{"id":2327,"date":"2018-12-08T13:06:44","date_gmt":"2018-12-08T11:06:44","guid":{"rendered":"https:\/\/www.ofcourseimright.com\/?p=2327"},"modified":"2018-12-08T13:09:47","modified_gmt":"2018-12-08T11:09:47","slug":"new-paris-cyber-accord-nice-words-what-comes-next","status":"publish","type":"post","link":"https:\/\/ofcourseimright.com\/?p=2327","title":{"rendered":"New Paris Cyber-Accord: Nice words. What comes next?"},"content":{"rendered":"\n<div class=\"wp-block-image\"><figure class=\"alignleft is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.ofcourseimright.com\/blog\/wp-content\/uploads\/2018\/12\/macron-igf.jpg\" alt=\"\" class=\"wp-image-2319\" width=\"219\" height=\"145\"\/><\/figure><\/div>\n\n\n\n<p>Recently France has taken the initiative to produce what they call <a href=\"https:\/\/www.diplomatie.gouv.fr\/en\/french-foreign-policy\/digital-diplomacy\/france-and-cyber-security\/article\/cybersecurity-paris-call-of-12-november-2018-for-trust-and-security-in\">The Paris Call for Trust and Security<\/a>.&nbsp; This call has garnered signatures of&nbsp; some 57 countries and and several hundred companies and organizations (including that of my own employer).<sup>*<\/sup>&nbsp; What President Macron and others have recognized is that there is a risk of both state and non-state actors interfering in the lives of&nbsp; everyday people, possibly causing them great harm.<br><\/p>\n\n\n\n\n\n<p style=\"text-align:left\">Every day provides a new example of why protection of our institutions is necessary.&nbsp; This video was made some time ago.&nbsp; We&#8217;d like to think that security of our infrastructure has improved, but<a href=\"https:\/\/www.nytimes.com\/2018\/12\/03\/your-money\/marriott-hack-passports.html?action=click&amp;module=Well&amp;pgtype=Homepage&amp;section=Technology\"> Marriott proved us wrong last week<\/a>, with over half a billion customer records having been stolen. <br><\/p>\n\n\n\n<p style=\"text-align:left\">The Paris Call seems to address itself to these sorts of civilian attacks, which to me is appropriate. In particular, it focuses on the following areas (I\u2019m condensing just a bit):<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Protection of critical infrastructure,<br><\/li><li>Protection of electoral processes (Gee, I wonder who <strong>that<\/strong> is aimed at),<\/li><li>IPR protection,<\/li><li>Tools development to prevent the spread of malware,<\/li><li>No hack-backs, where people attempt to take the offense as a either a defense or a means of deterrence,<\/li><li>Acceptance of international norms of behavior.<\/li><\/ul>\n\n\n\n<p>The Call does not create or call for the creation of any new mechanism to pursue these points, but rather the use of existing mechanisms.&nbsp; Instead, what we appear to be witnessing is the creation of a voting bloc inside existing multilateral and multi-stakeholder processes, as well as a non-binding commitment among the signatories themselves to pursue these principles.&nbsp; It\u2019s all motherhood and apple pie until we understand what the actual instantiation of these principles means.&nbsp; Does it mean, for instance, an end of free software in order to protect content providers?&nbsp; Will it require content publishers to actively protect all rights of copyright holders, even if those holders are unknown?<br><\/p>\n\n\n\n<p>Also, should these principles apply equally to civilians and the military ?&nbsp; Let\u2019s take for example the <a href=\"https:\/\/en.wikipedia.org\/wiki\/Stuxnet\">Stuxnet<\/a> attack, where some state actor attacked Iran\u2019s nuclear weapons facility.&nbsp; Should that attack have been prevented by these principles?&nbsp; To what end?&nbsp; Helping Iran gain an offensive nuclear capability?&nbsp; If the choice was a cyberattack against a military installation versus a physical attack, where people would surely die, I\u2019ll take the cyber attack any time.<\/p>\n\n\n\n<p>There is another big topic that isn\u2019t covered.&nbsp; Right now governments are all struggling with how to handle cross-border law enforcement.&nbsp; That is- if someone in Jurisdiction A hacks into or uses a computer in Jurisdiction B to attack a person in a third Jurisdiction C,&nbsp; who can reasonably ask Jurisdiction B for the data?&nbsp; This is a massive topic that the Council of Europe has been attempting to address for years.&nbsp; These are knotty issues, because of the limitations on the powers of each country relating to search and seizure.<br><\/p>\n\n\n\n<p>In short, while this is nice text, it doesn&#8217;t seem to me to accomplish much on its own.&nbsp; <\/p>\n\n\n\n<p>It does seem to be a slap at Russia and China, two&nbsp; notably absent countries.&nbsp; Three other notably absent countries are the U.S., Israel, and Iran.&nbsp; Coincidence?&nbsp; I think not.<br><\/p>\n\n\n\n<hr>\n\n\n\n<p><sup><em>*<\/em><\/sup><em>The views of my employer surely vary from my own today.<\/em><br><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The accord and Macron\u2019s words are a bit &#8220;aspirational&#8221;.<\/p>\n","protected":false},"author":172,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2327","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/2327","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/users\/172"}],"replies":[{"embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2327"}],"version-history":[{"count":2,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/2327\/revisions"}],"predecessor-version":[{"id":2329,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/2327\/revisions\/2329"}],"wp:attachment":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2327"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2327"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2327"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}