cybersecurity and multi stakeholder internet governance...aucc at a glance •electronic...
TRANSCRIPT
CybersecurityandMulti-stakeholderInternetGovernance– thecaseofAUConventiononCybersecurity
TowelaNyirendaJere,PhDPrincipalProgramme Officer,RegionalIntegration,InfrastructureandTrade
IEEEETAPForum,WindhoekMay30,2017
InternetGovernance
• “....thedevelopmentandapplicationbygovernments,theprivatesector,andcivilsociety,intheirrespectiveroles,ofsharedprinciples,norms,rules,decision-makingprocedures,andprogrammesthatshapetheevolutionanduseoftheInternet.”• WSISTunisAgenda
Multi-stakeholderprocesses
• “Weencouragethedevelopmentofmulti-stakeholderprocessesatthenational,regionalandinternationallevelstodiscussandcollaborateontheexpansionanddiffusionoftheInternetasameanstosupportdevelopmenteffortstoachieveinternationallyagreeddevelopmentgoalsandobjectives,includingtheMillenniumDevelopmentGoals”–WSISTunisAgenda
Stakeholders• TunisAgenda:sovereignstates(governments),privatesector,inter-governmentalorganisations,internationalorganisations,academicandtechnicalcommunities.
• 4 keygroupsemergingas“stakeholders:government,privatesector,civilsociety,technical– academia,media,inter-governmentalorinternationalorganisationshavenodefinedplace
Stakeholders
• nouniversalagreementonthemeansofinteractionandengagementbetweenthevariousstakeholdergroupings.
• discourseoccursbothonlineandoffline– prosandconsintermsofparticipationandreach
Stakeholders
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
Government Civilsociety PrivateSector Academia Media Technical None
PerceivedDominanceofStakeholderGroups
National
Regional
Continental
Global
media,privatesector,academiaandthetechnicalcommunityare“notvisible”
Multi-stakeholder processes
• “Theuseofvariousmeansincludingnetworks,platforms,partnerships,collaborations,processes,dialoguestobringtogetherdiversestakeholdergroupingsrepresentativeofsocietyatlargeforthepurposeofdiscussion,consensus-building,decision-makingoractiononmattersofcommoninterest”– TowelaNyirenda-Jere,MA(IG)dissertation
Multi-stakeholder processes• “Nocohesionamongstallthesegroups”(Privatesector)
• “….processesarenotsubstantiatedbyfacts,data ”(Academia)
• “…nocoordinatedapproachnationally…”(Government)
• “…notanissuethathasreallybeenbroughtoutproperlyinastructuredmannerinAfrica…..”(NGO)
Multi-stakeholder processes• “State/governmentsarebetterplacedtotacklecyber-crimeissues.Butcooperationisneededamongthem”(Academic)
• “….moreplayersneedtocomeintosupportthisprocess,workingwithnationalgovernments”(NGO)
• “…multi-stakeholderengagementunfeasibleorimpossibleatthenationallevel..”
• “…afewselectgroupsmakingassumptionsforawholemany”
TheRoadtotheAUCC• 2009ORTamboDeclaration• 2010 – AUSummitendorsement
– AbujaDeclaration• 2011FirstDraft:“AUConventionontheConfidenceandSecurityinCyberspace”
• 2012 – endorsementofdraftbyAUSTC• 2012-2013 Stakeholderconsultations– 2013onlinepetitionagainsttheConvention
• 2014 Adoption:“AUConventiononCybersecurityandProtectionofPersonalData”
AUCCataglance• objectives- harmonizee-legislation,protectpersonaldata,promotecybersecurity,fightcybercrime– Definekeycyberterminologiesinlegislation– Developgeneralprinciplesandspecificprovisionsrelatedtocyberlegislation
– OutlinecyberlegislativemeasuresrequiredatMemberStatelevel
– Developgeneralprinciplesandspecificprovisiononinternationalcooperation
AUCCataglance• Electronictransactions,• Personaldataprotection,• Cybersecurityandcybercrime• Requires memberstatesto:– developnationalcybersecuritypolicy– developlegislationoncybercrime– ensuretheprotectionofcriticalinformationinfrastructure
– enactpersonaldataprotectionlaws
ReactiontotheAUCC
• goodguideline(benchmark/health-check)• adherence tonationalconstitutionsandinternationalhumanrightslaw
• emphasisontheAfricanCharteronHumanandPeoples’Rights
• limitedstakeholderengagement• Vague/broadprovisionsthatmaycausemisusebygovernments
ReactiontoAUCC• No clearminimumthresholds - governmentscould opt not to implementsomeaspects
• inconsistency - racismandxenophobiaoutlawed,discriminationonsexualorientationorgendernot
• Impactofleakeddataonjournalistsandsources
• Nosafeguardsoninformation-sharingbetweenprivatesectorandgovernment
Currentstatus andWayForward
• 15Ratifications requiredforentryintoforce• Signatures:Benin,CapeVerde,Comoros,Congo,GuineaBissau,Mauritania,SierraLeone,SaoTomeandPrincipe,andZambiahavesignedtheconvention
• Noratifications
MostratifiedinstrumentsInstruments Yearof
AdoptionNumberofRatifications
ConstitutiveActoftheAfricanUnion 2000 54
AfricanCharteronHumanandPeoples'Rights 1981 53
TreatyEstablishingtheAfricanEconomicCommunity, 1991 49ProtocolRelatingtotheEstablishmentofthePeaceandSecurityCounciloftheAfricanUnion
2002 49
ProtocoltotheTreatyEstablishingtheAfricanEconomicCommunityRelatingtothePan-AfricanParliament
2001 48
AfricanCharterontheRightsandWelfareoftheChild 1990 47
OAUConventionGoverningtheSpecificAspectsofRefugeeProblemsinAfrica
1969 45
AfricanCivilAviationCommissionConstitution 1969 44
OAUConventiononthePreventionandCombatingofTerrorism 1999 41
PrivilegesandImmunities 1965 40
Nuclear-Weapon-FreeZone 1996 40
LeastRatifiedInstrumentsInstruments Yearof
AdoptionNumberofRatifications
RevisedConstitutionoftheAfricanCivilAviationCommission 2009 5
ProtocolontheStatuteoftheAfricanCourtofJusticeandHumanRight 2008 5
ProtocolontheAfricanInvestmentBank 2009 2
AfricanUnionConventiononCross-BorderCooperation(NiameyConvention)
2014 1
ProtocoltotheConstitutiveActoftheAfricanUnionrelatingtothePan-AfricanParliament
2014 1
AfricanUnionConventiononCyberSecurityandPersonalDataProtection 2014 0
AfricanCharterontheValuesandPrinciplesofDecentralisation,LocalGovernanceandLocalDevelopment
2014 0
ProtocolonAmendmentstotheProtocolontheStatuteoftheAfricanCourtofJusticeandHumanRights
2014 0
ProtocolontheEstablishmentontheAfricanMonetaryFundandtheStatuteoftheAfricanMonetaryFund
2014 0
AgreementfortheEstablishmentoftheAfricanRiskCapacity(ARC)Agency 2012 0
EffectivenessofMSProcesses• towhatextentareobjectivesmet– Outputs- immediateresults– Outcomes - resultsoveralongertime-frame– Impact-longertermsustainedchanges
• Determinantsofeffectiveness– Architectural:howestablished– Procedural:howrun– Operational: howmaintainedandsustained
Effectiveness ofAUCCprocess
Parameter ObservationsOutputs - TheConvention
- StateofCybersecurityandCybercrime inAfricareport
Outcomes - Ratification- Legislation andpolicyinitiatives
Impact - Moretimeneededtoassess
Determinant Observations
Architectural - DeclarationatMinisteriallevel- EndorsementbyHeadsofState
Procedural Stakeholderconsultations- Expertmeetingsconvened byAUC,UNECA- Onlineconsultationsconvenedbycivilsociety
Operational - Advocacythroughtechnicalmeetingsanddialoguesatregionalandcontinentallevel
- Declarations atMinisteriallevel- Limitedactivities atnationallevel
AUCC– WhatisatStake?
• Countrieswithlegislation• ElectronicTransactions: 28(51%)• ConsumerProtection: 18(33%)• PrivacyandDataProtection: 22(40%)• Cybercrime: 27(49%)
• (Source:UNCTAD)
E-Legislation
Source:UNCTAD
E-transactions
Source:UNCTAD
DataProtection&Privacy
Source:UNCTAD
Cybercrime
Source:UNCTAD
ConsumerProtection
Source:UNCTAD
Recommendations• CoordinationbetweentheAUCandmemberstates
• Awarenessamongstakeholders• Coordinationandcommunicationatnationalandregionallevel
• Inclusiveness - needforallstakeholders(civilsociety,government,privatesector,academic)tobeinvolvedinnationalandregionalprocesses.
Recommendations• StrengtheningtheroleofPanAfricaParliament
• Examineadstreamlineratificationprocesses• Financialresources– settingupofinstitutions,capacitybuilding,monitoringandenforcement
• Technicalandinstitutionalcapacitybuilding
QuestionsforReflection
• WhatarethelimitsofMSapproaches?• AreMSapproachesreallyfeasible/practical?• Whataretherolesandresponsibilitiesofthevariousactorsandstakeholders?–Whoneedstodowhat,when,howandwhy?
• Howlongshouldtheprocesstake?Canweaffordlengthyratificationprocesses?
THANKYOU
Contact Information
Towela Nyirenda-Jere, PhD
Email: [email protected]
Tel. : +27 11 256 3587