New Frontiers in CyberSpace Regulation: What’s Next?
di Laura Candiani
Early last week, the inaugural conference Responsible Behaviour in Cyberspace: Novel Horizons took place in the beautiful city of The Hague. The three-day event was organized by the ‘The Hague Program for Cyber Norms’, an academic research program that has the goal to be a platform for both academics and non-academics, practitioners and thinkers, in the studying, researching and developing of norms in cyberspace, with the collaboration of the University of Leiden of which it is a part.
Professors, researchers and leading personalities in both academia and private sector gathered together for discussing, analysing and suggesting which might be the future steps to take in regard for the regulation of cyber-space and the appropriate behaviour to keep when engaging in cyber-activities.
The feeling perceived throughout this conference, shared by both academics and private actors, has been the mutual willing of cooperation in the shaping of rules and guidelines that can promote good conduct in cyber-space. Jaya Baloo, Chief Information Security Officer at KPN increased our awareness of the fact that Internet is a common good: as we only have this planet Earth where we can live, at the same way we only have this one Internet in which we can operate; once we screw it up, there is nowhere else to go. In the NATO view, cyber-space in this century represents an operational domain for a State as much as does the air, the sea or the land.
The times where hackers were motivated by ideologies are far gone; now they are motivated by money and, very often, they are backed up by the tacit consent of governments and organizations. Nowadays, cyber-space is the playing (and, sometimes, the battle) field of many stakeholders with divergent interests: States, civil society and the private sector, with the last one very likely being the predominant part.
How far, then, should we allow politicians to go when it comes to regulating cyber-space? Differently from what happens in other fields, the digital world might actually need the legitimization of a multiple-stakeholder approach: industry and private sector might be the biggest allies in promoting the stability of cyber-space. After all, any government is altruistic enough when it comes to being legally bound by norms that limit its powers when other States have already refused; especially in a field with such a great potential of exploitation as cyber-space.
But in a world where everybody spies and hacks everybody, is the will to this commitment really credible? Are all these talks about trying to regulate cyberspace from the same people that have their interests damaged if this normative system might happen real?
The biggest challenge we are facing is the fact that we have more questions than answers.
For instance, saying that some countries are ‘non-compliant’ might not be entirely fair for the simple reason that there is no agreed definition or parameters yet on what being compliant means. In addition, every actor involved in the discussion about norms in cyber-space has an abstract idea about the role that the counterpart should have but, when it comes to the how, it has no practical solutions.
Many of these challenges are political in nature: it will never be sure how States will respond, how they will decide that something is attributable or according to which conditions something will be considered being compliant.
Even if to the majority it does not seem useful, we need the discussion about cyberspace regulation to go forward. We need engagement, awareness and the improvement of long-term protective measures. And this will only be possible with the development of cyber-norms.
During the second day, in the stunning surrounding of the Peace Palace, took place the event organized by Microsoft and led by Brad Smith, Microsoft’s global President and Chief Legal Officer. In his keynote speech, Smith strongly advocated the need for a digital peace. In a world, like the one we are living in today, in which both governments and individuals are capable of destroying organizations and putting citizens’ lives in danger and where attacks started in the virtual space may have direct consequences in the physical world (do WannaCry and NotPetya ring any bell?), we all must demand the creation of a regulatory system.
As Smith pointed out, the one hundred years’ anniversary of the end of the First World War this November is a useful reminder of a situation in which nobody believed it was possible to be in: a war of men against ‘’machines’’. As everybody knows, the rapid technological progress for which no one at that time was prepared was sadly the feature of WWI.
Nowadays, it might be said that history is repeating itself: only a small part of the world, in fact, actually believe that cyber-war is a possibility and that we really need strong regulation of cyberspace to avoid potential catastrophic consequences. Probably, not everybody is aware yet that in the UK the WannaCry ransomware massively affected many hospitals, with very serious and potentially deadly implications for patients. Even if someone does not believe in the uprising of cyber-wars, these kinds of events should be a valid reason to want at least some form of regulation of the digital world.
The future of cyber-space and cyber-security is in everybody’s hands. Be involved, do your part. One day not so far away, your physical future will depend from this digital present.