London Conference reveals 'fault lines' in global cyberspace and cybersecurity governance

The recently completed London Conference on Cyberspace -- a major event attended by participants from more than 60 countries and hosted by the U.K. government -- sought to advance an agenda to guide creation of a global, secure, resilient, and open cyberspace. But according to an Indiana University Maurer School of Law cybersecurity expert, the meeting revealed deep differences that make effective international cooperation on cyberspace and cybersecurity increasingly difficult.

"The gap between the interest the conference garnered and the outcome of its deliberations provides a clue that global cyberspace governance is in trouble," said David P. Fidler, the James Louis Calamaras Professor of Law and a fellow at the IU Center for Applied Cybersecurity Research. "The conference highlighted the fundamental lack of agreement that exists on cyberspace governance and how to improve security in cyberspace. Diplomatic protocol papered over the rift between the 'Internet liberty' conception of cyberspace embraced by leading democracies and the 'Internet sovereignty' perspective favored by China and other countries."

Both views consider cyberspace an enabling environment for economic and social activity, Fidler observed, but economic behavior in cyberspace operates within larger ideological frameworks that shape commercial interactions and channel their political consequences. The conference's proceedings hit many themes that have been around for years without grappling with the underlying and political problems associated with deep disagreements about the nature of cyberspace governance.

"In terms of cybersecurity, the conference delegates apparently expressed great concern about security problems, such as cybercrime and state-sponsored cyberattacks, but showed little to no enthusiasm for new governance strategies to tackle these problems," Fidler said. "Cybersecurity is deteriorating, in part, because existing approaches are not working, so the lack of appetite for anything more than continued dialogue on the basis of long-standing principles reveals no serious meeting of the minds among the leading players on how to tackle cybercrime more effectively or address state interest in exploiting the espionage and military possibilities of cyber technologies."

According to the U.K. foreign minister, William Hague, the conference deliberations produced general support for the Council of Europe's Convention on Cybercrime, Fidler noted, a treaty that has not attracted widespread ratification and does not have the support of important countries, such as China and Russia, often associated with the rapid global growth in cybercrime activities. The likelihood that these countries will join this treaty diminishes the more they are accused of being unwilling or unable to address cybercrime or of participating in economic cyberespionage on a large scale.

"Regarding international security, conference support for countries to comply with their international legal obligations avoids uncertainties about what these obligations mean in cyberspace, disagreements about what these duties require for cybersecurity, and -- in the case of cyber-espionage -- the lack of any serious international legal constraints," Fidler said.

"The U.K. government intends the London conference to be the start of an ongoing diplomatic project to improve international cooperation on cyberspace and cybersecurity, so it marks the beginning of a process that, eventually, will have to get beyond diplomatic platitudes and enigmatic support for principles and strategies rife with controversy about their legitimacy and effectiveness," Fidler concluded.