In South Korea US Secretary of State John Kerry gave a speech on cyber security and international law earlier this week. Some quotes…
“As I’ve mentioned, the basic rules of international law apply in cyberspace. Acts of aggression are not permissible.”
“First, no country should conduct or knowingly support online activity that intentionally damages or impedes the use of another country’s critical infrastructure. Second, no country should seek either to prevent emergency teams from responding to a cybersecurity incident, or allow its own teams to cause harm. Third, no country should conduct or support cyber-enabled theft of intellectual property, trade secrets, or other confidential business information for commercial gain. Fourth, every country should mitigate malicious cyber activity emanating from its soil, and they should do so in a transparent, accountable and cooperative way. And fifth, every country should do what it can to help states that are victimized by a cyberattack.”
The obvious question is: Does that include the NSA?
Is the alleged NSA attack on the SWIFT bank transfer system a “malicious cyber activity”?
What about all the mischief documented in NSA:s own Powerpoint presentations, revealed to the world by Edward Snowden? Does that count as “malicious cyber activity”?
Might the British GCHQ:s attack on Belgacom and the EU institutions be considered as a “malicious cyber activity”?
The Swedish government (Swedens FRA is a very close partner with NSA and GCHQ) has proposed that Swedish military should be allowed to conduct “active” surveillance — i.e. cyber attacks. (The Snowden files have reviled that Swedish FRA already are involved in such activities, in cooperation with GCHQ. So this is just about adjusting the law to what is actually going on.) Would that count as “malicious cyber activity”?
When John Kerry calls for international rules — would they apply to all countries?
Probably not.
/ HAX
Link: Kerry: Internet ‘Needs Rules to Be Able to Flourish and Work Properly’ »
No comments yet.