Summary

• The vast majority of state-to-state cyberattacks consist of persistent, low-level intrusions that take place below the threshold of use of force. International law, including the principle of non-intervention in another state’s internal affairs and the principle of sovereignty, applies to these cyber operations.
• It is not clear whether any unauthorized cyber intrusion would violate the target state’s sovereignty, or whether there is a threshold in operation. While some would like to set limits by reference to effects of the cyber activity, at this time such limits are not reflected in customary international law. The assessment of whether sovereignty has been violated therefore has to be made on a case by case basis, if no other more specific rules of international law apply.
• In due course, further state practice and opinio iuris may give rise to an emerging cyber-specific understanding of sovereignty, just as specific rules deriving from the sovereignty principle have crystallized in other areas of international law.
• Before a principle of due diligence can be invoked in the cyber context, further work is needed by states to agree upon rules as to what might be expected of a state in this context.
• The principle of non-intervention applies to a state’s cyber operations as it does to other state activities. It consists of coercive behaviour by one state that deprives the target state of its free will in relation to the exercise of its sovereign functions in order to compel an outcome in, or conduct with respect to, a matter reserved to the target state.
• In practice, activities that contravene the non-intervention principle and activities that violates sovereignty will often overlap.
• In order to reach agreement on how international law applies to states’ cyber operations below the level of use of force, states should put their views on record, where possible giving examples of when they consider that an obligation may be breached, as states such as the UK, Australia, France and the Netherlands have done.
• Further discussion between states should focus on how the rules apply to practical examples of state-sponsored cyber operations. There is likely to be more commonality about specific applications of the law than there is about abstract principles.
• The prospects of a general treaty in this area are still far off. In due course, there may be benefit in considering limited rules, for example on due diligence and a prohibition on attacking critical infrastructure, before tackling broad principles.

A healthy civic space is vital for an enabling business environment. In recognition of this, a growing number of private sector actors are challenging, publicly or otherwise, the deteriorating environment for civic freedoms.

However, this corporate activism is often limited and largely ad hoc. It remains confined to a small cluster of multinationals leaving potential routes for effective coordination and collaboration with other actors underexplored.

This roundtable will bring together a diverse and international group of business actors, civil society actors and foreign policy experts to exchange perspectives and experiences on how the private sector can be involved in issues around civic space. The meeting will provide an opportunity to explore the drivers of – and barriers to – corporate activism, develop a better understanding of existing initiatives, identify good practice and discuss practical strategies for the business community.

This meeting will be the first of a series of roundtables at Chatham House in support of initiatives to build broad alliances for the protection of civic space. 

Attendance at this event is by invitation only. 

PLEASE NOTE THIS EVENT IS POSTPONED UNTIL FURTHER NOTICE. 

Summary

• The 70th anniversary of the adoption of the 1949 Geneva Conventions was commemorated in 2019. But violations of the Conventions and of the 1977 Additional Protocols are widespread.
• Contemporary conflicts have been marked by violations of some of the foundational rules of international humanitarian law (IHL) relating to the protection of the wounded and sick and of providers of medical assistance.
• A further area of IHL that has come under strain and scrutiny are the rules regulating humanitarian relief operations and their application to sieges and blockades.
• War has a huge impact on children, and the treatment of children in armed conflict is another area of the law that requires further attention.
• In the current political climate, it is unlikely that new treaties will be negotiated to address emerging issues or uncertainties in the law.
• Other measures must be explored, including the adoption of domestic measures to implement existing law; support for processes that interpret the law; and initiatives to promote compliance with the law by organized armed groups.
• One overarching challenge is the interplay between IHL and counterterrorism measures. It can undermine the protections set out in IHL, and hinder principled humanitarian action and activities to promote compliance with the law by organized armed groups.

During this extraordinary global public health emergency, governments must strike the right balance between assertive measures to slow the spread of the virus and protect lives on the one hand, and respect for human autonomy, dignity and equality on the other.

International law already recognises the grave impact of pandemics and other catastrophic events on social order and provides criteria to guide states in their emergency action. The International Covenant on Civil and Political Rights permits curbs on the right to ‘liberty of movement’ so long as restrictions are provided by law, deemed necessary to protect public health, and consistent with other rights in that treaty.

Freedom of expression and association, and the rights to privacy and family life are also qualified in these terms under international and regional human rights treaties. But, as emphasised in the Siracusa Principles, any limitations must not be applied in an arbitrary or discriminatory way, and must be of limited duration and subject to review.

International law also guarantees the right to the highest attainable standard of health, while states are specifically required to take steps to prevent, treat and control epidemics under the International Covenant on Economic, Social and Cultural Rights. Even in health emergencies, access to health services must be ensured on a non-discriminatory basis, especially for vulnerable or marginalised groups.

Abuse of coronavirus emergency measures

Many governments have taken pains to craft emergency laws that respect human rights, such as permitting reasonable exceptions to lockdowns for essential shopping and exercise, and making them subject to ongoing parliamentary review and sunset clauses. But even laws that appear to be human rights compliant can still easily be misapplied, as the recent debates about over-zealous policing of people walking and travelling in the UK illustrate.

And disturbing stories are emerging from states where police brutality is entrenched. In Kenya, a 13-year-old boy was reportedly shot on the balcony of his home by police enforcing a coronavirus curfew. Authorities in the Philippines' are allegedly locking those caught defying the curfew in dog cages.

As the recent history of counterterrorism demonstrates, emergency laws tend to be sticky, remaining on the statute books far longer than desirable.

The virus is also proving a powerful accelerant for the current global authoritarian drift which is so detrimental to progress on human rights. Many authoritarian leaders have seized the opportunity to further reduce constraints on their power.

Hungary's prime minister Viktor Orbán has used the pandemic as a pretext for new laws enabling him to rule by decree, completing the country's transition to an elected dictatorship. In Brazil, president Jair Bolsonaro has suspended deadlines for public bodies to reply to freedom of information requests. Iran is the latest of many repressive states in the Middle East to ban the printing and distribution of all newspapers. In China, the government brushed off criticism over ‘disappearances’ of whistleblowers and citizen journalists who questioned its response to the crisis.

Others have exploited the turmoil to undermine justice for human rights abuses - Sri Lanka's president Gotabaya Rajapaksa pardoned one of the only soldiers held accountable for crimes during the country's brutal civil war.

Coronavirus also places liberal values under further strain. Fear is a major driver in the appeal of populist authoritarians and the virus is stoking it. One poll showed 73% of British citizens agreed coronavirus is just the latest sign that the world we live in is increasingly dangerous. Extremists are exploiting these fears to spread hate by blaming the outbreak on ethnic or religious groups, and encouraging those infected to spread it to these groups.

The closure of borders helps reinforce xenophobic tendencies, and high public tolerance of emergency measures could easily spill into normalisation of intrusive digital surveillance and restrictions on liberty for other reasons well into the future.

Disadvantaged groups face a higher level of risk from the crisis. The health of aboriginal Australians is so poor that those aged 50 and above are being urged to stay home, advice otherwise given to those over 70 in the general population. The Moria refugee camp on Lesbos is reporting no soap and just one water tap for 1,300 refugees. In the UK, asylum seekers struggle to self-isolate in shared accommodation and have a daily allowance of just £5.40 for food, medicine and toiletries. Women's rights groups are reporting a spike in domestic violence.

For countries racked by war and extreme poverty, the impact is catastrophic. The virus is set to run rampant in slums, refugee camps and informal settlements where public health systems - if they exist at all - will struggle to cope. And detainees are among the most at risk, with the UN calling for release of political prisoners and anyone detained without sufficient legal basis.

But the crisis has galvanised debate around the right to health and universal health coverage. Many governments have quickly bankrolled generous relief packages which will actually safeguard the socio-economic rights of many, even if they are not being justified in those terms. Portugal and Ireland have rolled back barriers to accessing healthcare for asylum seekers and other marginalised migrants.

The pandemic strikes as many powerful governments have become increasingly nationalistic, undermining or retreating from international rules and institutions on human rights. But as the crisis spreads, the role of well-established international human rights standards in shaping and implementing effective - but also legitimate - measures is becoming ever clearer.

The virus has reminded us of our interconnectedness as human beings and the need for global cooperation to protect our lives and health. This may help to revive popular support for human rights, creating momentum for the efforts to tackle inequality and repression - factors which have made the global impact of coronavirus so much worse than it might have been.

This workshop is the second in a series in the 'Implementing the Commonwealth Cybersecurity Agenda' project. The workshop aims to provide a multi-stakeholder pan-Commonwealth platform to discuss how to take the implementation of the 'Commonwealth Cyber Declaration' forward with a focus on the second pillar of the declaration – building the foundations of an effective national cybersecurity response with eight action points. 

As such, the workshop gathers different project implementers under the UK Foreign and Commonwealth Office’s Cyber Programme, in addition to other key relevant stakeholders from the global level, to explore ongoing initiatives which aim to deliver one or more of pillar two’s action points.

The workshop addresses issues from a global perspective and a Commonwealth perspective and will include presentations from selected partners from different Commonwealth countries.

Internet regulation is increasing around the world creating positive obligations on internet providers and exerting negative unintended consequences on the internet infrastructure. In some ways, most of this regulatory activity is justifiable. Governments are concerned about the increased risk that the use of the internet brings to societies. As a response, many governments have been enacting regulations as their main approach to dealing with these concerns. The main challenge is that most of the current regulations are either ill-defined or unworkable.  

On the one hand, several governments have established procedures that seek to analyze the impacts of new regulatory proposals before they were adopted. However, there hasn’t been enough attention aimed at analyzing regulations after they have been adopted and only a few have measures in place to evaluate the impacts of the procedures and practices that govern the regulatory process itself.

On the other hand, much of the regulation creates unintended consequences to the internet itself. It undermines many of its fundamental properties and challenges the integrity and resiliency of its infrastructure.  

This event discusses current practices in internet-related regulation and the related challenges. Panellists will discuss how governments can enforce regulations that achieve their intended purpose while at the same time protecting the internet’s core infrastructure and its properties, including its openness, interoperability and global reach.

• Civil nuclear facilities and organizations hold sensitive information on security clearances, national security, health and safety, nuclear regulatory issues and international inspection obligations. The sensitivity and variety of such data mean that products tailored for insuring the civil nuclear industry have evolved independently and are likely to continue to do so.
• ‘Air-gaps’ – measures designed to isolate computer systems from the internet – need to be continually maintained for industrial systems. Yet years of evidence indicate that proper maintenance of such protections is often lacking (mainly because very real economic drivers exist that push users towards keeping infrastructure connected). Indeed, even when air-gaps are maintained, security breaches can still occur.
• Even if a particular organization has staff that are highly trained, ready and capable of handling a technological accident, hacking attack or incidence of insider sabotage, it still has to do business and/or communicate with other organizations that may not have the essentials of cybersecurity in place.
• Regardless of whether the choice is made to buy external insurance or put aside revenues in preparation for costly incidents, the approach to cyber risk calculation should be the same. Prevention is one part of the equation, but an organization will also need to consider the resources and contingency measures available to it should prevention strategies fail. Can it balance the likelihood of a hacker’s success against the maximum cost to the organization, and put aside enough capital and manpower to get it through a crisis?
• All civil nuclear facilities should consider the establishment of computer security incident response (CSIR) teams as a relevant concern, if such arrangements are not already in place. The existence of a CSIR team will be a prerequisite for any facility seeking to obtain civil nuclear cyber insurance.
• Preventing attacks such as those involving phishing and ransomware requires good cyber hygiene practices throughout the workforce. Reducing an organization’s ‘time to recovery’ takes training and dedication. Practising the necessary tasks in crisis simulations greatly reduces the likelihood of friction and the potential for error in a crisis.

Summary

• The application of ‘security by design’ in nuclear new builds could provide operators with the opportunity to establish a robust and resilient security architecture at the beginning of a nuclear power plant’s life cycle. This will enhance the protection of the plant and reduce the need for costly security improvements during its operating life.
• Security by design cannot fully protect a nuclear power plant from rapidly evolving cyberattacks, which expose previously unsuspected or unknown vulnerabilities.
• Careful design of security systems and architecture can – and should – achieve levels of protection that exceed current norms and expectations. However, the sourcing of components from a global supply chain means that the integrity of even the most skilfully designed security regime cannot be guaranteed without exhaustive checks of its components.
• Security by design may well include a requirement for a technical support organization to conduct quality assurance of cyber defences and practices, and this regime should be endorsed by a facility’s executive board and continued at regular intervals after the new build facility has been commissioned.
• Given the years it takes to design, plan and build a new nuclear power plant, it is important to recognize that from the point of ‘design freeze’ onwards, the operator will be building in vulnerabilities, as technology continues to evolve rapidly while construction fails to keep pace with it. Security by design cannot be a panacea, but it is an important factor in the establishment of a robust nuclear security – and cybersecurity – culture.

This roundtable is part of a series under the project, 'Implementing the Commonwealth Cybersecurity Agenda', funded by the UK Foreign and Commonwealth Office (FCO). The roundtable aims to provide a multi-stakeholder, pan-Commonwealth platform to discuss how to implement the Commonwealth Cyber Declaration with a focus on its third pillar 'To promote stability in cyberspace through international cooperation'.

In particular, the roundtable focuses on points 3 and 4 of the third pillar which revolve around the commitment to promote frameworks for stability in cyberspace including the applicability of international law, agreed voluntary norms of responsible state behaviour and the development and implementation of confidence-building measures consistent with the 2015 report of the UNGGE. 

The workshop also focuses on the commitment to advance discussions on how existing international law, including the Charter of the United Nations and applicable international humanitarian law, applies in cyberspace.

The roundtable addresses the issue of global cyber governance from a Commonwealth perspective and will also include a discussion around the way forward, the needed capacity of the different Commonwealth countries and the cooperation between its members for better cyber governance.

Participants include UNGGE members from Commonwealth countries in addition to representatives to the UN Open-Ended Working Group from African countries as well as members from academia, civil society and industry.

Strategic systems that depend on space-based assets, such as command, control and communication, early warning systems, weapons systems and weapons platforms, are essential for conducting successful NATO operations and missions. Given the increasing dependency on such systems, the alliance and key member states would therefore benefit from an in-depth analysis of possible mitigation and resilience measures.

This workshop is part of the International Security Department’s (ISD) project on space security and the vulnerability of strategic assets to cyberattacks, which includes a recently published report. This project aims to create resilience in NATO and key NATO member states, building the capacity of key policymakers and stakeholders to respond with effective policies and procedures. This workshop will focus on measures to mitigate the cyber vulnerabilities of NATO’s space-dependent strategic assets. Moreover, participants will discuss the type of resilience measures and mechanisms required.

Attendance at this event is by invitation only. 

New technology such as 5G, artificial intelligence, nanotechnology and robotics have become, now more than ever, intertwined with geopolitical, economic and trade interests. Leading powers are using new technology to exert power and influence and to shape geopolitics more generally.

The ongoing race between the US and China around 5G technology is a case in point. Amid these tensions, the impact on developing countries is not sufficiently addressed.

Arguably, the existing digital divide will increase leading developing countries to the early, if not hasty, adoption of new technology for fear of lagging behind. This could create opportunities but will also pose risks.

This panel discusses how new technology is changing the geopolitical landscape. It also discusses the role that stakeholders, including governments, play in the creation of standards for new technologies and what that means for its deployment in key markets technically and financially.

Finally, the panel looks at the issue from the perspective of developing countries, addressing the choices that have to be made in terms of affordability, development priorities and security concerns.

This event was organized with the kind support of DXC Technology.

• Political, economic, sociological and technological factors are poised to challenge EU and US ideological positions on internet governance, which will make it difficult to find consensus and common ground in the years to come.
• The EU and US share core values and perspectives relating to internet governance, such as openness, freedom and interoperability, as well as a human rights framework for cybersecurity. There have been many examples of successful multi-stakeholder cooperation between the EU and US, including the Internet Assigned Numbers Authority (IANA) transition and the European Dialogue on Internet Governance (EuroDIG).
• There are also subtle differences between the EU and US, and each has different reasons to support multi-stakeholderism. Cases that highlight growing tensions in EU–US coordination on internet governance include the controversies surrounding the EU General Data Protection Regulation (GDPR), the WHOIS system that governs domain name registration data, and the board of the Internet Corporation for Assigned Names and Numbers (ICANN), which undermined an independent cybersecurity review.
• Internet governance is becoming more complex, with a multiplicity of actors and no obvious authority for important emerging issues. Additionally, the rise of China and its authoritarian vision for the future of the internet is a threat to the current internet governance institutions that have been shaped by and reflect Western values.
• To bridge ideological gaps the EU and US should build capacity between likeminded stakeholders, create a taskforce on effective multi-stakeholder internet governance, and work through non-governmental stakeholders to improve participation.

Summary

• Machine learning (ML)-driven personalization is fast expanding from social media to the wider information space, encompassing legacy media, multinational conglomerates and digital-native publishers: however, this is happening within a regulatory and oversight vacuum that needs to be addressed as a matter of urgency.
• Mass-scale adoption of personalization in communication has serious implications for human rights, societal resilience and political security. Data protection, privacy and wrongful discrimination, as well as freedom of opinion and of expression, are some of the areas impacted by this technological transformation.
• Artificial intelligence (AI) and its ML subset are novel technologies that demand novel ways of approaching oversight, monitoring and analysis. Policymakers, regulators, media professionals and engineers need to be able to conceptualize issues in an interdisciplinary way that is appropriate for sociotechnical systems.
• Funding needs to be allocated to research into human–computer interaction in information environments, data infrastructure, technology market trends, and the broader impact of ML systems within the communication sector.
• Although global, high-level ethical frameworks for AI are welcome, they are no substitute for domain- and context-specific codes of ethics. Legacy media and digital-native publishers need to overhaul their editorial codes to make them fit for purpose in a digital ecosystem transformed by ML. Journalistic principles need to be reformulated and refined in the current informational context in order to efficiently inform the ML models built for personalized communication.
• Codes of ethics will not by themselves be enough, so current regulatory and legislative frameworks as they relate to media need to be reassessed. Media regulators need to develop their in-house capacity for thorough research and monitoring into ML systems, and – when appropriate –proportionate sanctions for actors found to be employing such systems towards malign ends. Collaboration with data protection authorities, competition authorities and national electoral commissions is paramount for preserving the integrity of elections and of a political discourse grounded on democratic principles.
• Upskilling senior managers and editorial teams is fundamental if media professionals are to be able to engage meaningfully and effectively with data scientists and AI engineers.

The new UK government will conduct a review of foreign, security and defence policy in 2020. If the UK decides to use values as a framework for foreign policy this needs to be reflected in its armed forces. One area where this is essential is continuing to deepen inclusivity for LGBTIQ+ personnel, building on the progress made since the ban on their service was lifted in 2000.

I witnessed the ban first-hand as a young officer in the British Army in 1998. As the duty officer I visited soldiers being held in the regimental detention cells to check all was well. One day a corporal, who I knew, was there awaiting discharge from the army having been convicted of being gay. On the one hand, here was service law in action, which was officially protecting the army’s operational effectiveness and an authority not to be questioned at my level. On the other, here was an excellent soldier in a state of turmoil and public humiliation. How extreme this seems now.

On 12 January 2000 Tony Blair’s Labour government announced an immediate lifting of the ban for lesbian, gay and bisexual personnel (LGB) and introduced a new code of conduct for personal relationships. (LGB is the term used by the armed forces to describe those personnel who had been banned prior to 2000.) This followed a landmark ruling in a case taken to the European Court of Human Rights in 1999 by four LGB ex-service personnel – supported by Stonewall – who had been dismissed from service for their sexuality.

Up to that point the Ministry of Defence's long-held position had been that LGB personnel had a negative impact on the morale and cohesion of a unit and damaged operational effectiveness. Service personnel were automatically dismissed if it was discovered they were LGB, even though homosexuality had been decriminalized in the UK by 1967.

Proof that the armed forces had been lagging behind the rest of society was confirmed by the positive response to the change among service personnel, despite a handful of vocal political and military leaders who foresaw negative impacts. The noteworthy service of LGBTIQ+ people in Iraq and Afghanistan only served to debunk any residual myths.

Twenty years on, considerable progress has been made and my memories from 1998 now seem alien. This is a story to celebrate – however in the quest for greater inclusivity there is always room for improvement.

Defence Minister Johnny Mercer last week apologized following recent calls from campaign group Liberty for a fuller apology. In December 2019, the Ministry of Defence announced it was putting in place a scheme to return medals stripped from veterans upon their discharge.

The armed forces today have a range of inclusivity measures to improve workplace culture including assessments of workplace climate and diversity networks supported by champions drawn from senior leadership.

But assessing the actual lived experience for LGBTIQ+ people is challenging due to its subjectivity. This has not been helped by low participation in the 2015 initiative to encourage people to declare confidentially their sexual orientation, designed to facilitate more focused and relevant policies. As of 1 October 2019, only 20.3 per cent of regular service people had declared a sexual orientation.

A measure of positive progress is the annual Stonewall Workplace Equality Index, the definitive benchmarking tool for employers to measure their progress on LGBTIQ+ inclusion in the workplace; 2015 marked the first year in which all three services were placed in the top 100 employers in the UK and in 2019 the Royal Navy, British Army and Royal Air Force were placed 15th=, 51st= and 68th respectively.

Nevertheless, LGBTIQ+ service people and those in other protected groups still face challenges. The 2019 Ministry of Defence review of inappropriate behaviour in the armed forces, the Wigston Report, concluded there is an unacceptable level of sexual harassment, bullying and discrimination. It found that 26-36% of LGBTIQ+ service people have experienced negative comments or conduct at work because of their sexual orientation.

The Secretary of State for Defence accepted the report’s 36 recommendations on culture, incident reporting, training and a more effective complaints system. Pivotal to successful implementation will be a coherent strategy driven by fully engaged leaders.

Society is also expecting ever higher standards, particularly in public bodies. The armed forces emphasise their values and standards, including ‘respect for others’, as defining organisational characteristics; individuals are expected to live by them. Only in a genuinely inclusive environment can an individual thrive and operate confidently within a team.

The armed forces also recognize as a priority the need to connect to and reflect society more closely in order to attract and retain talent from across all of society. The armed forces’ active participation in UK Pride is helping to break down barriers in this area.

In a post-Brexit world, the UK’s values, support for human rights and reputation for fairness are distinctive strengths that can have an impact on the world stage and offer a framework for future policy. The armed forces must continue to push and promote greater inclusivity in support. When operating overseas with less liberal regimes, this will be sensitive and require careful handling; however it will be an overt manifestation of a broader policy and a way to communicate strong and consistent values over time.

The armed forces were damagingly behind the times 20 years ago. But good progress has been made since. Inclusion initiatives must continue to be pushed to bring benefits to the individual and the organization as well as demonstrate a values-based foreign policy.

In April 2018, the Commonwealth Heads of Government Meeting (CHOGM), held in London, saw the creation and the adoption of the Commonwealth Cyber Declaration. The declaration outlines the framework for a concerted effort to advance cybersecurity practices to promote a safe and prosperous cyberspace for Commonwealth citizens, businesses and societies. 

The conference will aim to provide an overview on the progress made on cybersecurity in the Commonwealth since the declaration was announced in 2018. In addition, it will examine future challenges and potential solutions going forward.

This conference is part of the International Security Programme's project on Implementing the Commonwealth Cybersecurity Agenda and will convene a range of senior Commonwealth representatives as well as a selection of civil society and industry stakeholders. This project aims to develop a pan-Commonwealth platform to take the Commonwealth Cyber Declaration forward by means of a holistic, inclusive and representative approach.

Please see below meeting summaries from previous events on Cybersecurity in the Commonwealth:  

• A cyberspace that supports economic and social rights online (London)
• Build the foundations of an effective national cybersecurity response (Barbados)
• Promote stability in cyberspace through international cooperation (Addis Ababa)

Attendance at this event is by invitation only. 

Smart Peace brings together global expertise in conflict analysis and research, peacebuilding and mediation programming, and behavioural science and evaluation. Together, Smart Peace partners are developing integrated and adaptive peace initiatives, working with local partners to prevent and resolve complex and intractable conflicts in Central African Republic, Myanmar and northern Nigeria.
 
This roundtable is an opportunity for Smart Peace partners to share the Smart Peace concept, approach and objectives, and experiences of the first phases of programme implementation. Roundtable discussions among participants from policy, practice and research communities will inform future priorities and planning for Smart Peace learning, advocacy and communication.
 
Smart Peace partners include Conciliation Resources, Behavioural Insights Team, The Centre for Humanitarian Dialogue, Chatham House, ETH Zurich, International Crisis Group and The Asia Foundation.