Microsoft, Facebook and Google are among some 100 companies and 51 governments to sign the "Paris Call for Trust and Security in Cyberspace,” a non-binding agreement to limit cyber attacks and repel attackers worldwide.
U.S. President Donald Trump declined to sign the agreement. Australia, China, Iran, Israel, North Korea, Russia, Saudi Arabia and Turkey also refused to endorse the proclamation.
French President Emmanuel Macron announced the agreement at the Paris Peace Forum at UNESCO headquarters in Paris on November 12, 2018. Signers include all 28 members of the European Union and 27 of the 29 NATO members as well as the governments of Columbia, Japan, Mexico, New Zealand and South Korea. A total of 370 governments, businesses and organizations, including 100 non-profits and citizens’ groups, are listed as signatories. No international legislation has been attached to the agreement.
For and Against
Affirmations came in from consultant Accenture and technology giants Cisco, Ericsson, Fujitsu, Hitachi, HP, IBM, Intel, Salesforce, Samsung and SAP. Financial services companies such as Citigroup, Mastercard, Visa, Deutsche Bank and corporations Nestle, Lufthansa and Schneider Electric are among the 200 companies and business associations to sign the pact. Of note, Moscow-based Kaspersky Lab, which has been accused by the U.S. of colluding with its native government, signed on.
Among the governments that did not sign, the U.S. and Australia are two of the five members of the Five Eyes intelligence sharing network. The remaining members -- Canada, the U.K. and New Zealand -- all inked the statement.
“The Paris Call is an important step on the path toward digital peace, creating a stronger foundation for progress ahead,” wrote Microsoft president Brad Smith, in a blog post. “While the tech sector has the first and highest responsibility to protect this technology and the people who rely upon it, this is an issue that requires that governments, companies and civil society come together. That is the only effective way to protect people from what at times have become military-grade cybersecurity threats.”
The signers agreed to collaborate with one another to prevent cyber attacks, safeguard the internet, protect electoral processes from hackers, prevent intellectual property theft and other measures. Here’s their to-do list:
- Prevent and recover from malicious cyber activities that threaten or cause significant, indiscriminate or systemic harm to individuals and critical infrastructure.
- Prevent activity that intentionally and substantially damages the general availability or integrity of the public core of the Internet.
- Strengthen our capacity to prevent malign interference by foreign actors aimed at undermining electoral processes through malicious cyber activities.
- Prevent ICT-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sector.
- Develop ways to prevent the proliferation of malicious ICT tools and practices intended to cause harm.
- Strengthen the security of digital processes, products and services, throughout their lifecycle and supply chain.
- Support efforts to strengthen an advanced cyber hygiene for all actors.
- Take steps to prevent non-State actors, including the private sector, from hacking-back, for their own purposes or those of other non-State actors.
- Promote the widespread acceptance and implementation of international norms of responsible behavior as well as confidence-building measures in cyberspace.
The signers agreed to meet again at the Paris Peace Forum in 2019 and at the Internet Governance Forum in Berlin in 2019 to gauge their progress.