Carnegie Europe is pompously launching today a report on the governance of cyberspace. The launch is accompanied by an event co-organised by Microsoft. Live stream here.
I’m offering here a small rebuttal to several of the of the points found in the report’s brief:
Develop norms regulating government-industry collaboration on mass data collection and retrieval. To enhance trust in the Internet, the transatlantic partners should develop a joint code of conduct for regulating interactions between government agencies, large Internet companies, and data handlers regarding access to online data.
For those who care, trust is already gone. Rebuilding it would take much more than new regulations. Actual actions would be expected.
Create a new multilateral instrument to prevent cybercrime. The transatlantic partners should develop more robust ways to detect and analyze cyberattacks so that culprits can be more easily identified and future attacks better deterred.
Detecting and analyzing cyberattacks is far from the surest way for preventing it. Instead, investing in tools to stop those attacks as they are happening should be the priority.
Propose amendments to international trade law to introduce penalties for economic cyberespionage. Changing World Trade Organization rules will require a joint action led by the transatlantic partners.
This is a ridiculous statement. Espionage is espionage no matter where it happens. Be it on the cyberspace or on the moon. There should be no special set of regulation specific to the cyberspace. Software such as OpenBSD have had a strong standing record in the matter yet never received much support from governments.
Lead efforts to codify norms governing the export of surveillance technologies. The transatlantic partners should guide this effort that would help to constrain the capacity of illiberal regimes to restrict Internet freedoms.
Until not long ago, PGP was classified as a weapon and had heavy export restriction. This did not stop the program’s source code from leaking out first in the form of a book printed in a nice ORC friendly font then then trendy t-shirts.
Agree on a mandate for NATO to develop a more robust approach to cyberdeterrence. The North Atlantic Treaty Organization has developed a strategy focused on enhancing the resilience of the alliance against cyberattacks. But NATO also needs a more offensive posture to improve its overall deterrence.
Repeating myself, I am going to say again that the very concept of cyberdeterrence is absurd. It seems to be born of the mind of people who have no understanding of technology. Anything short of large scale DDOS or physical action can not be a deterrent in cyberspace.