Joe Biden, Cyberspace, and International Law

Secretary of State Hillary Clinton had to cancel her visit to London today for the much-hyped cybersecurity conference, which was designed to push back against Russian and Chinese proposals for an “International Code of Conduct for Information Security.”  The Russian/Chinese proposal (co-authored with Uzbekistan and Tajikistan) is widely undestood as part of an effort to (1) move Internet governance away from the existing US-dominated public-private partnership to the ITU and (2) develop a global treaty on cybersecurity that will reinforce national sovereignty over all behavior in cyberspace (including speech and communication deemed de-stabilizing as much if not more than the cyberattacks or cyberespionage).

In Clinton’s absence, U.S. Vice President Joe Biden gave a speech via video, which summarized the current U.S. position. Here are a few of the more salient excerpts:

We know that it will take many years and patient and persistent engagement with people around the world to build a consensus around cyberspace, but there are no shortcuts because what citizens do online should not, as some have suggested, be decreed solely by groups of governments making decisions for them somewhere on high.  No citizen of any country should be subject to a repressive global code when they send an email or post a comment to a news article. . . .

Now, there are some who have a different view, as you all know.  They seek an international legal instrument that would lead to exclusive government control over Internet resources, institutions and content and national barriers on the free flow of information online.  But this, in our view, would lead to a fragmented Internet, one that does not connect people but divides them; a stagnant cyberspace, not an innovative one, and ultimately a less secure cyberspace with less trust among nations.

So the United States stands behind the current approach which harnesses the best of governments and private sector and civil society to manage the technical evolution of the Internet in real time.  This public-private collaboration has kept the Internet up and running all over the world. . . .

And this brings me to the second question that I’d like to address today, how to achieve both security and openness in cyberspace.  As we all know, the openness that makes the Internet a force for unprecedented progress can also enable wrongdoing on a vast scale.  Terrorists use the Internet to recruit operatives and plot attacks.  Human traffickers and child pornographers use the Internet to find and exploit victims.  And sensitive information is stolen every day from both governments and businesses by criminal networks, as well as individuals, and even by other nation states.  And we all face the threat that our critical infrastructure will be compromised by a cyberattack. It’s a real threat. . . .

We’re working with other nations to fight transnational crime, including by helping other nations build their law enforcement capacities.  We’ve ratified and we strongly promote the Budapest Cybercrime Convention, which sets out the steps countries must take to reduce cybercrime while still protecting human rights.  And as you might expect, we remain committed to fighting international terrorism and thwarting terrorist attacks that are planned and launched on the Internet.

We can and we must do all of this without resorting to a false solution that rationalizes government takeover of the Internet.  There’s no question in our view that every nation must protect its citizens against crime and attacks online, as well as off.  But we must do it in a manner that’s consistent with our shared values.

And this brings me to the concept that is absolutely fundamental in our view to any conversation about the future of cyberspace:  Existing principles of international law apply online, just as they do offline, in our view.

Yes, the Internet represents and presents new challenges, but to resolve them we don’t need to start from scratch.  International law principles are not suspended in cyberspace.  They apply there with equal force and equal urgency.

Take, for example, the threat of cyberspace conflict between states.  For more than a century, the global communities worked to develop rules that govern conflicts among nations, including concepts of proportionality, and distinction between combatants and civilians.  And we’ve developed diplomatic methods that countries can take together to prevent war, respond to attack and build trust with one another.   So while cyberspace is a new realm, we have many, many years of hard-won understandings to guide us in this new space.

Of course, cyberspace presents challenges that are different from any we’ve faced before, and it raises new questions.  It forces us to come up with new approaches where old ones no longer suffice.  Consider confidence-building measures.  It’s a great deal harder to assess another nation’s cyber-capabilities than to count their tanks, for example.  The technology is dual-use.  Governments don’t have a monopoly on it, and we can’t — you can’t judge the intentions of another country by looking at its force — like by looking at its force posture.  So it’s a challenge to identify effective, confidence-building measures in cyberspace.  We’ve got to find a way.

For example, the United States is working closely with Russia to reach an agreement that would establish links between our computer emergency response teams and our nuclear risk reduction centers to build cooperation and to set up lines of communication in the event of an alarming incident. . . .

The tactic of evoking security as a justification for harsh crackdowns on freedom is not new in the digital age.  But it has new resonance as the Internet has given governments new capacities for tracking and punishing human rights advocates and political dissidents.  In some places, as you all know, bloggers are imprisoned and abused for criticizing the government.  In others, there is widespread censorship of content that government deems politically unacceptable.

Look, folks, again, no surprise, the United States — and I suspect most of you, I hope — stand against these acts and for Internet freedom.  The rights of individuals to express their views and petition their leaders, practice their religion, assemble with their fellow citizens online we believe must be protected.  These rights are universal whether they’re exercised in the town square or on a Twitter stream.  They’re enshrined in the Universal Declaration of Human Rights, which applies to cyberspace just as surely as it does to every corner of every country on Earth.