RESOLUTION DISC 121

FORUM: DISARMAMENT & INTERNATIONAL SECURITY COMMITTEE

QUESTION OF: The question of government digital surveillance of the population.

SUBMITTED BY: Luxembourg

CO-SUBMITTERS:Poland, Palestinian Authority, Oman, Romania, Russian Federation, Senegal, Saudi Arabia, Slovenia, Saint Vincent & the Grenadines, Thailand, Turkey, Yemen.

STATUSPassed

Affirming that the United Nations and its subsidy, the Disarmament and International Security Committee, hold a global responsibility to uphold the member states’ commitment to a safe, productive, and transparent cyberspace that protects all citizens’ right to privacy, as articulated by Article 12 of the United Nations Declaration of Human Rights,

 

Recognizing that efforts of member states’ including but not limited to the United States of America, the United Kingdom, Australia, Canada, Zealand, Germany, Denmark, Sweden, Japan, and Russia to introduce surveillance operations such as but not limited to ‘Xkeyscore’, ‘PRISM’, ‘SORM’, ‘Tempora’, and ‘ECHELON’ were conducted in the interest of the preservation of national security,  the protection of sovereignty, and the defence of public safety,

 

Noting with approval the positive externalities of utilizing surveillance, particularly in regard to facial recognition software and its use to identify criminals and camera systems which allow police to continuously monitor for potentially suspicious activity and protect the safety and wellbeing of the public whom they serve, while also recognizing the inherent dangers that come with the abuse of surveillance operations on the general population,

 

Noting with deep concern the pre-existing, elaborate digital schemes that have accompanied the rise of the internet and the dangers associated with such rapid technological development, which could thus pose a continual threat to a populace that is predominantly unaware of the security measures necessary to avoid breaches of privacy as well as what form such digital schemes could manifest in, 

 

Defining specific terminology within this resolution in accordance with previous documents endorsed by the United Nations,

 

  1. Affirms the sovereignty of each Member State as stated in the Charter of the United Nations in order to protect the sovereignty of each member state and allow them to have primary input on the process of developing or modifying laws, encourage correspondence among Member States and the agencies of the United Nations;
  2. Urges the creation of a subdivision of the International Criminal Police Organisation (INTERPOL) called the Organization for Cybercrime Prevention (OCP) with special supervision from the United Nations Office of Information and Communications (UN OICT), which would be tasked with ensuring the cyber safety of member states’ populations while adhering to the wishes of sovereign states and their citizens to preserve all people’s rights to privacy through means such as but not limited to:
    1. working with and/or observing local law enforcement agencies on developing the following:
      1. software for protection of sensitive personal information like passwords
      2. collection of statistical data regarding the developments on cyber protection, illegal digital surveillance, and possible cyberattacks in member states
    2. conducting independent studies funded by the World Bank Group to ensure that all nations, particularly Less Economically Developed Countries (LEDCs), are able to evaluate the data breaches experienced by countries who have been victims of cybercrime in order to:
      1. understand the cause of these actions and research potential preventative measures
      2. analyze the effectiveness of the existing preventative measures and attacks
      3. determine the ability of Member States to respond to these attacks
    3. special consultations which will be granted to the governments of Member States with the help of the United Nations Office on Counter-Terrorism (UNOCT) and the United Nations Office of Drugs and Crime (UNODC) while respecting the following restraints:
      1. no consultation or investigative operations is to be taken unless such action is approved by a two thirds majority vote of participating Member States 
      2. any information pertaining to a cyberattack or other form of cyber crime practiced against a Member State will be immediately reported to the appropriate regional and international authorities, and experts working in the subdivision would highly encourage affected Members States to share such information with all relevant Member States for the sake of preserving all parties’ national security;
  3. Suggests the creation of an comprehensive educational program overseen by the United Nations Educational, Scientific and Cultural Organization (UNESCO) in conjunction with the OCP to thoroughly equip the populace as well as government bodies of Member States with the skills to protect themselves and their nation’s digital welfare from unlawful hacking using regionally specific mediums including but not limited to: 
    1. the creation of a thoroughly informative campaign targeted toward younger audiences for the purpose of creating a cyber security educational program aimed toward building public awareness around issues of cyber security and digital surveillance in methods such as but not limited to:
      1. creating a curriculum which will be flexible and adaptable to the needs of all Member States’ educational systems and can be implemented into the curriculums of all publicly funded secondary schools in order to enhance the technological literacy of the public and will include an introduction to security enhancing software that can be downloaded and installed by anyone to protect the privacy of any individual who owns any digital device or routinely uses technology of any sort
      2. providing students at secondary schools with the educational resources and information necessary to start making informed decisions about avoiding common threats on the internet such as strategies to identify malware infections, making use of antivirus software to guard against potential harm from malicious programs such as trojan horses and ransomware, as well as guides on how to recognize phishing
    2. Digital media such as:
      1. Social media
      2. TV advertisements
      3. Television broadcasts;
  4. Calls for Member States to equip themselves with the appropriate preventative and responsive measures so that they are able to both limit breaches of cybersecurity as well as ensure that they will be able to appropriately respond should a breach occur by:
    1. limiting the acquisition of tools which may either advertently or inadvertently be utilized to aid cyber attackers via a mandatory permit which must be obtained before the use of any of the following tools or similar ones:
      1. password Cracking Tools
      2. Wireless/WIFI Hacking SoftwareNetwork Scanning Software
      3. packet crafting tools to exploit firewall weaknesses
      4. traffic Monitoring, Packet Sniffers, and Network Hacking Tools
      5. vulnerability Search Tools, such as fuzzers and scanners
    2. allocating additional funds and resources toward OCP to continue the research into the development and enhancement of software that will enable governments to immediately respond to any breach of secure systems efficiently and cohesively through:
      1. the building of cybersecurity incident response teams (CSIRT) with frameworks based on the response to security incidents through the prevention, analysis and monitoring of such incidents
      2. the creation and and development intrusion detection systems so as to be aware of a data breach as soon as it occurs
      3. protocols for employees to follow in order to sufficiently respond to data breaches whilst involving the alerting of the enterprises’ CSIRT;
  5. Recommends the creation of a biannual conference with the goal of keeping all Member States updated on any pressing issues or new developments in preventative and responsive technologies relevant to the protection of national and international digital security, with invitations to:
    1. national cybersecurity authorities, representatives from regional and international coalitions with vested concerns regarding digital welfare and data protection such as but not limited to INTERPOL, European Union Agency for Law Enforcement Cooperation (EUROPOL), and intelligence agencies of willing Member States
    2. relevant NGOs;
  6. Endorses the creation and enforcement of stringent, internationally cooperative cybersecurity laws and legislation with minimal to no potential loopholes in order to introduce policy and legal material that enforces and protects individual, national and international digital security which:
    1. may be introduced by the United Nations Group of Governmental Experts in the form of treaties or conventions that institutes an international mandate on the necessity of upholding digital welfare
    2. all Member States will be held accountable for to securing the rights of their citizens and will be found as sponsoring illegal activity if any unlawful access, misuse or distribution of classified data pertaining to national or international security is undertaken;
  7. Trusts that in any case where governments and organizations engage in ethical hacking and surveillance these entities do so to defend international and national security, overseen by the Human Rights Council;
  8. Emphasizes that everything stated in this resolution should be applied to both the private and public sector in any unlawful incidence where a breach of cybersecurity occurs;
  9. Authorizes all sovereign nations to surveil peoples with past cybercriminal convictions, with the following conditions:
    1. If the past criminal is in the sovereign nation for any amount of time, the government is authorized to surveil them for their duration of their stay;
    2. If the criminal has committed a cybercrime inside a country and has escaped or is convicted and later released, that country may surveil them across the entire globe at all times in case the criminal still has nefarious intentions against said country with the permission of the country the cybercriminal is in.