The Stakeholders working on Internet freedom and digital rights have emphasized that cybersecurity policies and laws should be formulated only after adequate discussions with stakeholders to guarantee human rights and freedom of expression on the Internet. The conclusion was drawn at a stakeholder discussion on “National Cyber Security Policy, 2078” which was organized virtually 7th of June with the participation of representatives of human rights and freedom of expression organizations, human rights activists, technologists, and the business sector.
The Internet Governance Institute (IGI), Digital Rights Nepal (DRN) and Forum for Digital Equality (FDE) in collaboration with Delta Law Firm, Digital Media Foundation, NPCert, CSRI, Media Action Nepal and Nepal Internet Foundation organized a virtual event to collect the views feedbacks of all the stakeholders regarding the National Cyber Security Policy, 2078, which was recently made public by the Ministry of Communications and Information Technology.
More than 200 participants registered for the event and more than 130 people were engaged actively throughout entire session of 2 hours. The program was started by a brief policy presentation by Mr. Babu Ram Aryal, CEO of Internet Governance Institute. Mr. Vivek Rana, Mr. KP Dhungana, MS. Nitu Pandit, Dr. Rajib Subba, Mr. Anjani Phnyual and Ms. Roja Kiran Basukala represented different stakeholders as contributors and provided different insights on the policy based on their respective stakeholder representation.
One of the major issues discussed was the aspect of cyber security and it was raised that the policy has mentioned about CIA (Confidentiality Integrity and Authenticity) along with that the principle of AAA (Authentication, Authorization and Accounting) should also be incorporated. Mr. Vivek Rana mentioned that the protection of government and public data should be the main focus of this policy, he also mentioned that the government is still very skeptical in representation of different stakeholders while drafting such policies and recommended that government would incorporate the opinion of different stakeholders in further policy making.
In regards to cyber security Dr. Rajib Subba also mentioned that the hackers are now targeting critical infrastructures and in many nations the state sponsored cyber army is being built and in this scenario we should be very sensitive in protecting the our digital assets.
The issues of fake news was raised by Mr. KP Dhungana and he also explained that the vague provision of Article 47 in existing electronic transection act has been problematic to press freedom, he further explained that the sole regulator for Press related issues is the Press council and the code of conduct of journalists clearly provisions about fake news, in this scenario this policy should not be directed in the direction to curtail the press freedom.
The other issues raised in the discussion includes the issues of incorporating the safeguard of gender violence that is reflected in social media and other online platforms, the policy should have proper provisions to ensure that every one can properly utilize the internet without violence regardless of the gender said Ms. Nitu Pandit.
The contributors raised the different emerging issues in the sector of Information technology such as digital footprints are being the new borders (digital borders) of different nations, the issues of sovereignty challenged by Information Security, the readiness of our country regarding the cyber security and counter to the cyber threats, the privacy and personal information protection, safeguarding of Freedom of Expression wile securing the privacy.
It was also discussed that the Electronic Transaction Act, 2006 (ETA) is the only instrument that deals with the Cybersecurity cases and in this emerging scenarios where we are seeing the spike development in the Information technologies the policies need to be reviewed in every 2-3 years to keep our jurisdictions in pace with the development of information technology.
Ms. Roja Kiran Basukala also focused on the aspect of cyber security and raised that the cyber threat reports shows the alarming situation and Nepal being a target of cyber attacks so this policy should be focused on optimum cyber protection issues.
Another contributor from Private sector Mr. Anjani Phyual stated that this policy has completely neglected incorporating the public cloud and the provisions of information security on cloud premises. Mr. Phyual along with Dr. Subba highlighted that our digital boundaries are not limited to on premises servers are bound by our digital footprints and this policy should be determined on achieving optimum security on those boundaries.
The key contributor from government sector Mr. Anil Kumar Dutta clarified that the draft policy was brought only after discussion with diverse stakeholders and acknowledged that these kind of discussion will contribute on more polished policy building, he also pledged that the concerns raised during the discussion will be addressed in the policy.
The participants from different stakeholders treasured the initiative of the government to draft the policy also sensitized that definitely the cyber security is a major aspect but while protecting and in the name of security provisions the Freedom of expression and the right exercise any right via internet platform should not be impaired.
The chair of the discussion Mr. Manohar Kumar Bhattarai presented his appreciation as a chair that the forthcoming of such policy is very welcoming, he also raised that the policy should be more focused on protecting the critical infrastructure and other digital assets along with he mentioned these kind of policies should be timely updated to address new technologies and the challenges they carry out in the emerging spiked development of Information technology and thanked all the contributors and participants from all stakeholders for making the event successful.
The organizers has taken this collaborative initiative to provide a detailed feedback on National Cybersecurity Policy, 2021 and in case of further suggestions/feedbacks can be sent via this link or can be sent on the email of Internet Governance Institute (firstname.lastname@example.org).