British Foreign Secretary William Hague gave these remarks at the London Conference on Cyberspace on November 2, 2011.
Thank you all very much for coming to this conference. I hope you have enjoyed it, and found it rewarding and thought-provoking.
Earlier this year I proposed principles to govern behaviour in cyberspace, and called for a focussed and inclusive dialogue between all those with a stake in the Internet – civil society and industry as well as governments - on how we might implement them:
- The need for governments to act proportionately in cyberspace and in accordance with national and international law;
- The need for everyone to have the ability to access cyberspace and the skills, technology, confidence and opportunity to do so;
- The need for users of cyberspace to show tolerance and respect for diversity of language, culture and ideas;
- Ensuring that cyberspace remains open to innovation and the free flow of ideas, information and expression;
- The need to respect individual rights of privacy and to provide proper protection to intellectual property;
- The need for us all to work collectively to tackle the threat from criminals acting online; and
- The promotion of a competitive environment which ensures a fair return on investment in network, services and content.
Our Conference began this dialogue on principles and set out an agenda for further work to build a secure, resilient and trusted global digital environment.
Over the next 24 months there will be two follow-on conferences, the first in 2012 hosted by Hungary, and the second in 2013 hosted by South Korea.
I thank the governments of both countries for the leadership and vision they have shown by offering to host the next stages of our work to build a new consensus about the future of cyberspace.
More than 700 participants from 60 countries have taken part in the conference – including Ministers, industry leaders, the internet technical community, civil society and our Youth Forum. I am extremely grateful to you all for your participation. We also heard from citizens across the world. Our panellists took questions direct from the public through the Internet, the event was livestreamed and debated on social media in China, Pakistan, India and the Middle East.
As Conference Chairman, it falls to me to draw together the points that were debated, and to offer my own thoughts about the significance of what we have achieved.
We focussed on five topics: economic growth and development, social benefits of cyberspace, safe and reliable access, international security and cyber crime. I will make a few remarks on each.
On economic growth and development, all delegates agreed that the Internet is a critical engine of economic growth, especially in the developing world, helping to improve access to education and healthcare, reducing poverty, and driving progress on the Millennium Development Goals. To achieve the broadest and deepest possible benefits to growth from cyberspace we must increase access to broadband communication in the developing world and promote the continued global investment and competition in high speed networks and services.
It was also agreed that cyberspace must be secure and reliable so that it is trusted as a medium for doing business, and innovators are confident their discoveries will be appropriately protected.
There was strong support for the principle that we must promote a competitive environment which enables a fair return on investment in network, services and content.
At the same time many speakers called for cyberspace to be free from government and commercial censorship, consistent with international legal obligations, so that the free availability of information provides incentives for the highest standards of accountability and national governance.
Delegates called for cyberspace itself to have the latitude to evolve and innovate naturally to create new opportunities and benefits in the future.
Delegates called for the removal of unnecessary barriers to trade in cyberspace. Only then will the full benefits of online cross-border trade and globalisation be realised.
On the social benefits and safe and reliable access, all delegates reaffirmed the overwhelmingly positive and transformative benefits of the Internet. Many welcomed its contribution to freedom of expression and association, and its ability to expose human rights abuses as they happen. The Internet is a powerful engine for empowering citizens and driving government accountability.
The conference agreed that efforts to improve cyber security must not be at the expense of human rights.
There was overwhelming support for the principle that cyberspace must remain open to innovation and the free flow of ideas, information and expression.
Many supported the principle that rights to freedom of expression and association apply with equal force in cyber space.
Capitalising on the benefits of cyber space and protecting freedoms is best achieved through inclusive participation of governments, business and civil society, according to many of our delegates. Speakers thought that the best foundation, and the one which best reflected the dynamic of the Internet itself, was a transparent and stable framework of self regulation.
There was strong support for the principle that users of cyberspace should show tolerance and respect for diversity of language, culture and ideas; but protecting this principle must not be used as a cloak for attempts to subvert the right to freedom of expression and association. Speakers also expressed concern that some states may use notions of sovereignty to restrict access, block websites and censor internet content.
Delegates emphasised the need for transparent and interoperable approaches to handling privacy and data protection issues, which recognise the requirement for global trade but also the importance of protecting personal information.
On international security, all delegates agreed with the principle that governments must act proportionately in cyberspace and that states should continue to comply with existing rules of international law and the traditional norms of behaviour that govern interstate relations, the use of force and armed conflict, including that states must settle their international disputes by peaceful means in such a manner that international peace, security and justice are not endangered.
All speakers agreed that stronger co-operation and collaboration was needed to build confidence and to avoid misunderstandings.
All delegates agreed that the immediate next steps must be to take practical measures to develop shared understanding and agree common approaches and confidence-building measures. There was no appetite at this stage to expend effort on new legally-binding international instruments.
There was strong support for the recommendations of the 2010 UN Group of Government Experts on further dialogue among states to discuss norms pertaining to state use of information and communication technologies to reduce collective risk and protect critical national and international infrastructure.
Delegates welcomed the work the OSCE is also doing to develop specific confidence-building measures applicable in cyber space, and called on other regional organisations such as the ASEAN Regional Forum to develop their own work alongside the OSCE on this question.
And on the fifth and final theme, the conference identified cyber crime as a significant threat to economic and social well-being, and one which requires a concerted and urgent international effort.
All delegates strongly supported the principle that we must work collectively together to tackle the threat from cybercrime and ensure there are no safe havens for cyber criminals. There was strong support from delegates for the guiding principle that what is unacceptable offline is also unacceptable online. As was pointed out in the Youth Sessions, for young people the online and offline worlds are one place.
Many countries and regional bodies are already taking positive steps towards implementing cyber crime legislation, but it was recognised that these need to be compatible internationally. In addition to legislation, countries were encouraged to ensure they have the forensic resources, processes and willingness to co-operate as necessary.
There was general support for the principles for fighting online crime that are set out in the Budapest Convention on Cybercrime and little appetite for negotiating a new instrument. Many delegates encouraged countries to look at whether they could sign up to the Budapest Convention, seeing the Convention as the best form of international agreement in this area. Some delegates called on the UK to promote the Convention during its forthcoming chairmanship of the Council of Europe, a recommendation that the UK intends to take forward. Some delegates also expressed their support for the Commonwealth work on a cyber crime Model Law as a useful stepping stone.
As well as law enforcement and cross-border co-operation, the debate noted prevention as being central to tackling cyber crime. There was general agreement that all sectors - private companies and individuals as well as governments and law enforcement agencies – have responsibilities in preventing cyber crime.
Delegates thought government and industry had a shared responsibility to do more to prevent cyber crime, in industry's case for example through more secure devices, systems and services. Industry must be a part of the solution on prevention. There was general support for the view that the public and businesses should get more help to able to identify easily products that have good security. Delegates encouraged the private sector to lead development of improved Internet security products, systems, services and standards in cyberspace, and to make the market easier to navigate for consumers.
Speakers noted that all Governments are currently looking to place more services online. It was agreed that governments need to lead by example, and that when governments procure and provide online services, security is one of the key criteria.
Delegates believed governments have a responsibility to ensure an open Internet that allows individuals access to content and services with only such restrictions as are permitted under international legal obligations, while protecting users against abuse, especially children.
There was agreement that government should have an underpinning legal framework to protect the integrity of online transactions that can provide recourse, for example in the event of fraud. Beyond that many speakers thought that governments should encourage self-regulatory mechanisms for the private sector, rather than start with legislation and regulation.
Delegates called on governments to take an appropriate and proportionate interest in improving the safety and reliability of cyberspace, while recognising that the expertise lies with industry partners. Delegates called on industry to lead the creation and maintenance of open standards being mindful of the challenges to information access. Speakers called on service providers and suppliers to redouble their commitment to ensuring the reliability and availability of systems.
These and other findings of the Conference will be published in a document available to you all shortly.
I wish to add my own three reflections the significance of the London Conference on Cyberspace and some views on the messages it sends.
The first reflection is that the conference has shown that there is a real hunger to address the need for a safe and secure future in cyberspace. It is striking that every country represented here perceives itself to be at the receiving end of threats in cyberspace.
The demand for a safe digital environment is rising as more and more of our lives are lived on the internet. All Governments need to respond to this demand; not just some governments in some regions of the world, but across the globe.
My second reflection is that we have established conclusively that governments cannot determine the future of the internet and digital networks alone.
In fact, when governments do discuss this subject we are at risk of adopting wrong or dangerous conclusions, or of being out of touch and out of date the minute we sit down. It is vital that we understand our limitations in this area.
The founder of Wikipedia described how that organisation bases its moderation of online content on the principle of 'assuming good faith'. This is an inspiring model that Governments could not have devised and which could not be enforced by them either. The involvement of industry, civil society and internet experts is absolutely essential and any attempt to move forward without their participation will fail.
The third reflection I offer is that we must now accelerate the international debate on cyberspace and move it onto a permanent and continuous footing. Until now, it has not sufficient intensity to match either the exponential rise in threats or the booming nature of the opportunity.
So this has been a hopeful and immensely inspiring conference. We have succeeded in galvanising the international debate about the future of cyberspace. We have achieved our central objective and identified the ground that will need to be covered on the way to agreement about norms of behaviour in cyberspace.
The London Conference will lead to concrete action across its themes, building on the foundations laid in organisations such as the UN, OECD, Council of Europe, and APEC, as well as on private sector initiatives such as the development of principles for User Generated Content and the Global Network Initiative. Just a few examples include:
- Working to bridge the digital divide through support to the ITU/UNESCO Broadband Commission;
- Considering further the recommendations of the 2010 UN Group of Government Experts on norms of behaviour;
- And expanding support for the Budapest Convention on cyber crime;
In my view there are clear messages from this conference for governments, the private sector and individuals.
For governments there are four messages: whatever country you represent the rapid rise of cyber crime is a growing threat to your citizens. Our occasional talking together on this subject needs to become a permanent activity, and just because no one person in most governments is responsible for this area does not mean it can be ignored any longer.
The second message for governments is do not treat cyberspace as if it belongs to you. We will only be capable of tackling the issues we have discussed at this conference about the future of the internet by using the ideas and ingenuity of people outside government.
The third message for governments is that state sponsored attacks are not in the interests of any country long term, and that those governments that perpetrate them need to bring them under control.
The fourth message for governments is while working together to defeat threats in cyberspace you should not imagine for an instant that you can resist the growing force of the tide now flowing for transparency, open information and the free exchange of ideas. Those governments that try to do so are bound to fail.
The message to entrepreneurs and companies is keep your ideas flowing. You need to work with your government to safeguard intellectual property and prevent cyber crime, while continuing to pursue the innovation and ideas that created cyberspace in the first place.
And the message for individuals is this is your debate. Large numbers of people have followed this conference online. You must be our allies in ensuring that the future global consideration of cyberspace, like this conference, remains true to its own nature and allows for a vast diversity of opinion and individual expression.
In taking forward this work no one country can go it alone. Just as forty years ago discussion of Cooperation and Security in Europe evolved to establish a range of agreements that promote co-operation while ensuring security, we can now look forward with optimism that in London we began the collective endeavour of enhancing and protecting the internet for future generations.
We do not underestimate the difficulties ahead. There are still divides to be bridged and difficulties to be overcome. Achieving the broad, international consensus will take time. But this is one of the great challenges of our time and in London the world has made clear that we will not leave it to chance. We will pursue it with the intensity it demands and deserves.
I thank all those who have taken part in the London Conference and look forward to working together to build a secure, resilient and trusted global digital environment which will benefit us all for generations to come.