Tough Sledding for Global Cyber Treaty

Wednesday, January 19, 2011 @ 05:01 PM gHale

Much like the talks during the Cold War, an international treaty to establish regulations for computer security might be unattainable for quite some time, according to a new report by the EastWest Institute think tank.

“It could take years to arrive at a global treaty on cyber security, since many states are not ready for it — and perhaps never will be,” concludes the study, which is based on ideas gathered during a May 2010 international summit sponsored by the Brussels-based institute.

The organization’s leaders determined that cyber security legislation isn’t the best fix for the frail digital economy. Voluntary private sector agreements and international standards are more practical avenues to pursue, they said. The report comes as lawmakers in both chambers have pledged to make comprehensive cyber security legislation a top priority this Congress.

A cyberwar pact outlining which networks and data should be off-limits in times of conflict might be impractical, according to EastWest. The Defense Department, recognizing that cyberspace is terrain for warfare, established a Cyber Command last spring as a new military wing.

“This new idea of war raises troubling questions — for instance, is it acceptable for one country to attack another’s hospital databases? How about the flight systems that support passenger planes in the air?” the study’s authors asked. “While cyber conflicts have the potential to hurt citizens as profoundly as conventional battles, there is no Geneva Convention for cyberwar” that would protect civilians.

Computer security experts said global treaties are workable, pointing to precedents such as the Convention on Cybercrime of the Council of Europe. The binding international instrument, which covers 30 countries including the United States, Canada, Japan and South Africa, serves as a guide for developing national legislation against crimes committed via the Internet and other computer networks. The agreement mainly deals with copyright infringement, computer-related fraud, child pornography and violations of network security.

The cyber crime convention is a good example of how treaties can work, said Evgeny Morozov, a visiting scholar in the liberation technology program at Stanford University, who studies the Internet’s effect on authoritarian states.

As for cyberwar, it is possible to update existing rules, including the Geneva Convention, said Evgeny, the author of The Net Delusion: The Dark Side of Internet Freedom (Public Affairs, January 2011). “Essentially, many of the parameters are the same; for example, the proportionality principle. I’m not sure what’s so special about cyber that these principles suddenly no longer work,” he said, citing, the mandate that a state can defend itself in righting a wrong as long as the response is proportional to the injury suffered.

Jessica R. Herrera-Flanigan, former senior counsel for the Justice Department’s computer crime arm, said treaties could be an effective tool to safeguarding the Internet, but will require complex negotiations. The cybercrime convention took years to compile due to disagreements over hate crimes, she said, noting that protected speech in one country could be illegal in another.

Establishing an overarching treaty, in concert with voluntary principles, might be the best approach, she said.

One Response to “Tough Sledding for Global Cyber Treaty”

  1. […] Top 10 Tech Scares of the Decade The past ten years saw some terrifying technology–and we haven’t even faced the Death Star yet. Read more on PC World You can also read the following related post: […]

Leave a Reply

You must be logged in to post a comment.