Progress Reports from the Cyber Norms 2.0 Workshop

As Peter’s post yesterday noted, there’s a growing push to fundamentally re-align cyberspace governance via amendments to the ITU Regulations, which are set to be negotiated in December in Dubai.  I’m not sure that the ITU is up to the task.  But I do agree that the time is ripe for States and other stakeholders to agree on first principles or “norms” for cyberspace (note:  although many think cybernorms need to come in the form of a treaty, I’m not sure that is a practical, let alone a good, idea — to me, it seems like a first step would be to agree on the norms and then those doing the agreeing can figure out what vehicle best serves their distribution).

In academic and non-academic circles alike, there’s been a rash of attention to the question of norms and rules for cyberspace. Last month, Harold Koh made headlines as part of a conference for government officials on cyberspace.  I was at a conference at Penn Law on Monday discussing the status of international law and ethics with respect to both cyberwar and cyber-attacks falling short of the war threshold.

For the last two years, moreover, I’ve been participating in the MIT/Harvard/Toronto Workshops on cyberspace organized by Ronald Deibert of the University of Toronto, Roger Hurwitz of MIT, and Joseph Nye of Harvard. The workshops are truly inter-disciplinary conversations among political scientists, technologists, lawyers, government officials, etc. all of whom have varying levels of expertise on cyber-related topics.  The workshops aim to produce White Papers that States and others may use in preparation for conferences like the one that will occur in Dubai in December.  The thinking is that, just as conversations between academics and government officials developed and improved norms for other forms of technological innovation (think nuclear deterrence theory), so too might academics and government officials work together to articulate a set of shared norms for cyberspace.

The White Papers from the most recent Cyber Norms 2.0 workshop (held at MIT in September) are now available here (last year’s inaugural work product is here).  I authored the report on the Laws of Armed Conflict, but interested readers should also check out the other six panel reports on topics ranging from assessments of Western and non-Western approaches to cyberspace to characterizations of cyber incidents.

I’m hopeful both that these sorts of “big thinking” workshops will continue in the months and years ahead and that over time these efforts might eventually assist in the (much needed) effort to find some common ground on how we want to think about cyberspace governance and what sorts of behavior we want to encourage and discourage there (an e-SOS anyone?).