The Paris Call for Trust and Security in Cyberspace was launched on November 12, 2018,
at the Paris Peace Forum. At the 2019 Paris Peace Forum, the International Foundation for Electoral Systems (IFES) and more than 1,000 other signatories endorsed the Paris Call for Trust and Security in Cyberspace.
The Paris Call is an agreement on nine fundamental cybersecurity principles and a commitment to work together to promote a safe and secure cyberspace for all. Led by the French government, the call was first launched on November 12, 2018.
Principles articulated in the Paris Call:
The goals mentioned in the Paris Call and the principles adopted represent a consensus of priorities between states, corporations, and civil society
- Inclusive regulatory process:
- Gather existing sector-specific initiatives (Tech Accord, UN’s Group of Government Experts, For the Web) in a single document and widen their scope to set out a framework for further negotiations.
- Recognize the responsibilities of private sector actors in improving trust, security, and stability in cyberspace.
- Adopt a strong multi-stakeholder approach to improve collaboration among the government, private sector, and civil society to tackle the threat of cybercrime. The Budapest Convention on Cybercrime is a key tool in this regard.
o Encourage better-coordinated regulation of cyberspace and use of information and communication technologies (ICT) in the spirit of the principles of the U.N.
Charter & international humanitarian law, notably the maintenance of international peace and security.
Promote the exclusive role of sovereign states in hostile acts in cyberspace. It condemns corporate hackback and other offensive operations by non-state actors.
It also appeals for measures preventing interference with elections.
Protect individuals and critical infrastructure from harm & safeguard the “public core of the Internet” from hostile actors
Engage industries and civil society in promoting everyday good practices (“cyber hygiene”) and the implementation of “security by design” in products and services. Cyber hygiene refers to data protection and safety at an individual level.
- More than 190 signatures were obtained on the Paris Call, including 130 from the private sector and more than 50 member nations. Prominent countries like India, the US, China, and Russia didn’t sign the agreement. There are around 1,200 supporters of the Paris Call (80 states, more than 700 companies, and 350 civil society organizations)
- Several major American technologies, like Facebook, Microsoft, Google, IBM, HP, etc., have endorsed the agreement. Influential non-governmental groups like the World Leadership Alliance, Chatham House, the Carnegie Endowment for International Peace, the World Wide Web Foundation, and the Internet Society have supported it too.
Significance of Paris Call:
- The Paris call gives fresh momentum to the issue of creating globally acceptable cyber security norms by mounting support from multiple stakeholders.
- It could also be seen as a positive step towards finding a middle path between Western democracies and authoritarian regimes to build some form of consensus on issues about cyberspace.
- However, some issues are yet to be ironed out. This includes:
o Putting in place a legally binding compliance mechanism dealing with espionage and state-led offensive operations, particularly through non-state proxies doing the state’s bidding.
While the US, China, and Russia are unlikely to join, the call will depend on support from states like India to gain traction within international institutions, primarily the United Nations.
Internet Governance Forum (IGF):
- It is a public policy dialogue group to address issues related to the Internet, such as sustainability, robustness, security, stability, and development.
- It serves to bring people from various stakeholder groups (governments, corporations, and civil society) together as equals in discussions on public policy issues relating to the Internet.
Budapest convention on cybercrime:
- This convention of the Council of Europe is the only binding international instrument on the issue of cyber security
- It addresses Internet and computer crime through a common policy by harmonizing national laws, improving legal authorities for investigative techniques, and fostering international police as well as judicial cooperation.
- It provides procedural law tools to make an investigation of cybercrime and securing of evidence about any crime more effective
- India is not yet a member.
Other norm-building initiatives:
- Microsoft launched its “Digital Peace” campaign along with a Cybersecurity Tech Accord aimed at getting the internet and technology industries to better protect their customers’ privacy & security against cyber attacks.
- Siemens unveiled a Charter of Trust that seeks to develop adherence to security principles and processes to develop a “global standard” for cyber-security.
- In 2015, a Group of Governmental Experts (GGE) at the UN charted four peacetime norms in cyberspace:
No interference with each other’s critical infrastructure by states
Assistance to other nations in investigating cyber attacks
not targeting each other’s computer emergency response teams
Responsibility of states for actions originating from their territory
Models of Internet Governance:
Multi-stakeholder Model (supported by Western nations like the US)
- Decentralized governance institutions where non-state actors like corporations, NGOs, and civil society have a say in making globally acceptable norms regulating cyberspace
- Gives recognition to the technical expertise of corporates.
Multilateral Model (supported by Russia and China)
- The governance model is based on agreements between multiple governments with limited involvement of non-state actors.
- Holds the sovereignty of the nation-state in managing cyberspace and provides the scope for the exercise of the inherent right of self-defence and the law of state responsibility, including countermeasures in cyberspace.
- India's stance has gradually shifted to multi-stakeholders from long-supported multilateralism.
- However, India envisages a pivotal role for governments as the custodians of cyberspace in the areas of international security and public policy. This is evident from its stand on data localization (which wants to store data within the country) and server management.
- India also supports greater cooperation from corporates in terms of data sharing to tackle cyber crimes.
Currently, engagement—at both government and private levels—with the global policymaking apparatus has been low, including participation at Internet Corporation for Assigned Names and Numbers (ICANN) summits. India should begin with initiating domestic multi-stakeholder engagement (India Internet Governance Forum) to engage civil society and technical experts adequately in pursuit of multi-stakeholders.