Daniel Stauffacher explained that the cyberspace is so beneficial to society economically and socially, and we need to maintain its freedom. However, because it is a rather new phenomenon it has been practically unregulated. Stauffacher said that cyberspace has been created by the private sector with some governmental involvement, but there are no rules, no laws, no conventions. He said that it has to be regulated and that cannot be done in one country or one group of countries—it has to be the whole world, via the UN system, in cooperation with the private sector and civil society, to build norms—how not to attack each other and how to help each other. Some work has already been done, such as via the UN Group of Governmental Experts, which includes the group of three—Russia, China, and the United States. These countries, he pointed out, have different outlooks on cybersecurity. Russia and China look more on information security, on the content that could pose a security challenge, whereas the West and the US look more at the network security as being open and free.
Q1. You are currently assuming the position as President in ICT4Peace. Can you give us a brief introduction of the foundation?
I’m founder of the organization. We started in 2004 in order to think about how we could contribute to this emerging issue of cyberspace, which is so beneficial to society economically and socially, and to maintain its freedom, to maintain that is open, so it can be used for peaceful purposes, such as in peacekeeping and UN operations. Because technology can enable us to do much more, much faster, for much more people.
Q2. The world has been putting their heads together to come up with universal norms and the rule of law in cyberspace. For example, the UN Group of Governmental Experts (UNGGE) is at the forefront of the efforts. What’s the goal of the UNGGE? Why is it important to introduce international norms on cyber activities?
As I mentioned, the cyberspace is a new phenomenon and has been practically unregulated. It has been created by the private sector with some governmental involvement, but like the real world, there are no rules, no laws, no conventions. Now we are feeling that because, with the exception of maybe cybercrime, the cyberspace is challenged by cyberterrorists and increasingly by states who use the cyberspace for strategic purposes, and that has to be regulated and that cannot be done in one country or one group of countries—it has to be the whole world, via the UN system, in cooperation with the private sector and civil society, to build norms—how not to attack each other and how to help each other.
Q3. Since the first UNGGE was convened in 2004 under Russia’s leadership, totally five meetings have been held. So far, member states are divided into two stances. One is those who are attaching importance to ‘free flow of information’ and the other is those giving priority to ‘protecting privacy’. Some claim that the development of cyber norms has reached a dead end as the 5th UNGGE in 2017 ends without a consensus on its final report due to differences in positions among countries. How do you evaluate UNGGE’s work so far?
It has done incredibly positive work. You mentioned these reports—2015 I think was a really high mark and a big achievement in setting a first set of norms in setting responsible behavior for states. In the GGE, we had the group of three—the US, China, and Russia. These statuses—even though they don’t carry legal weight, they carry political value. I’m not sure whether the division between these groups is the right way to mention it. Maybe Russia and China look more on information security, on the content that could pose a security challenge, whereas the West and the US look more at the network security as being open and free. The underlying geostrategic complications in the recent few years have prevented more work, but the high-level work has already been done.
Q4. From 2019, with the establishment of the Open-ended Working Group proposed by Russia along with the 6th UNGGE Conference, discussions on the international norms of cyber security came to a new phase. What do you expect to be an issue in the future discussion?
Some people have said the fact that we have two parallel processes might be a challenge. It could be—it’s for talented diplomats to work out. I’m sure it can be found. The GGE was limited to 22 countries. The Open-ended Working Group is open to the whole world. I think it’s time that not only a few countries have a say in determining the norms and discussing it, but the whole world, including the private sector and civil society. We just have to work hard not to compete or confusion. Both processes are necessary.
Q5. Recently, the US imposed sanctions against Huawei for the purpose of responding to national security threats. Subsequently, US allies such as the United Kingdom, Australia, New Zealand and Japan have joined as well. South Korean government is in between a rock and a hard place between the U.S. and China. Do you think the sanction to Huawei can be justified? What is your opinion on the impact of the sanction on future cybersecurity?
To be honest, I’m not a technical expert enough to pass a judgment whether these allegations are true. But, they are made by important countries and so they have to be taken seriously. It is also now for the technical community or a system for technical labs or expertise, like the UK did to some extent, and we are proposing a series of trustworthy labs who can pass judgment so we don’t rush into sanctions. Then we have countersanctions, and stop investments and trade, and so forth. We should seriously look at the technological issues at hand and then try to move on
Q6. Do you think it can be possible in the future that the international community wins over their differences and international norms on cyber security?
We are reading it every day. Citizens are concerned. Politicans are concerned. It is not at the highest level of priorities, also at this conference, but it is a high security issue. It’s also important for economic issues. I think there will be a coming together, from civil society, from the private society, for norms. We cannot live in a rule-less space. It will still be a lot of work.
