Im September fand in New York das 6. Global Cyberspace Cooperation Summit statt. Das vom EastWest Institute (EWI) organisierte Forum brachte sowohl Politiker als auch Vertreter der Organisationen des Internets, Wirtschaft, Wissenschaft, Technik und Zivilgesellschaft von allen Kontinenten zusammen, um das wichtige Thema der globalen Kooperation und Internet zu adressieren. Die Experten arbeiteten dabei in sog. Breakthrough Groups zusammen, um die Grundlagen für konkrete Handlungsempfehlungen zu schaffen. Insbesondere wurde deutlich, dass Kooperation im Cyberspace vor allem Vertrauen braucht und klare Regeln, auf die sich alle Akteure einigen können. Die aktuellen Verhandlungen zwischen den USA und China über ein Abkommen zur Internet-Sicherheit zeigen, welchen Problemen Kooperationsprozesse begegnen, aber auch, dass Kooperation nicht nur möglich, sondern auch notwendig ist. Der Beitrag gibt einen Überblick über die wichtigsten auf der Konferenz behandelten Bereiche, in denen innovative Ansätze zur globalen Kooperation im Cyberspace gefragt sind und reflektiert das Ergebnis der Konferenz.
This year’s EastWest Institute’s Global Cyberspace Cooperation Summit in New York City convened policymakers, business leaders, technical experts, civil society and academia with the objective to work on issues that have direct impact on digital security and stability as well as sound governance and management towards a safer, more secure Internet. The EastWest Institute, an international non-profit, non-partisan “think and do” tank, provided with the annual cyber summit a forum for building international, private-public action to foster cooperation in cyberspace.
Is cooperation possible in Cyberspace?
As the interconnectedness and dependence in and on cyberspace increase, so do the risks and uncertainties posed to network and information security. Despite the significance the digital world has in most aspects of everyday life, the realms of cyber foreign relations are still comparatively new and poorly understood. Thus, it is to be welcomed that representatives of major cyber powers such as USA, Europe, Japan and Russia discussed at the first plenary panel how cooperation in the tense environment is possible and how they could help the Internet realize its full potential for economic and social benefit. However, Joseph Nye, Harvard University Distinguished Service Professor, concluded in advance that it was unlikely to see a “single overarching regime for cyberspace any time soon.” Despite the different topoi of norm development for cyber activities (e.g. human rights, privacy, content control, standards, cyberwar, espionage), the work of the UN GGE forum was itself testimony to recognition of the need to collaborate. It became clear that perspectives are rooted in a traditional framing of international relations but also that turning actors toward clarity about the nature of the problem could lead to problem-solving pathways.
Both in plenary panels and in breakthrough groups, the summit’s participants worked on actionable recommendations for more cooperation on cyberspace. Aligned with the EWI Initiative’s objectives, eight breakthrough and special interest groups explored possible solutions for their respective subject.
The group focusing on promoting measures of restraints in cyber armaments developed further recommendations that would stimulate the creation of a standing forum involving private sector and civil society for norms research and advocacy. Concentrating on modernizing international procedures against cyber-enabled crimes, another breakthrough group concentrated on better cooperation between law enforcement and the private sector on a global basis by increasing the transparency of corporate response policies and developing a standard format for information requests under mutual legal assistance procedures. Strengthening critical infrastructure resilience and preparedness is the work program of a further group that tries to develop a community-based platform where owners and operators of critical infrastructure can share information related to cyber incidents. As strong authentication is a major issue for internet security, examining two-factor authentication was also a topic of a breakthrough group, which in particular reviewed the work of the FIDO Alliance (Fast IDentity Online). Another major challenge for cybersecurity is an ICT marketplace with sufficient integrity. The objective of the group working on increasing the global availability and use of secure ICT products and services was to develop and promote standards and best practices that improve product and service integrity by fostering trusted supply chains and procurement practices for buyers and vendors. Issues surrounding governing and managing the Internet were also a very important subject. The group analysed emerging approaches for improving potential effectiveness and tries to propose models that demonstrate better performance than existing governance models which encounter questions regarding their legitimacy and accountability. The very difficult balancing of enforcement of local laws and customs and the Internet’s potential for prosperity, flourishing of imagination, social interaction and freedom of expression took on the group titled managing objectionable electronic content across national borders. The group focusing on government access to plaintext information explored the tradeoffs that entails access of authorized government agencies to encrypted information and sought for criteria when weighing against potential law enforcement or intelligence benefits.
Global Encryption, the Internet and the State, Privacy
The plenary panels, with speakers also from China, India and Africa, discussed more broadly with the large audience. Here again one could observe the respective tradeoffs when the panel examined the proper balancing between information security and legitimate government access to globally encrypted user data. The interplay of the Internet and the State was the subject of the third plenary panel. The Internet with its boundary-crossing nature challenges the state’s autonomy within national realms. While the Internet governance discourse seeks a “delusive” compromise between multilateral and multistakeholder models, the panel draw the attention to the need to exploring other models that are aligned with constituent values. At the panel young cyber leaders look ahead, young professionals shared their reflections on the summit and the most pressing problems for the future. The art of balancing was once again in the focus at the last panel concentrating on privacy in the age of surveillance.
Cooperation is not only possible, but also necessary
Taken all outcomes together, the bottom line of the discussions on the panel and the work in the breakthrough groups is that cooperation on cyberspace faces a myriad of specific challenges, but also that cooperation is not only possible, but also necessary. As Scott Charney, Microsoft’s Corporate Vice President for Trustworthy Computing, noted at the summit, “The answer lies in globally accepted cybersecurity norms of behavior for states, vendor transparency, and increased user control.”
The Internet can still be conceived as a revolutionary medium that underpins almost human activities and requires pioneering effort and pragmatic explorations. There is probably no workable “one-size-fits-all” approach. Sometimes, agreeing to disagree could be a starting point for more productive discussions. It is a mistaken belief that there are unambiguous norms in cyberspace. The entanglement of interests and binding rights became clear when Karsten Geiser, head of the Cyber Policy Coordination Staff in Germany’s Federal Foreign Office, made the point that a code of conduct on a voluntary basis would not be compatible with binding human rights.
It was also noted that a major challenge in cyberspace discussions was the failure to take action on agreed common interests and principles and that the discussion should focus on critical infrastructure protection as one global issue. That the United States and China are negotiating an agreement that could become the first arms control accord for cyberspace and which addresses attacks on critical infrastructure during peacetime and that they are close to set up a high-level joint dialogue mechanism on fighting cybercrime is an eminently positive signal.
A fundamental finding of the summit, which should not be underestimated, is that cooperation is all about trust building on multiple levels and with multiple stakeholders. It might be difficult to find the proper vocabulary for that purpose. Yet, solutions to the most pressing issue related with cyberspace and cybersecurity can only emerge through close dialogue and cooperation among all relevant actors.
Dieser Beitrag ist Teil der regelmäßig erscheinenden Blogartikel der Doktoranden des Alexander von Humboldt Institut für Internet und Gesellschaft. Er spiegelt weder notwendigerweise noch ausschließlich die Meinung des Institutes wieder. Für mehr Informationen zu den Inhalten dieser Beiträge und den assoziierten Forschungsprojekten kontaktieren Sie bitte info|a|hiig.de.