Expert Speak Digital Frontiers
Published on Oct 12, 2016
Karsten Geier, head of the Cyber Policy Coordination Staff at the German Federal Foreign Office's interview on CyFy 2016
No easy solutions to cyber security concerns: Karsten Geier

“The internet is global, so you need a global, multi-stakeholder governance system,” says Karsten Geier, head of the Cyber Policy Coordination Staff at the German Federal Foreign Office. Geier is chair of the United Nations Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (GGE). He also represents his country in the Organization for Security and Co-operation in Europe’s Informal Working group on the Risk of Conflict Stemming from the Use of Information and Communication Technologies. In addition, Geier has authored various articles on international cyber affairs and has taught modules at various academies and colleges.

Geier was in New Delhi end September to attend CyFy: The India Conference on Cyber Security and Internet Governance. Pooja Chaturvedi from the German Embassy New Delhi spoke with Geier about the three-day conference, the idea of a global digital governance regime, the challenges Asian countries could face and Indo-German cooperation in the field of cyberspace. Here are some edited excerpts:

How important is this conference?

CyFy, over the years, has developed into one of the must-attend conferences for international cyber affairs. You have several hundred participants from a wide variety of countries and backgrounds, and that really makes CyFy unique in the world.

The theme for CyFy 2016 was “Digital Asia: Scripting the New Governance Order”. Can you explain the idea of a global digital governance regime?

Digital or internet governance is the idea that you need arrangements to decide what rules apply on the internet, and in this case, for technical standards as well. International law applies to state behavior in cyberspace, that’s evident.  But you need further rules of good behaviour that ultimately help in deciding what’s wrong and what’s right. The internet is global, so you need a global governance system. To make things even more complicated, it’s a system which is not state-centric, but a system where various stakeholders—private companies which provide the infrastructure for the internet, civil society which comprises the vast majority of users, and governments—all want to play a role according to their responsibilities and competences.

Now, the other aspect of digital government is the idea that the internet can help economic development, education, scientific exchanges and so on, far better than the mechanisms we have been using in the past. And hence, it could be a great promoter of a more equitable international system, and that is also implied in this title.

What were the main areas of discussion during the event?

CyFy is special in the way that it brings together a wide variety of issues. One strong issue this year was the question of security, in particular of combating online crime, which was one of the major points repeatedly made by the Indian government representatives. But there were also panels on things like the future of entertainment.

The growing importance of cyberspace in modern society and its increasing use as an arena for dispute is becoming a national security concern for governments and armed forces globally. There are various issues, from the asymmetric nature of the internet to the lack of attribution and legal ambiguity. If we talk about a global digital governance regime, how should nations address and tackle these issues?

The nations of the world are still looking for a solution to these challenges and there is no easy one. India is playing a very important role as a partner internationally and also to Germany. Let me highlight the United Nations Group of Governmental Experts on International Security in the Field of Information and Communications Technology. It is a group of 25 governmental experts that meet regularly in New York and Geneva to try and explore how existing international law applies to ICTs; the norms, rules and principles for responsible state behaviour in cyberspace; and the confidence- and capacity-building measures needed to promote international peace and security in ICT use. India is a member of this group, as is Germany. And this group is trying to address all of these issues.

One of the breakthroughs came in 2013 when the GGE agreed that international law, in particular the UN Charter, applies to the use of information and communication technologies by the states. Then in 2015, the GGE recommended a set of norms for responsible state behaviour that, if universally respected, would really help in supporting a modicum of international order. One of the questions now is how to give international law and the norms of responsible state behaviour better traction and universalise them. And also, how to make sure that all states are in a position to actually contribute to this discussion and adhere to these laws. It requires a certain level of state organisations and technical capabilities, and that’s not universally available.

What role do non-state actors play in the context?

Non-state actors play an important role in this discussion. As I mentioned, the infrastructure that makes cyberspace and provides the internet is mostly run by private industries. The software is developed by private companies and the users are private individuals, so this is an ecosystem that cannot be governed by the state alone. I think that each of these stakeholders have their areas of competence. States should not try and set technical standards, because they are not good at it. Civil users should not try and tackle issues of peace and security. The industry should not try and impose values on users. I think every stakeholder has a niche and an important role to play. And to make an opera out of all these various sounds is a challenge.

You were on the panel to discuss “Stability in Cyberspace”, with a special focus on Asia. What are some of the challenges that are unique to India and other Asian countries? What solutions emerged from the panel discussion?

I think Asia is a particularly interesting region because of its diversity. You have some countries in Asia on the cutting edge of digital development and you have others that are still struggling with the fundamentals. So there is this huge discrepancy in one region of the world. You have a common drive to use technology to your benefit and you have a very high degree of interconnectedness in some parts of Asia. All this has to be brought together, and this, according to me, is the big challenge for the various countries of Asia. I think one of the points we need to realise is that there are some issues in international digital affairs that can be solved on a global level, where we all need to play together. But there are others that need to be resolved at a regional level. And that’s where countries like Germany can offer assistance or advice, but ultimately the decisions have to be made by the countries of the region.

What role does technology play in creating and destroying global cyber regimes?

In a way, technology ensures that we keep running behind development. Sometimes when we discuss rules in cyber regimes, we still tend to think of the internet as something that is organised around stationary computers that are physically connected with wires and lines, and that’s how the internet was originally. But that’s not the reality anymore; we have been using our mobile phones to access the internet for many years now. As a new development, you have millions of devices that are talking to each other without human interference. So all these technological leaps mean that we have to adjust our thinking and also our roles. This is a real challenge because in a way human or governmental learning is slower than technological advancement.

The only solution is to maintain a strong dialogue with private industries that have a strong innovative element and with the scientific community that helps to develop the underpinnings of these technological developments, to seek their advice and double-check if what we are discussing is still matching reality. The correcting element in all of this has to be civil society, the users, human rights organisations. We need to ensure that in all this excitement of technological development, we don’t lose sight of the users and the fundamental rights that can be affected, for instance, by the unauthorised use of individual data. It is a very big concern, and there is no universal solution, also because industries keep finding new ways of using data—very often for the good—but it’s a double-edged sword and we need to be sure that only the good side is being used.

How do India and Germany cooperate in the field of cyber security? Are there more joint projects in the pipeline?

India and Germany are cooperating in this field for a number of years now. We have regular governmental consultations between the two countries, and we meet regularly once a year in all-of-government-format. I am looking forward to the next round of consultations coming up in November. Apart from this, we are cooperating in the United Nations and in the quest for international laws and norms and confidence-building. There is also cooperation at the technical level, to ensure IT security and combat abuse of the internet.  One area where there is great room for cooperation is industrial standards, as India has a very strong IT industry, as does Germany. Just making sure that the standards in one country matches the other is a huge step forward.

The above conversation can be found on this link
The views expressed above belong to the author(s). ORF research and analyses now available on Telegram! Click here to access our curated content — blogs, longforms and interviews.