The ROK stands in favour of the adoption and elaboration of voluntary, non-binding norms of state behaviour during peacetime. It strongly upholds the 11 non-binding norms agreed upon in the 2015 UNGGE report and believes that further efforts should be undertaken to clarify and concretise them.
In addition, the ROK has put great emphasis on the principle of due diligence,
consistently demonstrating its commitment through public statements at regional and international forums. The country
believes that no new legally binding instrument is necessary for the moment, retaining a preference for the ‘soft law’ approach and maintaining that less resilient states should first focus on building capacity rather than reforming regulatory frameworks.
Brazilian diplomats portray Brazil’s role in the often polarised debates on norms of responsible state behaviour as that of a
broker or strategic bridge-builder between the different camps rather than a mere ‘swing state’ and highlight that balancing between both camps serves to maintain an independent foreign policy. Brazil
sought to focus its chairmanship of UN GGE’s third and fourth iterations on three issues: the role of civilians in cyber conflict, the right to respond, and attribution. Since the 2013 Snowden revelations, the country has been a stark champion of data protection, showcasing
exceptional norm entrepreneurship
in relation to cyber-surveillance norms. Brazil has also
expressed support for the proposal of adopting a legally binding instrument in the medium to long-term to prevent the militarisation of cyberspace.
Peru stresses the need to make a
distinction between 'cyber attacks' (which involve 'damage being caused to a militarily relevant target, which may be totally or partially destroyed, even captured or neutralised') and an 'abrupt disruption of communications in cyberspace', i.e. cyber operations that cause inconvenience, even extreme inconvenience, but not direct injury or death, or destruction of property. Accordingly, Peru emphasises the determination of the legality of cyber operations in the context of the use of force by taking into account whether they may result in death or injury to persons or property.
Peru has noted the difficulty of attribution in cyberspace. Coinciding with other American states, Peru has focused on the state's duty to ensure that its territory is not used by non-state actors to launch attacks. In this regard, Peru
states that the inertia of a state towards a non-state actor that could unleash a cyber-attack on another state and that it was in a position to control could make its behaviour attributable to the state.
In any case, Peru
highlights the validity of various human rights in cyberspace, including 'the right to privacy and intimacy, freedom of information, freedom of expression, free and equal access to information, bridging the digital divide, intellectual property rights, free flow of information, the right to secrecy of communications'.