Part I: Intelligence analysis

The Internet has a vast destructive potential while being a benefit for the humankind. This potential includes both psychological wars and its use for the propaganda of racism, extremism and also for criminal purposes, such as hacking the government websites. Today, international terrorist organizations use the worldwide web to prompt themselves.

The threats in the IT area is one of the most severe problems in today’s world that is undergoing globalization. New powerful tools are emerging that can result in unprecedented destruction, disrupt the work of the economic sectors, social infrastructure, and state administration and threaten lives of millions of people.

Given the high levels of distrust among major states, agreement on a binding treaty or convention was politically impossible[JS3] . Thus, people place hope on norms, which seemed more promising. Research on an approach that used non-binding norms and confidence-building measures, leading eventually to an environment in which formal agreement would be possible to create a credible alternative to a treaty.

The 2010 report of the second UN Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (UN GGE) belongs to this concept. This report called for further dialogue among states on norms, “to reduce collective risk and protect critical national and international infrastructure”, “including exchanges of national views on the use of information and communication technologies in conflict.”

Meanwhile, a year earlier, on the 10th anniversary of the Shanghai Cooperation Organization (SCO), participants paid particular attention to the relevant goals and tasks of developing information support to expanding cooperation between the member states in counteracting cyber threats, which pursue criminal, terrorist and military-political purposes. (Lewis, 2017)

Terrorism adjusts fast to information globalization. The vital task of the international community is to find a response to new challenges. The understanding of this danger makes the leaders of SCO member states get together and find an approach to counteract cyber terrorism. The SCO holds bilateral and multilateral talks, including at the top level. As a result, they signed the Agreement on Cooperation in Ensuring International Information Security between the Member States of the SCO at the summit in Yekaterinburg in 2009. At that time, the agreement had already been ratified by four of the SCO members - China, Russia, Tajikistan and Uzbekistan - and it came into force on June 2, 2011.

On 12 September 2011, the four members of the SCO submitted a Draft International Code of Conduct for Information Security to the United Nations General Assembly. “to push forward the international debate on international norms on information security, and help forge an early consensus on this issue.” (United Nations, 2015)

Two significant events happened after the SCO submitted the first draft, the World Conference on International Telecommunications (WCIT) meeting in December 2012 and the Snowden disclosures in June 2013. Accusations that the US exploit their “dominant position in the information space” have gained credibility. The matters of equitable internet governance and prevention of cyber-attack and intrusion are of the most concern to all nations. A code that attempts to address these issues is likely to generate vital interest.

Thus, this initial group was expanded to six members in 2015, and submitted a new draft to the UN General Assembly, though the substance of the document does not change much from that of the previous report. Both versions endorsed the view that “policy authority for Internet-related public issues is the sovereign right of States.” However, the 2015 version goes further, pointing that “states must play the same role in, and carry equal responsibility for, international governance of the Internet, its security, continuity, and stability of operation, and its development.” (United Nations, 2015)

The Internet policy authority as the sovereign right of states has been vehemently debated, especially at WCIT 2012. The U.S. and other states argued that internet policy should not be exclusively state-determined; rather, it should rely upon a multi-stakeholder model of internet governance. Russia, China, and many developing countries have taken the view that such a position naturally favors the western nations. [EF4] The western countries, especially the U.S., already holds significant influence over the internet, when we talk about the role of ICANN and major US-based ICT companies.

The issue of participation in Internet governance is closely linked to dominance in the digital space. The Code points out inequalities and dominant-state advantages in the cyberspace, including concerning control of ICT supply chains, as severe threats to national security. Following the Snowden disclosures, this position has achieved broader resonance in the international community.

Also, in the Code, the basic concept: “international information security” is controversial. Whereas the SCO member states believe that content is a potential security threat and should be regulated, the western countries consider this level of content regulation to be a threat to fundamental human rights.

The Code emphasizes state sovereignty and territoriality in the information space above all else and is dominated by national security and regime stability imperatives. Trends embodied by the SCO suggest a strategic revisionism on the part of the SCO states towards international human rights law.

T

he evolution of the Code’s substantive provision regarding human rights under paragraph 2(f) in the 2011 version:

“To fully respect rights and freedom in the information space, including rights and freedom to search for, acquire and disseminate information on the premise of complying with relevant national laws and regulations.”

and 2(7) in the 2015 version:

“To recognize that the rights of an individual in the offline environment must also be protected in the online environment; to fully respect rights and freedoms in the information space, including the right and freedom to seek, receive and impart information, taking into account the fact that the International Covenant on Civil and Political Rights (article 19) attaches to that right special duties and responsibilities. It may, therefore, be subject to certain restrictions, but these shall only be such as are provided by law and are necessary:

(a) for respect of the rights or reputations of others;

(b) for the protection of complying with relevant national security or of public order (order public), or of public health or morals;” (Takeaways, 2015)

The 2011 version discussed human rights in the digital area by suggesting they could be curtailed to “complying with relevant national laws and regulations,” which is an obvious target for criticism, given the facts that rights abuses tolerated, if not authorized or required, by the SCO states’ legal and regulatory regimes. Then, the 2015 version replaces the reference to national standards with reference to international law, the International Covenant on Civil and Political Rights (ICCPR). Therefore, it removed language that might have dissuaded states concerned with digital human rights from accepting the Code.

In the explanation of the application of international human rights law, the Code focuses mainly on restrictions on freedom of speech available to states under the law. This explanation suggests the SCO states’ intention to frame existing internal information controls as compatible with international human rights law.[EF5] Nevertheless, this interpretation is not consistent with the objective application of the law. Pervasive information controls in the SCO member states, which restrict dissemination of content seem politically sensitive by the government, moreover, in some instances, result in criminal punishment of legitimate expression, do not credibly meet these standards.

In a word, there are two main problems in the primarily cooperative issue: [JS6] What should the Internet governance be like? How to keep the balance between the human rights and national security in cyberspace? The SCO states and the US-led western countries are the key parties in the issue.

The opportunity for cooperation, in this case, is that both parties have the same enemy: terrorism. However, both sides have their interests. As for the first question, “What should the Internet governance be like?”, the U.S.-led Western countries assert that Internet governance should rely upon a multi-stakeholder model, while the SCO states believe that the Internet policy authority is a sovereign right, thus it should be exclusively state-determined. The Code emphasizes state sovereignty and territoriality in the cyberspace above all else. As for the second question, “How to keep balance between the human rights and national security in cyberspace?”, whereas the SCO Member States believe that content is a potential security threat and should be regulated, the Western countries consider this level of content regulation to be a threat to fundamental human rights. [EF7]

In the future development of this issue, the U.S.-led Western countries will keep using their norms and ignore the Code. However, the SCO will prompt the Code much more than before, trying to let the international community recognizes the Code and putting pressure on the U.S.-led western countries to force them to accept the Code.

Part II: Policy analysis (Role-China)

Cyberspace, like the ocean and outer space, is global common. Different countries follow different codes, competing with others in this area. The U.S. and we represent two different codes in cyberspace.

The basic definition of cybersecurity to the U.S. and China are different. For the U.S., cybersecurity means protecting communications and other critical networks from unauthorized access[JS8] . For us, information security is a broad category that includes controlling the flow of information and censoring content as well as defending networks and computers from exploitation. Thus, external hack that may cause domestic disorder will be the major information security issue for us.

The U.S.’ idea of Internet governance is similar to preemption. “The global cyberspace is anarchy; the United States should pursue its dominance of gaining an advantage in this space.” [EF9] It believes that the freedom of movement of a country in such non-territorial space is directly related to the state's ability. The stronger the state is, the more share it can obtain. On the fact that the U.S. already has many advantages on cyber technology, the U.S. hopes that there are no more rules or other non-power factors, like norms, to limit their movements. [EF10]

The former Secretary of Defense Robert Gates described the American approach toward the global commons as: “We stand for openness, and against exclusivity, and in favor of the common use of common spaces in responsible ways that sustain and drive forward our mutual prosperity.” The Trump administration’s cybersecurity executive order states that it is US policy to “promote an open, interoperable, reliable, and secure Internet.” (Abraham M. Denmark, 2010)[JS11]

China is a main character of the SCO. We have the same goal and interests as the SCO member states. We believe that the Internet policy authority is a sovereign right. President Xi first mentioned the concept of cyber sovereignty at the 2015 World Internet Conference in Wuzhen. Cyber sovereignty means “respecting each country’s right to choose its own Internet development path, its own Internet management model, (and) its own public policies on the Internet.” Considering that safeguard national sovereignty and territorial integrity is always our priority, we believe that the Internet policy should be exclusively state-determined. “The sovereignty principle in cyberspace includes at least the following factors: states own jurisdiction over the ICT infrastructure and activities within their territories; national governments are entitled to making public policies for the Internet based on their national conditions; no country shall use the Internet to interfere in other countries’ internal affairs or undermine other countries’ interests.” (Ministry of Foreign Affairs, 2014)

Besides, to protect national security, we need to regulate the online content that may be a potential security threat. We admit and obey the International Covenant on Civil and Political Rights under our constitution.

We have two policy options. First, we need to face the existing rules. Since the U.S.-led western countries believe the ability decides, we should also develop our cyberspace technology to enhance our abili[EF12] ty. Second, we need to establish new norms. The International Code of Conduct for Information Security is one of the processes we made. As we emphasized in the Code, the nation’s power in safeguarding cybersecurity is essential. We hope the international community can admit this point.

Both options are vital to us. The first can let us avoid being subjected to other powers. Only if we have the real power, we can resist others’ attacks. The second choice can help us build international new order. On the one hand, the Code has allowed the SCO states to obtain a sort of “diplomatic high ground” regarding digital norms. We frequently referenced the Code when responding to allegations regarding its activity in the digital space, including involvement in digital espionage or attack. We invoked the Code as it was the evidence of the good faith and positive contributions of us when it comes to cyberspace. It should be a standard to other states.[EF13]

With President Trump and a more inward-looking United States, the new external environment creates opportunities for us to play an even larger role in defining the rules of the international order in cyberspace.

Part III: Policy implementation & political strategy

For developing our cyberspace technology to enhance our ability. We need to invest more support in technology development, especially in Universities and research institutes. Furthermore, we should seek for more research cooperation with other nations. The cooperation should not only be limited in the SCO but also be with other nations, such as the U.S. We try to build trust between each other by research cooperation.[EF14]

For establishing new norms, there is a barrier comes from human rights.

Government control is essential for maintenance of domestic stability and regime preservation in light of the proximity and influence afforded to individuals and states by the Internet. In western countries eyes, it is also directly contradicted with established principles of international human rights law, contravening rights including privacy and freedoms of opinion expression. Thus, the Code will not be admitted by most of the international community until the SCO makes a significant change on the human right part.

However, the SCO cannot change the context that much, because the government control and free speech are naturally incompatible. We cannot abandon the core of our norms; the western countries cannot abandon their value too.

Thus, we should use diplomatic methods, trying to get as more recognition in the international community as we can. The more countries recognize the Code, the more pressure we can give our opponent. Our efforts in Africa, Southeast Asia, and Central Asia are designed to access markets as well as create support for our foreign policy and cyberspace norms. In addition, we can hold more international conferences on cyberspace in China to prompt our influence in this area, such as the World Internet Conference.

Notes:

1. Abraham M. Denmark, e. a. (2010, January 25). Retrieved from Contested Commons: The Future of American Power in a Multipolar World: http: / /www. cnas. org/files/documents/publications/CNAS% 20Contested% 20Commons_1. pdf.

2. Lewis, J. A. (2017, July 25). Sustaining Progress in International Negotiations on Cybersecurity. Retrieved from CSIS: https://www.csis.org/analysis/sustaining-progress-international-negotiations-cybersecurity

3. Ministry of Foreign Affairs, t. P. (2014, June 05). Ministry of Foreign Affairs, the People's Republic of China. Retrieved from Address by Vice Foreign Minister Li Baodong at the Opening Ceremony of the International Workshop on Information and Cyber Security: http://www.fmprc.gov.cn/mfa_eng/wjbxw/t1162458.shtml

4. Takeaways, K. (2015, September 28). Retrieved from An Analysis of the International Code of Conduct for Information Security: https://openeffect.ca/code-conduct/

5. The Citizen Lab. (n.d.). Retrieved from Analysis of International Code of Conduct - The Citizen Lab: https://citizenlab.ca/2015/09/international-code-of-conduct/

6. United Nations. (2015, January 13). Retrieved from General Assembly - CCDCOE: https://ccdcoe.org/updated-draft-code-conduct-distributed-united-nations-whats-new.html