The following are the outputs of the captioning taken during an IGF intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.
***
>> VERONICA FERRARI: Hello, can you hear me? Good afternoon, good morning, good evening, if there is people joining online. Thank you so much for being here, and I hope you're enjoying the IGF so far. My name is Veronica Ferrari, global policy advocator. I invite those in the room who want to come a bit closer, that is fine. We are a small group. So, that is to have a conversation and to hear from you also.
Quickly, APC is an international civil society organization and we are also a network of members from over 40 countries, mostly from the global majority, working for gender, social, and environmental justice and the intersections within digital technologies. And in today's session, we are going to discuss, as you may know, about gender perspectives in cybersecurity, specifically cybersecurity policy. We all know that traditionally cybersecurity rights were centered on national security, the security of systems. But in recent years, we are seeing an increased conversation about the need for a human rights‑based approach to cybersecurity, which is an approach that places humans at the centre, since they are the ones impacted by cyber threats, cyber operations.
And additionally, we see more and more recognition in international, regional, and national spaces about the fact that different social groups are in different positions with dealing with threats like hacking, surveillance, and that spreads disinformation campaigns and shutdowns and research has shown that cyber incidents disproportionately impacts and harms individuals and groups in society on the basis of their gender, but also sexual orientation, their gender identity or expression, but also because of their race, religion, and profession, in the cases of journalists, activists, human rights defenders. In addition, civil society has been documenting and producing research that shows that around the world, legal cyber frameworks are being used to silence and persecute women, LGBTQ people for their activism, gender expression, or simply because of expressing dissent. So, these are some of the issues we want to discuss today with all of you.
What do we mean by a gender‑responsive approach to cybersecurity, how we can generate the perspective at debates at the regional, national and international levels and also how to deal with the challenges when integrating this perspective. And also it would be great to discuss what issues this agenda should focus in the future.
For this, we have great speakers here that will be sharing examples of how cybersecurity directly affects the lives of women and diversity in different regions of the world they will also tell us what is the status of integration of gender in national but also international cyber policy debates, among other issues. So, quick intros for our great panel. Our first panelist is Kemly Camacho. Kemly is the Co‑founder and current General Coordinator of the (?) in Costa Rica. Next, we have Grace, CEO, convener of the Kenya ICT Action Network, KictaNet, which is a multistakeholder platform for people and institutions interested and involved in ICT policy and regulation.
Also joining us, the Foundation for Media Alternatives, where she works on issues related to data privacy and cybersecurity.
And finally, we also welcome David Fairchild, First Secretary, Permanent Mission of Canada, where he focuses on digital policy and cybersecurity and represents Canada, for example, at the UN Open‑ended Working Group on ICTs. So, again, thank you all for being here. We plan to have a round of intervention from our speakers, then open the floor for comments, questions, or anything you want to bring. And my colleague, Paula, is helping with the engagement of online participants, if we have any people joining online.
But before we dive into the discussion, I quickly wanted to provide like a background of APC's thinking on gender and cybersecurity and a bit more about the specific tool we have developed that we have here these brochures. We have copies in English and Spanish and you can use the QR code here to download it.
So, firstly, for us it's important to note that a gender approach to cybersecurity is not only a women's issue, that gender goes beyond that and gender is about power relations. The idea also that cybersecurity is not only a technical issue, that technological and policy solutions can also contribute and be used to mitigate discrimination and inequalities in societies.
So, for APC, a gender approach to cybersecurity is about understanding and addressing differentiated risks and also these should be explicitly intersectional, so take into account gender, but together with other intersections and factors that compose our identities, such as race, ethnicity, religion, class. So, cybersecurity is responsive to the adverse security priorities, perceptions, and practices of different groups and people.
Our approach also recognises that we are all active subjects that have agency in the process of creating a more secure environment online for everyone and questions on works to overcome one of the main challenges regarding cybersecurity, which is the lack of intersectional diversity in the tech sector, in the cyber sector, but also in cyber diplomacy, in cyber policy. So, all in all, this perspective means that in every step of the design, evaluation and implementation of measures and policies, the goal should be to positively impact the greatest number of people in all of their diversity and complexity. And what we argue in this and other publications is that, without this more holistic or systematic approaches to cybersecurity, large segments of the population will be vulnerable to cyberattacks, and as a consequence, national security, the security of systems, as well as human rights are affected and weakened.
So, the framework that I mentioned before ‑‑ just a quick about that. So, basically, from our research and an initial mapping that we conducted at APC, we found it difficult to find references to gender and gender equality in cybersecurity policies and strategies around the world. And it was even more challenging to find practical recommendations or guidance on how to incorporate such a perspective into cyber policy. So, because of that, we believe it was key to offer a reflection on why it is important to include a gender approach to cyber, but also guidance on how to do it.
So, in collaboration with cybersecurity and gender specialists, activists, and also policymakers, we developed this framework to support, first, mainly policymakers working at the national level in cybersecurity policy, but we also think that this could be a useful tool for civil society when working at the national level, engaging in regional discussions, and also in the international level, and we also think that this could also feed the discussions happening, for example, at the UN on cybersecurity. So, basically, we want to help and support different audiences and groups in different ways.
So, this framework is made up of an overview with a document that compiles norms, standards, and international guidance, connected with gender and cybersecurity, from human rights council resolutions to ITU guidelines, report of UN processes. We have another document that maps existing research, addressing gender and cybersecurity that is still scarce but has been growing in the last years, and also an assessment tool that provides the practical recommendations to develop this gender approach to cybersecurity policy. So, as I said, we intend this framework to be useful to different audiences and in different ways, also thinking about the international organizations and the regional organizations that are the ones that provide advice for the development of cybersecurity strategies. So, basically, this framework has been designed as a starting point. We acknowledge that the recommendations are general and we need to adapt them to local and national contexts. This is why we have organized regional conversations with civil society, with policymakers, in regional IGFs, to socialize but also enrich this framework, and we are discussing it now with the IGF community. So, I will stop here.
So, we would like to hear from our speakers. Kemly, if that's okay, I will start with you. So, you have a lot of experience engaging in policy in Cahokia reesza and Central America. I wanted to ask you what in your view are the main issues that a gender perspective on cybersecurity should consider in the region and also what do you think is the status of the integration of a gender perspective in cybersecurity policy, in Costa Rica and broader? So, yeah, I'd love to hear your thoughts on this. I can pass you this mic? Okay. You have it there. Thank you, Kemly.
>> KEMLY CAMACHO: Thank you. Thank you, Veronica. Thank you for the invitation. Thank you, everybody, for being here. This is, I think, a really keen discussion.
I decided to go to the very practical aspects based on the experience that we have had now since 2018, working in integrating gender in policies in general and the cybersecurity strategy in Costa Rica. I'm going to try to reflect a little bit and get some of the good practices and the lessons learned also.
Just very fast. We participate ‑‑ in Costa Rica, we have a policy of gender, science, and technology, which is the big framework to working these issues. And we participate very actively in the building of this policy. And then later, we were designated to elaborate the monitoring and evaluation framework for the policy. And now, this year, we are designated to begin when I return to develop the action plan for the policy of science, technology, and gender in Costa Rica, yes.
And also, we are part of the national committee as representative of the civil society organization, the National Committee for the Cybersecurity Strategy.
Then, one thing that, first, here ‑‑ my first thing is, I don't know in all your countries, we have this strategy mandatory in Costa Rica. You have to have a committee, a multistakeholder committee to develop and to follow up the policies and the strategies. Then we are part of this committee.
First thing that I have to say is budget. Where the budget is allocated. I think this is, to be honest, the possibility to do or not to do things, yes, and to define which is the vision of one government, yes, about what you are going to prioritize, and your gender is prioritized in the strategy is the budget, then this is something, one of the lessons learned or the things that we wanted to share.
As Veronica said before, when we began, we have two movements in Costa Rica. Costa Rica was hacked as a country in 2020, exactly after the pandemic, yes? We were hacked totally, as a country, yes? Health data, banking data, everything was hacked as a country. Then there is a before‑and‑after for the hacking, yes. And also, at the same time of the hacking, we got an authoritarian government, yes, and the other was more open, and we have hacked and have an authoritarian government, okay?
Then, I wanted to say first that the cybersecurity strategy was totally at the beginning or totally oriented to attend, to take care of the attacks. That is the cybersecurity policy. I imagine in many of your countries, it is the same, yes? Nothing more than that. And all the budget for it was related to react to the cyber. Even with that, we were hacked as a country totally, okay?
But when we were hacked, something very important is ‑‑ because the country was not prepared, they asked the country, they asked it to the private sector to be in charge of the cybersecurity of the country, okay? And this is something that continues happening, okay? And also, they ask some governments to support the country in the cybersecurity part. Then, in this context, we have tried to integrate the gender perspective in the cybersecurity strategy, yes? Then, what do we do to try to integrate the cybersecurity agenda in the cybersecurity strategy? One thing that we do was to convene civil society organizations as a network. And we, as representative of the civil society organization, we convene a network, a network of organizations that were not interested in cybersecurity at all. Organization working with kids and young people, organization working with sexual workers, organization working in environment, organization working in VHS, organization, LGBT organizations, really a big network of organizations, to do the advocacy based in this big movement. If not, it is for us impossible to integrate a gender perspective in the strategies.
One first thing I don't see here ‑‑ we participate on that. That is something for ourselves. It is something that we have to do with this organization was a training programme about what cybersecurity is, yes, and why it is important for organizations working in indigenous aspects, yes? The education part about what cybersecurity is, using a popular education approach I think is something that we have to do. For this organization, even more than cybersecurity, they are worried about the management of the personal data, yes? And not necessarily ‑‑ it's connected, but it is not the same. Then I think this is something that we have learned. We have to dedicate almost six months of training programmes to really, for the people to understand not only what the cybersecurity is, but what is the connection between cybersecurity and sexual workers, for instance, yes? Then, this process is for me crucial, crucial, because it's the only way to really advocate. We believe a lot in advocacy based in social movements. Then this is one point I wanted to say.
We have discussed in, I don't remember in which of the panels, but the issue of the consultation, because we were consulted by the strategy builders, yes, but this consultation, we participate a lot, we dedicate a lot of time. We did the recommendation. We comment everything. And when the first cybersecurity strategy came out, any of our comments were integrated of the civil society comments. Then, these consultation process is also something we have to take a lot into account. I am going to finish very fast. I have other things.
But I wanted to say that after the hacking and the authoritarian government come, we continue the last cybersecurity strategy ‑‑ I don't know if that happened in your countries, but when the government changed, they trash it, okay? All this process. They trash it and they begin another process, okay? They begin another process, and then this is something also that we have to take into account when we are working on these issues because we have to begin again all the process, all the process, all the process of developing the strategy.
Something that I wanted to say also is, in the second strategy, led by the private sector, by the big companies that have their headquarters in Costa Rica, my country, they are pushing a lot for having more women studying cybersecurity. And this is one of their most important strategies inside the cybersecurity strategy, women studying cybersecurity as the gender focus of the strategy. And of course, this is wonderful! More women in IT and all of that, even if this is because of the private sector agenda to cover the deficit of human resources that they don't have at this moment to answer to all the digital developments.
And then, this part we have to take a lot of care, because it's not necessarily one aspect related with the gender approach to the cybersecurity strategy. Just two more words for the other.
We also have this policy ‑‑ we could, whereas to integrate in the policy of gender, science, and technology, a big area related with violence against women, a big area, a big strategy, yes, and then we could integrate that. And because this is an umbrella, maybe we can take this part to develop the strategy, and then we could integrate that. And we also could integrate data monitoring of the gender, not only women, but gender, yes, data monitoring related with work people or sexual worker, et cetera, yes, about violence against them, even if we know violence against gender/diversity is not the only thing, but those are the issues that at the moment, at this moment, we could integrate based in our practice. Then I leave it there, okay?
>> Veronica Ferrari: Thank you, Kemly. Yeah, so many great things that Kemly shared from their experience working on the national and regional level, from awareness at the very beginning, the need to form coalitions and to building also with organizations working on other agendas, human rights, development, children rights more broadly, and also the need to think a gender perspective in cyber, beyond the idea of diversity and inclusion of more women in ICTs, which I think is really important.
So, I'd like now to turn to Grace. So, Grace, you also have extensive experience working in cybersecurity policy at the national, the regional, and also the international levels, but direct work, for example, on cyber capacity‑building for groups that experience marginalization, such as women, but also persons with disability, person living in rural areas. So, I wanted to ask you about the intersectional challenges that, for example, policymakers should consider when working on cybersecurity policy and how should they address these intersectional challenges that are about gender, but also broader inequality issues. So, yeah, I would love to hear your thoughts about that.
>> Grace: Okay, thanks, Veronica. I think before I respond to your question, I just wanted to say that at KictaNet, we work on cybersecurity and signer hygiene, and that is in line with our mandate to push or advocate for inclusion in ICT, data, in what we do. For example, we have dedicated an entire programme on just working with women in all of their diversity, and this has included training women in digital security and in cyber hygiene practices. And just informing them to form communities of practice so they're able to protect each other, especially when they're attacked online, and also to be to push for their issues and so they can get that policy attention. We also, in terms of also working with other groups, like you have raised, we work with persons with disabilities, we also work with farmers, we work with home caregivers and we also work with youth in the informal settlements.
In terms of supporting ‑‑ that's our work at the national level and we also seat in Kenya as the civil society representatives.
In terms of regional work, we run what we call Tetua Digital Resilience Centre. It's Swahili, meaning that it will solve, solve. And this is for to support social justice organizations, organizations that are working in very sensitive issues to basically enhance their digital resilience. And of course, internationally, we participate in the Open‑ended Working Group, just to make sure we are bringing on board the perspectives of ordinary people in those conversations.
Now, the question that you have asked me about shaping that, about contributing, or what policymakers should consider at that intersectionality. I think the thing I want to say is that cybersecurity, unlike your other policy issues, I think, you know, it's a complex issue, as it requires a multifaceted field that intersects with different stakeholders in different domains. And also, because of that, I think policymakers need to consider certain range of intersectional challenges, but I am just going to highlight three. And one of them that has been drawn from my experience of working with ordinary marginalized communities is on the issue of cybersecurity awareness; that policymakers sometimes will sit and determine what policies need to come in place, but the people who are affected or the people who are part of the perpetrators are not participating in shaping some of these policies. And so, there is a need to understand what informs those who are the perpetuators, but also for ordinary people. Do they really understand what cybersecurity is all about? So, cybersecurity is very critical. That creation of awareness of the risks as well as the best practices is crucial. And therefore, policymakers, you know, apart from coming up with the policies, there is need for them to be at the forefront of supporting awareness creation amongst citizens and among businesses and to support that collaboration between different sectors on how, you know, on how to create awareness and how people can position themselves in order to benefit from the policies.
The second issue I want to talk about is on human rights. You know, when we work in civil society, we work with ordinary people; we work with people who are affected in different ways. And sometimes, policymakers, because they are in a position of privilege, they may not understand some of the issues that affect ordinary people. And therefore, it is important for them, you know, to ensure that as they come up with the cybersecurity policies, that they do not disproportionately impact vulnerable populations, and that there is need to respect those rights as a right of consideration. And when I say about vulnerable populations, it's because there is that element of thinking up here and forgetting that there are people who are affected here, and not thinking that the issues of the people down there matter.
And finally, when it comes to cybersecurity and policy‑making, there is the need to consider innovation. Like in Kenya, we have all these young people who are innovating, and we also have them innovating both positively and negatively because we have a lot of cyberattacks actually coming from young people who, you know, young people who are unemployed and are consistently thinking of how they can make money, so they are always thinking of how to break into banks, into mobile money, into ordinary people. And so, therefore, the tendency is to respond to that with, you know, with a policy that sometimes curtails innovation. And therefore, policymakers need to keep up with the rapidly evolving technologies and that ever‑changing threat landscape. And the threat of the landscape is that today threats are going to be identified. And once people know that those have been identified, they are consistently thinking of how to go, you know, to go behind what that's been done to come up with new threats. And therefore, policymakers need to be above. So, there is need to balance that need for innovation with securing the digital infrastructure. Thank you.
>> Veronica Ferrari: Thank you, Grace. I think, yeah, it is a really critical point, one of the things that you mentioned. You mentioned a lot of critical points, but I was thinking about the need to actually involve the communities in these groups that experience these different impacts and have specific needs and perceptions around cybersecurity when policy securities are actually drafted, but also implemented and evaluated. So, in the framework that we put together, there are some recommendations in that regard, so I think it is a key point to have in mind. Thanks so much for sharing about that, Grace.
I would like to turn to Jess, now, if that's okay. So, as I mentioned, we are organizing some regional conversations around this framework. We organized a good session during the Asia‑Pacific IGF. So, participants, they highlighted challenges, for example, in the region related to a shrinking civic space, challenging for civil society inputs to be taken into account. That challenge, clearly, we heard from Kemly, appears in other regions in the world. And also, another thing that came up in that conversation is cyber‑related laws that are ultimately used to sensor and even criminalize.
So, you and your organization have done research and advocacy around those issues in the Philippines context. So, I wanted to ask you if you can briefly share. We'll work with problems with a perspective of cybersecurity in the Philippines. I think it could be useful for a lot of us if you can share what strategies you put in place to engage in cyber policy discussions to bring gender and feminist perspectives. So, yeah, thanks so much.
>> JESSAmine: Thank you, Veronica. And thank you, firstly, for inviting us to share our perspectives from the Philippines. We also have a cybersecurity strategy ‑‑ a National Cybersecurity Plan, which is actually currently in the process of being updated this year. So, I hope we'll have time later so I can also talk about that.
But as to the Cybercrime Law, which is another piece of legislation that is very crucial and impacts gender a lot, well, let me start by saying that The Cybercrime Law of the Philippines actually has a lot of problems. So, from a human rights perspective in general. So, we have the criminalization of cyber libel, we have this very generic and wide‑reaching provision that imposes excessive penalties to crimes that are done with the use of ICTs. But one of the most problematic provisions, especially related to gender, is that the law introduced this new crime called cybersex. And it was very broadly defined as the willness engagement, maintenance, control, or operation, directly or indirectly, of any le Siddous exhibition of sexual organs or sexual activity with the aid of a computer system for favour or consideration. So, it's a very broad definition and even defined some of the critical terms here, like what's lascivious exhibition? What do we count as sexual organs? What do we count as sexual activity? Which makes this provision prone to arbitrary interpretation of whoever is interpreting it. So, that brings us a situation where even things like consensual acts done online or artistic works or works of art are legitimate expressions of women and LGBTQ persons, for example, could fall under this criminalized provision. And also considering that the Philippines is still ‑‑ the Philippine society and Philippine culture is still highly patriarchal, we're predominantly Catholic, so there are still a lot of conservative values there. And with this policy being made subject to, you know, these kinds of moral standards, it really disproportionately endangers women, LGBTQ persons, and their rights to their freedom of expression.
The good news is that this provision has actually been recently, very recently repealed, I think early last year. It was not through an amendment of the entire Cybercrime Law. It was through a repealing provision under a new legislation on online sexual abuse and exploitation of children. So, it was quite an unconventional route that they take, and it was not ideal, but also I think we also need to recognise that this was also a product of years of advocacy by women's rights groups, by LGBTQ advocacy groups in the Philippines.
And as to the second part of your question on the strategies. So, what are the strategies that led to this small victory, as I consider it? It was, like Kemly, you mentioned earlier, it was really working with the networks. It was a lot of collaboration and coordination across different advocacy groups, so women's rights groups, for example, children's rights groups, because like I said, it was repealed under a law on online sexual abuse and exploitation of children, so we worked also with children's rights groups, LGBTQ groups. So, because, like I said, because the law is very problematic on a lot of different points, it was also very clear to us early on that we had to also attack it from different points of entry.
And it was also fortunate for us to have a champion in the Philippines Senate who is a staunch advocate of women's rights and really, like, also remains open to speaking with civil society on various issues, including cyber policy. So, that was, I think, it was a key point in pushing for that kind of legislative change.
>> Veronica Ferrari: Thanks so much. That was a key point, the idea of forming coalitions, and also then defining the champion within the government that could actually be working on cybersecurity specifically or not.
So, I would like now to move to some of the international discussions and to David, because I would like you to share a bit of what's happening at the international level and how gender considerations appeal in some multilateral processes on cybersecurity, for example the UN open‑ended Working Group on ICTs, and what are, if you can share, gender perspectives on a perspective on cybersecurity should consider moving forward. Over to you. David, thanks.
>> DAVID FAIRCHILD: Hi, everybody. Tender day, day 3, bottom of the seventh, nine innings. Okay. I'm going to try to ‑‑ I guess I'll try to capture some salient points. I have a speech, but I think given the time, I'll probably pretty much dump most of it and get to the point.
Canada has long supported gender issues at the international level. It's a core component of our foreign policy and our foreign international aid policy, so I think it goes without saying that we support this issue entirely. This is a base plate to our international policies, whether it be Cybercrime, Cyber Open‑ended Working Group, and elsewhere. So, I don't think I'll spend a lot of time on that, despite the fact that I've probably got two pages of notes. None of it's really that relevant.
I think what's really relevant is sort of painting a bit of a canvas of what is going on, because I think what people see is only the final product, after the negotiations are over and the text is resolved is what you see. What you don't see is what goes on in between, in the interim period, behind the closed doors, where countries like Canada and like‑mindeds are fighting for inclusion of specific language that I think we would all agree with, and there are a cast of countries which I won't bother naming ‑‑ I'm sure you can figure out who they are ‑‑ that are doing for their own purposes, have an alternative narrative that they're pushing. This is a constant fight. It is not going away, and I would argue in some cases we're back‑sliding.
I do cover lots of UN agencies. I sit in Geneva, so including the Human Rights Council, where this is often a front‑and‑centre element to many negotiations. This is just more of a clarion call to repeat that we are not necessarily ‑‑ we are winning battles, but the war is not over. And I think it's of critical importance that we continue to frame our activities in a rights‑respecting manner.
The OEWG itself has a norm, Norm E, that says that countries must respect in the uses of cyberspace basic international frameworks, including UDHR. Some countries, as we know, don't necessarily respect ‑‑ they may respect the principles and say that they respect the framework, but their implementation of those rights are not the same. So, this is an important message. I think that's probably one of the most important messages I can convey. We are seeing back‑sliding on SOGE language. We are seeing efforts by some countries to reframe how we talk about rights, away from individual rights to people‑centric rights, which we know is a crafty way of reducing the role of the individual and up‑playing the role of the state. These are, unfortunately, traps that some people fall into, because what starts to happen is that these languages are brought to different forums, they're brought in different ways, and some of the people in the meetings aren't necessarily as imbued with the human rights expertise as in other places. And so, we see this in places. I cover the ITU, which is also a fascinating place, if you want to spend a few hours. We see ‑‑ one would think standards are not necessarily political, but we do find sometimes we get wrapped around the axle fighting over gender language. I've been up until midnight, 2:00 in the morning, fighting about inclusion on gender language in a technical standard negotiation. It's not pleasant, but it's necessary. And so, I don't really want to spend time with the notes because I don't think that's really what's relevant. I think it's really to reinforce to this community that, of course, Canada, but in person, you know, we are in the room, we are fighting, but we need support. I think we need to continue to raise our voices to those who disagree. I think we need to be sophisticated. There is also a trend, of course, of overemphasizing gender, and that, in fact, has a strategic negative effect, so it's being smart, it's being nuanced, and it's being appropriate to where we want to push it, but I think we just need to keep pushing. This is not going to go away. And frankly, as we all see, cyber, digital, tech is becoming much more front and centre in international geopolitics, geostrategic competition. And so, I think there is a new demographic of fora that are not necessarily well imbued with the human rights understanding that other fora like the human Rights Council and others have a much more sort of mature conversation, and folks who understand the issues. So, it's imperative that we support the technical community; it's imperative that we support the civil society in Member States to the extent that we can, to understand why we need to make sure that there's no backsliding and that we reinforce the existing international human rights frameworks. I think that's more important than probably what somebody from Ottawa sent me yesterday. I will stop there.
>> Veronica Ferrari: Thanks for that, David. And we talked about the need to identify champions, and Canada has been, yeah, pushing for the inclusion of this type of language in guesses, and also being a key ally in terms of civil society participation in some of these international processes and how important it is to have the groups, as Grace and others were saying, affected by these operations in a differentiated way, like in the discussion, too, other organizations that will try to bring these perspectives there. So, thanks for that.
I wanted now ‑‑ I have a couple of questions. I don't know if we can technically showcase them there, instead of seeing my face that size. So, yeah, I have a couple of questions for the speakers, but also in case somebody wants to jump in from the audience, physical or online audience. Because I wanted to quickly hear your thoughts also on main challenges. Jess, you mentioned some of them, but Kemly, too. But, so, main challenges you have faced or you consider you would face when advocating for gender and intersectional perspectives in cyber policy? Also, any thoughts on how a tool like this, this framework, could provide some support for different stakeholders in integrating a gender perspective into cybersecurity policy and norms? And also, what else? Like, what resources and support do you think you need to champion gender in cybersecurity policy in your work? Any specific resources or guidance that you think would be helpful. I just wanted to open the floor to see if there are any thoughts on that from the audience, but also I would like to hear from the speakers. So, I see a hand there. Do you want to jump in? Yeah. Kemly, can you pass the mic to the colleague? Thank you.
>> AUDIENCE: Thank you, I'm Imet Kareem from UN Office in the Asia‑Pacific and I have three quick questions. The first one, which I also noticed here during IGF, that the conversation with private sector and tech companies is very gender‑blind. And most of the time, it's very generalizing, all users in one basket, or take a global perspective, or the focus is just on the minors. Women and girls are excluded, but other genders are also not part of that design. And I wonder if you have any strategies or, like, ways of how can we change that conversation and mix in a little bit more gender‑sensitive and include gender in the design itself of their platform?
Second question is related to inclusion of the Cybersecurity Agenda in the national action plans, and I wonder if any of you have had that experience with international context with National Action Plan, and what are the elements of the women cybersecurity agenda could be included there?
My last question is more for, like, David, on those nuances in between, you know, the dark side before the text is finalized, and I wonder, what are the main issues that usually gets the pushback against inclusion of gender language in the final text? And what do you think is ‑‑ where is this coming from and how can we from civil society and the UN can help in eliminating some of those concerns for inclusion? Thanks.
>> Veronica Ferrari: Great question. Thank you so much for that. I see Angela's hand. Do you want to jump in and then we will try to address or distribute the question? Please, go ahead.
>> Angela: For me, I wanted to attempt question three on what can we do to bring the gender agenda in the cybersecurity space, and also to respond to your questions and concerns, because I have the same concerns. And this is something I've spoke to with Grace, that we need to have research on the gendered impacts of cybercrime, because the reason the companies are so blind is because they're treating it as a neutral issue, as an issue that affects everyone the same way, but we both know that it is disproportionately affects women, minorities, and sexual minorities. So, even just thinking about what kind of data KSATs have on complaints they receive on cybersecurity, can help give us insights on the forms of attack that most women and maybe sexual minorities get, the impacts of even monetary and mental, so that they can enrich the policy decisions that are made. So, I think that's my contribution to that question.
>> Veronica Ferrari: Thanks so much, Angela, for the contribution and the response to the colleague here. Shall we? Kemly, do you want to address some of the questions? And then ‑‑ yeah, I don't know if somebody else wants to jump in and then we'll go to David, if you want to address the comment. Kemly? What do you prefer? No, Kemly, go ahead, please.
>> KEMLY CAMACHO: I wanted to address the first question. For me, it's my passion, to be honest. Because I have been working for, I don't know, 14 years now in the issue of gender and technology, yes? And I have to say that we have switched a lot the focus of the work that we are doing there, okay? And I wanted to say, this is really, I think really important, yes, because you know, at the beginning, we began with this idea of integrating more women in the IT sector and do capacity training for them to be integrated in the sector and to have opportunities of jobs in this sector, in the IT sector, because it is really a sector of opportunities, yes? And I think this is good, yes, but it is not enough.
More and more, we have now in Latin America, I have done for UNESCO a mapping of all the initiatives to attract women to the IT sector and to integrate women in the IT sector. And there is a lot. But at least in our region, the percentage, 20%/80%, haven't changed in 18 years, yes? It hasn't changed at all, even with all this effort, and it all is investment, it hasn't changed a lot, yes? And I think this is because ‑‑ I think ‑‑ I want to say this is because this IT sector is very expositive of the diverse, and the condition for women studying and working in the IT sector are hard, yes?
Then, in one point, we decide we are going, instead of continuing doing that ‑‑ others are doing, and we think it is part of the economical rights of the women ‑‑ we are working very much more in creating women leadership for the IT sector, yes, creating a women leadership, an analytical women leadership, and they're standing in their own conditions, and this is connected with the cybersecurity, what means to be part of this society as women and we women in the IT sector, how we can contribute to the fighting of the women in general. And this is where I connect with the third question, yes? Is this solidarity, solidad as we call in the Spanish, where we have to connect the process of getting this women leadership, yes, to reflect on cybersecurity from this really analytical and collective action of women in IT supporting women.
Then, for us, this is the strategy of women. We think it is very crucial that women work and study ITs, but the problem is that we have a lot of evidence, because we have done a lot of research, participatory research with them, about this condition where they work and they study. And that we have to change also. For us, this is part of the violence against women, some violence against women that we haven't integrated in the discussion around violence against women. Then this is my question, a big leadership of women in IT supporting the women agenda, including cybersecurity.
And just to finish, we understand cybersecurity as the right of the people to have a safe space on the digital world as they need a safer space in the neighborhood, yes? Then this is the way that we are focusing. Thank you for the question.
>> Veronica Ferrari: Jess, do you want to quickly address some of the questions? Then I'll try to go to David so we don't forget that question about the pushback in the organization, and then there is one more question. Go ahead, briefly.
>> JessAmine: Yes, very briefly because it's related to what Kemly said. I was thinking about this, based on the questions that you posed, but it might also address your concern. And I really think that we have to go back and re‑evaluate our concepts of security, because unless this is, like you said, how we frame security issues now is still very highly masculineized, you know. And unless this kind of thinking is addressed, everything that we will do, even if we push for policy changes, even if we encourage women to go into tech and ICT sector, or the cybersecurity sector, that all of those will just be stopgap measures, you know. Like a new policy will come in and it will regress to the same traditional frameworks that we're used to and all of that. So, and this is what I also like the most about the APC framework, which is it highlights the need to really go back to the ways that we think about security. And through that, then we will be able to change policy, change the frameworks, change the institutions and the structures that are, you know, already very deeply ingrained in the security sectors now, and change, you know, the additions of the actors as well, so people in government, even people from businesses and the private sector. So, I think that's really where it is.
>> Veronica Ferrari: Thank you for that, Jess. David, do you want to jump in on the discussions?
>> DAVID FAIRCHILD: Oh, yeah. A couple things. It's not just ‑‑ this might sound a little bombastic, but it's not just women who are the front and centre. I mean, gender is not a gender‑specific term. It's also something that I think, whether you're man, woman, or whatever you want to describe yourself as, as continue effort that everybody has to get behind. So, I'd just like to sort of slightly correct the record, that even though I'm a man, that doesn't mean I can't be highly supportive of the gender movement.
That being said, so, the backslide and how we can fight it. I mean, really, it's an upstream ‑‑ I would focus on the upstream. So, let's take, for instance, the International Telecommunications Union, not a very ‑‑ let's say it's an old organization. In fact, it's the oldest organization in the UN. It's very technical, so human rights is not something that comes up as an idea front in mind for many of these highly technical engineers, and so on and so forth. So, it's really education.
But of course, their demographic and the pools of interactions and stakeholders they deal with are not the same, you know, in the human rights world or otherwise, and so, there is a sort of reaching across the hallway and reaching out, which is not ‑‑ it's partly our job, but also I think from a civil society. It's just a sort of, like we say in French (French word) The two solitudes. There are demographics and it's getting better, but it's not great. A lot of it is because certain Member States have red lines. It's normal. We have red lines when we're in negotiations which are framed around our values and our policies in the same way. I don't have to agree with them. And so, the fight is about trying to find ‑‑ obviously, the UN works on consensus, which is not unanimity, but consensus focuses on getting everybody to agree. So, sometimes some countries or blocs will hold out on something of substance because the gender language is something they don't like. Sometimes it's a change. Sometimes it's to have it extracted. Sometimes it's just the use ‑‑ because they know it's important to us, it's used as a weapon for concessions in other ways. So, that's a bit of they say pulling back the kimono a bit to reveal what's going on in the background
But I want to finish, and I realize we have two minutes left. I see the hand up. I won't name the state, but the Human Rights Council Session 54 is currently ongoing. In one of the Item 8 debates a few days ago, a state that won't be named got up and in a statement called for the end of the integration of SOGI language in UN documents on the basis that it's not recognised as a legal form of discrimination under international law. Now, this state isn't, perhaps, one you might think would make this statement. I won't name it. I'm happy to tell you offline. But just to give you an example, it's happening even in the Human Rights Council. It's happening everywhere. We have people who understand these debates in the Human Rights Council and so can defend our values, can defend the international human rights framework, but that doesn't necessarily mean at an IEEE meeting or at the IETF or at the ITU that those same expertise exist. And so, that's where the civil society and, I think, stakeholders who are more educated need to work with and help those who don't.
>> Veronica Ferrari: Thanks, David, for that. And I'm aware of the time, but I want to give the opportunity to jump in. And there is another. You have your hand? Okay. Let's do that and then, again, I can try to wrap up, please.
>> AUDIENCE: I can also talk about this after the session. But my name is Farzan Abardi from Digital Medusa. So, we are doing this research for USAID, and they are looking at what human‑centered approaches to digital transformation. And one of the strategies that they have is cybersecurity to kind of incorporate cybersecurity in digital transformation. And I was wondering if you know of any kind of, like, gender framework that can help with the development or organizations that help with digital transformation to consider gender as a factor when they want to have cybersecurity in place, and, like, kind of like help from the beginning, instead of doing things after the technology is in place.
>> Veronica Ferrari: Thanks for that question. I know we have to finish the session. It's okay? I encourage you all to continue the conversation after this session ends. We can, in fact, touch base, because we have some recommendations in the Framework about how to link this agenda to other agendas, to, for example, the Agenda for Sustainable Development, also to Digital Economy Indicators, so connecting those with broader arguments can be useful for a digital transformation strategy. But we can continue the conversation after the session.
Grace, I want to give you the opportunity to say something before we close, if you want to. No, okay. Thank you for being mindful of the time and thank you all for the discussions. There are a lot of great points. We need to continue to keep pushing for this, also to create more research and evidence and continue creating awareness and rethinking the concept of security as Jess was saying. Thank you so much. Please reach out to APC and enjoy the rest of IGF. Bye.