need your strategy to be developed, these are the people that you need to have in the room. So that stems from an inclusion need but a practical need. A strategy, since it's a living document and needs to be implemented, it's a small group of stakeholders and then asked to be implemented by wider stakeholders, it makes it difficult.
Creation of ownership I think at national level across different expertises, so ministries and national agencies, but also critical infrastructure providers. We've had in the same room the central banks, energy representatives, but also ministries ranging from MFA all the way to defense, interior and others. Because it's extremely interdisciplinary. And the national strategy needs to have all those elements take mean it consideration.
This is the same model that we have seen being also the start, also better coordination at interagency level where you didn't have it before. We've often felt a bit of resistance at times from let's say the lead agency at national level due to, I guess, wanting to keep ownership of everything. But then gradually seeing that shared ownership has actually yielded better results in terms of coordination, but also in terms of effective implementation of things.
And having also different perspectives on the same topic has actually, you know, taught a lot to different stakeholders. So I think this could be one good practice.
So having, again, might seem like a [?] motive here, but multi stakeholder actors at the table prior to let's say major negotiations or major establishment of strategies or policies is part of the solution. It might sound simple or easy, but I think that this where it starts. Thank you.
>> JAMES SHIRES: Thank you. Louise, over to you.
>> LOUISE MARIE HUREL: Thank you for that question. To add on that, there are two points that came to mind when you were kind of asking your question. One of them is I wonder whether we need to create a community that goes to these places that kind of, like I know that's spreading one thin, and I think that's exactly where we started this conversation of, you know, are we do we have to follow so many processes that we can't actually do that.
From both a government and a nongovernmental perspective, I think, for example, attending the OEWG and attending the IGF, that community being able to leave that privileged space and also you could argue that there's some privileges to being able to attend the IGF, but being able to have those communities going to other places means that whenever there's not an overlap there's a new community there. But you ensure there's that than transfer or at least that experience from that particular room is going to that other place.
So I think the question here is, how do we take these New York dynamics or New York centric dialogues and how do we translate it, transpose it, and let's say provide the space for those same dialogues, even though let's say not in the same format, to happen in other places.
And I think there's some answers or let's say best practices that I'd like to highlight.
The first one is, well, just a couple days ago and starting from that same productive discomfort, we organized the cyber policy dialogues over here at the IGF well, over there at the IGF, which is a networking session, right? And the purpose is to identify people that are doing that kind of similar research or that are engaging in those spaces or that are interested in those spaces, right?
So creating the space for us to have those kinds of New York centric conversations like in another geographic location is absolutely fundamental. And that is one way in which we can do that from, let's say, IGF, OEWG kind of cross pollination but that could apply for many, many other let's say processes.
Another another possibility there or example is that over at RCI, we have more responsible cyber behavior which is a platform for people to come from different perspectives to respect on what cybersecurity means from their perspective, from their geographic location.
And we organized a discussion over in Singapore surgery Singapore cyber week with researchers from not just the southeast country but other regions as well that were attending to discuss norms of responsibility safe behavior and the practical like behaviors that they see from their regional perspectives.
So we got like small island countries saying that, you know, for example, climate related concerns and critical infrastructure protection is much more relevant or that is actually kind of like state responsibility and responsive state behavior is ensuring that the climate is connected to the first committee, which is a different interpretation. But it is once you go to the regional level and do that cross pollination, that can be quite useful.
That's another example of the best practice of how we take those very specific bubbles and how do we, let's say, expand those dialogues and how we, as nongovernmental actors, can do that but also as government I think one other example that I would give here is my other, let's say, side is I'm part of the national cybersecurity committee in Brazil which has been established as an outcome of the national cybersecurity policy.
And that committee is mostly government representatives like different parts of the government of the public administration. But you do have three Civil Society representatives and three industry representatives and three representatives from the technical community.
And what we've been discussing, one of the things, is how to make sure that the Ministry of Foreign Affairs can better coordinate across like to do more of the interagency coordination to then take those, let's say, inputs to the international fora, right?
So is it for some countries, you don't need to have a formal mechanism. For Brazil it hasn't been a formal mechanism. But just having the conversation about how to do that better and calibrate because ministry has its own cyber division. How to foster that or facilitate that liaison role that it crucially plays in collating those different views. Even if you can't have a more diverse delegation going with you to, let's say, New York or Geneva. My question back to the diplomats in the room is, is there something about best practices of the MFA being more well equipped or best practices there to think about how to facilitate that interagency coordination or even if you have a shortage of resources, how you can feed back those places or feed into in a better setting.
We need to have them be more well equipped for this scenario where there's really a spread of different cyber related processes.
Anyways, I'll stop there because as you seen, I speak way too much. But hopefully I'd like to hear from you all.
>> JAMES SHIRES: Thank you very much, Louise. Just to add a short footnote to what Louise and Yasmine have said, I think Louise started by saying there are two reasons, right, for this proliferation of initiatives. One is specialization. And the other one is politicization. And Yasmine pointed out one of the main challenges is giving parents, whether multi stakeholders or states, a sense of ownership in each initiative, right.
So you want to engage early, engage transparently and set a clear roadmap for how things will go ahead and when people should and shouldn't intervene. Now the danger there is if you engage transparently openly early on with people who do not share the same initiative, maybe would like to sabotage or delay it or see it not exist, right, then that gives them an opportunity to do so very easily. Because you say we will not move ahead until we've got full ownership from everyone in the room. So someone says, I don't want this to happen, I'm not going to agree and it doesn't move ahead.
The best practice I think of here is be as open as possible. Do engage really transparently early on, but with clear, you know, deadlines and with clear suggestions for who will take forward action off of those deadlines. You have things like the Pall Mall consultation period. That is good because it invites fraud interventions, it has a deadline, and it's clear who will go in afterwards. It's very hard to say there was no opportunity to be involved from maybe those that don't want to see it go ahead or want to push forward for a delay in tactic.
And, but still, the real number issue is that how do you identify those actors that will take it forward. Is it going to be the same people? Ideally not.
So in the Pall Mall Process, in the absence of anyone else, they closed the consultation and it's the UK and France that take it forward. Ideally you'd have a different set of actors who would be nominate and ready and funded with the resources to take it forward. So just to highlight that the politicization yeah, that one, politicization happens in this processes as well.
And we do have a question online so I wonder if we could enable unmuting and please do ask your question.
>> Hi, thank you so much. I guess it's more of a comment to Louise's point than a question. And I'd like to be able to unmute with you from that's possible by doing.
I think just to the point about politicization and what Louise was saying about the MFA. I'm working with [?] and working in India's foreign ministry and G20 and something that we noticed and especially more so when we were organizing a convention on cybercrime and AI and FT. This was part of the G20 precedences under the ages of technically the foreign ministry. But because there's so many departments for us, the internal security's done by a ministry called the Ministry of home affairs. And we have ab administration of technology, and then the Ministry of Foreign Affairs.
I was coordinating technically on the side of the MFA. Coming from tech policy I was more read about some people about these discussions. I think what I noticed, a lot of times the positions that came up were something that MFA were checking to make sure that it didn't go against what we had said at the UN. It wasn't so much that they were making the policy as so much that they were just checking that it wasn't contradicting our international opinion or something else.
So I just wonder that even if we did have diplomatic practices from the MFA, I think a lot of constructive input that's our challenges to Civil Society is kind to make sure that we have connections on sort of a community or interactions with different like the internal political machinery, which is different ministries. A lot of times you can come in at the very last stage, but we're not involved in the point where the policy's being discussed so much as jump where it's being vetted.
So me, that's very clear delineation of how you participate. There's things that MFA can do, but I just wonder how much of that onus on how to involve Civil Society to fall on MFA and where you invite Civil Society from different departments. There needs to be one agency that leads that. And whether that's an MFA prerogative or someone else, I think that's a huge challenge for us as Civil Society from a national point of view that how is our national engagement so strong that when we say something internationally it comes from kind of the local perspective or the being heard at the first layer that we can be heard at.
Thank you.
>> JAMES SHIRES: Thank you so much. Again, it just highlights this importance for coordination at both layers, right?
You cannot have an inclusive and effective international layer without first working hard and solving problems at the national layer.
We do have a representative from Ministry of Foreign Affairs on our panel. So I was wondering, Corrine, if you would maybe say a little bit about your perspective on what the role of the Ministry of Foreign Affairs is in these issues of how technical should it be, how can it rely on other technical communities and draw on those different parts of government.
>> CORRINE CASHA: First of all, I wanted to make a point on the Pall Mall Process. We received an invitation from the French and UK governments to participate. So we received a formal invitation.
And I have to say that we we thought about it and we we thought that it was a very important process, particularly on the point of also promoting inclusivity and on also getting industry and other different factions on board.
So we did participate. This was the first time for us and I was aware also of the different factions that participated. We had one representative from the industry and one representative from the foreign from the ministry, sorry, my ministry that participated and I was happy to see that they were included in the consultation process.
I think for us, this was something that we with like to encourage other states to sign up to. Because it's very important to not only in terms of, as I said, including the other, let's say, factions that are not always included in the decision making, but also as a way of promoting, let's say, coordination between different states. That was the point on the Pall Mall Process.
And on the point the point raised, I very much share the same thoughts as the Austrian colleague as well from Ministry of Foreign Affairs. There are a lot of different processes and with the different processes you have to see which representatives are going attend which process. Sometimes it's very difficult also from our side, I think particularly difficult with the cybercrime convention, because we had an issue of not not having our delegates participate directly in New York. Our criminal lawyers was very difficult to get them to participate in negotiating sessions.
So it was very challenging for us because we have to rely on our delegates in New York and to coordinate back sort with the ministry. That was very challenging, because also one other thing would be sort of proliferation of different processes, on even the line ministries themselves, are having to keep up or having to keep up pace with all these different processes taking place. Sometimes you don't have the necessary specialists, especially with cybercrime, for example, there are certain technicalities that we don't have the expertise to deal with them.
It's very hard to keep pace with these different processes to make sure you have all these specialists on board. And I would say that the cybercrime convention for us was the most difficult because of the fact that we didn't have these these specialists who would be able to go back and forth from New York to Malta and negotiate.
And I was also very struck by what Louise said about the sort of transfer of knowledge from New York to other centers of discussion. I mean, the fact that this is the first time I'm participating in the IGF is based on that. The fact I'm coming from the foreign ministry, at the same time I'm participating in a forum that's not just foreign ministry, but other technical societies are participating, it's important to share knowledge in that respect.
And there was another point on, I believe, that Louise raised about the the sort of need to have this sort of harmonization process going also to the cybersecurity committee, which mentioned about Brazil.
I'm a representative on that committee, and again it brings together all the players, all the line ministries, all the representatives of the industry. But the foreign ministry is really sort of coordinating coordinating let's say has a coordinating role in that. Make sure that what the representatives or delegates say as also the online participant mentioned, doesn't sort of run counter to what we say in New York or in other areas.
But I think the fact that this cybersecurity committee was established was very not only timely, but also very important. I think it has helped a lot to, first of all, bring sort of to the table items or let's say issues that maybe not all participants or delegates are aware of.
I'm thinking in particular about the issue of application of international law in cyberspace. For example, that was an which was being discussed at the EU level, but not every delegate let's say from the police force to say the infrastructure department, they were not aware of the discussions that were taking place. They were aware of it in a general sense, but not so much into the detail. I think it was very important that this was raised at the committee.
So I mean the committee has a very important role to play, because it brings together the different the different sort of factions, but it also enables certain issues to be exchanged, to have more information, and for us, it was important.
I think without the committee, certain sort of items or issues would maybe fall through the cracks and then line ministries or other entries would come to know about it much later than they would actually come to know about it if there was not the committee.
So I think it's a very important framework as well. For us, it's sort of a formal establishment. It's under the office of the prime minister, so there's a sort of also prime ministerial lead over that. Which gives it also a certain influence and a certain weight to take decisions.
But I believe that this is also one aspect where harmonization comes into play and where we avoid sort of also the fragmentation of cyber issues. Because at the end of the day, so many processes, so many different ministries tackling different aspects of cyber, it brings them together. And for us nationally it's helped a lot.
Thank you.
>> JAMES SHIRES: Thank you very much, Corrine. That's a, yeah, fantastic insight into how these national structures of coordination work as well.
I can see you've got your hand up to respond again. And then I will turn open the floor. You can come in and then we'll open the floor.
>> Just to point out, because you know, she mentioned the issue of CYBERCOM convention in the in India, we had this law in India which was the Supreme Court which is the highest law in the land because the speech was marked as offensive and it was touched what it was marked down. And then eventually India tried to bring the exactly [?] to have it obviously with international law and ratify it to get it back into our legislation. It was honestly a little bit to Civil Society that that was trying to be used [?] on speech again.
But another point was because that was happening at the cybercrime convention and they had the capacity to follow international governments and stuff is much more limited than national. So the kind of traction that we got on that was so little, like if you weren't very specifically tracking the cybercrime convention, which is one organization if any in India, then you didn't get as much traction as when the national debate was happening.
I think that was quite, for us, just kind of alarming to see that they were moving to the international fora from the national fora and kind of like because the harmonization works the way it does, they thought they would try to get away with it and eventually didn't pass. It's not a reality today.
But it was quite it was quite alarming to see that that kind of those kind of actions also happen. And the lesser we see harmonization and just Civil Society kind of input or attention on the Internet Governance spaces, it can really come back from what people consider and leaders in government to our national legislation. Thank you.
>> JAMES SHIRES: That example of states trying to circumvent Civil Society or popular resistance to certain [?] going through the international level is really fascinating.
Is there anyone else in the room who would like to come in with their perspective on the paradox of inclusion?
I see no hands.
Would anyone online like to come in? Please raise your handed on put something in the chat. If not, then I will offer the floor to Yasmine and Louise for their interventions. But there is someone already, so Sasha, please do come in. And can we give Sasha some video as well, if you'd like to have video. If you don't want, then leave it off.
>> SASHA: Hi, good day. Can you hear me? All right.
I can't get very, so that's fine. All right. So my name is Sasha and I'm here with the from the embassy of Prince of Rhode Islands. My perspective is through the inclusion digital inclusion perspective.
And just inquiry considering the way in which we look at and fragment Internet generally speaking and the way we identify the subtext within the presentation of information. When it comes to Internet Governance, how do we consider the identities that are being put forward? Is it going to be a situation where when it comes when you look at our lateral transfer from physical inclusion to digital inclusion, what structures are in place to ensure that minority identities are being presented in such a fashion that it is represented on the world stage. And just women have comments on that particular space.
Because when it comes to the intersectionality and Internet identity, it's important that we don't lose sight of those minority identities within the digital space.
Thank you.
>> JAMES SHIRES: What I'll do if there's no other comments in person, then I will offer the floor to Yasmine and Louise to give closing remarks, but also to specifically address that question of ensuring we have the digital inclusion of minoritized identities and communities. Louise, would you like go first?
>> LOUISE MARIE HUREL: Sure, happy to do so and thank you for the question, Sasha.
I think from where I'm standing and from the, let's say sorry if my voice is a bit robotic at the moment, just recovering from a cold.
From where I'm sitting and from the example that I gave, I think there is a reflection to be to be made as to how we best include or recognize minorities in the context of these very high level processes. Right?
And I think I give a very brief example of how some Member States have tried to do that. I know that that doesn't respond very specifically to the kind of, like, physical, like offline/online representation. But again, from that process specifically, let's say like the OEWG, you do have Member States facilitating and supporting the women in cyber fellowship, which I think creates, let's say, a precedent for not only having more gender balance there, but effectively having women and folks from different, let's say, standpoints to actually negotiate an official text.
And I went underestimate that, because there are different ways of approaching the negotiation of a text, and obviously the subjectiveness of your background, where you're coming from, be it geographically, be it in terms of your gender, that really kind of plays into the way in which you navigate the world. And that's not different when you enter a UN windowless room, right?
I think that's actually very important. And you know, just seeing that specific fellowship taking place since the last 2018 at last 2019 with the start of the OEWG, you do see the consistency of, you know, similar women attending these spaces.
And I think that's good, because it just maintains a memory of, you know, having effective representatives there. So I'll respond a bit to your question, but from the very specific standpoint.
My concluding remarks is all most like a summary, because as you know, James, I try to cluster things and structure kind of thoughts.
Going back to the notion of paradox, I think we have three paradoxes, if that's the word now reflecting. I think the first one is thinking about the paradox of meaningful leadership. We talked about lots of different processes. I think there's a thing over here which is there is a value in spearheading certain initiatives and setting into motion. So structuring it.
But I think there's a very important point, and I think that's something that you raised quite nicely, James, which is is there a moment for us to delegate some of that leadership? If it's delegated, how that should happen.
Also calibrating political risks, right? Because that's what Member States are usually doing, right? It's like I don't want to lose control over this process, but I want to indicate that it's actually inclusive.
But is there something about calibrating between spearheading, setting it in motion, and delegating. What does delegation look like. The counter ransomware initiative has different working groups with different countries doing that, and I think non like also non state actors, like, sharing that. But I might be wrong.
The second paradox then, meaningful leadership, the second one is meaningful coordination. And in the meaningful coordination, I think what we saw is calibrating between, like, interagency mechanisms, developing those, if that is something that's relevant at the national level. Be it like a committee structure. So similarly to Malta, like in Brazil it's right below the office of the president. So that provide some political capital domestically. But how you're ensuring you have a mixed delegation once you go externally.
How do you calibrate interagency considered nation and then outside of that.
And the third is meaningful dialogue. So and this is a provocation really. Okay, it's nice and easy to say we're open to dialogue, meaningful dialogue. We're going to bring these stakeholders in and have this nice timeline, but are we doing it? There was funding to go to the Ad Hoc Committee, funding for these developing countries or underrepresented communities, is that actually, in the end, kind of like is there an openness for productively discomforting uncomfortable dialogue, that's the word.
And open to other expert input from maybe communities that we don't know or that we haven't figured out. And I think one example is the global conference and cyber capacity building, which obviously there's this whole kind of like cyber capacity building community within the cyber world. But there's a development community. How do you bridge those. Not saying that the GC3B is the example, but that's one case where you see this attempt to articulate that conversation, and it's very it's still gaining its own traction, right?
I'm sure Yasmine will have some additional thoughts on that. These are the three kind of like points that I like to add there.
Thank you very much for your contributions. This was great, especially at 6 a.m. to 8:00 a.m. in London.
>> JAMES SHIRES: Thank you, Louise and impressively awake. I was struck by the idea of calibrating political risk and maintaining control. At the end of the day, right, to have a more inclusive process, to really spread ownership, there has to be some kind of let going, right?
Some states are currently in charge and have to relinquish control and go in different directions. That's an uncomfortable place to be in especially as your whole mandate as Ministry of Foreign Affairs or other official is to steer and maintain control in that way.
Yasmine, minoritizing communities and then closing remarks.
>> YASMINE IDRISSI AZZOUZI: I'd like to really keep the focus on fostering leadership at the local level. Leadership definitely is a challenging one, but I've seen through national processes lead agencies that sort of relinquish a little bit that lead role to a certain extent and seeing the usefulness in doing that.
That of course doesn't stop us from keeping the balance, of course. And I think both sort of approaches are necessary.
So one of the them is definitely creating the focus on interdisciplinary teams that are equipped, again, to engage meaningfully in different fora. So in a perfect world, we would have similar something to like what the Austrian representative here has mentioned. Multidisciplinary teams that bring different experts at international level as well.
And I think to ensure also sort of continuing with these sort of multidisciplinary teams, keeping the lead agency as being sort of the core is also necessary. So that the lead agency can sort of keep tabs on the processes and give the overview that may be lacking at times. While in parallel to that, delegating some power or leadership when it comes to having specific specific processes that are topic specific, for example.
So apart from the national level that I keep coming back to that I think is really important and really the key here, of course inclusivity at the national level is needed as well. It's definitely shown the need for obviously going beyond multilateral or state focused processes and keep that in Civil Society at the international level as well, but a lot of it needs to happen at national level.
Thank you.
>> JAMES SHIRES: Thank you very much, Yasmine.
Finally, I would turn to our third panelist, Corrine Casha for our concluding remarks. We've had our five minute warning so we'll be wrapping up after these remarks and thank you, everyone, for your participation.
Corrine, over to you.
>> CORRINE CASHA: Thanks, James. Not much to say. I think the two panelist before me actually wrapped up everything nicely. We've discussed a lot today and I think we'll take home I'll definitely take home a few of the remarks that participants made today, especially about the Austrian colleague mentioned interdisciplinary teams and also Louise mentioned, for example, the transfer knowledge. Yasmine mentioned also the need to sort of by the consultation process. It was one thing that struck me most about best practices.
So I think we have quite a checklist of things that that we we have gathered here today, and I think they were all very, very valid remarks. I, myself, I think I'm also pleased to be here and it's only because I shared my experiences, but because I took home a lot of points to consider.
So maybe, I don't know, we can definitely come up also with with sort of reports from this session and maybe circulate it to participants as well.
But I think we have all spoken very much about the need to reduce fragmentation, about the need for inclusivity, about the need, as you said, political risk and the sort of relinquishing control. I personally think that what we discussed here today would be very relevant to take forward, perhaps you can have another session also to follow up on this.
And from my perspective, I mean, it ends there. We've discussed a lot today and I'm very happy to have participated and to have listened to everybody's to everybody's take here. So thank you very much.
>> JAMES SHIRES: Thanks, Corrine. As a quick reminder before we close, check out the global partnership on responsible cyber behavior which is online. Louise is running that. And of course do visit Virtual Routes and we will be doing more activity in the space. We will be engaging more. So we'd love to continue to have this conversation in the future.
Have a great last day of the IGF and thank you, everyone.