Cyber Security and Freedom: Rules For The Road

William Hague

"Cyberspace is changing the way we view and conduct foreign policy as well as transforming our everyday lives," British Foreign Secretary William Hague told the Munich Security Conference today. He offered to host an international conference to establish global norms.

Hague noted just how far ranging the cyber arena has become, touching most aspects of our lives. "We rely on computer networks for the water in our taps, the electricity in our kitchens, the ‘sat navs’ in our cars, the running of trains, the storing of our medical records, the availability of food in our supermarkets and the flow of money into high street cash machines. Many government services are now delivered via the internet, as is education in many classrooms. In the UK 70% of younger internet users bank online and two thirds of all adults shop on the internet."

These systems are under attack from criminals, vandals, terrorists, and state actors. He noted that the UK itself has come under a number of attacks in recent months. Most notably, " In late December a spoofed email purporting to be from the White House was sent to a large number of international recipients who were directed to click on a link that then downloaded a variant of ZEUS [a well-known piece of malware that attempts to steal banking information and other personal details]. The UK Government was targeted in this attack and a large number of emails bypassed some of our filters."

While NATO is working on this problem and dozens of conferences and workshops have been held in recent years, Hague argues that it is time to "discuss norms of acceptable behaviour in cyber-space, bringing countries together to explore mechanisms for giving such standards real political and diplomatic weight." To this end, he proposes "seven principles should underpin future international norms about the use of cyberspace:

· The need for governments to act proportionately in cyberspace and in accordance with national and international law;

· The need for everyone to have the ability – in terms of skills, technology, confidence and opportunity – to access cyberspace;

· The need for users of cyberspace to show tolerance and respect for diversity of language, culture and ideas;

· Ensuring that cyberspace remains open to innovation and the free flow of ideas, information and expression;

· The need to respect individual rights of privacy and to provide proper protection to intellectual property;

· The need for us all to work collectively to tackle the threat from criminals acting online;

· And the promotion of a competitive environment which ensures a fair return on investment in network, services and content.

He admits, however, that "Many countries do not share our view of the positive impact of the internet, and others are actively working against us in a hostile manner."  This understates things considerably.  There’s a chasm between the views in continental Europe and the United States and United Kingdom on the balance between privacy and security; indeed, most Europeans still see cyber primarily as a criminal and commercial matter rather than a military and intelligence threat.

Some of Hague’s principles are fanciful. We’re not going to come anywhere near giving "everyone" access to cyberspace anytime soon. And, while the Internet’s very nature ensures that there will be an amazing diversity of language, culture, and ideas online it’s a virtual certainty that it’ll be accompanied by plenty of intolerance. And good luck in figuring out how to get a fair return on investment in content put online; the Internet culture expects most everything to cost nothing.

Even the serious goals often compete with one another. The trade-offs between openness, innovation, privacy, intellectual property protection, and the ability of governments to provide security are enormous. 

There’s currently very little in the way of international law governing cyberspace and national laws vary wildly. And the degree to which national laws are applicable is still far from clear, given the diffusion of information and points of access. Major players like Google have been forced to accede to the various demands of the United States, EU, and China and some of the more egregious piracy sites have been brought to heel.  But there are tens of thousands of smaller actors that will be next to impossible for governments to find, much less prosecute. And then there’s Wikileaks.

And, of course, China and the West have very different views on both intellectual property and the degree to which free expression is valued.

At the same time, there is reasonably widespread agreement on the need to combat non-intellectual property crime, spam, worms, viruses, and other malicious activity. Improving the framework for dealing with these issues would be a useful start. 

James Joyner is managing editor of the Atlantic Council.

Image: william-hague.jpg