Cybersecurity: Do women count?

I have another blog post to write about, which is a continuation of the privacy blog. But after attending this morning's session on ITU and cybersecurity, I think I should jot this down before the moment escapes.

The workshop was a panel of representatives from the 5 pillars of ITU's work: legal, technical, organisational structures, capacity building & international cooperation. Yes, they were all male in matching black suits, but there was a fair amount of regional representation within that, with speakers largely from developing countries.

They gave a brief overview of the work they were doing under each pillar, and the thing stressed most was that:

1) ITU has the mandate and representative power to take the lead in cybercrime - through its mandate under the WSIS Action Line C5; and its membership of 191 countries and 574 industry organisations)

2) They're serious about creating a "global culture of cybersecurity"; and

3) Is establishing all the right kinds of partnerships with all the right people to make sure that steps are being taken and implemented to make this happen

The steps include an impressive quantity of standards (more than 3000, where 200-odd was on security alone - which raised a comment by a participant from Intel in terms of ITU's approach to quality as opposed to quantity) developed through its Global Cybersecurity Agenda, It also signed a memorandum of understanding with IMPACT, a global non-profit private entity located in Malaysia, that is establishing a global response centre and focussing on building the capacity of public and private IT professionals to deal with cybersecurity threats. Impact wants to establish itself as the first point of contact when threats occur, through a strategy of information exchange. This is significant, since by doing so, they can circumvent the fact that country A and country B who have no diplomatic agreements are still able to cooperate with each other. What constitutes security threats? The usual national security and commerce issues: spam, fraud, DoS attacks etc. This also raises the usual enquiries about what happens when political dissidents' communication become a security threat. Not to mention, if ICANN is critiqued for being subjected to Californian laws, what would a global first point of contact and information exchange on cybercrime threats mean by being subjected to Malaysian laws? It's worth interrogating.

Then enters a new area of work under the Global Cybersecurity Agenda: COP. Child Online Protection. The presentation was short, so did not provide much substance except powerpoint slides of toddlers and very, very young children sitting in front of laptops, with catchall phrases like "children everywhere have the right to be safe online".

I'm curious and interested to find out how protection of children became one of the areas under the agenda. Violence against women and ICT issues is no where near receiving the same kind of urgent acknowledgement or prioritisation. There could be a lesson here somewhere, despite my discomfort with the protectionist framework. So right at the end of the session (after a heated exchange about the global applicability of the Budapest Cybercrime Convention and ITU's position about it), I raised my hand and asked my question: "What was the process and catalyst in which protection of children became one of the priority areas of work for ITU? Instead of other forms of crimes related to ICTs with great social impact such as trafficking of women?"

The response left me a little dumbfounded. The two speakers who answered me began by stating how the whole "international community agree that our children are precious to us" and that "no one can argue that we should immediately work on this area". Then they told me about how great this initiative is, and how they have received good response from all over the world, with an international conference on this topic planned, and that there are guidelines I can download from their website etc.

But that wasn't my question. It seemed as though all I had to do was say the magic words, "protection of children" and there is an immediate assumption that we are unequivocally on the same page. I am interested in protecting the *rights* of the child. But right now, I am asking how is it possible for me to get the entire ITU global community of governments and the private sector to be as interested in the protection of the rights of women. I want to know the process, the actors, the manner in which I can potentially participate in to determine the agenda setting.

This was not heard.

What was even stranger was that immediately after the workshop ended, a representative from ITU came to me and handed me his card, letting me know I can approach him for more information on how to be a better COP. When I tried explained that my question was misunderstood, and that to clarify it further. He pointed me to the fact that ITU *does* do work with women, something to do with telecentres (!). And hastily added that this wasn't his area of work, because this workshop (he patiently explains) is about cybercrime. When he left, another man from an Egyptian Telecommunications Regulatory body handed me his card, and wanted to exchange information because protection of children was an area he was very much interested in doing work on.

I have never felt so assured, popular and misunderstood at any forum or conference.

This says something very clearly to me. Regardless of what is being said in other spaces - careful arguments about competing rights, the importance of recognising children as people with rights and agency, not to conflate different kinds of issues under the rubric of "protection of children" etc - serious measures are already being taken to "harmonise" national laws to create a "global culture of cybersecurity".  As emphasised so strongly by the speakers at the beginning of the workshop, ITU does have the capacity and power to enact changes in all the 5 pillars, even if by virtue of its State membership alone.

So what does this mean? I can only hope it means that advocates for children's rights are engaging in this growing global movement to define, intervene and regulate on what it means to "protect children" in this context. That the framework is the CRC, and that children who are abused by their parents or guardians or people that they trust (which makes a large part of perpetrators of child abuse, especially child sexual abuse) do not get subjected to greater surveillance, control and limitation to access critical information in the process.

In the same vein, if the issue of violence against women in a networked age is to receive serious recognition and change, ITU would be a significant stakeholder to engage with. And this begins in a terrain that women's rights movements have long engaged with - national key actors. But this also means claiming ICT as a political agenda in the women's movement. Gaining the same kind of familiarity, empowerment and entitlement to enter into the spaces, negotiation and determination of what it takes to address the issue. I guess that's why I'm here. I'm imagining if the entire participants from AWID Forums were here, there would certainly be no arrogant assumptions of "being on the same page" when it comes to the complex issue of "protection of children".