An Analysis of the International Code of Conduct for Information Security
Author: Sarah McKune, Citizen Lab | Development: Andrew Hilts, Open Effect / Citizen Lab
This website presents a line-by-line analysis of the International Code of Conduct for Information Security, proposed to the UN General Assembly by member states of the Shanghai Cooperation Organization. The interactive analysis accompanies a report published by the Citizen Lab (Munk School of Global Affairs, University of Toronto). Key insights are derived from looking at what text has been inserted or deleted between the 2011 and 2015 versions of the Code, and discussed using clickable annotations. Explore below.
United Nations General Assembly A/66/359 A/69/723
Distr: General
14 September, 201113 January, 2015
Original: English
Sixty-sixthSixty-ninth session
Item 93 of the provisional agenda (A/66/150)Agenda item 91
Developments in the field of information and telecommunications in the context of international security
Letter dated 12 September 2011 9 January 2015 from the Permanent Representatives of China, Kazakhstan, Kyrgyzstan, the Russian Federation, Tajikistan and Uzbekistan to the United Nations addressed to the Secretary-General
Recent years have witnessed the considerable progress achieved in developing and applying the latest development and application of new information and telecommunication communication technologies, which could potentially could be used for purposes that are inconsistent with the objectives of maintaining international stability and security. It is of great significance that An international consensus is now emerging on the need to strengthen international cooperation and formulate relevant international norms, in order to address common challenges in the sphere of information security should be dealt with through international cooperation and in the spirit of mutual respect.. To that end, China, Russia, Tajikistan and Uzbekistan have jointly elaborated in the form of a potential General Assembly resolution on submitted an international code of conduct for information security to the General Assembly in 2011 at its sixty-sixth session, which was subsequently co-sponsored by Kyrgyzstan and call for Kazakhstan. The code of conduct gave rise to extensive international deliberations within attention and discussion after it was distributed as a document of the United Nations framework on such an international code, with General Assembly (A/66/359). Consequently, we revised the aim code of achieving conduct, taking into full consideration the earliest possible consensus on international norms comments and rules guiding suggestions from all parties. We now have the behaviour honour to enclose herewith the Chinese, Russian and English versions of States in the information space revised code of conduct (see annex). With this, we hope to push forward the international debate on international norms on information security, and help forge an early consensus on this issue.
It would be highly appreciated if you could circulate the present letter and its annex as a document of the sixty-sixth sixty-ninth session of the General Assembly, Assembly under item 93 91 of the provisional agenda agenda.
(Signed) Li Baodong Liu Jieyi
Permanent Representative of the People’s Republic of China
to the United Nations
(Signed) Kairat Abdrakhmanov
Permanent Representative of the Republic of Kazakhstan
to the United Nations
(Signed) Talaibek Kydyrov
Permanent Representative of the Kyrgyz Republic
to the United Nations
(Signed) Vitaly Churkin
Permanent Representative of the Russian Federation
to the United Nations
(Signed) Sirodjidin Aslov Mahmadamin Mahmadaminov
Permanent Representative of the Republic of Tajikistan
to the United Nations
(Signed) Murad Askarov Muzaffarbek Madrakhimov
Permanent Representative of the Republic of Uzbekistan
to the United Nations
Annex to the letter dated 12 September 2011 9 January 2015 from the Permanent Representatives of China, Kazakhstan, Kyrgyzstan, the Russian Federation, Tajikistan and Uzbekistan to the United Nations addressed to the Secretary-General
[Original: Chinese, English Chinese and Russian]
International code of conduct for information security
The General Assembly,
Recalling its resolutions on the role of science and technology in the context of international security, in which, inter alia, it recognized that scientific and technological developments could have both civilian and military applications and that progress in science and technology for civilian applications needed to be maintained and encouraged,
Noting that considerable progress has been achieved in developing and applying the latest information technologies and means of telecommunication,
Recognizing the need to prevent the potential use of information and communication technologies for purposes that are inconsistent with the objectives of maintaining international stability and security and may adversely affect the integrity of the infrastructure within States, to the detriment of their security,
Underlining the need for enhanced coordination and cooperation among States in combating the criminal misuse of information technologies and, in that context, stressing the role that can be played by the United Nations and other international and regional organizations,
Highlighting the importance of the security, continuity and stability of the Internet and the need to protect the Internet and other information and communications communication technology networks from threats and vulnerabilities, and reaffirming the need for a common understanding of the issues of Internet security and for further cooperation at the national and international levels,
Recognizing that confidenceBearing in mind the assessments and security recommendations contained in the use report of information and communications technologies are among the main pillars Group of Governmental Experts established in 2012 on the information society basis of equitable geographical distribution, in fulfilment of resolution 66/24, and that a robust global culture which, in accordance with its mandate, considered existing and potential threats in the sphere of cybersecurity needs to be encouraged, promoted, developed information security and possible cooperative measures to address them, including norms, rules or principles of responsible behaviour of States and confidence-building measures in the information space, and conducted a study on relevant international concepts aimed at strengthening the security of global information and telecommunications systems,
Stressing the need to develop a common understanding of how norms derived from existing international law relevant to the use of information and communication technologies by States, a measure essential to reduce risks to international peace, security and stability, will apply to State behaviour and the use of information and communication technologies by States, in accordance with paragraph 16 of the report of the Group of Governmental Experts (A/68/98 of 24 June 2013),
Noting that, given the unique attributes of information and communication technologies, additional norms could be developed over time, in accordance with paragraph 16 of the report of the Group of Governmental Experts,
Recognizing that confidence and security in the use of information and communications technologies are among the main pillars of the information society and that a robust global culture of cybersecurity needs to be encouraged, promoted, developed and vigorously implemented, pursuant to General Assembly resolution 64/211 of 21 December 2009, entitled “Creation of a global culture of cybersecurity and taking stock of national efforts to protect critical information infrastructures”,
Stressing the need for enhanced efforts to close the digital divide by facilitating the transfer of information technology and capacity-building to developing countries in the areas of cybersecurity best practices and training, pursuant to resolution 64/211, that General Assembly resolution,
Adopts the following international code of conduct for information security as follows: security:
1. Purpose and scope
The purpose of the present code of conduct is to identify the rights and responsibilities of States in the information space, promote their constructive and responsible behaviours behaviour on their part and enhance their cooperation in addressing the common threats and challenges in the information space, so as in order to establish an information environment that is peaceful, secure, open and founded on cooperation, and to ensure that the use of information and communications technologies, including networks, are to be solely used to benefit social technologies and information and communications networks facilitates the comprehensive economic and social development and people's well-being, with well-being of peoples, and does not run counter to the objective of maintaining ensuring international stability peace and security.
Adherence to the code is voluntary and open to all States.
2. Code of conduct
Each State voluntarily subscribing to the code this Code of Conduct pledges:
(b)(2) Not to use information and communications technologies, including networks, and information and communications networks to carry out hostile activities or acts of aggression, pose threats which run counter to the task of maintaining international peace and security or proliferate information weapons or related technologies
(3) Not to use information and communications technologies and information and communications networks to interfere in the internal affairs of other States with the aim of undermining their political, economic and social stability;
(d)(5) To endeavour to ensure the supply chain security of information and communications technology products goods and services, in order to prevent other States from using exploiting their dominant position in information and communications technologies, including dominance in resources, critical infrastructures, core technologies technologies, information and other advantages communications technology goods and services and information and communications networks to undermine the States’ right of the countries that have accepted the code of conduct, to gain independent control of information and communications technologies technology goods and services, or to threaten the their political, economic and social security of other countries;security;
(e)(6) To reaffirm all the rights and responsibilities of States to protect, all States, in accordance with the relevant laws norms and regulations, rules, regarding legal protection of their information space and critical information infrastructure against damage resulting from threats, disturbance, interference, attack and sabotage;
(f)(7) To recognize that the rights of an individual in the offline environment must also be protected in the online environment; to fully respect rights and freedom freedoms in the information space, including rights the right and freedom to search for, acquire seek, receive and disseminate information on the premise of complying with relevant national laws and regulations impart information, taking into account the fact that the International Covenant on Civil and Political Rights (article 19) attaches to that right special duties and responsibilities. It may therefore be subject to certain restrictions, but these shall only be such as are provided by law and are necessary:
(a) for respect of the rights or reputations of others;
(b) for the protection of complying with relevant national security or of public order (ordre public), or of public health or morals;
(g) To promote (8) All States must play the same role in, and carry equal responsibility for, international governance of the Internet, its security, continuity and stability of operation, and its development in a way which promotes the establishment of multilateral, transparent and democratic international Internet management system to governance mechanisms which ensure an equitable distribution of resources, facilitate access for all and ensure a the stable and secure functioning of the Internet;
(h) To lead(9) All States must cooperate fully with other interested parties in encouraging a deeper understanding by all elements of in society, including its information and communication partnerships with the private sector, to understand their roles sector and responsibilities with regard civil-society institutions, of their responsibility to ensure information security, in order to facilitate by means including the creation of a culture of information security and the protection provision of support for efforts to protect critical information infrastructures; infrastructure;
(i)(10) To develop confidence-building measures aimed at increasing predictability and reducing the likelihood of misunderstanding and the risk of conflict. Such measures will include, inter alia, voluntary exchange of information regarding national strategies and organizational structures for ensuring a State’s information security, the publication of white papers and exchanges of best practice, wherever practical and advisable;
(j)(12) To bolster bilateral, regional and international cooperation, promote the important a prominent role of for the United Nations in formulating areas such as encouraging the development of international norms, legal norms for information security, peaceful settlements settlement of international disputes and disputes, qualitative improvements in international cooperation in the field of information security, security; and to enhance coordination among relevant international organizations;