ICT 4 Peace Foundation

[Talk] Cyber operations, armed conflicts, and international law

Event recording

Event description

Event date: 23 June 2022, 17:30–18:30 CEST

In this talk, researchers from the Geneva Academy will shed light on the different examples of cyber operations (e.g. Stuxnet, NotPetya, and SolarWinds) allegedly conducted or sponsored by states to explicate their geopolitical effects and challenges to international law. As the importance of ICT grows in the modern world, cyber operations have become an integral part of state and non-state actors’ strategies against other states and actors. Researchers will present their findings as part of the project on disruptive military technologies.

For more information, and to register, please visit the official page.

[Workshop] Boost your cyber skills: a cybersecurity event for Nonprofit Organizations

Event description

Event date: 22 June 2022, 9:30–15:00 CEST

The International Geneva Welcome Centre (CAGI) and the CyberPeace Institute jointly curated an all-day cyber skills event for NGOs. The uptake of cloud-based technologies and storage of valuable donor and beneficiary data have made NGOs a frequent target of cyberattacks. The reality for NGOs is that they have to safeguard their cybersecurity as much as private businesses do. The event invites local government representatives, cybersecurity experts, and NGOs to partake in testimonial drafting, roundtable discussions, and awareness raising for boosting NGOs’ cyber skills.

For more information, and to register, please visit the official page.

International Electrotechnical Commission

Acronym: IEC

Address: Rue de Varembé 3, 1211 Geneva 20, Switzerland

Website: https://iec.ch

Stakeholder group: International and regional organisations

Founded in 1906, the International Electrotechnical Commission (IEC) is the world’s leading organisation for the development of international standards for all electrical and electronic technologies. The IEC’s standardisation work is advanced by nearly 20 000 experts from government, industry, commerce, research, academia, and other stakeholder groups.

The IEC is one of three global sister organisations (in addition to the ISO and ITU) that develop international standards.

Digital Activities

The IEC works to ensure that its activities have a global reach in order to meet all the challenges of digital transformation worldwide. The organisation covers an array of digital policy issues illustrated below.

Digital policy issues

Digital standards 

 The IEC carries out standardisation and conformity assessment activities covering a vast array of technologies. These range from smart cities, grids, automation, and energy to electromagnetic compatibility between devices, digital system interfaces and protocols, and fibre optics and cables. Other areas covered by the IEC include multimedia home systems and applications for end-user networks, multimedia e-publishing and e-book technologies, information and communication technologies (ICTs), wearable electronic devices and technologies, cards and personal identification, programming languages, cloud computing and distributed platforms, the Internet of Things, and information technology (IT) for learning, education, and training.

Over the past 30 years, the IEC and ISO Joint Technical Committee (JTC 1) have been developing IT standards for global markets, meeting business and user requirements. This work addresses various aspects including the design and development of IT systems and tools; interoperability, performance, and quality of IT products and systems; harmonised IT vocabulary; and security of IT systems and information. Some of the areas that JTC 1 covers include:

  • Cards and security devices for personal identification
  • Computer graphics, image processing, and environmental data representation
  • Coding of audio, picture, multimedia, and hypermedia information
  • Automatic identification and data capture techniques
  • Data management and interchange
  • IT for learning, education, and training
  • Biometrics
  • Trustworthiness
  • Digital twins
  • Quantum computing
  • 3D printing
  • Augmented reality and virtual reality-based ICT
  • Autonomous and data-rich vehicles
Internet of things 
The Internet of Things (IoT) is one of the main technology sectors covered by the IEC (International Electrotechnical Commission) in its standardisation activities. Several technical committees (some of which are joint groups with the ISO – International Organization for Standardization) focus on various aspects of the Internet of Things. Examples include: standardisation in the area of IoT and related technologies, including sensor networks and wearable technologies; smart cities; smart grid (which involve the use of technology for optimal electricity delivery); and smart energy. In addition to developing standards, the IEC also publishes white papers, roadmaps with recommendations, and other resources on IoT-related issues. IECEE and IECQ, two of the four IEC Systems for Conformity Assessment, verify that digital devices/systems perform as intended.
Artificial intelligence 
Another important technology sector tackled by the IEC is artificial intelligence (AI). Standardisation activities in the area of AI are mostly covered by a joint IEC and ISO technical committee (ISO/IEC JTC 1/SC 42). The committee has recently published a new technical report that aims, among others, to assist the standards community in identifying specific AI standardisation gaps. SC 42 has set up several groups that cover specific aspects of AI, such as computational approaches and characteristics of AI systems, trustworthiness, use cases and applications of AI systems, to name a few.

The IEC also publishes white papers, recommendations and other resources on AI-related topics.

Cloud computing 
 Cloud computing is an enabling technology, based on the principles of shared devices, network access and shared data storage.

ISO/IEC JTC 1/SC 38 has produced international standards with cloud computing terms and definitions and reference architecture. Other work includes a standard which establishes a set of common cloud service building blocks, including terms and offerings, that can be used to create service level agreements (SLAs), which also covers the requirements for the security and privacy aspects of cloud service level agreements.

SC 38 has produced a standard for data taxonomy, which identifies the categories of data that flow across the cloud service customer devices and cloud services and how the data should be handled.

Network security 
In the area of cybersecurity, IEC works with ISO in their joint technical committee to develop the ISO/IEC 27000 family of standards. In addition, the IEC operates globally standardized systems for testing and certification (conformity assessment) to ensure that standards are properly applied in real-world technical systems and that results from anywhere in the world can be compared. To this end, IECQ (IEC Quality Assessment System For Electronic Component) provides an approved process scheme for ISO/IEC 27001. The IECEE (IEC System of Conformity Assessment Schemes for Electrotechnical Equipment and Components) Industrial Cybersecurity Programme focuses on cybersecurity in the industrial automation sector.
Critical infrastructure 
The IEC develops horizontal standards, such as the IEC 62443, for operational technology in industrial and critical infrastructure that includes power utilities, water management systems, healthcare and transport systems. These standards are technology independent and can be applied across many technical areas. On the other hand, several technical committees and subcommittees develop international standards to protect specific domains and critical infrastructure assets (vertical standards).

 

Sustainable development 
 The IEC international standards and conformity assessment systems contribute to the realisation of all 17 Sustainable Development Goals (SDGs). They provide the foundation allowing all countries and industries to adopt or build sustainable technologies, apply best practice, and form the basis for innovation as well as quality and risk management.

 

Capacity development 
The IEC Academy Platform aims to support IEC community members through formal learning and collaboration opportunities. The IEC offers a series of online courses and webinars that provide an in-depth understanding of IEC’s main activities.

Future of meetings

Any reference to online or remote meetings?

  • IEC technical committees have held online/remote meetings for many years, especially for focussed discussions on individual topics. In the context of the COVID-19 pandemic the breadth of technical online meetings has been further expanded to ensure optimal continuation of standardization and conformity assessment activities. Most face-to-face management board and governance meetings have been converted to online meetings during COVID-19. In support of the successful organization of online meetings, the IEC has published a virtual meeting guide.

Any reference to holding meetings outside HQ?

  • Many IEC meetings are held outside of IEC CO headquarters or online or in a hybrid format. The tools for that purpose include webinars, podcasts, online presentations and various teleconferencing facilities. In the future, augmented reality technology or digital twin approaches may also be considered to provide the benefits of face-to-face meetings. While face-to-face meetings have been the rule to date, some IEC Board meetings have also been held virtually to some extent already in the past, with documents being shared in advance on proprietary online platforms and collaboration taking place live online.

Any reference to deliberation or decision making online?

  • In the IEC, nearly all decision-making processes have been taking place virtually since many years, with voting/decisions being dispatched electronically, including collaboration and commenting via a dedicated electronic platform.

Geneva Centre for Security Sector Governance

Acronym: DCAF

Address: Chemin Eugene-Rigot 2E, CH - 1211 Geneva 1

Website: https://dcaf.ch

DCAF, the Geneva Centre for Security Sector Governance, is dedicated to making states and people safer through more effective and accountable security and justice. Since 2000, DCAF has facilitated, driven, and shaped security sector reform (SSR) policy and programming worldwide.

Digital Activities

Cyberspace and cybersecurity have numerous implications for security provision, management, and oversight, which is why DCAF is engaged on these topics within its work. DCAF has implemented a cycle of policy projects to develop new norms and good practices in cyberspace. At the operational level, cybersecurity governance has become a prominent part of SSR programming.

Digital policy issues

Capacity development 

DCAF supported the drafting of the Global Counterterrorism Forum’s (GCTF) Zurich-London Recommendations on Preventing and Countering Violent Extremism (P/CVE) and Terrorism Online. Subsequently, it co-developed the Policy Toolkit, which transforms these recommendations into practical tools for states. DCAF applies the Policy Toolkit in its work in the Western Balkans, and several UN bodies – as well as the Organization for Security and Co-operation in Europe – are planning to incorporate it into their activities. DCAF has also developed a French language guide on good practices concerning cyberspace governance for the Ecole nationale à vocation régionale (ENVR) de la cybersécurité in Senegal, which is mainly targeted at cybersecurity practitioners in Francophone Africa.

DCAF contributes to effective and accountable cybersecurity in Europe and Central Asia by providing practical guidance and support for the governance of the cybersecurity sector; supporting the development of national and international legal and policy frameworks to promote good cybersecurity governance; and facilitating multistakeholder engagement in cybersecurity. This work is organised in several service lines: providing national cybersecurity assessments; developing policy advice; enhancing regional and transnational co-operation between cybersecurity authorities; building the capacity of Computer Emergency Response Teams (CERTs); promoting dialogue and co-ordination between state and non-state cybersecurity actors; and publishing policy research on good governance in cybersecurity. DCAF regularly works with partners, including the International Telecommunication Union (ITU), the Regional Cooperation Council, the OSCE, and DiploFoundation.

To increase the transparency and accountability of the security sector in the Middle East and North Africa, DCAF supports the automation of internal processes, information sharing, document management systems, and data visualisation and analysis in parliaments, ministries, public administrations, and oversight institutions. Furthermore, four online Sector Observatories (‘Marsads’) provide centralised information and analyses on the Tunisian, Libyan, Palestinian, and Egyptian security sectors and their actors, and three legal databases provide searchable online access to legislation governing the security sectors in Libya, Tunisia, and Palestine. Finally, DCAF has provided legal expertise to national oversight institutions in regard to possible privacy violations through and misuse of COVID-19 apps developed by national governments.

In 2016, DCAF developed a social media guide for ombuds institutions and the armed forces under their jurisdiction in order to support the use of social media as a safe and effective communication tool.

World Intellectual Property Organization

Acronym: WIPO

Address: 34, chemin des Colombettes, CH-1211 Geneva 20, Switzerland

Website: https://wipo.int

Stakeholder group: International and regional organisations

The World Intellectual Property Organization (WIPO) is a UN agency functioning as a global forum for intellectual property (IP) related services (patents, copyright, trademarks, and designs), policy, information, and co-operation. The organisation was established in 1967 and it currently has 188 member states, in addition to over 200 observers representing non-governmental organisations and intergovernmental organisations.

WIPO’s activities are focused on: Contributing to the development of a balanced and effective international IP system; providing global services to protect IP at a global level and to resolve disputes; sharing of knowledge and information on IP-related issues; and encouraging co-operation and offering capacity building programmes ​aimed to enable countries to use IP for economic, social, and cultural development.

Digital Activities

WIPO provides domain name dispute resolution services, through its Arbitration and Mediation Center. In this regard, the organisation has developed (in collaboration with the Internet Corporation for Assigned Names and Numbers (ICANN)) the Uniform Domain Name Dispute Resolution Policy (UDRP) – the main domain name dispute resolution mechanism for conflicts on the right to register and use domain names under certain generic top level domains (gTLDs). The Center also administers disputes under a number of specific policies adopted by individual gTLD registries and provides domain name dispute resolution services for over 70 country code top level domains (ccTLDs).

The organisation administers the WIPO Copyright Treaty and the WIPO Performances and Phonogram Treaty (known as the ‘Internet Treaties’), which contain international norms aimed at preventing unauthorised access to and use of creative works on the Internet or other digital networks. It also carries out research and provides recommendations on issues related to the protection of intellectual property rights in the digital environment (especially with regards to copyright and trademarks).

Digital policy issues

Artificial intelligence 

WIPO is paying particular attention to the interplay between artificial intelligence (AI) and IP. In December 2019, it published a draft issue paper on AI and IP, which was later revised based on public comments and re-published in May 2020. The paper explores the (potential) impact of AI on IP policies in areas such as copyright and related rights, patents, trademarks, designs, and overall IP administration. Building on this exploratory work, WIPO is leading a Conversation on IP and AI, bringing together governments and other stakeholders, to discuss the impact of AI on IP. WIPO is also working on an AI and IP strategy clearing house, through which it is collating government instruments (strategies, regulations, etc.) that are relevant to AI and IP. The organisation is additionally developing and deploying AI solutions in the context of various activities; relevant examples are the WIPO Translate and WIPO Brand Image Search, which use AI for automated translation and image recognition.

Alternative dispute resolution 

WIPO’s activities in regard to the Domain Name System revolve around the protection of trademarks and related rights in the context of domain names. It has developed, together with ICANN, the UDRP. Under this policy, WIPO’s Arbitration and Mediation Centre provides dispute resolution services for second level domain name registrations under gTLDs to which the UDPR applies. The Arbitration and Mediation Centre also administers disputes under specific policies adopted by some gTLD registries (e.g. .aero, .asia, .travel). In addition, the Centre offers domain name dispute resolution services for over 70 country code top-level domains (ccTLDs). WIPO has developed a ccTLD Program, with the aim to provide advice to many ccTLD registries on the establishment of dispute resolution procedures. WIPO also contributes to the work carried out within the framework of ICANN in regard to the strengthening of existing trademark rights protection mechanisms or the development of new such mechanisms.

Intellectual property rights 

Trademarks: WIPO has long been involved in issues related to the protection of trademarks in the context of the Domain Name System. The first phase of the WIPO Internet Domain Name Process, carried out in 1991, explored trademark abuse in second-level domain names, and led to the adoption, by ICANN, of the UDRP. WIPO has also contributed to the development of several trademark rights protection mechanisms applicable to generic top-level domains  (such as legal rights objections, the Trademark Clearinghouse, and the uniform rapid suspension system). The WIPO Arbitration and Mediation Centre administers trademark-related dispute resolution cases for several gTLDs and ccTLDs.

Copyright: WIPO is actively contributing to international discussions on the protection of copyright in the digital environment. The organisation administers the ‘Internet Treaties’, which contain international norms aimed at preventing unauthorised access to and use of creative works on the Internet or other digital networks. Among others, the treaties clarify that existing IP rights apply on the Internet, but also introduce new ‘online rights’. WIPO also carries out research and organises seminars and other meetings on aspects concerning challenges and possible solutions for the protection of copyright and related rights in the digital era.

Liability of intermediaries 

Given WIPO’s concerns with regard to the protection of copyright and related rights on the Internet, the organisation is exploring issues related to the roles and responsibilities of Internet intermediaries when it comes to online copyright infringements. The organisation carries out or commissions research and publishes studies on the relationship between copyright and Internet intermediaries (such as comparative analysis of national approaches of the liability of Internet intermediaries), and organises events (seminars, workshops, sessions at the World Summit on the Information Society Forum and Internet Governance Forum meetings, etc.) aimed at facilitating multistakeholder discussions on the potential liability of Internet intermediaries in relation to copyright infringements.

Sustainable development 

WIPO is of the view that IP is a critical incentive for innovation and creativity, and, as such, a key to the success of the sustainable development goals (SDGs). The organisation works to enable member states to use the IP system to drive the innovation, competitiveness, and creativity needed to achieve the SDGs. It does so, for instance, through supporting countries in their efforts to build an innovative IP ecosystem, providing legislative advice on updating national IP laws, and supporting judiciary systems in keeping up with technological innovation. WIPO’s contribution to the implementation of the Agenda 2030 is guided by its Development Agenda.

Climate change 

WIPO’s Global Challenges programme brings together various stakeholders to explore issues related to green technologies and the environment. For instance, it hosts WIPO Green, a multistakeholder platform aimed to promote innovation and diffusion of green technologies, and it provides analysis of relevant IP issues to facilitate international policy dialogue.

Digital tools

WIPO is using multiple digital tools in relation to its services. Below are some examples:

  • WIPO Match – platform that matches seekers of specific IP-related development needs with potential providers offering resources
  • WIPO Proof – a service that provides a date- and time-stamped digital fingerprint of any file
  • Madrid e-services – online tools and resources
  • Electronic Forum – enables the electronic distribution and submission by email of comments concerning preliminary draft working documents and draft reports.
  • WIPO Academy, which also includes an eLearning Centre
  • Platforms for online meetings (not so clear which platform(s) WIPO is using)

CyberPeace Institute

Address: Av. de Sécheron 15, 1202 Genève, Switzerland

Website: https://cyberpeaceinstitute.org

Stakeholder group: NGOs and associations

 The CyberPeace Institute, an independent, neutral, and collaborative non-governmental organization, was created to enhance the stability of cyberspace. It aims to decrease the frequency, harm, and scale of cyber-attacks on civilians and critical civilian infrastructure, and increase the resilience of vulnerable actors. The Institute subscribes to the following principles in its work:

  • Impact: Reducing the frequency, harm, and scale of cyber-attacks by pushing for greater restraint in the use of cyber-attacks, increasing accountability for attacks that occur, and enhancing capabilities to prevent and recover from attacks.
  • Inclusiveness: Being inclusive and collaborative in the approach, cooperating with, and supporting, existing synergistic efforts.
  • Independence: Operating free from the direction or control of any other actors, including states, industries, and other organisations.
  • Integrity: Ensuring that its work and interactions with the cybersecurity community and victims of cyber-attacks reflect the highest ethical and analytical standards.
  • Neutrality: Supporting the stability and security of cyberspace rather than the interests of individual actors; as such, engaging with stakeholders and cyber-attack victims regardless of geographic location, nationality, race, or religion.
  • Transparency: Being transparent about its operations and methodologies, when it is feasible and responsible.

Through field analysis and global campaigning, the Institute’s goal is to protect the most vulnerable and to achieve peace and justice in cyberspace.  Its work is structured around three pillars: assistance, analysis, and advancement. These pillars form the core of the Institute’s mission, building on the simple reality that infrastructure, networks, regulations, norms, and protocols are merely enablers in cyberspace.

To fulfil this mission, and to deliver products and services which have a real impact, the Institute has four strategic objectives, ensuring a human-centric response to the technological, ethical, and regulatory challenges of cyberspace. Each of these objectives enables operational, tactical, and strategic responses with the goal of empowering people by maintaining a vibrant, open, free, and peaceful online space. The first three objectives are aligned with the three pillars, while the fourth objective ensures that the Institute and its staff are at the forefront of what will be tomorrow’s challenges in cyberspace.

  1. Strategic Objective 1: To increase and accelerate assistance efforts towards the most vulnerable, globally.
  2. Strategic Objective 2: To close the accountability gap through collaborative analyses of cyberattacks.
  3. Strategic Objective 3: To advance international law and norms in order to promote responsible behaviour in cyberspace.
  4. Strategic Objective 4: To forecast and analyse security threats associated with emerging and disruptive technologies, to innovate breakthrough solutions, and to close the skill gap to address global cyber challenges.

The Institute has an international scope, and is independent, apolitical, and impartial in its operations, publications, and partnerships.

Digital Activities

The Institute provides assistance to vulnerable communities, analyses cyberattacks to increase accountability, advocates for the advancement of the role of international law and norms for responsible behaviour in cyberspace, forecasts future threats (with a focus on disruptive technology), and supports capacity building.

Example of operational activities include:

  • Mapping the threat landscape in relation to critical civilian infrastructure.
  • Supporting the delivery of assistance at scale to the most vulnerable victims of cyberattacks.
  • Co-ordinating resources to amplify the impact of existing assistance efforts.
  • Conducting forensic and impact analyses of sophisticated cyberattacks and cyber operations, in co-operation with a consortium of experts from academia, industry, and civil society.
  • Co-ordinating relief efforts through a network of volunteers and providing knowledge products to increase resiliency.
  • Advancing the role of international law and norms governing the behaviour of state and non-state actors in cyberspace.
  • Analysing responses to violations of norms, and how normative or legal gaps are exposed and undermined.
  • Increasing public awareness of the real-life impact of cyberattacks, and providing a platform where vulnerable populations can tell their stories.
  • Analysing potential threats and opportunities stemming from the convergence of disruptive technologies (e.g., artificial intelligence, brain machine interface, augmented Reality, virtual Reality, 5G, etc.).
  • Acting as a platform to share innovative approaches and capacity-building strategies.

Digital policy issues

Critical infrastructure 
Consistent with its human-centric approach, one of the Institute’s key areas of focus is the protection of civilian infrastructure from systemic cyberattacks. For instance, in 2020, the Institute, together with a number of partners, launched Cyber 4 Healthcare, a targeted service for healthcare organizations fighting COVID-19. The initiative helps people find trusted and free cybersecurity assistance provided by qualified and reputable companies. In May 2020, the Institute issued a call for governments to stop all cyberattacks on healthcare organizations and to work with civil society and the private sector to ensure that medical facilities are protected and that perpetrators are held accountable.

Following that appeal to governments, the Institute launched a Strategic Analysis Report in March 2021.  Playing with Lives: Cyberattacks on Healthcare are Attacks on People  urges governments to remove rewards for criminals and hostile states attacking healthcare. The first of its kind, this analytical report focuses on the impacts of attacks on people and society and highlights the responsibilities of nation-states in leading the way for attacks to decrease globally and threat actors to be held accountable.  It maps existing initiatives and provides actionable recommendations to governments and policymakers to engage with civil society, industry and academia and design collective solutions.

Cyberpeace: From Human Experience to Human Responsibility
While the international community has recognized the need to be more “human-centric,” the CyberPeace Institute believes that an increased focus on human impact is not enough. In our pursuit of cyberpeace, we must start with the human impact. In each and every response, we must recall that the digital is human.

In cyberspace, everyone has a role to play. This collective action is essential to promoting justice, effecting change and ensuring human security, dignity and equity.

The CyberPeace Institute is gathering testimonials and digital evidence from the field to track these diverse accountabilities, ensuring that cyberattacks and cyberoperations are investigated in their local context. Closing the accountability gap will be made possible by shedding light on responsibilities in the context of the societal impact of irresponsible behaviour.

Network security 

To increase the scale and impact of its efforts to assist civilian victims of cyber-attacks, the Institute is building the CyberPeace Builders network, composed of volunteers from a range of backgrounds and locations worldwide, administered by a dedicated management structure, in collaboration with partners with established assistance capabilities. The network will provide emergency incident response and longer-term recovery plans to civilian victims recovering from significant cyberattacks perpetrated by malicious actors. It also assists vulnerable individuals in increasing their resilience and guarding against future cyberattacks.

Interdisciplinary approaches 

In order to contribute to closing the accountability gap in cyberspace, the Institute seeks to advance the role of international law and norms. This includes initiatives such as: publishing analyses of the economic and social impacts of cyberattacks; driving external engagement with stakeholders, individuals, and organizations focused on enhancing the stability of cyberspace; conducting reviews of cyberattacks based on international law and norms; and assessing potential remedies to fill the identified gaps. The Institute is actively engaged in the work of the United Nations Open-Ended Working Group on Developments in the Field of Information and Telecommunications in the Context of International Security, and is co-Chair of the Paris Call Working Group 5:  Building a cyberspace stability index, one of six groups established in November 2020 which are dedicated to ensure that fundamental rights and principles that apply in the physical world are respected in cyberspace.  More information on the Paris Call here

Capacity development 
In 2020, the Institute initiated a series of CyberPeace Labs webinars, bringing together experts from academia, the private sector, international organizations, civil society, and governmental bodies as discussants. Within the context of the COVID-19 pandemic, the first CyberPeace Lab:  Infodemic: A Threat to Cyberpeace, explored how malicious actors exploit infodemics to facilitate cyberattacks. The discussions from the series produced a set of best practices and actionable recommendations to inform initiatives undertaken by the Institute and, ultimately, to improve resilience against cyberattacks and bring about online peace.

The Institute also aims to facilitate the creation and scale-up of operational partnerships for cyber capacity-building, notably with grassroots practitioners and civil society organizations, to maximise the beneficial impact on local communities and individuals, while taking into account specific human contexts.

The Institute is also developing tailored products, such as the Resilience Toolkits, which are tailored to improve cyber hygiene.  These Toolkits reflect specific local and regional contexts and are designed, produced, and delivered in collaboration with local partners and stakeholders to accelerate existing efforts at the regional level.

In 2021 the Institute launched the Cyber Awareness Café, an online resource that promotes cyber awareness through sharing of information and cybersecurity tips with NGOs and local entities around the world.

Digital tools

In addition to its CyberPeace Labs, the Institute shares useful video materials and discussion recordings on its YouTube channel, maintains blogs on Medium, and is an active user of a number of social media channels, for example, Twitter, LinkedInInstagram and Facebook.

Office of the United Nations High Commissioner for Human Rights

Acronym: OHCHR

Address: Palais Wilson, Rue des Pâquis 52, 1202 Geneva, Switzerland

Website: https://ohchr.org

Stakeholder group: International and regional organisations

The Office of the United Nations High Commissioner for Human Rights and other related UN human rights entities, namely the United Nations Human Rights Council, the Special Procedures, and the Treaty Bodies are considered together under this actor page*. 

The UN Human Rights Office is headed by the UN High Commissioner for Human Rights and is the principal UN entity on human rights. Also known as UN Human Rights, it is part of the UN Secretariat. UN Human Rights has been mandated by the UN General Assembly to promote and protect all human rights. As such, it plays a crucial role in supporting the three fundamental pillars of the UN: peace and security, human rights, and development. UN Human Rights provides technical expertise and capacity development in regard to the implementation of human rights, and in this capacity assists governments in fulfilling their obligations.

UN Human Rights is associated with a number of other UN human rights entities. To illustrate, it serves as the secretariat for the United Nations Human Rights Council (UNHRC) and the Treaty Bodies. The UNHRC is a body of the UN that aims to promote the respect of human rights worldwide. It discusses thematic issues and in addition to its ordinary session, it has the ability to hold special sessions on serious human rights violations and emergencies. The ten Treaty Bodies are committees of independent experts that monitor implementation of the core international human rights treaties.

The UNHRC established the Special Procedures, which are made up of UN Special Rapporteurs (i.e. independent experts or working groups) working on a variety of human rights thematic issues and country situations in order to assist the efforts of the UNHRC through regular reporting and advice. The Universal Periodic Review (UPR), under the auspices of the UNHRC, is a unique process which involves a review of the human rights records of all UN member states, providing the opportunity for each state to declare what actions they have taken to improve the human rights situations in their countries.  UN Human Rights also serves as the secretariat to the UPR process.

Certain non-governmental organisations and national human rights institutions have the ability to participate as observers in UNHRC sessions after receiving the necessary accreditation.

Digital Activities

Digital issues are increasingly gaining in prominence in the work of UN Human Rights, the UNHRC, the Special Procedures, the UPR, and the Treaty Bodies. The range of topics covered is constantly growing, encompassing for example: Privacy and data protection-related questions; freedom of opinion and expression; freedom of peaceful assembly and association; racial discrimination; gender-related issues; the enjoyment of economic, social, and cultural rights; the rights of older persons; and the safety of journalists online.

A landmark document which provides a blueprint for digital human rights is the UNHRC resolution (A/HRC/32/L.20) on the promotion, protection, and enjoyment of human rights on the Internet, which was first adopted in 2016. A second resolution with the same name (A/HRC/38/L.10) was adopted in July 2018. Both resolutions affirm that the same rights that people have offline must also be protected online. Numerous other resolutions and reports from UN human rights entities and experts considered in this overview tackle an ever-growing range of other digital issues including the right to privacy in the digital age, freedom of expression and opinion, freedom of association and peaceful assembly, the rights of older persons, racial discrimination, the rights of women and girls, human rights in the context of violent extremism online, and economic, social, and cultural rights.

Digital policy issues

Privacy and data protection 

Challenges to the right to privacy in the digital age, such as surveillance, communications interception, and the increased use of data-intensive technologies, are among some of the issues covered by the activities of UN Human Rights. At the request of the UN General Assembly and the UNHRC, the High Commissioner prepared two reports on the right to privacy in the digital age, which were presented to the General Assembly in December 2014 and to the UNHRC in September 2018.

The UNHRC also tackles online privacy and data protection. Resolutions on the promotion and protection of human rights on the Internet have underlined the need to address security concerns on the Internet in accordance with international human rights obligations to ensure the protection of all human rights online, including the right to privacy. The UNHRC has also adopted specific resolutions on the right to privacy in the digital age including the latest version from 2019, which put a particular emphasis on the impacts of artificial intelligence (AI) on the enjoyment of the right to privacy. Resolutions on the safety of journalists have emphasised the importance of encryption and anonymity tools for journalists to freely exercise their work.

The UNHRC has also mandated the Special Rapporteur on the right to privacy to address the issue of online privacy in its resolution on the right to privacy in the digital age from 2015 (A/HRC/RES/28/16). To illustrate, the Special Rapporteur has addressed the question of privacy from the stance of surveillance in the digital age (A/HRC/34/60), which becomes particularly challenging in the context of cross-border data flows.

More recently, specific attention has been given to privacy of health data that is being produced more and more in the day and age of digitalisation and that requires the ‘highest legal and ethical standards’ (A/HRC/40/63).

The 2020 report (A/HRC/43/52) published by the Special Rapporteur provides a set of recommendations on privacy in the online space calling for, among other things,  ‘comprehensive protection for secure digital communications, including by promoting strong encryption and anonymity-enhancing tools, products, and services, and resisting requests for “backdoors” to digital communications’ and recommends that ‘government digital identity programs are not used to monitor and enforce societal gender norms, or for purposes that are not lawful, necessary, and proportionate in a democratic society.’

Freedom of expression 

The High Commissioner and her office advocate for the promotion and protection of freedom of expression, including in the online space. Key topics in this advocacy are: The protection of the civic space and the safety of journalists online; various forms information control, including internet shutdowns and censorship; addressing incitement to violence, discrimination, or hostility; disinformation; and the role of social media platforms in the space of online expression.

In response to the rise of the ‘fake news’ phenomenon, the High Commissioner has joined other organisations in urging stakeholders to ensure that any measures aimed to tackle this phenomenon do not lead to illegitimate restrictions of freedom of expression.

Freedom of expression in the digital space also features highly on the agenda of the UNHRC. It has often underlined that states have a responsibility to ensure an adequate protection of freedom of expression online, including when they adopt and implement measures aimed to deal with issues such cybersecurity, incitement to violence, and the promotion and distribution of extremist content online. The UNHRC has also been firm in condemning measures to intentionally prevent or disrupt access to or dissemination of information online, and has called upon states to refrain from and cease such measures.

The Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression has been mandated by the UNHRC to also explore issues related to freedom of expression online.

In 2018, the Special Rapporteur published a thematic report on ‘online content regulation’ that tackles governments’ regulation of user-generated online content and that recommends states to ensure an enabling environment for online freedom of expression. The same year, he also presented to the General Assembly a report addressing freedom of expression issues linked to the use of AI by companies and states. A year later, the Special Rapporteur presented a report to the UN General Assembly on online hate speech that discusses the regulation of hate speech in international human rights law and how it provides a basis for governmental actors considering regulatory options and for companies determining how to respect human rights online.

More recently, in 2020, the Special Rapporteur issued a report titled ‘Disease pandemics and the freedom of opinion and expression’ that specifically tackles issues such as access to the Internet, which is highlighted to be ‘a critical element of healthcare policy and practice, public information, and even the right to life.’ The report calls for greater international co-ordination on digital connectivity given the importance of digital access to healthcare information. Other reports addressed the vital importance of encryption and anonymity for the exercise of freedom of opinion and the threats to freedom of expression emanating from widespread digital surveillance.

Online hate speech and discrimination has also been addressed by the Special Rapporteur on freedom of religion and belief. For instance, in a document published in 2019, the online manifestation of antisemitism (including antisemtic hate speech) was underscored and best practices from the Netherlands and Poland were shared. The report highlights that governments ‘have an affirmative responsibility to address online antisemitism, as the digital sphere is now the primary public forum and marketplace for ideas.’ In another document published that same year, the Special Rapporteur assesses the impact of online platforms on discrimination and on the perpetuation of hostile and violent acts in the name of religion, as well as how restrictive measures such as blocking and filtering of websites negatively impact the freedom of expression.

The issue of online blasphemy has also been addressed on a number of occasions, including in reports from 2018 and 2017.

Gender rights online 

UN Human Rights and the UNHRC have reiterated on several occasions the need for countries to bridge the gender digital divide and enhance the use of information and communications technologies (ICTs), including the Internet, to promote the empowerment of all women and girls. It has also condemned gender-based violence committed on the Internet. In a 2016 resolution on the promotion, protection, and enjoyment of human rights on the Internet, the UNHRC requested the High Commissioner on Human Rights to prepare a report on ways to bridge the gender digital divide from a human rights perspective, in consultation with states and other stakeholders.

Rights of persons with disabilities 

The promotion and protection of the rights of persons with disabilities in the online space has been addressed on several occasions by the UN Special Rapporteur on the rights of persons with disabilities. A report from 2016 underscored that ICTs including the Internet can increase the participation of persons with disabilities in public decision-making processes and that states should work towards reducing the access gap between those who can use ICTs and those who cannot.

Nevertheless, a more recent report from 2019 stressed that the shift to e-governance and service delivery in a digital manner can hamper access for older persons with disabilities who may lack the necessary skills or equipment.

Freedom of peaceful assembly and of association 

The exercise of the rights to freedom of peaceful assembly and of association in the digital environment in recent years have attracted increased attention. For example, the Special Rapporteur on the rights to freedom of peaceful assembly and of association in 2019 published a report for the UNHRC focusing on the opportunities and challenges facing the rights to freedom of peaceful assembly and of association in the digital age.

The High Commissioner presented to the 44th session of the UNHRC a report on new technologies such as ICTs and their impact on the promotion and protection of human rights in the context of assemblies, including peaceful protests. The report highlighted many of the great opportunities for the exercise of human rights that digital technologies offer and analysed key issues linked to online content takedowns and called on states to stop the practice of network disruptions in the context of protests. It also developed guidance concerning the use of surveillance tools, in particular facial recognition technology.

The Human Rights Committee published in July 2020 its General Comment No. 37 on Article 21 of the ICCPR (right of peaceful assembly), which addresses manifold aspects arising in the digital context.

For her 2020 thematic report to the General Assembly, the UN Special Rapporteur on contemporary forms of racism, racial discrimination, xenophobia, and related intolerance examined how digital technologies deployed in the context of border enforcement and administration reproduce, reinforce, and compound racial discrimination.

The Committee on the Elimination of Racial Discrimination is currently in the process of drafting its ‘General recommendation No. 36 on Preventing and Combating Racial Profiling: A call for contribution’, which among other things addresses forms of AI-based profiling.

Economic, social and cultural rights 

In March 2020, the UN Secretary-General presented to the UNHRC a report on the role of new technologies for the realization of economic, social, and cultural rights. He identifies the opportunities and challenges held by new technologies for the realisation of economic, social, and cultural rights and other related human rights, and for the human rights-based implementation of the 2030 Agenda for Sustainable Development. The report concludes with recommendations for related action by member states, private companies, and other stakeholders.

Child safety online 

The issue of child safety online has been in the attention of UN human rights entities for some time. A 2016 resolution on Rights of the child: information and communications technologies and child sexual exploitation adopted by the UNHRC calls on states to ensure ‘full, equal, inclusive, and safe access […] to information and communications technologies by all children and safeguard the protection of children online and offline’, as well as the legal protection of children from sexual abuse and exploitation online. The Special Rapporteur on the sale of children, child prostitution and child pornography, mandated by the UNHRC to analyse the root causes of sale and sexual exploitation and promote measures to prevent it, also looks at issues related to child abuse such as sexual exploitation of children online which has been addressed in a report (A/HRC/43/40) published in 2020, but also in earlier reports.

The Committee on the Rights of the Child is currently drafting a General Comment on children’s rights in relation to the digital environment.

Content policy 

Geneva-based human rights organisations and mechanisms also address issues linked to the use of digital technologies in the context of terrorism and violent extremism.

For example, UN Human Rights, at the request of the UNHRC, prepared a compilation report in 2016, which explores, among other issues, aspects related to the preventing and countering of violent extremism online, and underscores that responses to violent extremism that are robustly built on human rights are more effective and sustainable.

Additional efforts were made in 2019 when the Special Rapporteur on the promotion and protection of human rights and fundamental freedoms while countering terrorism published a report where she examined the multifaceted impacts of counter-terrorism measures on civic space and the rights of civil society actors and human rights defenders, including measures taken to address vaguely defined terrorist and violent extremist content. In July 2020, she published a report discussing the human rights implications of the use of biometric data to identify terrorists and recommended safeguards that should be taken.

Artificial intelligence 

In 2018, the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression presented a report to the UN General Assembly on artificial intelligence technologies and implications for the information environment. Among other things, the document addresses the role of AI on the enjoyment of freedom of opinion and expression including ‘access to the rules of the game when it comes to AI-driven platforms and websites’ and therefore urges for a human rights-based approach to AI.

Data governance 

UN Human Rights maintians an online platform consisting of a number of databases on anti-discrimination and jurisprudence, as well as the Universal Human Rights Index (UHRI) which provide access to recommendations issued to countries by Treaty Bodies, Special Procedures, and the UPR of the UNHCR.

UN Human Rights has also published a report titled ‘A human rights-based approach to data – Leaving no one behind in the 2030 Agenda for Sustainable Development’ that specifically focuses on issues of data collection and disaggregation in the context of sustainable development.

UN Human Rights has worked closely with partners across the UN system in contributing to the Secretary-General’s 2020 Data Strategy, and co-leads, with the Office of Legal Affairs and UN Global Pulse, work on the subsequent Data Protection and Privacy Program.

Capacity development 

UN Human Rights has also launched the UN Human Rights Business and Human Rights in Technology Project (B-Tech Project) that aims to provide guidance and resources to companies operating in the technology space with regard to the implementation of the UN Guiding Principles on Business and Human Rights. In November 2019, a B-Tech scoping paper was published by the Office of the High Commissioner that outlines the scope and objectives of the project. In July 2020, UN Human Rights published a foundational paper on business model-related human rights risks.

Extreme poverty 

The Special rapporteur on extreme poverty and human rights has in recent years increased his analysis of human rights issues arising in the context of increased digitisation and automation. His 2017 report to the General Assembly tackled the socio-economic challenges in an emerging world where automation and AI threaten traditional sources of income and analysed the promises and possible pitfalls of introducing a universal basic income. His General Assembly report in 2019 addressed worrying trends in connection with the digitisation of the welfare state.

Interdisciplinary approaches 
Collaboration within the UN system

UN Human Rights is a member of the Secretary-General’s Reference Group and contributed to the development of his Strategy on New Technologies in 2018.  The OHCHR was co-champion of the follow-up on two human rights-related recommendations of the Secretary-General’s High-Level Panel on Digital Cooperation. The outcomes of this process were the basis of the Secretary-General’s Roadmap on Digital Cooperation, presented in June 2020.  

UN Human Rights also participates in the UNESCO-led process to develop ethical standards for AI.

In addition, the OHCHR is a member of the Legal Identity Agenda Task Force, which promotes solutions for the implementation of SDG target 16.9 (i.e. by 2030, provide legal identity for all, including birth registration). The OHCHR co-leads their work on biometrics.

Digital tools

The UNHRC has developed an e-learning tool to assist government officials from least developed countries and Small Islands Developing States as per the mandate of the Trust Fund to develop competencies on the UNHRC and its mechanisms.