New America
Cybersecurity Initiative

Five Things You Need to Know About France’s New Cyber Norm Proposal

Blog Post
U.S. Air Force photo/ Tech. Sgt. Ryan Crane
By 

Justin Sherman

 and 

Robert Morgus

Nov. 13, 2018

Yesterday, at the Internet Governance Forum in Paris, the French government released its Call for Trust and Security in Cyberspace, essentially an international cyber norms agreement. In his speech rolling out the Paris Call, French President Emmanuel Macron highlighted the growing divide between the ways in which countries approach the internet and regulate it, noting that there are “two kinds of internet emerging: Californian cyberspace and Chinese cyberspace.” Macron also communicated the need for liberal democracies to “take charge” and regulate the internet in line with democratic values.

A short primer on the document and relevant context is broken into five points below.

1) France just released its Call for Trust and Security in Cyberspace.

“As the Internet has become central to daily life, cyberattacks have grown more frequent and destructive,” the opening of the document proclaims. “Only by acting together can we protect cyberspace.” You can read the full text here, but signatories essentially agree to:

  • increase prevention against and resilience to malicious online activity;
  • protect the accessibility and integrity of the Internet;
  • cooperate in order to prevent interference in electoral processes;
  • work together to combat intellectual property violations via the Internet;
  • prevent the proliferation of malicious online programmes and techniques;
  • improve the security of digital products and services as well as everybody’s “cyber hygiene”;
  • clamp down on online mercenary activities and offensive action by non-state actors;
  • work together to strengthen the relevant international standards.

2) The proposal is backed by over 50 countries, in addition to large tech companies like Microsoft and Facebook.

Every country in the EU has currently signed the document, in addition to major players like Canada. As for the companies: Cisco, Dell, Cloudflare, Panasonic, Oracle, and HP are just some of the dozens of private-sector supporters.

“The Paris Call is an important step on the path toward digital peace,” blogged Microsoft President Brad Smith, who has previously called for a “Digital Geneva Convention,” a proposal whose underlying principles bear striking similarities to the Paris Call.

Other organizations like Access Now have also endorsed the proposal, writing, in this case, that “the Paris Call will reinforce other efforts to improve protections for users and their rights.”

3) The US, China, and Russia finally agree on something… and have not backed the proposal.

Interestingly enough, the United States, China, and Russia—a trio of nations that almost never agree on cyber norms—have not signed the proposal. Other countries like Australia remain off the signatory list as well.

The reasons for not backing the proposal are likely different for each of these countries. On the one hand, the U.S. and allies hold steadfast that conventions or new laws are unnecessary because existing laws apply. On the other hand, the likes of China and Russia likely see something like this proposal as an affront on their digital sovereignty.

4) The proposal's substance is not particularly original.

China, Russia, and other authoritarians proposed a code of conduct for cyber and international security in 2011 to the United Nations General Assembly. They submitted a revised version in 2015. The UN’s Group of Governmental Experts on the topic, which has met 8 times, reached the consensus norm that international law for the offline world applies online. Most recently, a group of liberal-democratic countries proposed an updated resolution in the UN General Assembly on October 18, and an authoritarian coalition proposed their own resolution on October 22.

Nongovernmental organizations have also gotten in on the fun. In fact, a good deal of the agreement’s tenants (and much of the language, like a focus on the “public core” and “proliferation”) can be found in the Global Commission on the Stability of Cyberspace’s recent “Norms Package” and previous issue briefs.

This agreement hardly stands alone in its attempts to establish some sort of international code of conduct for cyberspace.

5) France’s proposal is timed with a series of recent or ongoing conversations about how to regulate—and build trust in—the global Internet.

The Internet Governance Forum in France, around which this proposal is centered, is currently ongoing—and is themed this year around an “Internet of Trust.” Also ongoing is the International Telecommunications Union (ITU)’s Plenipotentiary, a gathering of the government stakeholders with notable sway over the future of the global Internet. Finally, the 63rd meeting of ICANN—the organization which maintains addresses for the global Internet and manages protocols like the Domain Name System—took place at the end of October. All of these gatherings are shaping the future of the “rules” for the Internet, whether that means the technical code that routes traffic or the governance structures (laws, regulations, etc.) that shape how governments influence the network.

Ultimately, for some, this is seen as a symbolic a step on the road towards the creation of a Digital Geneva Convention, of sorts. Whether or not that actually represents a step in the right direction remains uncertain.

For more context on this proposal, see the New America reports “The Idealized Internet vs. Internet Realities” and “The Digital Deciders: How a Group of Often Overlooked Countries Could Hold the Keys to the Future of the Global Internet.”