French President Emmanuel Macron, himself the target of a pre-election hack, went on the offensive this week against the thieves, hackers, and foreign agents who use the internet to attack infrastructure, steal trade secrets, and tip elections. He got representatives of dozens of countries, companies, and nongovernmental organizations to sign onto efforts designed to make the online world safer for everyone from patent holders to candidates for office.
The United States is not among the supporters of the Paris Call for Trust and Security in Cyberspace. It is not, however, the only country missing from the list. Some notable countries not signing on are China, a country with a long history of hacking trade secrets; Russia, whose agents executed a massive social media campaign to tip the 2016 US presidential elections; and North Korea, the country that allegedly crippled Sony Pictures with a cyberattack over a Seth Rogan movie. After considering why those countries may not want to sign a document condemning intellectual property theft, election interference, and peacetime cyberattacks, the logic behind the US position also becomes clear. As David Sanger in The New York Times points out, the United States, along with fellow abstainer Israel, carried out the Stuxnet attack on the Iranian nuclear program, “the most sophisticated cyberattack in history.”
While reporting that the United States may yet sign the document, Sanger writes, “American officials are leery of any kind of agreement that might make illegal the types of activity — like espionage, data manipulation or attacks on infrastructure — that the United States may want to use in a future conflict.”
The globe is dotted with countries where the United States has at one point or another interfered with an election, Sanger reminds us. Meanwhile, he writes, “the Pentagon worries about commitments to avoid using cyberattacks as a prelude to military action.”
Some have noted that the declaration does not require countries to take concrete actions. A Wired article observes that “[m]ore notable than the accord itself is who signed it. Major American technology corporations including Microsoft, Facebook, Google, IBM, and HP all endorsed the agreement.” That the big tech companies have signed on, Wired concludes, indicates they are “playing a more active role in governing the internet.”
Among other goals, the document calls for signers to work to stop foreign electoral interference, fight intellectual property theft and stop private sector organizations from hacking entities that have hacked them.