The following are the outputs of the captioning taken during an IGF intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.
***
(music playing)
>> TEJAS BHARADWAJ: Good, I think we'll start again. So good morning, and welcome to all the wonderful participant who is gathered today. This is the day 1 of the Internet Governance Forum Lillestrom Norway and today is Modern Warfare, Timeless Emblems. And today the progress of the initiative that aims to create university recognized symbol for protecting infrastructure during armed conflicts
We have two wonderful speakers today to discuss this topic. Samit D’Chuna the legal advise other of the international community on Red Cross and Chelsea Smethurst ‑‑ digital diplomacy at Microsoft. And I'm Tejas Bharadwaj with India and I'll be moderating this session
A quick note if you are or participants on the session's format and some housekeeping rules the session will start with the 20‑minute keynote by Samit who will talk about the digital emblem project follow by the 35 moderated panel discussion where we will explore the different aspects of the initiative the covering the contents and is inclusivity and scale and challenges involving the implementation and the associated risks and what to look ahead
Finally in the end we will open the floor for questions for about 15 minutes and for participants streaming in type your questions in the chat box and for those onsite, please raise your hand. And I'll start with Samit, please start
>> SAMIT D’CHUNA: Thank you for that wonderful introduction. And good morning everyone. Thank you to the IGF for he hosting us for this very important topic and thank you to all of you I know there's interesting workshops going on at the same time. So thank you so much for making the time for this one.
As Tejas mentioned by name is Samit D’Chuna I'm a legal advisor at the international committee of the Red Cross or ICRC the ICRC for those who don't know is the organization mandated by international law to protect and assist victims of armed conflict and other situation of violence
So to our mandated international law, the ICRC engages in a host of different activities we visit persons that are deprived of liberty, persons that are detained.
We reunite family members accept separated in armed conflicts. And we contribute to the respect for and development of international humanitarian law which is a big part of the ICRC work, which I'll talk more about today. And we support the medical services and their work. And crucially we engage confidentiality and bilaterally to parties of armed conflict when it's taking place. And state non‑party, parties or armed groups and the key locker for the ICRC. For that rule we are often called the guardians of the international law toe guardians of war.
It is in that position that ICRC is well positioned with along with other states and stakeholders that today digital technologies are shaping the contours of modern conflict.
We are very much witnessing a profound shift in the environments where international humanitarian law must operate. And as a result we do have to think about how international law must adapt to some of these profound changes. And the digital emblem is the digital emblem project is a small part of that it's a necessary adaptation as I hope you will see by the end of this workshop so basically the modern nuances of armed conflict.
What is the digital emblem project? If we start with the Red Cross and the red crescent emblem they long marked the protection of physical persons and objects.
And I guess the question then is today what does that mean in are reality where cyber operations are a key part of our armed conflict and digital infrastructure is a key part of the work undertaken by the medical services and humanitarian organizations.
But I'm getting a little bit ahead of myself now because I'm already talking about the physical emblem and the digital emblem and modern conflict. I want to take a step back to everyone is on the same page and understanding of what exactly we are talking about when we talk about an emblem. And we'll really go to our title for this and try to understand this concept of a timeless emblem, what is a timeless emblem? That story starts a little bit more than 160 years ago.
In a city where I live called Geneva, Geneva in Switzerland, where a Swiss businessman, Henry Dunant, he had those great business ideas and he was having an issue with a business project. To deal with that issue he was able to organize a meeting with the king of France. He was that influential he was able to meet the king of France to iron out some of these issues he was having with his business. The problem was the king of France was not the France. At the time he was in northern Italy with his army because he was fighting, you know, his army and with him at the lead were fighting in something that's now known as the second war of Italian independence, fighting against Austro-Hungarian empire
And he said this isn't an issue I'll pack my bags and go to Italy and meet the king there.
And we arrives in northern Italy, he arrives the day after a horrific battle takes place. And put yourself in a shoes of a 19th century European your image of what warfare is something that's honorable and almost beautiful in a way. You imagine the honour of the armed forces and the great things they are doing to protect the state.
To protect the station. And when Henry arrives on the aftermath of this battle, he doesn't see honour or beauty, what he sees is carnage. He sees wounded soldiers. He sees sick soldiers. He sees dead soldiers and sort of what's left of the medical services of the armed forces completely overwhelmed by the carnage and destruction on if battlefield near Solferino and he's moved by what he sees and he says forget about the business and he doesn't want to meet with the French king about the business
So he goes to a village and localizes a population, particularly nurses and women and says there's people in need here. Some are French. Some are Italian. Some are Austro‑Hungarian but that doesn't matter because when you are wounded you are what we call in French outside of combat. You are a person in need and they people need help. So we mobilizes the population to go to the battlefield and provide assistance to the persons who are wounded and sick.
He eventually meets with the French king and decides not to talk about his business idea but convinces the French king to release some doctors of the army of the Hungarian empire that are detained and convinces him to release the doctors to provide more assistance to the wounded and sick. A complete paradigm shift that reflected through the rest of his life. He returns back to Geneva and writes a book called a memory of Solferino and in the book he talks about the suffering he saw on the battlefield and talks about two key paths forward.
The first one is to say in times of peace, the world ‑‑ the civilized world as he calls it needs to set up an organization that need as a profession the ability to set up assistance and protection to the wounded and sick in armed conflict. Because that's in the a rule we can entrust solely to the armies of the adversaries. There has been to a neutral and impartial assistance that's provided on the battlefield and more broadly in situations of armed conflict. And that's the pre‑cursor of the international committee of the Red Cross and the federation of the Red Cross and the 191 of independent societies of Red Cross and Red Crescent societies all over the world. The French or Norwegian Red Cross those are independent organizations that are components of the Red Cross, Red Crescent movement. And that's the fired idea of him
And the second movement is he was saying if we are going to create these different organizations there has to be a way to make sure that they are protected on the battlefield. They are to be respected on the battlefield. So we have to make sure that there's rules in place, where parties to conflict, yeah, of course they protect the wounded and the sick. They don't target the wounded and sick. But they also have to protect the medical services and eventually humanitarian operations as well.
Those are two keywords, respect and protect. And there's a reason that language is used and that idea led to the adoption of the 1864 of the very first Geneva Convention, it was adopted in the run up to the writing of this book by Juno the founder of the international committee of the Red Cross.
Why do I sort of focus and highlight this concept of respect and protect? Well, the idea of not targeting civilians existed at the time. There was the Lieber code and people had in their manuals civilians should be spared in armed conflict. And that's not the only thing we are talking about
If you are part of the medical services or a humanitarian organization, you shouldn't be targeted and that's obvious. And everyone knows that. But what states decided to do at the insistence of people like Dunant and others is they created positive obligation under international law, which is the obligation to respect and protect the medical services and humanitarian organizations.
What that means is not only certain persons and certain objects can't be targeted but if you are a party of a conflict, if you engaged and you become a party and you are fighting a war against an adversary whether a state or non‑state party you have additional obligations to make sure that the medical services function. And to make sure that humanitarian operations can continue to take place. Of course that's an obligation of means. You have to do what is possible within the complex security of environment of a armed conflict but you have a positive obligation and that's different from saying this thing can't be targeted. We have to make sure because we are part of the reason that carnage is taking place we need to make sure that medical services function. And when people are wounded or sick or in positions of vulnerability there's a system in place to help them. We can't ignore that system.
That concept of respect and protect was really essential. And now, to be able to respect and protect certain persons and objects obviously it's not just about identifying civilians or identifying who is combatant, you have to identify this invisible protection. So it was obvious even before the adoption of the first Geneva Convention there had to be a way to identify ‑‑ there had to be a way to identify those specific protections in complex environments.
That's what led to the adoption of the emblem what we call the distinctive emblem of the Geneva Convention or the Red Cross emblem and the Red Crescent emblem and eventually the Red Crystal emblem
It's to provide protection. I describe it it's like a stop sign or a sign of highway safety. If you have a rule a law that says the car has to stop at the intersection there has to be a way to know the rule. Maybe now with AI now cars know. But before that there had to be a way for the driver to know you have to stop at this.
The emblem is like this, this is a specifically protected person or object. And they have to be respected and protected. It's not just a question of not targeting them it's a question of ensuring they are able to undertake their work despite the fact a conflict is ongoing.
Where does that bring us in the modern world? Today, cyber operations have become a reality of armed conflict. It's not the first time that the reality changes for the emblem. When the emblem was created it was created as a armlet for the medical services and eventually expanded to ambulances and then to the hospital or the top of hospitals or in planes
In the 1970s a distinctive signal was created a specific radio and light signals for ships and planes. As the medical and humanitarian services expanded to new spaces there had to be a way to identify those services and new spaces. Cyber operations today are a reality of armed conflict but perhaps more importantly than that, people depend on digital infrastructure and regular humans depend on digital infrastructure. And the medical services also depend on digital infrastructure. So do humanitarian operations.
When I say depend on digital infrastructure, I mean of course there's incredible socioeconomic value in information and communication technologies. But I'm specifically talking here about the most vulnerable the people who don't have the privilege to sit and talk in Lillestrom, Norway. In an earlier part of my career I worked directly in armed conflict on the field with persons who were displayed and persons who suffered horrific violation of international humanitarian law. A lot of times in the context I work a lot of things people asked for was not food or water or a bed the first thing that people wanted was connectivity. The ability to call a family member or have a way to tell their family members, hey, I'm okay.
Or they wanted to know their family members were okay. You can imagine a situation where a suddenly a territory becomes occupied and connectivity is shutdown. And people outside of that territory have no way to know what's happening to their family, are they okay? Did they have to move? Are there houses destroyed? All of those things that connection is brought together with connectivity. So connectivity has become incredibly important for people and it's also become incredibly important for the medical services and humanitarian operations and the digital emblem project is not about stopping a attacks against that.
As with the physical world, emblems are used and people are the medical services are unfortunately still killed we have colleagues killed every year, recently this year as well. And several instances where our colleagues were killed despite displaying the emblem. It doesn't stop intentional attacks but it does identify a particular protection. If you don't want to stop at a stop sign you won't stop but the reality is a vast majority of time people stop at the emblem
And the vast majority of time the emblem does work. The problem is people are with digital infrastructure, there's no way today to identify well what is actually protected?
The idea with the digital emblem is not to replace the physical emblem. The physical emblem exists and as I said it works and we can talk a little bit more about that in nuances of that but the physical emblem works. There's no desire to have a digital emblem that identifies what's physical. Because that already exists. If new technologies of warfare are developed they have to be developed in a way they can continue to respect the physical emblem. And there's not going to be a new emblem to cater to new technologies of warfare. That's not what the project is about.
Rather the project is about accepting the fact that digital infrastructure has become a key part of our work. It's become a key part of the work of the medical services so there has to be a way to identify that digital infrastructure. That doesn't exist. Yet. There's no way to identify that digital infrastructure today. That's the key drive for this project.
Now after significant consultation with the state and private sector and with the Red Cross and Red Crescent movement in spring of last year and with the great help of Microsoft and Chelsea who you will hear from shortly we brought the digital emblem project to the digital engineering task force, which I'm sure you know.
Where the work on the standards of on an emblem will begin soon. The first working group meeting is in July of this year, so in a few weeks and the ICRC is actively engaged in those discussions.
I'll say a few words on some technical requirements without going over time. So just a couple more minutes. On what we look for in terms of what are the needs for digital emblem? I'll preface this by saying I mentioned at the beginning I'm a legal advisor I'm not a technical person. We do have a technical lead on the project I'm the policy lead. And I'll talk about this in non‑technical terms but Chelsea can develop on this a little bit.
Through the consultations that we had with identified stakeholders is the digital emblem should reflect as closely as possible the way the physical emblem works. What do I mean by that? The digital emblem needs to be decentralized. With the digital emblem all parties to conflict use the emblem and they don't have to ask for permission. If a state identified in its own structure a medical unit or a medical transportation, it applies the emblem, if its wants to, it applies the emblem to that unit or that structure or object. It doesn't seek permission. And that's also true for non‑state parties if they have a conflict they can use the emblem. There's no centralized body that determines yes you can use the emblem or not use the emblem. That's not the role of the ICRC. We use the emblem. But for our own infrastructure we don't police anyone else using the emblem. And that has to be true for the digital emblem. There can't be a centralized body that says yes you can use the emblem here and not here. That's for parties of the conflict to determine. And after rules on misuse and obligations to as you press misuse and certain misuses of the emblem might be a war crime so there's different structure in place if the emblem is misused by it's ultimately decentralized in its use
The next is covert inspection. It's not my favorite term. It sounds more complicated than it really is.
The idea is, at least for me, the idea is if you have a physical emblem on the roof of a hospital. And you have a reconnaissance mission by an adversary who wants to identify certain targets and spots the emblem on a roof of building, that it knows the building is protected by humanitarian and it can't protect the building and can't destroy access to that building. That's part of the notion of respect and protect. It's not about just noting that thing but the thing can continue to function despite your military functions.
But it doesn't inform the adversary someone looked at the emblem. Sometimes it might be the medical services of the armed forces and an adversary wouldn't want to tell the enemy, yes we are checking on whether you have an emblem because that might alert the adversary an attack is incoming
Basically the digital emblem needs to function the same way. It can't tell the adversary it's being looked at that's the notion of covert inspection. And it has to be removable. One key thing about the physical emblem that has to be true if the digital emblem it has to be a tool you can replace and remove base on your own security analysis of what is useful.
There are rare ‑‑ and it really is the really, really exceptional circumstances, but there are situations where the ICRC also removes the doesn't use the emblem. And that's also rue for the medical services. There are situations where owing to the secure the emblem is not used so I'll quickly wrap up and we can explore this in broader discussion
But the digital emblem project is really a multilateral process. It's seen a lot of success so far in bringing together a lot of stakeholders at the 34th conference of the Red Cross that takes place in October, it takes every four years like the Olympics of the international law, it brings together parties to the Geneva Convention and a resolution was adopted imagine the geopolitical context we are in today but a project was introduced for the digital emblem and that was helpful. And after that the tech accords had a pledge. And the tech accords is about 150 or 160 companies among the biggest tech companies in world. That was a great step forward for us.
Now we are continuing on the standardization process and the technical standardization of the emblem and we are working directly with states on legal integration or formalization in both domestic and international humanitarian law. And like the distinctive emblem this technical solution has to be created and also integrated into international law so that's a big part of our work there. I'll stop there. And I hope it was a good introduction. And back to you, Tejas.
>> TEJAS BHARADWAJ: Thanks for this brilliant presentation it was comprehensive and answered most of the questions I looked forward to asking.
I also have this first question for you. The Red Cross emblem one of the most universally recognized symbols of protection is routinely ignored if in conflict. Would a digital emblem be better is this are idealistic gesture where conflict dominates the headlines?
>> SAMIT D’CHUNA: That's a good question, Tejas, and I'm glad you addressed that at the beginning. And it's true, there are today intentional attacks against the medical services. So against hospital, against like I said colleagues. Members of the Red Cross and Red Crescent movement have been injured and killed and those are part of directed targeted operations to armed conflict P the distinctive emblem doesn't make someone a good person. And violations do take place.
Now the interesting arthritic is what we see in the news are violations of international human taxpayer law. So when a hospital or ambulance is attacked that shows up in our feed, on our social media, on the traditional news and that's a good thing. It's a good thing that we see that and it's a good thing that we are irate when something like that happens. But it's important to remember that the vast majority of the time the emblem is respected and it's certainly that's my personal experience and what's the experience of our colleagues that's the experience of the last 160 years. But the emblem does in fact work. The vast majority of the time. When the emblem is not respected and it's targeted, we hear about it and that is a violation of international humanitarian law.
This is a war crime directly targeting the medical service or a humanitarian operation is a war crime and it's good that's heard about. And it shouldn't take away from the incredible success story of the distinct emblem it was a protection that was created 160 years ago.
So there has to be that balance there. I can tell you again from personal experience there are a lot of places where the ICRC wouldn't be able to go if it wasn't for the emblem. We work in active hostility zone. If I didn't have a mean to physically put the emblem on myself, there are places I would not go for fear of being targeted there's no way to identify yourself as being protected.
Today we hear something similar to parties of conflict. We have this confidentiality dialogue and we understand they engage in cyber operations but don't always know whether the digital infrastructure they are entering or targeting might not have a component of it that's, you know, a medical in nature or humanitarian in nature and needs to be protected.
The emblem is ultimately a tool. It's not going to stop anything, it doesn't replace passive security measures it's not an anti‑virus it's a tool for identifying that specific protection and removing the plausible deniability. If you target a truck and it doesn't have an emblem it's easier to say well we didn't know it was a carrying medical supplies but if it's displaying the emblem that's a crucial part of identifying and that's part of the project.
>> TEJAS BHARADWAJ: Chelsea the next question is for you. Microsoft is a private company. Why should Microsoft care about the digital emblem? What's the stake of a tech company and to care about international law?
>> CHELSEA SMETHURST: That's a great question. With Microsoft we operate in over 190 countries and support over 1 billion customers worldwide, including governments and hospitals and humanitarian organizations. When we pause to think of those number as one of the world's largest digital infrastructure providers we have the responsibility to ensure our platforms and services uphold humanitarian law. This is not a legal or symbolic gesture. This tool is a practical tool to apply to the digital domain, which is needed especially in today's modern warfare environment. When we are such a key provider in the digital world and in the global environment we can't afford to be neutral on what these digital protections look like in? The future. So thank you for the question.
>> TEJAS BHARADWAJ: Perfect. This segues into important area that I want to tackle. It's more about promoting inclusivity and scale. And the standards and what happens in terms of getting political commitments N terms of the progress what more needs ‑‑ what more needs to happen between these two communities? You have a community of international organization and you have tech companies. How can you take the digital emblem a global reality? What needs to move here, Chelsea you can start first.
>> CHELSEA SMETHURST: So we have over 200 data centers in more than 60 regions around the globe. And I'm using these numbers because they provide a concrete example how we can scale is this example just beyond Microsoft as a company.
If we pause to think about that for a moment if even 10 of the top 20 tech firms adopt the emblem we could protect the digital lifeline for over 1 billion people in conflict. And that's a big number with scale
If we can get adoption across our sector and the tech industry we could see a implementation of this work. And it has a positive impact for those on the ground.
For us I think there's a couple maybe near terms sort of industry players we you would we would like to see adopt this. One is the cybersecurity vendor environment. Where that would be really helpful because we also understand in this community what are the security and the legal controls that we would need for a digital emblem?
I think secondly like cloud providers would be a way to scale the work broader too. So 10 to 20 global providers that's a providers and citizens around the world that would be protected by these entities. That's what I see from the Microsoft perspective is the next step to scale this project just beyond a couple core companies and a couple core nonprofits and organization around the globe
>> TEJAS BHARADWAJ: That's interesting. We need tech companies to be involve in this.
Samit from a legal standpoint you need a commitment from the government. What is ICRC looking to do? How can we make this legal or binding initiative,.
>> SAMIT D’CHUNA: You are absolutely right. And I think you hit the nail on the head, Chelsea, when you said global adoption. That's also true for the diplomatic world as well. One key thing is making sure the emblem in addition to being technically robust is something that's adopted by all states that are party to the Geneva Convention so we are talking about 196 states that would be the ideal that's what we are going to work towards.
Because and I already hinted at it earlier, there are issues related to misuse of the emblem to who can use the emblem to how it's used that simply have to be integrated into international law and there needs to be common understandings of whoa the digital emblem is and how it's respected and what happens when it's not respected.
That system needs to be in place and that will be in place through adoption under international humanitarian law. And there's various different strategies or means of incorporation of IHL that we've been discussing with states
We have a annual meeting with states to update them on the technical development and to move this adoption forward on international law.
So there's a technical annex of additional protocol 1. I didn't talk about this there's four Geneva conventions and the three protocol to the convention.
The first additional protocol has a technical annex already. And that an in connection can be modified.
All state are parties to the convention but not the protocol so states not part of the protocols 1 can still be part of this process. That's one solution. Another solution is to have a new protocol. The third protocol of the Geneva convention was adopted in 2005 that created the Red Crystal emblem, which a distinctive emblem of the Convention.
A fourth solution is to have a new protocol a new process specifically on the digital emblem. And there's other possible solutions ad hoc solutions like what we call unilateral declaration or others to ensure that states do make the digital emblem part of their international legal obligations.
Then there's also I talked about international law but it has to be integrated into domestic systems and the Geneva cop conventions are integrated into domestic law and all the states party to the Geneva Convention a lot of that work is assisted by national societies. Of course from the beginning it was important that the national societies be on board with the project. There's the Australian Red Cross taking the lead on sort of work with the different national societies all over the world to be sure they are mobilized and once a technical solution is ready this solution can also be integrated domestic law because that's not an expertise that comes from Geneva or elsewhere it's an expertise that comes from each country and that's the work of the societies to integrate
>> TEJAS BHARADWAJ: You are right. You need a technical protocols and legal protocols to make this possible. Chelsea, how are you looking to embed this emblem into the digital infrastructure of countries?
>> CHELSEA SMETHURST: If we think of the digital emblem as a digital version of the Red Cross symbol. This is what we are talking about, instead of being painted on a hospital road it's embedded in a digital infrastructure like a hospital's network. So we know it needs to be protected during armed conflict. To make this work in layman's terms we need to mark these systems online.
There are three technical options on the table right now. One is DNS entry. This is a way how to flag on your website's address this is a protected entity during a conflict?
The second way we are thinking of this as a community not just Microsoft is digital certificates. Think of these as passports for websites. So this certifies a certain identification that says hey this is a protected entity and provides a certain level of validity for that work. And the third way we are considering as a group to mark these systems is what we call metadata tags so these are labels behind the scenes on digital file that is a can really sort of be flexible. You can apply certain parameters to these things and these are the three I would say technical solution that are on the table to date.
Then I think when we think about to answer your question on what's the challenges around these technical solutions that we are considering as an industry? One, is it secure enough to prevent misuse? Is somebody pretending to be a protected entity or not? This is a real risk, technical and legal as we think about the technical solutions being deployed
The second thing I'll say in terms of challenges is and maybe this is even more important, is it simple enough for a humanitarian organizations in developing countries to use? And we really need to think about the lowest common denominator in this. If it's going to require a ton of money and technical resources we are not really achieving our goal as what we are trying to move for the digital emblem. So I think that’s the second technical slash legal and civil society risk.
And third, and this is true to somebody like myself who has been involved in technical projects and policy for cyber for many years is how do you standardize it so everyone from governments to tech companies to NGOs and nonprofit cans identify it and deploy it and respect it.
So those are three challenges that are both technical, legal, and civil in terms of what challenges we need to over come with.
>> TEJAS BHARADWAJ: Samit, do you have comment on this?
>> SAMIT D’CHUNA: That's a good point about the lowest common denominator. The interesting thing about the physical emblem there's a lot of discussion among people who are passionate about IHL and the particularly the emblem. And how where the idea of having a red emblem come about? If you read the Geneva article 38 of the first convention it's an ode to Switzerland so it's an inversion of the flag. But there are some pretty important names that are done quite a bit of research on this and say the reason the colour red was chosen was because if you are a wounded soldier.
If you are a war medic then you also have access to the colour red and you also have access to white because soldiers carry the flag of surrender which is a white flag so you have the ability to make a Red Cross. And the idea was everyone should be able to use the emblem and there shouldn't be barriers to the creation of the emblem. If it's too complex or even uses colours because we are thinking of the 1800s, colours too nuance or complex, then it wouldn't be respected.
That's why it's a bright red colour. And there's different stories how it came about but that's a popular one. And you raised important point that is a reflect some of the think thinking already there in the 1800s about what the emblem needs to be.
>> TEJAS BHARADWAJ: This segues into a important question I wanted to request. We don't want the initiative to be about an initiative that's used by a few countries. We want to scale it up. What are the cost associated with the implementation, especially for developing and smaller countries? Is ICRC and the tech companies actively working on that. Chelsea f you want to go ahead.
>> CHELSEA SMETHURST: I think there's probably two primary risk that is a we would associate with the implementation challenges and hurdles there. One is how do you minimize the increased pecks pose sure from educated entities? If you are a medical infrastructure can you make them more exposed to malicious actors? I think Samit sort of talk about in this introduction. And this is a question that I have personally grappled with on this project working with this for the last year and a half is so what do we want to achieve here? I think the acknowledgment what you hear in the news is not what you hear in the news is a massive accomplishment in this task is what we are aiming for here.
It's a helpful reframing and perspective of the significance of the impact that this product could have in the digital infrastructure world. So I think that's one. I think too another risk we got to think about in terms of hurdles to overcome and cost is how do you mitigate the us misuse or abuse of a digital emblem? This is challenging and there's both legal and technical legitimate concerns in this domain. Ultimately what we are trying to do is and through the IETF is, the Internet Engineering Task Force how do you make a standard that's verifiable and auditable? And think true in many cybersecurity domains but these are three competences you want something to have so great question. And Samit, if you have thoughts too
>> SAMIT D’CHUNA: That's a great answer. And there's two sides. On the side of increased exposure this is as I said the beginning of the project a big part of our conversation with different stakeholders, including cyber actors and what we understand a lot of times cyber actors don't know whether a certain infrastructure is protected but if they are looking for certain critical infrastructure tools already exist today that are quite effective in finding them. We moved forward much more quickly on this project when we understood that risk to exposure exists. But it's not very high. And the way to sort of mitigate that is through these technical discussions that take place at the IETF and elsewhere to make sure that risk is minimized as much as possible.
As I mentioned the emblem is always revocable. If any time there's a entity that thinks the emblem poses more risks than benefits then it can be removed. It doesn't replace other cybersecurity tool it's not an antivirus, it identifies something as specifically protected in that sense it is a tool. And it doesn't replace those other mechanisms. And then on the question of misuse, this is why of course integration and international humanitarian law is so important.
As I said, what we don't see the violations that we don't hear about or the rather the violations that don't take place that's the key for us. When we talk about something that's been attacked and now a criminal justice process that takes place after or we hear about it in the news or there's this frustration or there's ‑‑ that as I said that's really important. But that's already a step too far because what we want is for those attacks not to take place.
When discussion of the distinctive emblem took place 160 years ago there was already this discussion of what if the emblem is misused what is going to happen if it starts being use on tanks and all other things that are not specifically protected? That concern was already there.
But systems were put in place like the work of the ICRC and the confidential bilateral dialogue. The fact that parties to conflict have to be trained in international humanitarian law. You work directly with armed forces. We are talking about real people.
Sometimes we talk about rules that apply to states and we forget the fact there's people behind that and there are ways to speak to the military and speak to states and try to understand why violations are taking place or might take place and put an end to violations often times before they cause any harm. That's the big success of the emblem and international humanitarian law in general is really that. It's those benefit that is a you don't actually see.
>> TEJAS BHARADWAJ: Perfect. This is a really insightful discussion. Looking ahead, to quickly wrap up, what does access look like for this international project? I think sometimes goes from international organizations and tech companies. For the future what are we looking at for the initiative?
>> SAMIT D’CHUNA: We talked about some, we talked about technical, standardization, we and we talk about industry adoption and legal integration and those things are really all quite important. Maybe one thing I would add to that is the digital emblem requires trust. I talked about the big success with the physical emblem the Red Cross and crystal and the reason the symbol works well is the trust that exists and the medical services and the humanitarian organizations can trust that if they use the emblem, it's respected.
The parties to armed conflict the vast majority of the time see a emblem and trust that that entity whatever they are looking at personnel or object they can trust that's a protected entity. And as new stakeholders are joined this process like technology companies, technology companies can also trust that the emblem is something that works and that is respected.
That's a big key to this project if it's going to be successful it has to reflect and mimic what is happening with the emblem which is it's a symbol of trust.
>> TEJAS BHARADWAJ: Chelsea, final remarks?
>> CHELSEA SMETHURST: Yes, I'd say with the success for the digital emblem it's not one single milestone it's a layered approach across dimensions. We mentioned this a couple times. Technical standardization. And legal recognition. And finally what's that multistakeholder global adoption? Samit, you mentioned trust. And I think that underpins any and all things I saw say in the next segment. And again I'm focused on the technical capabilities and the implementations here from the Microsoft side.
I think, one, let's go back to technical standardization, I would say as a cohort, we made significant progress here already N July at IETF so the Internet Engineering Task Force they are going to be launching a working group that will be developing verifiable and operable standards across standard bodies and the second the legal recognition. This is something where we've been able to work with closely the ICRC and are our nonprofit civil society partners to really understand what are the international legal problems and challenges that we as like a company will need to incorporate in this? This is not our domain expertise and making sure we are supporting from a technical and operations perspective and working to move towards the international and humanitarian law piece has been essential and critical and that's not something we could have done without the ICRR. And finally and probably maybe most importantly is that widespread adoption and deployment of the digital emblem.
The last 12 months to date it's been a heavily core exercise, at least with Microsoft and some smaller industry places and you mentioned the tech accord which is a large body for cybersecurity norms of over 150 members. And how do we take this emblem and move it to a global norm would be a very powerful and significant next step for this work. So thank you.
>> TEJAS BHARADWAJ: Perfect. I think we have around 15 minutes. So I'll open the floor for questions from the audience. So we also have some online questions but if the audience here if you have questions, feel free to raise your hand.
Please. Can you introduce yourself?
>> Yuro, Finnish green party. My question is mostly to Samit. We talked largely today the trust of the emblem and the malicious actors targeting it. How can we even have trust from the emblem in the end when over the last three years there's been large signatories to the Geneva Conventions basically completely disregarding its functions.
Russia bombed multiple hospitals and humanitarian structures in Ukraine and Israel has bombed medical infrastructure in Gaza and camps. And there's not be a lot of actual international world punishment towards it outside of labels put by the ICJ and other organizations which aren't really respected by well either the U.S. or the other super powers so actually put out the punishment.
How can we trust in in the emblem? What is being done to like I guess negate this double standard?
>> TEJAS BHARADWAJ: Sure, Samit, do you want to answer that?
>> SAMIT D’CHUNA: Yeah, thank you so much for the question. I think it's a really important question. I'll take it broader than just the emblem. I think what you question gets to is really the heart of international humanitarian law. There's this body of law and as you suggest there's I guess situations where the international humanitarian law is not respected and that's extremely ‑‑ it's not just frustrating it's horrific because people die as a result.
I'll just preface this by saying as a legal advisor of the international committee of the Red Cross I won't talk about specific ongoing conflict. We have a confidential bilateral dialogue with parties to conflict. The states you mentioned the ICRC has dialogue with those states and these are the key topics that we talk about.
I won't talk about specific context. But I do want to come back to something that you mentioned which is punishment. And what punishment assumes is a violation has already taken place and that for us is the key. Of course that is important. It is important that international criminal law functions that there are ‑‑ there is punishment when violations take place but it's not the end all, be all of compliance. And that's where a lot of us go wrong on this question. We assume the a crime has taken place and yeah unfortunately in international law it's not always punished but that doesn't that's the only way to ensure compliance.
So for example, under international humanitarian law there's obligations for training on all levels of the armed forces from the individual soldier to the highest level of a commander. Those obligations teach you it is a violation of international humanitarian law to respect a manifestly unlawful order. If you are ordered to bomb a hospital, you cannot saying about just following orders. That argument died over 80 years ago in international law. If you know you are committing a violation of international humanitarian law. You got to stop regardless of order from above
And we have a confidential bilateral dialogue. There's organizations outside of ICRC that work with conflict and highlight violation that is a take place and highlight when certain infrastructures is protected and where it is. And make noise about where there are population movements and things like that.
There's a whole set of ways that ensure compliance with international humanitarian law. Despite the fact they are all of these compliance mechanisms vie violations still take place and that's true in domestic law as well. People commit crimes even though there's a legal system in place. In the domestic law there's a single body in each state that ensures punishment for certain crimes but that doesn't mean the vast majority of human beings in a country or on the planet respect the law because they are afraid to go to jail. They respect the law because it's the decent thing for do. For the minority where it's indecent there are systems in place
But the vast majority of the time the rules are respected.
I'll say one interesting thing. That was study done between 5 to 10 years ago called the roots of restraint. It's a study that looks at what makes individuals respect international humanitarian law? How do people feel about the usefulness of international humanitarian law? The fascinating thing is in countries that are affected by armed conflict, significantly affected by around conflict like the democratic republic of the Congo and Colombia and others, you pulled them and they say ICRC works. But if you poll western European countries this was done 5 to 10 years ago, maybe the answers would be different today. But they say that the human humanitarian laws don't work because they hear about the humanitarian violations all the time.
I worked with the democratic republic of the Congo. I worked with the recruitment of children because they are often recited to armed groups and I met with the groups and saying this is a violation of international law. And they responded to me, I had no idea I couldn't recruit a 14‑year‑old.
There are many group that is a recruited 14‑year‑olds, I had no idea. And this child is 13 years old and you can take them right now. And we would reunite that kid with their family. It blows my mind. It's not object my mind that person goes to prison for recruiting a 13‑year‑old, yeah that's a concern but my primary concern is the 13‑year‑old is reunited with their family
So there's way that is a international laws work but often in invisible ways and it's not just punishment. Thank you.
>> TEJAS BHARADWAJ: That's an interesting answer. To the lady on the right.
>> Hello, I'm also working in the internet engineering task force on potential protocols so I'm well aware of the work there. And thank you for the presentation. so it was informative and comprehensive and I enjoyed that. It was nice to see if the? The IETF the different communities and stakeholders come together and we are taking up the work. And that's a success in itself and nice to see that it's working.
You talked a lot, I'm curious during the discussion you talked about the risk of exposure and we know that the risk of cyber attacks is increasing more and more. Move
Just having as you said having the emblem will not protect somebody from attacks. Are you looking at the two angles together? Are you trying to increase the protection of the digital assets? And increase how we handle the cyber attacks and so on? Or do two you think these are two separate things to be work on separately?
>> TEJAS BHARADWAJ: Chelsea, do you want to take that?
>> CHELSEA SMETHURST: Samit do you want to approach first from the legal considerations and I'll approach from the cyber. Good question by the way.
>> SAMIT D’CHUNA: There's different aspects. The digital emblem is one part of it. We see this that emblem was created to identify protected persons and objects and we don't have a way to identify with digital infrastructure but the pass of cybersecurity measures is a key part of our work. We have an entire department that works on that and I think that's true of the medical services and one thing that came out of the 34th conference the resolution the ICT resolution is the states and humanitarian sectors have to work together to have a more robust system of cybersecurity it's so essential to victims of armed and conflict and natural disasters and other situations of violence. It's a key aspect. And another aspect that's new for us as well is working with certain cyber actors that we haven't worked with before.
We consider ‑‑ we look at the concept of let's say a party to a conflict broodily. So you can potentially have cyber actors that are either part of the armed forces or belonging to armed forces that might be an interlocutor for the ICRC but not one that we traditionally had because we worked with traditional arms carriers but we are trying to work with the non‑traditional actors or hacker groups and last year the ICRC published 8 rules for hackers. And it got quite a bit of traction. And maybe you heard of it. It was published in the BBC and elsewhere. It was rules of international law that applied to cyber actors when they are engaging in acts as part of a conflict.
There is a gamut of work we are doing in the sector and all working towards the same goal of increasing the protection of victim of armed conflict and others
>> CHELSEA SMETHURST: The way I think of the question you asked and I'm the cyber person in the table and this is a question I grappled with a lot. It's half exercises and it's half cyber exercises. What do I mean? When you look at the requirement half are legal and how do you marry the technical standards to international humanitarian law? But they are based half on the security requirements and this is the and you are the bread and butter domain where we operate as practitioners.
I think the way to think about is do the security requirements support what we are trying to achieve in terms of the legal requirements? Whether drive first with the security requirements and come back on the back end with the legal requirement requirements. I think it's a distinction and a linear way to drive this work. We are looking at security controls to support the legal requirements we need to meet here. That's how I think about your distinction in your question.
>> TEJAS BHARADWAJ: We have exactly about 4 minutes 45 seconds to I'll so I'll take both of these questions together and let the speakers answer that. For the gentleman on the right first. You can quickly.
>> Yes. We heard a lot about the Red Cross a as protective sign but there are a few others and the three dot white dots and the red flag of course. Is there a different protection that can be handled with the protection science or can it be handled the same way in a digital sphere.
>> TEJAS BHARADWAJ: Lady on the left.
>> Hello, I respect the London story. You mentioned the importance of confidential dialogue with states. However, during armed escalations, non‑state actors, particularly platforms like Meta and X play a significant role in shaping narratives and potentially fueling further violence. Algorithms on those platforms often amplify harmful content.
Including hate speech or incitement of violence without timely and adequate intervention. On behalf of these platforms. Does the ICRC ‑‑ sorry, we also ‑‑
>> TEJAS BHARADWAJ: Quickly if you could wrap it.
>> We documented those things during the in the India Pakistan escalation. And my question is does the ICRC engage with confidential dialogue with those companies during times of conflict? If so, how do you ensure their algorithmic amplification does not exacerbate the human terror and catastrophic?
>> SAMIT D’CHUNA: Thank you for the question. And great question about the different emblems when we started our work of course we started on the Red Cross and crescent and crystal in the interest of time I kept the conversation to that but there are other emblem that is a exist in part of our work.
Even though we led this on the Red Cross crystal there are the three orange circles which is the dangerous forces emblems that represents the dangerous forces if it's attacked they would release certain what we call dangerous force that is a would cause significant harm to the civilian population so nuclear generating facile Is and dams and dikes and that's one emblem. And maybe you heard of the white helmets in Syria and elsewhere and there's different conflicts you see around the world that provide a services in the event of a armed conflict. And they have a specific production under humanitarian law. And they have an emblem. And there's also the what is colloquially known as the Blue Shield emblem which is also an emblem that identifies cultural property and has a different special protection under international humanitarian law.
The key is the protections are different for each emblem. They are not the same protection. And of course they are not for the same thing. So we have to think about what that means. We've been working with UNESCO and a organization called Blue Shield that'll they participate in the IETF conversation and they bring that into the conversation so that's key.
Yes we have thought on the different emblems. On the question of working with tech companies. We try to have a dialogue with everyone. When we have a dialogue it's confidential. We are happy to provide assistance and particularly navigating international law, which can be complex. The I think the thing about ICL it doesn't turn on whether the information is true we have something called harmful information where the spread of the information sigh lates IHL. And so that's the discussion.
>> CHELSEA SMETHURST: It's been a pleasure being here and presenting with IGF and my partners and thank you for joining us today. And encourage others in the industry and civil society to get involved with this work. This is where it needs to go is scale beyond a couple small companies and thank you for being here today and thank you for your thoughtful questions.
>> TEJAS BHARADWAJ: And thank you to the audience and thank you online. And feel free to talk to the speakers after the session ends.
>> Thank you so much.
(applause)
