A proposal by Russia that the United Nations should consider a global cybercrime treaty has been adopted with the support of 30 African countries, raising concerns that Moscow’s known preference for state cyber sovereignty will prevail in ways that give countries regulatory freedom to stifle political opposition or citizen dissent.
Early in July 2021, cyber attacks originating from Russia prompted US President Joe Biden to call for action from Moscow. This, Biden said, was conveyed to Russian President Vladimir Putin during an hour-long phone call. While the Kremlin denies the US even contacted Moscow about the attacks, recent events have promoted debate around the responsibility of state actors, including Russia, in cyberspace.
That country’s attempts to promote or resist norms around traditional global governance areas are well documented. It is known to offer a more conservative approach towards issues of human rights and military intervention, for example. And now it is under scrutiny in newer areas of contestation, including cyber governance and cyber security.
Over the past five years, Russia has become an active promoter of cyber governance norms. As it continues to push its cyber proposals on the international stage, where does Africa stand? Do growing relations between Africa and Russia mean they always share the same stance?
‘Splinternet’ or global infrastructure?
Moscow’s cyber norm promotion is closely linked to its national interests. Russia seeks to reclaim its stature as a global power (including in the technology landscape), but is also interested in how cyberspace can be harnessed for domestic purposes.
In deciding whether the internet should remain a global infrastructure or become a “splinternet” (controlled nationally), Russia and China are proponents of cyber sovereignty. They argue that countries should manage their own cyberspace and that the internet should be bordered and thus restricted.
This has led to a range of concerns around internet freedoms, from the censorship of political content online to large-scale internet shutdowns (a practice that has gained traction in some parts of Africa, Asia and the Middle East, especially around elections or public protests). While traditionally opposed by the US and other democracies, the ability to confront cyber threats, conduct surveillance and enforce regulations on harmful content such as child pornography and terrorist propaganda, means the idea of cyber sovereignty is gaining ground in the Western world too.
In promoting this cyber norm, Russia seeks to pull as many countries as possible into its orbit to enhance its soft power capabilities. At the UN in 2018, a Russian-proposed working group, open to all UN member states, garnered the support of 109 countries. Many of these countries were African, demonstrating international interest in discussing cyber norms in terms favourable to Russia.
Of the working group’s initiatives, capacity-building efforts to enhance countries’ abilities to protect their ICT environment may particularly appeal to African states who perceive themselves as lagging. Indeed, the rise in cybercrime — with critical national services often affected — has seen cyber security become an issue of international concern.
African support for Russian cybercrime resolutions
Russia is a major supporter (and sponsor) of several international cybercrime resolutions at the UN. In December 2018, a Russia-backed resolution that required the UN Secretary-General to collect countries’ views about cybercrime was adopted by a majority vote. Of the 88 countries that voted in favour, 32 were African. Only four African countries — Botswana, Ghana, Morocco and South Africa — submitted their views, but all four listed lack of state capacity and lack of international consensus as major challenges in combating cybercrime. These and other views were summarised into a report for consideration by the General Assembly.
Moving the ball forward once more, in December 2019, Russia succeeded in pushing through a UN General Assembly resolution that aimed to create a negotiating platform, under UN auspices, for the consideration of a new cybercrime treaty. This move was strongly opposed by the US which expressed concerns that this resolution would stifle existing global anti-cybercrime efforts. But with 79 votes in favour, including 30 from Africa, the resolution was adopted. Officers were elected to the ad hoc committee in May 2021 and it has been agreed that six negotiating sessions will take place before the possible adoption of a treaty.
One of the major concerns with Russia’s resolution is its vagueness around the definition of cybercrime. Not only could this lead to legal uncertainty among countries, but could perhaps provide Russia with the regulatory room it needs to stifle political opposition or citizen dissent. A month before Russia’s UN resolution was passed, amendments to domestic legislation allowing the government to block internet traffic from outside Russia came into force. Human Rights Watch said the laws undermined freedom of expression and privacy.
Cyberspace: the new battleground for competing norms
How do Africa’s own cybercrime initiatives compare with Russia’s international efforts?
“A global governance system will be important,” Tomiwa Ilori, researcher at the University of Pretoria’s Expression, Information and Digital Rights Unit, told SAIIA. But African countries need to be wary of external influence, he said. “When deciding on a framework, a human rights-based approach should be used.”
An African Union Convention on Cyber Security and Personal Data Protection was adopted in 2014, but has yet to meet the minimum number of ratifications required for it to come into force. The convention references the need for regulatory frameworks to respect the rights of citizens, but it does not establish a framework for all member states. Instead, it encourages signatories to draft their own legal, policy and regulatory measures to manage cybercrime.
Almost 40 African countries have introduced legislation that deals with cybercrime. Some of the laws, like Russia’s UN resolution, are vaguely worded while others are similar to the European Union’s General Data Protection Regulation — an earlier attempt to establish uniform cyberspace policies across countries.
This tells us that as a continent of 54 states, African views on cyber governance are not homogenous. And while many share a preference for cyber sovereignty, particularly as a means to quash political dissent, African countries do have some level of agency when it comes to adopting a model. With cyberspace fast becoming the new battleground for competing norms and influence, there is also a role for civil society in Africa to continue advocating for cyber freedoms.
Research by Cayley Clifford, SAIIA