The formation of the legal basis for international information security within the UN-format: stages and outcomes

Zhukovskaya Nataliia Yur'evna ORCID: 0000-0003-3144-7000 PhD in History Associate Professor; Department of Public Law Disciplines; Lipetsk State Pedagogical University named after P. P. Semenov-Tyan-Shan 42 Lenin Street, Lipetsk, Lipetsk region, 398020, Russia lgpu322@gmail.com Other publications by this author     Kalinina Elena Vladimirovna PhD in Law Associate Professor; Department of Public Law Disciplines; Lipetsk State Pedagogical P.P. Semenov-Tyan-Shan University Head of the Department; Lipetsk State Pedagogical P. P. Semenov-Tyan-Shan University 42 Lenin Street, Lipetsk, Lipetsk region, 398020, Russia kalilin48@rambler.ru Other publications by this author

Radolin Artemii Mihailovich ORCID: 0009-0003-7536-9443 Student; Institute of Culture and Art; Lipetsk State Pedagogical P.P. Semenov-Tyan-Shan University 42 Lenin Street, Lipetsk, Lipetsk region, 398020, Russia artrols002@gmail.com

The emergence of the global information space and the transition of society into the digital age have created fundamentally new threats to the world as a whole and to each particular state individually — infogenic. As a result, the role of global efforts to ensure international information security (hereinafter — the IIB), the formation of an international legal regime for responsible behavior of states in the information environment and the development of principles and norms binding on all members of the world community for the use of information and communication technologies (hereinafter - ICT), which will not pose threats to peace and security, has sharply increased. security.

The international community is engaged in solving the problems of global information security both at the institutional (within the framework of individual international organizations and structures) and at the conventional (creation of common norms of international law) levels. Meanwhile, as practice shows, the process of developing mutually acceptable solutions on ways to ensure responsible behavior of states in the global information space, which has been going on for a quarter of a century, is still far from complete and, above all, because the leading states of technological development do not seek to commit themselves to limiting their own dominance in the infosphere. However, the very process of developing solutions to ensure the IIB that can satisfy the interests of a large number of members of the world community certainly deserves attention. Studying it allows you to: a) to determine the positions of the contracting parties; b) to establish the content of the basic ideas about the boundaries of the IIB and how to ensure it; c) to identify the weaknesses and strengths of the agreements reached; d) to assess the results and prospects of the contractual process. The objectives of the presented article include, in particular, consideration of the main stages of the formation of international legal approaches to ensuring the IIB implemented within the framework of the United Nations (hereinafter - the UN) during 1998-2023.

The paper uses, first of all, a dialectical approach to the main object of research — the process of developing international legal solutions for the formation of responsible behavior of states in the global information space. In order to identify the dynamics of this process, its stages and content, general scientific research methods (induction and deduction, analysis, synthesis, etc.) were used. In the totality of the methods of research in the social sciences, on which the work was based, it is necessary to distinguish formal-legal (necessary for evaluating normative material), concrete-historical, methods of situational analysis (allowing you to focus on the factors influencing specific decisions), content analysis.

It should be noted that the activities of ITU, according to the statutory documents, do not involve political discussions. However, in recent years, this organization has been increasingly drawn into the orbit of the political interests of Western countries, which seek to usurp control over it. In these conditions, the prospects for an objective consideration of the IIB's tasks and the search for a compromise between states on their solution within the framework of ITU are lost. As a result, the role of the main discussion platforms created directly to discuss the problems of international information security has shifted to the relevant UN structures. Among them there are:

1) The First Committee of the UN General Assembly (hereinafter — the GA), whose activities are related to the study of threats to peace, global security and disarmament issues. The discussion of IIB issues in this structure is conducted on an ongoing basis.

2) The UN Group of Governmental Experts on the Promotion of Responsible State Behavior in Cyberspace (GGE). The first of them, consisting of representatives from 15 countries, was established in 2004. The GGE of the 2nd convocation operated in 2009-2011; the GGE of the 4th convocation began work in 2014 and brought together representatives from 20 countries. The Group was last convened in 2018 and included representatives from 25 UN member States. However, due to the actual stagnation of discussions on the IIB, due to the fact that the participants adhered to different approaches to the question of the applicability of international law to the actions of States in the information space, the work of the last GGE turned out to be fruitless. According to the Chairman of the GGE of the first two compositions, Russian diplomat A.V. Krutskikh, the goals of the Group have evolved from studying threats in the ICT sphere to developing elements of its regulation, primarily principles and norms of responsible behavior of states in the information space ^[14].

GPE achieved its greatest success in the 2010s. The final reports of the Group in 2010, 2013 and 2015, adopted by consensus, established the basic principles of cooperation between States in the field of IIB. In particular, in 2015, 11 voluntary norms and principles of responsible state behavior in the information space recommended by the GGE were included in the set of UN recommended rules enshrined in UN General Assembly Resolution No. 73/273.

3) The High-level Panel on Digital Cooperation, which was established by the UN Secretary-General in 2018 to prepare a UN Roadmap for solving the most pressing problems in the field of Internet technologies, artificial intelligence and other digital objects. It is important that the 20 experts gathered in the group spoke on their own behalf, and not on behalf of any institutions (states, organizations, etc.). The group's work ended with the presentation of the final report "The Age of Digital Interdependence" (2019) (The age of digital independence. Report of the UN Secretary-General’s High-level Panel on Digital Cooperation. 2019. URL: https://www.un.org/en/pdfs/DigitalCooperation-report-for%20web.pdf ), which was the basis for the UN Roadmap for Digital Cooperation (2020).

4) The Open-Ended Working Group (OEWG), in which all UN Member States are invited to participate. It was first established in 2019 and included representatives of 140 countries and international organizations. The OEWG became the first ever open and democratic negotiating platform where States could make decisions in the field of IIB provision on a consensual basis. The mandate of the second OEWG, established in 2021, extends to 2021-2025.

The formation of the OEWG is an important milestone in the history of the international legal regulation of the IIB, since previously the discussion of issues in this area in the UN format was the prerogative of only national states. Within the framework of the OEWG, various types of actors are involved in the dialogue, including experts, representatives of business, the private sector (IT companies), non-governmental organizations, the scientific community and other stakeholders.

Currently, the GGE and the OEWG are the leading UN specialized platforms for discussing international information security issues.

Let's briefly consider the main milestones of the UN's 25-year efforts to create an international information security system. Chronologically, the process of developing the principles and norms of the IIB within the framework of the UN has been underway since 1998. The Russian Federation became the initiator of this activity. Then, in the First Committee of the UN General Assembly, Russia introduced a draft resolution "Achievements in the field of information and telecommunications in the context of international security" (UN General Assembly Resolution A/RES/53/70 of January 4, 1999 URL: https://undocs.org/ru/A/RES/53/70 ).

It is worth noting that shortly before these events, Russia made a proposal to the United States to sign a statement at the presidential level on the creation of an international legal regime prohibiting the development, production and use of information weapons. The document called for coordinating at the UN level the approaches of the world community to the use of ICT for military purposes, defining the terms "information weapons" and "information warfare", analyzing possible options for using new technologies to modernize existing and create new types of weapons, starting cooperation to monitor threats in the information space, and developing an international treaty on countering terrorism and crime in the digital environment ^{[7, p. 20]}. Russia's proposal was not fully accepted, but on September 2, 1998, the heads of the mentioned states signed a "Joint statement on common security Challenges at the turn of the XXI century", which spoke about the importance of solving the problems caused by the information technology revolution.

In the resolution proposed by Russia in 1998, which was approved by the UN General Assembly on December 4, 1998 under the number A/RES/53/70. (URL: https://undocs.org/ru/A/RES/53/70 ), for the first time, the "Triad" of the most obvious security threats associated with information technology was identified. These included the use of ICT:

1) for military and political purposes (infringement of sovereignty, violation of territorial integrity, implementation of actions that impede the maintenance of peace, security and stability);

2) for criminal purposes (theft and misuse of digital information (including personal data), creation and distribution of malware, distribution of pornographic images involving minors, suicidal tendencies, drug distribution using ICT, etc.);

3) for terrorist purposes (propaganda of the ideology of terrorism, recruitment of new supporters, maintaining contacts).

It is in these three areas that over the past 25 years projects have been developed to ensure the IIB in the UN format. Since 1998, problems related to the development of ICT have been discussed at all sessions of the UN General Assembly. Accordingly, every year the UN General Assembly adopts a resolution entitled "Achievements in the field of information and telecommunications in the context of international security." In the periods 1998-2004 and 2009-2015, such resolutions were approved on a consensus basis, i.e. without a vote, which in itself is a confirmation of the extremely high degree of concern of the world community about the problems of international information security.

In other periods (2005-2008, 2016-2022), due to the marked discrepancy between the views of the participants in the discussions on the methods and boundaries of ensuring the IIB (primarily between the position of the Russian Federation and its allies in the SCO, CSTO, BRICS and the position of Western countries under the auspices of the United States), the relevant UN conventions were approved by a majority vote, despite the sole (USA) or the collective opposition of Western countries. So, during the four-year period 2005-2008. (the entire presidential term of J. George W. Bush) The United States was the only state that voted against the UN General Assembly resolutions on the IIB, while the rest of the countries (from 176 to 179 UN member states) supported these resolutions.

The Cyberspace Summit, which was held in Dubai in 2012, also demonstrated that States have different approaches to solving problems related to the development of cyberspace and international telecommunications. These contradictions were especially evident in the refusal of the United States to sign a treaty regulating the right of states to participate in Internet governance.

In 2015, within the framework of the 70th session of the UN General Assembly, unprecedented support for the Russian draft resolution on the IIB was provided. The document, which was adopted by consensus, was co-authored by more than 80 states from all regions of the world (including BRICS, SCO, CIS, Latin American countries, as well as the United States, Germany, France, Japan, etc.). In 2016, the only country that insisted on voting on the resolution on the IIB was Ukraine, which in the end did not speak out "against", but "abstained" from voting.

In 2018, a new and, one might say, very encouraging stage began in the global discussion on international information security. First, at the 73rd UN General Assembly, the overwhelming majority of states adopted the Russian draft resolution on the IIB, which was co-sponsored by a large number of UN members. Secondly, the Russian Federation made a proposal to create a qualitatively new negotiating mechanism in the UN format — the UN Open-ended Working Group (OEWG). According to A.V. Krutskikh, "its fundamental difference from the GGE is the ability of all UN member states, without exception, to participate "on equal terms" in the process of making specific decisions in the field of IIB and to defend the interests of national security" ^[14]. The voting on Russian resolutions on the IIB also demonstrated a good trend. Thus, in 2018, 119 States voted in favor of the draft resolution proposed by Russia, 45 states voted against, and 14 abstained. In 2019, 129 "for", 6 —against", 45 abstained.

Thus, the positive dynamics in promoting the Russian vision of the future contours of an "open, safe, stable, accessible and peaceful ICT environment" ^[15] was quite clearly visible. But it was during that period that two divergent approaches to the problem of information security emerged: the Russian and the American. As a result, the United States, NATO members, and Ukraine, refusing to take into account Russia's interests in ensuring their own security, in 2018-2022 preferred either to abstain from voting or to vote against Russian draft resolutions on the IIB. Since then, the UN has not accepted any new international documents regulating malicious activities in cyberspace.

It should be noted that activities to regulate the behavior of states in the global information space during the period under review were carried out outside the UN framework. At the beginning of the new millennium, the international community, represented by its individual institutions, adopted several fundamental documents stipulating the principles of the formation of the information society and defining approaches to its creation. Among them:

1) The Okinawan Charter of the Global Information Society (2000), which was signed by the leaders of the G8 countries: Russia, the USA, Great Britain, France, Japan, Germany, Canada, Italy (Okinawan Charter of the Global Information Society. Adopted by the Heads of State and Government of the Group of Eight on July 22, 2000. URL: http://www.kremlin.ru/supplement/3170). The document sets out the main goals of States in the ICT sphere aimed at: sustainable economic growth, improving public welfare, stimulating social harmony and the full realization of their potential in strengthening democracy, transparent and responsible governance, human rights, the development of cultural diversity and strengthening international peace and stability. As a rule, these goals are voiced as the basis of state policy in the field of information security.

2) Declaration of Principles "Building an Information Society − a global challenge in the New Millennium" (2003) (Declaration of December 12, 2003 URL: https://www.un.org/ru/events/pastevents/pdf/dec_wsis.pdf ), which was adopted in Geneva as a result of the World Summit on the Information Society.

3) The Action Plan of the Tunis Commitment (2005), signed as a result of the next World Summit on the Information Society.

As for the UN format, the "stumbling block" in discussing the problems of the IIB on its platforms were the issues of the harmful use of ICT for military and political purposes. They were first formulated in the resolution of the UN General Assembly in 1999 (UNGA Resolution A/RES/54/49 of December 1, 1999 URL: https://undocs.org/ru/A/RES/54/49 ), which was proposed by Russia and contained an indication of the threats associated with ICT not only in the civilian but also in the military sphere. In the same 1999, the Russian Federation prepared a document outlining the five principles of the IIB, as well as an interpretation of the main terms related to it (in particular, such as "information space", "information weapons", "critical structures", etc.). The document presented by our country became part of the report The UN Secretary General for the IIB dated July 10, 2000. It was the first time that the definition of "international information security" itself was sounded, which meant "the state of international relations excluding the violation of world stability and the creation of a threat to the security of states and the world community in the information space" (Report of the UN Secretary-General dated July 10, 2000 URL: https://documents-dds-ny.un.org/doc/UNDOC/GEN/N00/535/04/PDF/N0053504.pdf ?OpenElement). However, the principles proposed by Russia have not been approved by the United States and its allies. Over the next 12 years, the issue of developing the fundamental principles of international information security was not raised in UNGA resolutions.

Fundamental differences in the positions of Russia and its Western opponents have greatly complicated the further process of forming a regime for the safe use of ICTs and, in particular, prohibiting their use for military and political purposes. The Group of Governmental Experts (GGE), established, as already mentioned, at the initiative of the Russian Federation specifically to coordinate the efforts of States in the field of IIB, failed to overcome these differences. The main contradictions that emerged during the work of the Group were differences in views on the assessment of threats to information security, as well as on the possibility of attributing to such threats the use of ICT to achieve military and political goals incompatible with the tasks of ensuring peace and security. As a result, of the 15 member states of the first GGE, the only ones who did not support the final report of the group in 2005 were the United States: Washington did not want to commit itself to preventing the use of ICT for military purposes ^[9]. The United States adheres to the same position today.

Despite the difficulties caused by the COVID-19 pandemic, international activities to ensure international information security were not suspended in 2020-2021.

A major diplomatic victory of the Russian Federation within the framework of the United Nations in 2020 was the support of the Russian draft resolution on the IIB, co-sponsored by 27 states. 104 States voted in favor of this resolution.

That year, the First Committee of the UN General Assembly, in parallel with the draft resolution submitted by Russia, considered another draft resolution on the IIB — the American one, entitled "Promoting responsible behavior of states in cyberspace in the context of international security." According to experts, the text of the American draft almost completely copied the text of resolution 71/28 adopted by the UN General Assembly in 2016 ^{[1, p. 14]}. However, Russia was prevented from supporting the American resolution by only one proposal submitted by the United States, but "categorically unacceptable" for the Russian side: a ban on the adoption by the UN General Assembly of any decisions on the IIB until the completion of the work of the existing OEWG and GGE (i.e. until 2025).

In March 2021, the first composition of the OEWG successfully completed its work, the final report of which was adopted by consensus of all 193 UN member states. Special attention in the Group's report was paid to the most dangerous aspect of the use of ICT − military and political. The use of ICTs to incite interethnic, interracial and interfaith strife, which can be aimed at undermining the sovereignty of States, violating territorial integrity, preparing and implementing plans for information operations and wars, as well as direct interference in the internal affairs of the State, was named among the threats to international information security.

The year 2021 was marked by another remarkable event: for the first time, Russia and the United States submitted to the First Committee of the UN General Assembly a joint draft resolution on ensuring the IIB entitled "Achievements in the field of information and telecommunications in the context of international security and encouraging responsible behavior of states in the use of information and communication technologies" (UN General Assembly Resolution A/RES/76/19 dated December 6, 2021 URL: https://namib.online/wp-content/uploads/2023/02/A.RES_.76.19.pdf ). In a document approved by the UN General Assembly without a vote, the parties called for preventing the use of information resources or technologies for criminal or terrorist purposes. It was confirmed that "voluntary, non-binding norms of responsible State behavior can reduce risks to international peace, security and stability." It was also stipulated that the "standards of responsible conduct of States" created in this way could eventually be supplemented by binding norms.

In the spring of 2022, the UN hosted a session of the Open-ended Working Group (OEWG) on Security in the field of ICT use, which continued to discuss the rules of responsible behavior of states in the global information space.

A negative impact on the development of the discussion on the provision of the IIB was exerted by the Russian Federation's initiative on the denazification of Ukraine, launched on February 24, 2022. The special operation, on the one hand, put an end to the possibility of interaction with the United States and its Western partners to work out an agreement in the field of IIB, and, on the other hand, intensified the efforts of the collective West to use ICT in order to adversely affect social institutions and the Russian population as a whole. The number of attacks on Russian critical infrastructure and domestic Internet resources (including government agencies and the media) has sharply increased, cases of leakage of personal data and their sale on the black market have become more frequent. Such cyber operations against Russia are often carried out "under a false flag", using the IT army of Ukraine ^[15].

However, even in this situation, the Russian Federation finds an opportunity to achieve success in the field of ensuring the IIB at the sites of international institutions, including the United Nations. One of the latest developments of this kind was the adoption of the second interim report of the OEWG (New York, July 24-28, 2023), prepared following the fifth session of the group. It is associated with another diplomatic achievement of the Russian Federation in the field of the formation of the legal regime of the IIB: Russia's initiative to establish an intergovernmental register of contact points for the exchange of information on computer attacks was implemented. The created mechanism opens up opportunities for cooperation between States (represented by their competent authorities) on various issues of preventing and resolving incidents in the information space.

Concluding the description of the 25-year period of the formation of the legal foundations of the IIB in the UN format, it is necessary to mention three versions of the draft UN Convention on ensuring international information security, which were proposed by Russia and which occupy a special place in the attempts of the UN to resolve the problems of information security

The first draft of such a convention, aimed at banning the use of ICT for military purposes and in the interests of weakening existing political regimes in other countries, was submitted to the UN in 2011. At the same time, the convention left the authorities complete freedom of action within the national segments of the Internet. Western countries were critical of the Russian initiative at the time, accusing the country of seeking to limit the cyber potential of rivals and of trying to establish its control in the information space.

In the second version of the UN Convention, proposed by Russia in 2021, 14 basic principles for ensuring the IIB were written out (https://namib.online/2021/07/koncepcija-konvencii-oon-ob-obespechenii-mezhdunarodnoj-informacionnoj-bezopasnosti/). Finally, in May 2023, Russia, in collaboration with Belarus, North Korea, Nicaragua and Syria, submitted to the 77th session of the UN General Assembly the next, third version of the UN Convention on ensuring International Information Security ^[14]. Many of the proposals included in the updated draft convention were already present in one form or another in the thematic resolutions of the UN General Assembly or in the reports of the relevant UN groups on IIB (OEWG and GGE). The draft is based on the principles of the sovereign equality of States and non-interference in their internal affairs. Among the tasks outlined in it are conflict prevention and resolution, establishing interstate cooperation, and building the capacity of developing countries in the field of information security. Russia considers the presented document as a prototype of an international treaty, which, unlike the previously announced agreements, will contain a universal, legally binding mechanism for ensuring stability and security in the global information space.

Thus, the formation of a legal regime for responsible behavior of states in the information space under the auspices of the United Nations is quite difficult, contradictory, but not to no avail. There is no basic universal international agreement on the provision of the IIB yet. At the moment, the problems arising in the field of safe use of ICTs are only partially resolved by the current principles and norms of international law, at the level of general prohibitions on interfering in the internal affairs of sovereign States, using force or the threat of force against the political independence of States. The international community is following the path of developing common standards in this matter, which, while not mandatory, form a system of common approaches and principles that are gradually gaining recognition in diplomatic, political and academic circles. Accordingly, there is every reason to assume that over time, norms of behavior in the global information space that are legally binding for UN member states will be developed.