WHY POLICING CYBERSPACE IS SO HARD

Cyberattacks that rip across the internet at light speed, election meddling and disinformation that tears at the fabric of democracy, the brazen theft of personal data and trade secrets – it’s the Wild West out there in cyberspace. This week, French President Emmanuel Macron called for an international agreement to bring some order to the electronic frontier.


The initiative condemns malicious cyber activities in peacetime and calls for governments to protect the basic functioning of the internet and work with the private sector to improve cybersecurity. But while more than 50 countries and dozens of private sector players signed up, some of the world’s biggest hacking powers – Russia, China, the US, and Israel, are so far absent from the list of signatories.

Here are three of the biggest reasons why establishing rules of the road in cyberspace is so difficult:

Blurred lines: They’re everywhere in cyberspace. Figuring out who launched an attack is hard when hackers from one country can launch viruses from servers in another. The boundaries between state-sponsored cyber operatives and criminal hackers are often fuzzy, giving governments plausible deniability when using these tools. Even more basic than that, there are many ways that governments can seek advantages in cyberspace short of what’s traditionally considered an act of war. Blowing up a power plant would clearly cross a line, but other disruptive activities like election meddling fall into a grey area. Blurred lines like this create space for governments to engage in mischief and make it hard to establish clear boundaries of acceptable behavior.

Cyber superpowers aren’t ready to relinquish their advantages: Some governments don’t want to be constrained by international agreements in cyberspace. Countries with more advanced cyber capabilities may calculate that the benefits they get from going on cyber offense (or even just the ability to threaten cyberattacks) outweigh the benefits they would receive from signing up to a pact that ties their hands. A seven-year UN effort to establish clear cyber norms ended in deadlock in 2017 after a handful of countries, including China and Russia, balked at a US-led attempt to get countries to agree on how international law should apply to the online realm. The US, which has recently staked out a new, more aggressive cyber strategy under President Trump and his national security adviser, John Bolton, is also reluctant to accept curbs on its ability to use hacking as a tool in the national arsenal.

Cyber conflict isn’t (yet) terribly lethal. Around 20 million people died in the First World War before the armistice signed 100 years ago this week. Four times as many died during World War II. In the aftermath of that carnage, the world came together to establish the modern Geneva Conventions to protect civilians during armed conflict and prosecute war crimes. In the 30 years that malware has been around, it has yet to produce a single, verifiable fatality. That day may be coming – there’s little doubt that a cyberattack that knocked out a hospital, power plant, or a city’s water system could cause a potentially significant loss of life. But as long as the main costs of cyber conflict are counted in dollars, and not in blood, it’s going to be hard to generate a consensus on the need for change.

 

Last week, in Fulton, WI, together with election officials from the state of Wisconsin and the election technology company VotingWorks, Microsoft piloted ElectionGuard in an actual election for the first time.

As voters in Fulton cast ballots in a primary election for Wisconsin Supreme Court candidates, the official count was tallied using paper ballots as usual. However, ElectionGuard also provided an encrypted digital tally of the vote that enabled voters to confirm their votes have been counted and not altered. The pilot is one step in a deliberate and careful process to get ElectionGuard right before it's used more broadly across the country.

Read more about the process at Microsoft On The Issues.

The risk of a major technology blow-up between the US and Europe is growing. A few weeks ago, we wrote about how the European Union wanted to boost its "technological sovereignty" by tightening its oversight of Big Tech and promoting its own alternatives to big US and Chinese firms in areas like cloud computing and artificial intelligence.

Last week, European Commission President Ursula von der Leyen and her top digital officials unveiled their first concrete proposals for regulating AI, and pledged to invest billions of euros to turn Europe into a data superpower.

More

Communal violence in Delhi: Over the past few days, India's capital city has seen its deadliest communal violence in decades. This week's surge in mob violence began as a standoff between protesters against a new citizenship law that critics say discriminates against India's Muslims and the law's Hindu nationalist defenders. Clashes between Hindu and Muslim mobs in majority-Muslim neighborhoods in northeast Delhi have killed at least 11 people, both Muslim and Hindu, since Sunday. We're watching to see how Prime Minister Narendra Modi's government responds – Delhi's police force reports to federal, rather than local, officials.

More

Ian Bremmer's perspective on what's happening in geopolitics:

What are the takeaways from President Trump's visit to India?

No trade deal, in part because Modi is less popular and he's less willing to focus on economic liberalization. It's about nationalism right now. Hard to get that done. But the India US defense relationship continues to get more robust. In part, those are concerns about China and Russia.

More

27,000: The Emir of Qatar has decreed a $27,000 fine and up to five years in prison for anyone who publishes, posts, or repost content that aims to "harm the national interest" or "stir up public opinion." No word on whether the Doha-based Al-Jazeera network, long a ferocious and incisive critic of other Arab governments, will be held to the same standard.

More