Merkel and Macron Call for Joint Cybersecurity Effort

AICGS signs multi-stakeholder accord

The American Institute for Contemporary German Studies joined dozens of other civil society organizations and leading U.S. tech companies Monday as an early supporter of the Paris Call for Trust and Security in Cyberspace. The call, a three-page cybersecurity accord to advance democracy on the Internet and to hold bad actors accountable, was jointly worked on by the German Foreign Office and the French Foreign Office, among others, and also signed by the governments of 51 countries across Europe, North and South America, the Middle East, and Africa. The plan was unveiled by French president Emmanuel Macron Monday at the Internet Governance Forum (IGF) in the presence of government delegations and NGO and tech leaders from around the world. The initiative calls on its signatories to affirm “the applicability of international human rights law in cyberspace,” and for the government, civil society, and the private sector to work together to improve cybersecurity.

The initiative calls on its signatories to affirm “the applicability of international human rights law in cyberspace,” and for the government, civil society, and the private sector to work together to improve cybersecurity.

AICGS, which was invited to become active in the initiative during the drafting process, plans to continue to work with the German government and U.S. tech companies to promote the application of international law to cyberspace. The IGF will be hosted in Berlin, Germany, next year, and parliamentarians already met for talks in Paris this week to discuss further plans for the initiative. A large German delegation from the foreign, interior, and economic ministries attended the Forum to support the initiative. Speaking at the United Nations Educational, Scientific, and Cultural Organization (UNESCO), where the IGF is being hosted this week, President Macron proposed that the IGF, which was already formed in 2006, should push decisions, and not just be another UN-affiliated conference.

To give wings to the cyber accord policies unveiled at the IGF, the Paris Peace Forum, which is meeting simultaneously this week with many of the same government and NGO participants, initiated governance projects to ensure new technologies promote democracy and fair elections. The projects also work toward coordination of policy standards on the Internet.

The strength of the cyber accord lies not only in its multi-stakeholder approach, but the consensus of the accord’s signatories to want to hold bad actors accountable. According to the accord, these include: “foreign actors aimed at undermining electoral processes through malicious cyber activities,” those “perpetrating intellectual property violations on the Internet,” and non-state actors who hack.

The road ahead for the signatories of the Paris Call is long. Which accountability mechanisms should be used against cybercriminals, infringers of intellectual property rights, or election disruptors has long provided fertile ground for disagreement among governments. The Call asks private sector actors to improve trust and stability in cyberspace during a time when private users are increasingly looking to regulators to keep the same actors at arms’ length. And though developing countries across Africa signed the accord, some of the actors who may need the most regulation, like China and Russia, remain expectantly absent.

The Call asks private sector actors to improve trust and stability in cyberspace during a time when private users are increasingly looking to regulators to keep the same actors at arms’ length.

The idea of cooperating to strengthen cybersecurity is also not new. The Budapest Convention on Cybercrime, the first international treaty that harmonized national and international law on cybercrime, was created in 2001 by the Council of Europe with 56 signatories and went into effect in 2004. The United Nations also made gains in agreement between states over the last decade in recommending non-binding norms and the application of the UN Charter to cyberspace.

The Paris Call does not reinvent the wheel on international norms. Both the Budapest Convention and the UN Charter serve as foundations for the accord. But the efforts by states, such as those undertaken by the United Nations Group of Group of Governmental Experts on Developments in the Field of Information and Telecommunications (UN GGE), started floundering last year due to lack of consensus. The Paris Call was also supposed to jumpstart the stale conference-like nature of the IGF and turn it into a launching pad for innovation by linking it with the Paris Peace Forum projects. The drafters wanted to give the accord the legitimacy of the binding nature of a government document by having a level of consensus across governments, while allowing the private sector actors who are on the front of innovation to sit at the table.

At the same time, the Call’s drafters recognized that such an accord remains decorative only if civil society does not join the effort to ensure that the public stands behind the effort and is likewise also protected from malicious actors. The diverse NGOs from Poland to Japan and the UAE have signed up to push “confidence-building measures in cyberspace,” together with government actors, “across national borders.” That requires disclosure of cyber vulnerabilities and recognizing that forging an isolationist course in the cyber realm—which is nonterritorial—is more dangerous than strengthening security with partners.

The Call’s drafters recognized that such an accord remains decorative only if civil society does not join the effort to ensure that the public stands behind the effort and is likewise also protected from malicious actors.

“Most of the challenges today cannot be solved by one nation alone, but together,” Chancellor Merkel said yesterday at the Paris Peace Forum, which followed the commemoration of the end of World War I 100 years ago.

“If isolation wasn’t the solution 100 years ago, how can it be today in such an interconnected world?” she said.

The signatories will have a half year to make progress on that joint course as they work toward common solutions before Berlin. For those who chose to be left outside of the fold for the first round, Paris may have better weather this time next year.

The views expressed are those of the author(s) alone. They do not necessarily reflect the views of the American Institute for Contemporary German Studies.
Sarah Lohmann

Sarah Lohmann

AICGS Senior Cyber Fellow

Dr. Sarah Lohmann is AICGS' Senior Cyber Fellow based in Germany. She coordinates the Institute's cyber projects, including the Transatlantic Cyber Partnership--which brings together U.S. and German policymakers from government, the military, the tech sector, and academia--to cooperate on cyber policy. Dr. Lohmann is an expert in the field of international relations, human rights, and security policy. With over a decade of experience in government and in the classroom, she offers a unique perspective as a well-traveled practitioner and policymaker who also delights in academia.

Dr. Lohmann has served as a university instructor at the Universität der Bundeswehr since 2010. She achieved her doctorate in political science in 2013, when she became a senior researcher for the political science department. Prior to her tenure at the Universität der Bundeswehr, she was a press spokesman for the U.S. Department of State for the Bureau of Democracy, Human Rights and Labor, as well as for the Bureau of Near Eastern Affairs (MEPI). Before her government service, she was a journalist, and has traveled in over 30 countries worldwide. She has published one book and over a thousand articles in international press outlets, including The New York Times, The Wall Street Journal, and The Financial Times in Germany. She is a public speaker in international forums on issues of human rights, cyber security, and transatlantic relations.