The Fight Over the Draft UN Convention on International Information Security

Editor’s Note: Translation courtesy of CRE.

From: Strategic Culture Foundation (Russia)

Andrei Fedorenko

In early June 2012, St. Petersburg hosted a third international meeting of high representatives in charge of security matters. It was attended by delegations from 59 countries to the Security Council, Office of the President and heads of government ministries and agencies responsible for the security of their countries, as well as from the Office on Drugs and Crime, the United Nations and the International Maritime Organization. Issues of international energy and information security, countering piracy, as well as risks associated with asteroids and comets and space debris(1).

One of the main items should have been a discussion, proposed last year by the Russian side, of the draft UN Convention “on ensuring international information security”. The St. Petersburg meeting was supposed to have been the final such meeting before making the final version of this document available for consideration by the UN(2).

The essence of the document, binding at the international level, are a a number of concepts – information warfare, information security, information weapons, terrorism in cyber space, and others, which have been ventilatred only in scientific and journalistic work, not in terms of international law.  The Russian draft Convention clearly spelled out the issues of preserving the sovereignty of the state over its information space, as well as provisions regarding “action in cyberspace in order to undermine the political, economic and social system of another state, the psychological treatment of the population, destabilizing society”(3).

In many ways, the Russian draft UN Convention “on ensuring international information security” is a counterweight to the famous Budapest Convention (Council of Europe Convention on Cybercrime), which Washington is trying to impose as a “global” nature on cybersecurity.

Russia categorically does not like the Budapest Convention, at least with respect to the 32nd article “cross-border access” which allows intelligence agencies of some countries to penetrate the computer networks of other countries and to conduct operations there without the knowledge of the national authorities. For a long time, the Russian side tried to persuade the Europeans to remove the provision as it violates state sovereignty or to edit it(4), but but the countris signing, supported by the U.S., flatly refused to make any changes to the document. A logical step for Russia in this case was to refuse to sign the Budapest Convention.

Moscow believes that we should talk about the entire of actions related to possible wrongful (hostile) the use of information or Information and Communication Technologies (ICTs) while Washington insists that the talks should be limited to the issues of cyber threats. The U.S. approach to international legal regulation excludes information-psychological operations, which in recent years made ​​it increasingly through ICTs, in particular, through social networking. Moreover, U.S. representatives at various forums suggest that any attempt to address these issues in terms of cyber security issues (or information security) will be treated as a desire to put pressure on “civil society” which threatens “freedom of speech” and “strengthens authoritarian tendencies.”

The American interpretation of the problem is in disagreement not only with Russia but also with Russia’s reliable ally in this matter, the Peoples Republic of China. Many support the Russian approach approach including the CIS countries, Asia, Africa and Latin America. And not all European States are in awe of the ideas embodied in the Budapest Convention: it is not by chance that only two thirds of the Member countries of the Council of Europe have signed/ratified the Convention.

Russia has done important work in connection with its proposed draft Convention. For the first time, it was made public in complete form in Yekaterinburg in 2011 year for the second international meeting of high officials in charge of security matters, there was much discussion.

On 6 – 7 March 2012, at the Russian Center of science and culture in Delhi, was a Russian-Indian scientific seminar on the “concept of the international information security Convention”, dedicated to the discussion of the draft Convention. Organizers of the scientific activities of the Information security  Lomonosov Institute/Moscow State University, the Russian Embassy in India,  the Defence Research and Development Organisation, and the Indian Ministry of Defence (IDSA) with the assistance of the representation of Rossotrudnichestvo (5). On 7-8 February 2012, at the 14th National Information Security Forum in Moscow, this issue was also on the agenda.(6) Joined the discussion on non-governmental organizations and business document(7). The Russian side is holding bilateral discussions on this matter with their partners.

However, from time to time, there are surprises.  One example is the recent decision by Belarus to apply to join the Budapest Convention(8). According to media report, this application was in violation of Belarus’ agreements with Russia regarding the willingness of Minsk to support the Russian draft, and the application was made without notice to the Russian side.  The parties who informed “Kommersant” from Russian diplomatic circles indicated that they did not expect Minsk to take “so unfriendly step.”

It is easy to imagine the even greater surprise of the Europeans. From country to country, the head of which is called “the last dictator in Europe”, this was not expected. It is doubtful that the Council of Europe will consider the Belarusian application quickly and  it is doubtful that the answer will be Yes.

There remains some ambiguity in Ukraine’s position.  On the one hand, Kiev signed the Budapest Convention and ratified it and is a member of the Committee of the Convention on cybercrime.  Thus, Ukraine could be understood to have already assumed the entire package of commitments (even if they don’t quite meet its national interests) associated with the document. On the other hand, despite the ratification of the Convention, the Convention’s provisions have not been implemented in Ukrainian legislation.  Thus, a vacuum (legislative pause) remains, which Russia could take advantage of. Would Ukraine publicly support a Russian document? In the face of deteriorating relations between Kiev and Brussels and Washington, Ukraine publicly annoying them is a step they are unlikely to risk.  However, informal support (including those with modest resources within the UN) – would be a real step forward.  Particularly for Kiev because the document proposed by the Russian side is really interesting and contains a much better description of the threats faced by Ukraine in the world today. In addition, in the event of a Russian version of the Convention by the United Nations (the reality of which is high enough), Ukraine is likely to want to reconsider their position and to be able to more openly support the document.

(1) http://www.scrf.gov.ru/news/720.html

(2) http://www.securitylab.ru/news/425397.php

(3) http://www.scrf.gov.ru/documents/6/112.html

(4) http://www.kommersant.ru/doc/1953059/print

(5) http://www.iisi.msu.ru/news/news54/

(6) http://2012.infoforum.ru/

(7) http://expo-itsecurity.ru/company/aciso/files/12994/

(8) http://www.kommersant.ru/doc/1953059/print

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Leave a Reply

Your email address will not be published.

Please Answer: *