International Code of Conduct on Information Security Discussed at IGF 2011

IGF 2011 was completed in the last week of October in Nairobi.  Before the workshop on Government’s Responsibility on Day 4, I prepared a written statement and sent to the moderator and organizer well before.

I’m posting here the OBSERVATIONS ON INTERNATIONAL CODE OF CONDUCT FOR INFORMATION SECURITY (September 28, 2011) I made at a CoE workshop.

“I note a group of civil society organizations’ Open Letter to the President of the UN General Assembly on International Code of Conduct for Information Security. I deeply appreciate their timely contribution. I agree with some of the views they presented, but also believe we should be focusing on the most important issues.

I would like to share with you my observations. As a Chinese poem says, “you could not see the whole picture of a mountain when being in the ranges of the mountain.” Since I’m now almost 10,000 km away from Nairobi, hopefully my observation could be interesting to you.

I agree that the International Code of Conduct For Information Security (ICOC) proposed by the four countries does not have any direct “reference to the multistakeholder approach.” Although the document primarily defines the responsibilities of the States, it does not seem being the product of multi-stakeholder consultation and consensus.

On the other hand, ICOC, para. (h), does mention “all elements of society.” Given that language difference may result in variants of expressions, such as calling “civil society” as  “social groups” (see “MIIT of China response to the Further Notice of Inquiry on the IANA Functions”) , “all elements of society” could arguably imply multi-stakeholders. Truthfully,  the statement that “all elements of society” are under the leadership of the States does not imply the equal footing of all stakeholder groups. But is there any INTER-NATIONAL decision-making process really ensuring equal footing of all stakeholder groups? I’d be happy to learn more about how international law-making adapts to multi-stakeholder environment, as I had presented via unsuccessful remote participation system in Workshop 144 on September 27.

Making a simply comparison between ICOC and the two documents presented by Council of Europe (the “Declaration by the Committee of Ministers on Internet governance principles” and “Recommendation CM/Rec(2011)8 of the Committee of Ministers to member states on the protection and promotion of the universality, integrity and openness of the Internet”), I can see quite a lot of commonalities and interoperable elements. Both initiatives have the emphasis on “No harm”, which reflect the concern for world peace in the Internet age.

Since CoE’s document also mentions “Cultural and linguistic diversity”, I think it could be biased or mind-guessing to state that ICOC’s reference to “ ‘respect for the diversity of history, culture and social systems of all countries’ might be interpreted as diminishing the commitment of the UNGA to the universality of human rights.”

To my belief, the most important commonality is that both ICOC and CoE’s documents highlight the human rights and fundamental freedom. ICOC, the third sentence of para. (a), is a brilliant statement that is so dear to the people who are keen on access to knowledge. It may also explain why ICOC was not widely reported in the media in these four countries . So it would be good if ICOC, including the third sentence of para. (a), could be avail to the people of the four states, particularly when not all four states have ratified the International Covenant on Civil and Political Rights (ICCPR).

But the devil is in details. I fully agree that ICOC, para. (c) is the real concern and can be subject to different interpretations. Actually even the second sentence of para. (a), “respect for the sovereignty, territorial integrity and political independence of all States” could have alternative implication. I shall sincerely hope none of the interpretations would revoke the commitment to respect for human rights and fundamental freedoms, as stated in ICOC, para. (a) as well.”

The proposed International code of conduct for information security is contained in a Letter dated 12 September 2011 from the Permanent Representatives of China, the Russian Federation, Tajikistan and Uzbekistan to the United Nations addressed to the Secretary-General is attached here for reference.


Many people was not able to attend physically. But the so-called remote participation is most unreliable and ineffective way for anyone who genuinely intended to participate.

In the morning of Day One, I spent a long time to test and wait patiently for workshop “IG Principles” that I would present. Tragically, there was no signal on both the webcast and webex (participation platform) until the whole session started several minutes later. After I could finally log on webex, I posted messages to let the remote moderator know that there would be speakers remote and asked for testing. My testing requests were denied for unknown reason. Then I found that there was neither video nor sound on webex and told the RP moderator. The replies was always “fixing.” Frustrated by inaccessibility, I had to rely on the webcast to listen, which made me in an awkward situation of either listening without participation or particiaption without sounds. After one third of the workshop, I can finally hear some sounds from webex but the sounds were extremely weak, unclear and full of noises. I contacted the RP moderator but no fixation was offered.  As a result, I was not able to interact with the moderator and speakers of the workshop. Most unforgivably, my chance of presentation was unfairly deprived. I was merely given a few seconds to talk before the line was brutally cut by the RP moderator. I heard mildly that people on spot said that I should submit a written statement and RP was not reliable. Okay I then wrote a short note and posted on the webex. It was not read until almost the end of the workshop by the impatient and unqualified RP moderator.

After experiencing such unhappiness, I learned that RP was very unreliable.

My RP at another workshop on sort of OKE was equally unpleasant. There was no other RP participants at all. I sent in a comment but it was not read until the very end of the workshop. Sadly it was distorted and mutilated by the RP moderator. It was the insult to my sincere participation.








Comments are closed.