As announced at the 2019 Paris Peace Forum, the International Foundation for Electoral Systems (IFES) and more than 1,000 other signatories have endorsed the Paris Call for Trust and Security in Cyberspace.
The Paris Call is an agreement on nine fundamental cybersecurity principles and a commitment to work together to promote a safe and secure cyberspace for all. Led by the French government, the call was first launched in November 2018.
Principles articulated in the Paris Call:
The goals mentioned in the Paris Call and the principles adopted represent a consensus of priorities between states, corporations and civil society.
- Inclusive regulatory process:
- Gather existing sector-specific initiatives (Tech Accord, UN’s Group of Government Experts, For The Web) in a single document and widen their scope, to set out a framework for further negotiations.
- Recognize the responsibilities of private sector actors in improving trust, security and stability in cyberspace.
- Adopt a strong multi-stakeholder approach to improve collaboration among government, private sector and civil society to tackle the threat of cyber criminality. Budapest Convention on Cybercrime is a key tool in this regard.
o Encourage better coordinated regulation of cyberspace and use of information & communication technologies (ICT) in the spirit of principles of U.N.
Charter & international humanitarian law, notably the maintenance of international peace and security.
o Promote the exclusive role of sovereign states in hostile acts in cyberspace. It condemns corporate hack-back and other offensive operations from nonstate actors.
o It also appeals for measures preventing interference with elections.
o Protect individuals and critical infrastructure from harm & safeguard the “public core of the Internet” from hostile actors
o Engage industries and civil society in promoting everyday good practices (“cyber hygiene”) and the implementation of “security by design” in products and services. Cyber hygiene refers to data protection and safety at an individual level.
- More than 190 signatures were obtained on the Paris Call, including 130 from private sector and more than 50 member nations. Prominent countries like India, US, China, Russia didn’t sign the agreement.
- Several major American technologies like Facebook, Microsoft, Google, IBM, HP etc. have endorsed the agreement. Influential non-governmental groups like World Leadership Alliance, Chatham House, Carnegie Endowment for International Peace, the World Wide Web Foundation and the Internet Society have supported too.
Significance of Paris Call:
- Paris call gives a fresh momentum to the issue of creating globally acceptable cyber security norms by mounting support from multiple stakeholders.
- It could also be seen as a positive step towards finding a middle path between Western democracies and authoritarian regimes so as to build some form of consensus on issues pertaining to cyberspace.
- However, there are some issues that are yet to be ironed out. This includes:
o Putting in place legally binding compliance mechanism
o Dealing with espionage and state-lead offensive operations, particularly through non-state proxies doing state’s bidding.
While the US, China and Russia are unlikely to join, the call will depend on support from states like India in order to gain traction within international institutions, primarily the United Nations.
Internet Governance Forum (IGF):
- It is a public policy dialogue group to address issues related to Internet such as sustainability, robustness, security, stability and development.
- It serves to bring people together from various stakeholder groups (governments, corporates & civil society) as equals, in discussions on public policy issues relating to the Internet.
Budapest convention on cybercrime:
- This convention of the Council of Europe is the only binding international instrument on the issue of cyber security
- It addresses Internet and computer crime through a common policy by harmonizing national laws, improving legal authorities for investigative techniques & fostering international police as well as judicial cooperation.
- It provides for procedural law tools to make investigation of cybercrime and securing of evidence in relation to any crime more effective
- India is not yet a member.
Other norm building initiatives:
- Microsoft launched its “Digital Peace” campaign along with a Cybersecurity Tech Accord aimed at getting internet & technology industry to better protect their customers’ privacy & security against cyber attacks.
- Siemens unveiled a Charter of Trust that seeks to develop adherence to security principles & processes, with the aim of developing a “global standard” for cyber-security.
- In 2015, a Group of Governmental Experts (GGE) at the UN charted 4 peace time norms in the cyberspace:
o No interference with each other’s critical infrastructure by states
o Assistance to other nations in investigating cyber attacks
o Not targeting each other’s computer emergency response teams
o Responsibility of states for actions originating from their territory.
Models of Internet Governance:
Multi-stakeholder Model (supported by western nations like US)
- Decentralized governance institutions where non-state actors like corporates, NGOs & civil society have a say in making globally acceptable norms regulating cyberspace.
- Gives recognition to technical expertise of corporates.
Multilateral Model (supported by Russia and China)
- Governance model based on agreements between multiple governments with limited involvement of non-state actors.
- Holds sovereignty of nation state in managing cyberspace and provides the scope for the exercise of inherent right of self-defense and the law of state responsibility, including countermeasures in the cyberspace.
- India stance has gradually shifted to multi-stakeholderism from long supported multilateralism.
- However, India envisages a pivotal role for governments as the custodian of cyberspace in the areas of international security and public policy. This is evident from its stand on data localization (wants storing of data within the country) and server management.
- India also supports greater cooperation from corporates in terms of data sharing to tackle cyber crimes.
Currently, the engagement – at both government & private level - with the global policymaking apparatus has been low, including participation at Internet Corporation for Assigned Names and Numbers (ICANN) summits. India should begin with initiating domestic multi-stakeholder engagement (India Internet Governance Forum) to engage civil society and technical experts adequately in pursuit of multi-stakeholderism.