Cyberspace must not be a test ground for pushing limits of international norms
Illustration by SÉBASTIEN THIBAULT
We live in a polarized world in which political and ideological divisions directly affect the digital ecosystem, cybersecurity, and behavior of different actors in cyberspace. Some countries benefit from the advantages made possible by the digital revolution and take seriously the challenges that come with the use of information and communication technologies (ICT). Other countries, however, see the digital revolution as an enabler of domestic interference that could potentially inculcate its citizens with Western or democratic values.
It is difficult to agree on any globally binding rules, treaties or agreements as long as such differences persist and without the political will to cooperate.
Cybercrime is a particularly stark example in which contradictory political views have negatively affected global cooperation, resulting in two competing processes. First, there is the Budapest Convention on Cybercrime, enacted in 2004 as an initial attempt to mount a fight against cybercrime at the international law level. It is not perfect. It has been amended, and will be amended in the future, but it lays a solid legal ground for global cooperation. The convention is well received and recognized globally with 65 parties (67 signatories), including such non-Council of Europe states as the United States, Australia, Japan, Israel and Canada. Unfortunately, cyber superpowers, such as Russia and China, have not acceded to the Budapest Convention. Even more concerning, Russia recently submitted its own draft Convention on Countering Cybercrime to the United Nations. The Russian government insists its convention is a necessary replacement to the Budapest Convention, which it argues is outdated, too regional in scope and in violation of state sovereignty.
That may sound like a reasonable explanation on the surface, but it could also be interpreted as a tactic to postpone global cooperation in the fight against cybercrime and as an expression of distrust toward like-minded countries that are parties to the convention. By introducing a new convention rather than updating an existing agreement already accepted and in force, Russia tramples on the work already done and may impede progress on the updates the Budapest Convention legitimately needs.
Ideological division also leads to different interpretation and application, both legal and political, of internationally agreed norms and principles. Reports of the UN Group of Governmental Experts (GGE) on Advancing Responsible State Behavior in Cyberspace, in which I participated as an Estonia expert from 2014 to 2017, reflect it clearly. All UN GGE reports have underlined the importance of promoting “an open, secure, stable, accessible and peaceful ICT environment” and the applicability of international law to cyber. All GGE reports have been adopted by the UN General Assembly, which means they are recognized globally and should be followed by all states.
But reality is very different. Application of agreed norms and rules varies from country to country. In practice, we see the attempts of balkanization of the internet and a growing number of cyberattacks either sponsored or supported by states. Cyber operations and cyberattacks are the new normal and the so-called “inadvertent escalation” — accidental war — through state behavior in cyberspace is a real and increasing threat, and one that must be urgently addressed.
At the same time, we also see that some countries lack genuine commitment toward cooperation and common application of international law to cyberspace and cybersecurity. The fact is the UN Security Council has not even held a serious discussion about cybersecurity, with the exception of an informal Security Council Arria-Formula Meeting organized by Estonia in 2021 when it chaired the council.
Cyber operations and cyberattacks are the new normal and the so-called “inadvertent escalation” — accidental war — through state behavior in cyberspace is a real and increasing threat, and one that must be urgently addressed.
Every shared space needs clear and recognized norms and rules that define what is allowed, what is not, and what the consequences will be when those norms and principles are violated. Cyberspace is not an exception. Even more troubling, this new domain, created after majority of international law was already adopted, has become a testing ground for countries to push at the limits of international norms and principles with ever more sophisticated cyber actions.
It is also time to finally recognize, not only in words but in deeds, the inevitability of multistakeholderism — governmental cooperation with private sector, academia, IT experts and civil society. The truth is that states alone cannot be effective in the cyber domain. Indeed, if they wish to promote and support liberal democratic values, the multistakeholder model is the only way to ensure human rights and personal freedoms.
Until countries can put aside their ideological differences, unite their forces and summon the political will, there is no hope for truly effective global cooperation either in cybersecurity or in the fight against cybercrime. For now, our digital security will depend on key actions at the regional level — in the European Union and NATO in particular — in close cooperation with other like-minded states. These responsible states must work quickly and cooperatively to avert the cyber catastrophes sure to come if the domain remains ungoverned.
Marina Kaljurand was elected in March 2019 to the Estonian Parliament (Riigikogu) as a member of the Social Democratic Party. Prior to her election, she chaired the Global Commission on the Stability of Cyberspace. Previously, Kaljurand served as Estonian foreign minister from July 2015 to October 2016. She also served as ambassador of Estonia to several countries, including the United States, the Russian Federation, Israel, Mexico and Canada. Kaljurand has been appointed twice to serve as the Estonian national expert at the United Nations Group of Governmental Experts on developments in the field of information and telecommunications in the context of international security.
She began her career at the Ministry of Foreign Affairs in 1991 and held several leadership positions, including undersecretary for legal and consular affairs, undersecretary for trade and development cooperation, and undersecretary for political affairs. She played an important role as expert and negotiator in the process of Russian troop withdrawal and in negotiations on land and maritime boundaries agreements between Estonia and the Russian Federation, as well as in the accession negotiations of Estonia to the European Union and to the OECD.
Kaljurand graduated cum laude with a master’s in law from Tartu University, has a professional diploma from Estonian School of Diplomacy and a master’s degree in international law and diplomacy from the Fletcher School of Law and Diplomacy, Tufts University. Additionally, she has undergone professional training at the universities of Lapland, Pittsburgh and Durham and at the Civil Service College in London. She is a founding member of the Estonian branch of the International Law Association and the Estonian branch of Women in International Security. She has been awarded the Order of White Star (third class) and the Order of the National Coat of Arms (third class) by the president of Estonia. She is fluent in Estonian, English and Russian.