In recent years, cybersecurity has become a top worldwide concern. As awareness of its alarming severity continues to grow in the European Union and the United States, countermeasures are being formulated via international efforts such as French President Emmanuel Macron’s Paris Call for Trust and Security in Cyberspace, which “will strive to develop universal rules to govern the internet and ensure cybersecurity.” This accord proposes collaboration on the creation of international cyber policies in two different channels—the public and private spheres. Some of the main agendas of these efforts will be centered around the prevention of interference in electoral processes, protection of intellectual property rights, and resilience to general malicious online activities. However, further examination of this dual-track system suggests that the accord can only be effectively implemented among the nations that share a barrier-free internet space. As for nations whose internet operates on a relatively exclusive basis with their own independent internet services, such as China and Russia, this intended international effort would not fulfill the purpose of universal collaboration and coordination of cybersecurity. Additionally, key international actors’ priorities do not necessarily align, and with this added challenge, it is questionable whether Macron’s proposal is capable of addressing the core issues of global cybersecurity.
It is true that Macron’s vision is designed to converge the three main actors in cyberspace—the states, the private sector (internet companies), and the public. This convergence is critical because cyber-capacity, which is the ability of both the public and private sectors to carry out cyber operations for economic or strategic interests, is often used to target both state enterprises and private users rather than being utilized solely in one dimension.
The simultaneous internet regulation of state and public spheres may be overly idealistic. With regards to the public sector, the Paris accord strives for “responsible State behavior” by regulating how governments can use cyber-tools to “spy on each other and threaten critical infrastructures such as power grids, air traffic control systems and core network functions of the internet.” In terms of the private sector, Macron also aims to touch on the commercial operations of private businesses by ensuring healthy competition in the online market with the protection of trade secrets and confidential business information. In most cases, the goals of the public and private sectors are highly compatible given the particular characteristic of the challenges. The integration of the two sectors has become a dominant trait of cyber offense strategies, obscuring the distinct boundaries of the spheres of operations and influence of the government and private actors.
Such a phenomenon should correspondingly shed some light on the collaboration of the public and private sphere when it comes to the establishment and consolidation of a cyber defense system. Such public-private integration is only viable in the Western context because of a shared cross-border network, while almost impossible for some major actors in international cyberspace.
In Russia’s case, there is significant segregation between governmental cyber operations and public cyber activities. On one hand, the Russian state has been pursuing international initiatives and actively using cyberspace to shape the process of globalization. The country has been engaged in efforts to penetrate a substantial number of international organizations and foreign cyber infrastructures. On the other hand, its public cyberspace back home is extremely domestically exclusive, and so is difficult for foreign influence to penetrate because of the censorship carried out by the Russian government. Russian internal internet is strictly controlled by Russian state surveillance. Moreover, instead of using shared search engines such as Google, Russia has its own equivalent, Yandex; Russian internet companies and social media platforms answer to the same domestic protocols instead of the international norms.
With Russia’s strict internet regulations and its own independent internet services, the Russian public sphere is beyond the reach of the international community. Although Macron aims to create a global network in which all states have equal responsibilities and are all subject to the same international regulations, these traits of the Russian internet create an asymmetric scenario. While Russia is capable of targeting both foreign state enterprise and influencing international private users simultaneously, Western states do not have access or means to directly exert influence on the Russian online communities. While it is possible to combat Russian cyber attacks on the level of strategic defense of national security, Macron’s vision of the collaboration among “governments, the private sector and civil society” is unlikely to be carried out because of this asymmetric nature of cyber relations with Russia.
Macron’s call for collaborative efforts by private internet companies and the governments is also made unsure in the case of the United States. While multiple American companies such as Microsoft, Facebook, and Google endorsed the Paris Call for Trust and Security in Cyberspace, the United States government disagrees with the accord. This opposition might be a continuation of President Donald Trump’s “America First” principle, which aims to formulate policies independent from the international government and solely based on the interests of the United States. The example of the United States not only demonstrates a divergence in the decisions of the American government and private industry but also jeopardizes Macron’s expectation for “multilateral international efforts.” We can see firstly in this case that, the visions of private industries and state actors may not align, and secondly, the interests of great powers do not necessarily always match. These two levels of divergence destabilize the two pillars of the Paris Call: integration of state and private sectors and unification of international policies.
The Paris Call is, however, a necessary step in treating internet security more seriously. With most of NATO and a great number of Western internet companies rallied behind France’s cybersecurity efforts, internet regulations would be drastically unified and improved. It is also important to point out that the divergence between the US standpoint and the European vision on cybersecurity is unique from their other differences. The “America First” doctrine mainly aims to distance itself from traditional collaborations with Western Europe, such as in the realms of economic interdependence (US-EU trade relations) and commitment to international institutions like NATO. Such estrangements are about overturning the interactive geopolitical dynamics established in the past. However, this new divergence on cyberspace signifies separate paths in the future regarding the newly-emerged and rapidly-evolving sectors in the world beyond the historical alliances. The similar pattern is also proved by the United States’ withdrawal from the 2015 Paris Agreement on climate change mitigation. Considering the broader implications of the United States’ absence at the Paris Call for Trust and Security in Cyberspace, one can draw predictions based on not only the deconstruction of traditional collaborations stemming from past norms but also impending disagreements, if not oppositions, when it comes to shaping the global future.
Valerie Zhu is a second-year student, double majoring in Political Science and Near Eastern Languages and Civilizations. Currently serving as the Chief Coordinator of The Peacebuilding Project at UChicago, she is interested in global conflict resolution and spent the past summer in Jerusalem studying the narratives and the issues of coexistence inside the Israeli-Palestinian conflict.