Merkel and Macron Call for Joint Cybersecurity Effort

Sarah Lohmann

Dr. Sarah Lohmann is Non-Resident Fellow with the American Institute for Contemporary German Studies at Johns Hopkins University. Dr. Lohmann is an Acting Assistant Professor in the Henry M. Jackson School for International Studies and a Visiting Professor at the U.S. Army War College. Her current teaching and research focus is on cyber and energy security and NATO policy, and she is currently a co-lead for a NATO project on “Energy Security in an Era of Hybrid Warfare”. She joins the Jackson School from UW’s Communications Leadership faculty, where she teaches on emerging technology, big data and disinformation. Previously, she served as the Senior Cyber Fellow with the American Institute for Contemporary German Studies at Johns Hopkins University, where she managed projects which aimed to increase agreement between Germany and the United States on improving cybersecurity and creating cybernorms.

Starting in 2010, Dr. Lohmann served as a university instructor at the Universität der Bundeswehr in Munich, where she taught cybersecurity policy, international human rights, and political science. She achieved her doctorate in political science there in 2013, when she became a senior researcher working for the political science department.

Prior to her tenure at the Universität der Bundeswehr, Dr. Lohmann was a press spokeswoman for the U.S. Department of State for human rights as well as for the Bureau of Near Eastern Affairs (MEPI). Before her government service, she was a journalist and Fulbright scholar. She has been published in multiple books, including a handbook on digital transformation, Redesigning Organizations: Concepts for the Connected Society (Springer, 2020), and has written over a thousand articles in international press outlets.

AGI signs multi-stakeholder accord

The American-German Institute joined dozens of other civil society organizations and leading U.S. tech companies Monday as an early supporter of the Paris Call for Trust and Security in Cyberspace. The call, a three-page cybersecurity accord to advance democracy on the Internet and to hold bad actors accountable, was jointly worked on by the German Foreign Office and the French Foreign Office, among others, and also signed by the governments of 51 countries across Europe, North and South America, the Middle East, and Africa. The plan was unveiled by French president Emmanuel Macron Monday at the Internet Governance Forum (IGF) in the presence of government delegations and NGO and tech leaders from around the world. The initiative calls on its signatories to affirm “the applicability of international human rights law in cyberspace,” and for the government, civil society, and the private sector to work together to improve cybersecurity.

The initiative calls on its signatories to affirm “the applicability of international human rights law in cyberspace,” and for the government, civil society, and the private sector to work together to improve cybersecurity.

AGI, which was invited to become active in the initiative during the drafting process, plans to continue to work with the German government and U.S. tech companies to promote the application of international law to cyberspace. The IGF will be hosted in Berlin, Germany, next year, and parliamentarians already met for talks in Paris this week to discuss further plans for the initiative. A large German delegation from the foreign, interior, and economic ministries attended the Forum to support the initiative. Speaking at the United Nations Educational, Scientific, and Cultural Organization (UNESCO), where the IGF is being hosted this week, President Macron proposed that the IGF, which was already formed in 2006, should push decisions, and not just be another UN-affiliated conference.

To give wings to the cyber accord policies unveiled at the IGF, the Paris Peace Forum, which is meeting simultaneously this week with many of the same government and NGO participants, initiated governance projects to ensure new technologies promote democracy and fair elections. The projects also work toward coordination of policy standards on the Internet.

The strength of the cyber accord lies not only in its multi-stakeholder approach, but the consensus of the accord’s signatories to want to hold bad actors accountable. According to the accord, these include: “foreign actors aimed at undermining electoral processes through malicious cyber activities,” those “perpetrating intellectual property violations on the Internet,” and non-state actors who hack.

The road ahead for the signatories of the Paris Call is long. Which accountability mechanisms should be used against cybercriminals, infringers of intellectual property rights, or election disruptors has long provided fertile ground for disagreement among governments. The Call asks private sector actors to improve trust and stability in cyberspace during a time when private users are increasingly looking to regulators to keep the same actors at arms’ length. And though developing countries across Africa signed the accord, some of the actors who may need the most regulation, like China and Russia, remain expectantly absent.

The Call asks private sector actors to improve trust and stability in cyberspace during a time when private users are increasingly looking to regulators to keep the same actors at arms’ length.

The idea of cooperating to strengthen cybersecurity is also not new. The Budapest Convention on Cybercrime, the first international treaty that harmonized national and international law on cybercrime, was created in 2001 by the Council of Europe with 56 signatories and went into effect in 2004. The United Nations also made gains in agreement between states over the last decade in recommending non-binding norms and the application of the UN Charter to cyberspace.

The Paris Call does not reinvent the wheel on international norms. Both the Budapest Convention and the UN Charter serve as foundations for the accord. But the efforts by states, such as those undertaken by the United Nations Group of Group of Governmental Experts on Developments in the Field of Information and Telecommunications (UN GGE), started floundering last year due to lack of consensus. The Paris Call was also supposed to jumpstart the stale conference-like nature of the IGF and turn it into a launching pad for innovation by linking it with the Paris Peace Forum projects. The drafters wanted to give the accord the legitimacy of the binding nature of a government document by having a level of consensus across governments, while allowing the private sector actors who are on the front of innovation to sit at the table.

At the same time, the Call’s drafters recognized that such an accord remains decorative only if civil society does not join the effort to ensure that the public stands behind the effort and is likewise also protected from malicious actors. The diverse NGOs from Poland to Japan and the UAE have signed up to push “confidence-building measures in cyberspace,” together with government actors, “across national borders.” That requires disclosure of cyber vulnerabilities and recognizing that forging an isolationist course in the cyber realm—which is nonterritorial—is more dangerous than strengthening security with partners.

The Call’s drafters recognized that such an accord remains decorative only if civil society does not join the effort to ensure that the public stands behind the effort and is likewise also protected from malicious actors.

“Most of the challenges today cannot be solved by one nation alone, but together,” Chancellor Merkel said yesterday at the Paris Peace Forum, which followed the commemoration of the end of World War I 100 years ago.

“If isolation wasn’t the solution 100 years ago, how can it be today in such an interconnected world?” she said.

The signatories will have a half year to make progress on that joint course as they work toward common solutions before Berlin. For those who chose to be left outside of the fold for the first round, Paris may have better weather this time next year.