The US Refusing To Sign 'The Paris Call' Is Not As Big A Deal As Everyone Is Making It Out To Be
from the this-is-a-pointless-document dept
On Monday, a bunch of countries and companies officially announced and signed “The Paris Call,” or more officially, “the Paris Call for Trust and Security in Cyberspace.” It’s getting a fair bit of press coverage, with a lot of that coverage playing up the decision of the US not to sign the agreement, even as all of the EU countries and most of the major tech companies, including Google, Facebook, Microsoft, Cisco and many many more signed on.
But, most of those news stories don’t actually explain what’s in the agreement, beyond vague hand-waving around “creating international norms” concerning “cyberspace.” And the reports have been all over the place. Some talk about preventing election hacking while others talk about fighting both “online censorship and hate speech.” Of course, that’s fascinating, because most of the ways that countries (especially in the EU) have gone about fighting “hate speech” is through outright censorship. So I’m not quite sure how they propose to fight both of those at the same time…
Indeed, if the Paris Call really did require such silly contradictory things it would be good not to sign it. But, the reality is that it’s good not to sign it because it appears to be a mostly meaningless document of fluff. You can read the whole thing here, where it seems to just include a bunch of silly platitudes that most people already agree with and mean next to nothing. For example:
We reaffirm our support to an open, secure, stable, accessible and peaceful cyberspace, which has become an integral component of life in all its social, economic, cultural and political aspects.
We also reaffirm that international law, including the United Nations Charter in its entirety, international humanitarian law and customary international law is applicable to the use of information and communication technologies (ICT) by States.
I mean, great. But so what? The “measures” the agreement seeks to implement are almost equally as meaningless. Here’s the entire list:
- Prevent and recover from malicious cyber activities that threaten or cause significant, indiscriminate or systemic harm to individuals and critical infrastructure;
- Prevent activity that intentionally and substantially damages the general availability or integrity of the public core of the Internet;
- Strengthen our capacity to prevent malign interference by foreign actors aimed at undermining electoral processes through malicious cyber activities;
- Prevent ICT-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sector;
- Develop ways to prevent the proliferation of malicious ICT tools and practices intended to cause harm;
- Strengthen the security of digital processes, products and services, throughout their lifecycle and supply chain;
- Support efforts to strengthen an advanced cyber hygiene for all actors;
- Take steps to prevent non-State actors, including the private sector, from hacking-back, for their own purposes or those of other non-State actors;
- Promote the widespread acceptance and implementation of international norms of responsible behavior as well as confidence-building measures in cyberspace.
I mean, sure? Some of that is meaningless. Some of that is silly. Some of it is obvious. But none of it actually matters because it’s not binding. Could this lead to something that matters? Perhaps. But it seems silly to condemn the US for failing to sign onto a meaningless document of platitudes and meaningless fluff, rather than anything substantial. There’s no problem with those who did choose to sign on, but it’s hard to see how this is a meaningful document, rather than just an agreement among signatories to make them all feel like they’ve done something.