Nov. 19, 2018
The Third Committee of the UN General Assembly, meeting in its 73rd session, just adopted a resolution on Countering the Use of Information and Communication Technologies for Criminal Purposes. 85 countries voted in favor; 55 countries voted against; and 29 countries abstained.
Tabulating the votes
The votes fell pretty squarely along established lines on cyber norms. Every single country that we determined in a recent report to favor a global and open model for the internet—including Australia, Belgium, Canada, Estonia, France, Greece, Israel, the United Kingdom, and the United States—voted no. Conversely, nearly every country that we recently determined to favor a sovereign and controlled model for the internet—including China, Morocco, Russia, Vietnam, and Zimbabwe—voted yes. The only two in this sovereign and controlled group who did not vote yes were Cameroon (abstained) and Swaziland (no vote recorded).
Other than the global and open group and the sovereign and controlled group, we have the Digital Deciders camp—composed of 50 nations who have yet to make key decisions on issues like content censorship, traffic throttling, and internet regulation writ large, and therefore hold important influence over the future of the global network and the formation of international norms around it. Their vote breakdown (which we’ll get to in a second) doesn’t really tell us anything concrete about their domestic intentions, but it can be read to indicate in which direction these countries are leaning. It should, however, be taken with a grain of salt for two reasons.
First, as we learned during the World Conference on International Telecommunications (WCIT-12) fiasco, a lot of countries lack the diplomatic capacity to make informed decisions on votes like this—especially if votes are informally and unexpectedly called, as with WCIT-12. Since the UNGA’s processes largely prevent such surprise votes, it’s unlikely that any countries were truly blindsided. Nonetheless, the diplomatic capacity of many countries to absorb nuance in cyberspace policy remains suspect.
Second, because of the dearth of diplomatic capacity, countries will tend to vote with their traditional diplomatic groups, so this vote is—to an extent—the diplomatic equivalent of a self-fulfilling prophecy.
Now, for the vote breakdown: Argentina, Mexico, Costa Rica, Uruguay, and Paraguay are some of the Digital Deciders who abstained from the vote. Albania, Armenia, Bosnia, Georgia, Honduras, Macedonia, and Ukraine are Digital Deciders who all voted against the proposal. However, half of the Digital Deciders—25 of the 50—voted yes. This includes some of the countries that scored very highly on our scoring system (a proxy that combines the level of influence and the likelihood of siding with the global and open group), such as Brazil, India, Mongolia, Singapore, Nigeria, Botswana, Serbia, Jamaica, and others. (You can see a full count of the Digital Deciders’ votes at the bottom of this post.)
What this tells us about the future of internet governance
Put into context with a number of other recent proposals on international cyber norms, it is becoming clearer than ever that the battle for the global internet—for cyberspace as we know it—is not just over norms themselves, but over swaying undecided countries towards either a global and open or sovereign and controlled model for the internet. The vote breakdown makes this quite evident. And the language in the United Nations resolution gets exactly at this point.
The Russian and Chinese governments in particular have long used justifications of “counterterrorism” and “fighting cybercrime” to heavily restrict the internet within their borders. The two powers go about enforcing this “digital authoritarianism” in slightly different ways, but both offer plausible models for others to emulate and reassert the sovereign right of the state to control the internet within its borders.
This, of course, results in not just increased fragmentation of the global network (e.g., as the countries seize control of gateways to the rest of the world’s internet and limit who can reach it), but it also leads to pervasive censorship. It enables human rights abuses. It makes it more difficult for American, European, and Japanese technology companies to compete in these markets. It threatens to diminish democratic, diplomatic, and soft power.
In recent months, Vietnam and Thailand exemplified the diffusion of digital authoritarianism. Vietnam passed a strict cybersecurity law mandating that companies store user data on local servers. Thailand just proposed a law that would give the government enormous power to regulate the internet within its borders, spying on traffic and even seizing computers without judicial oversight.
Again, though, both of these laws—which sparked activist fears over censorship and the suppression of dissent (and, indeed, the hampering of economic growth)—were constructed in the name of “fighting cybercrime,” as with the recently passed United Nations resolution. This is likely why, according to Alex Grigsby at the Council on Foreign Relations, “The United States argued that the new resolution was a Russian attempt to politicize law enforcement cooperation and build support for its treaty efforts.” But it’s not clear every country feels the same way as the United States and others in the liberal-democratic bloc.
Take, for example, the fact that three of the biggest democracies in the world—India, Brazil, and Nigeria—voted with Russia and China. It’s therefore not only imperative for the global and open camp to approach these countries to build cybersecurity capacity—a good way to spread good practices in crafting domestic legislation and regulation—but it’s also critical to emphasize the large economic benefits of a global and open network. Along this vein, the United States and its allies should also take note of the many Latin American countries who have yet to decide one way or the other; the majority of abstentions by Digital Deciders in the vote came from Latin America. Finally, it’s noteworthy that, while much of China’s Digital Decider neighborhood voted in favor of the resolution, Russia’s near abroad is split. Kyrgyzstan, the only Central Asian Republic in the Digital Deciders, voted for the resolution, as did Mongolia. But several others either didn’t vote (Moldova) or voted down the resolution (Armenia, Georgia, and Ukraine).
At the international level, cybercrime conventions are usually not about fighting cybercrime like identity theft. More often than not, these proposals politicize law enforcement and seek international top cover or legitimacy for actions already being undertaken domestically in authoritarian countries around the world. If this vote is any indication, Russia, China, and the authoritarian coalition are slowly but surely winning over the crucial Digital Deciders.
Digital Deciders on Countering the Use of ICT for Criminal Purposes Resolution
|Bosnia and Herzegovina||x|
|Congo (Republic of)||x|
|Papua New Guinea||x|
|Republic of Moldova||x|