China and the EU take control of the global cyber-agenda



[ad_1]

This story is published in a content partnership with POLITICO. It was reported by Eric Geller on politico.com on July 22, 2018.

The United States is losing ground as the standard bearer of the Internet against aggressive European privacy standards and draconian vision of China for a tightly controlled Web. 19659003] The weakening of the US position comes as the European Union, filling a void left by years of lax US regulations, imposes data privacy requirements that companies like Facebook and Google must follow. At the same time, China is dictating corporate security practices with mandates that experts say will undermine global cybersecurity – with no major US backlash.

Result: Beijing and Brussels actually draft the rules that determine the future of the Internet. China's vision is spreading throughout the developing world and influencing similar laws in Vietnam, Tanzania and Nigeria.

Experts in cybernetics say that trends could slow the growth of the Internet, curb innovation and erect new trade barriers for US companies. And while these trends began before Donald Trump became president, his administration has not yet come up with a clear plan to refute one or the other of these agendas. "The United States can not afford to be sidelined." from 2011 to 2017, which is now with the World Commission on Cyberspace Stability. "Other countries act on the legislative plane and affect the United States … and the United States is on the wrong foot."

One of the results of this change is the erosion of American vision of the Internet that reigned for decades. "The American model seems both paralyzed and somewhat harmless, while Europeans and Chinese are progressing and, in many cases, are undermining the openness of the Internet," said Adam Segal, director of the Internet. e-strategy program of the Council on Foreign Relations. "The absence of US leadership is also hurting ordinary Americans by allowing the industry to block the adoption of strong protections against cyberattacks," said Democratic Senator Ron Wyden. (Oregon), one of the main congressional voices on issues of cybersecurity and technology.

"The US is failing cybersecurity because our Congress has been captured by companies that have managed to impose significant cyber standards." POLITICO in an email

For years, the United States vehemently opposed when China and other authoritarian regimes tried to co-opt on international sites to advance their cyber-agendas. In 2015, China, Russia, Kazakhstan, Kyrgyzstan, Tajikistan and Uzbekistan introduced a "code of conduct for information security", which would have codified their vision of content regulation, but work behind the scenes Western governments have stopped its momentum. The United States has blocked similar efforts in a United Nations technology commission. And in 2010, the United States helped prevent a vote from giving a role in the development of Internet policies to the International Telecommunication Union, which would have given [1945910] a more strong to authoritarian countries that often lose to the West in other contexts. 19659003] "In all bilateral and multilateral meetings to date, the United States has been" bipartisan "in opposing the authoritarian visions of cyberspace, said a former head of the State and Trade Department who worked for eight years on cybernetic issues, speaking frankly.

But the United States offered only a symbolic opposition to the cybersecurity law that China imposed last year, which requires among other things that companies operating in China provide the authorities with the source code of their software.

The United States has taken a much more modest approach to their own cybersecurity policy: in 2015, they pbaded a law on information sharing that gives companies legal immunity for sharing data about threats with the government. "To manage digital security risks, industry groups have praised these efforts, claiming that they influence policies around the world."

But beyond these piecemeal measures, the United States is not the only country in the world. have advanced no coherent vision of cybersecurity regulation to counter those of China and Europe.And Russia will soon try again with its "code of conduct" of cybersecurity – with vague language discouraging interference in the internal affairs of other states – at the United Nations General Assembly in September

The United States is at a disadvantage, China and others have ambitious plans, American diplomats are asking for only modest reforms. "If the American line is" to leave the status quo as it is ", it is always difficult," he said.

The leaders of the Chinese Communist Party see the cybersecurity "as a fundamental element of their governance model". Senior Associate at the Center for Strategic and International Studies. And President Xi Jinping is personally interested about it, beyond the way most world leaders approach the issue.

Meanwhile, Beijing's grip on domestic affairs confers it an advantage over the United States.

The result is China's cybersecurity law, which came into effect on June 1, 2017, creating vaguely defined inspection regimes for network operators and critical infrastructure owners. These companies must let Chinese officials test their equipment and software at all times. They must also store their data in China so that investigators can access it. A provision could allow Beijing to require business decryption keys, which would prohibit unbreakable encryption of applications like Signal.

But while the Chinese bureaucracy was preparing to enforce the law, Beijing was busy promoting its digital security controls. Overseas, focusing on developing countries that she hopes to join a coalition to counter the more open Internet agenda of the West.

In a digital extension of its One Belt One Road initiative, China has spent considerable sums to expand its Internet connectivity. countries. He donated computers to the governments of nearly three dozen countries, from Pakistan to Malawi, to the small island state of Tonga. Huawei, the Chinese telecom giant that the US authorities consider a cyber security risk, has installed security camera armies in the Kenyan cities of Nairobi and Mombasa as part of its "Safe City" initiative.

The cyber-experts suspect that the generosity of China is motivated by its strategic interest: Beijing wants to implant in the computer networks of these emerging countries. Evidence has sometimes emerged to support this view. In January, the French newspaper Le Monde reports that China spent years spying on the African Union, whose headquarters it built and donated to the international organization in 2012. Buried in the computer network "China's influence is unrivaled in terms of relations with developing countries and in terms of developing its relations, recently, with developed countries," the paper said. Ministry official. As a result, he said, "Chinese enterprises are basically the leader [and] have access to country systems."

The US government and US companies must also face a newly aggressive Europe on cyber issues. In August 2016, the EU adopted its first major cyber-law, which requires "essential service operators" that they "take appropriate and proportionate steps … to manage" their cyber-risks. The EU is now considering another law that would instruct its cyber agency, ENISA, to certify security products in EU member states.

These two laws will force US companies to change their security measures to comply, and the more they do it, experts say, the more the EU position becomes the norm. The same goes for the EU's general data protection regulation, which imposes stringent confidentiality and data disclosure requirements – including the threat of mbadive fines for companies that protect them. violent – and could compromise cybersecurity.

There is talk of introducing a competitor GDPR, according to press reports, but it may be too late – the European rule has actually reduced the ability of the United States to set standards protection of privacy at a lower level. "If you are a business," said the former head of the State Department, "you must adhere to the stricter standard."

The question for the United States is to know whether to give up the voluntary approach to adopt more regulations reflecting a clear American vision. Many experts have said that the American tradition of letting the private sector shape the debate has undermined the country 's position on a global scale.

Other countries looked around and said, "All right, that does not really seem to accomplish much. Segal said

One option would be to follow China and the EU by pbading a huge national law on cybercrime – if it took a little bit of relief but still imposed rules, and if the United States could demonstrate that they were improving security, other countries would take note of it, but as recent history shows, such a law would have a hard time to be pbaded by Congress.

James Lewis, cyber expert at CSIS, said that the United States was the only country where extreme government mistrust prevented cybercriminals. "That's not how it works in the rest of the world ", he said," and I say it for both democracies and dictatorships. This overwhelming agony we have about government is not reflected anywhere else on the planet.

Industry leaders say regulations are not the answer. Chris Boyer, Assistant Vice President of Public Policy at AT & T, said the best "opportunity for the US to conduct this conversation proactively" is voluntary standards.

But many security experts say that is not enough. "These volunteer cadres," said Mr. Segal, "have not really improved the security of the United States."

Regardless of how the United States progresses, the experts said that they should engage more aggressively in the international debate. "We should try to provide a clear roadmap of the type of approach that we want to see adopted by other countries," said the former state official. "Silence simply gives way to other viewpoints and other approaches with which we fundamentally disagree."

A sustained commitment will require a strategy on the part of the Trump administration. For now, said the former official, US diplomats attending these meetings "say nothing" and "are irrelevant."

The void of the e-government leadership exacerbated the problem. National Security Advisor John Bolton eliminated the role of cyber coordinator of the White House, the central figure overseeing all US cyber activities, and former Secretary of State Rex Tillerson nixed ]. Assistant Deputy Secretary of State Rob Strayer now manages cyber-diplomacy, although a bill to elevate his office is close to the pbadage

The Department The state has not put Strayer to "The degradation or removal of some roles is extremely important," said Josh Kallmer, senior vice president of global politics at the Council of the Industry. information technologies. He said his meetings with administration officials often involved "trying to reverse these things."

The battle is not over yet, and China's agenda is still facing obstacles. On the one hand, although its cyber-law is technically in place, many of its provisions have not yet been enacted and regulators are competing for implementation. In addition, Chinese companies that want to dominate global markets are pushing Beijing's attempt to balkanize the Internet.

"There are internal stresses in the Chinese system that will verify some of the most alarming parts of this vision," Sacks said.

But even so, China is making a greater effort than the United States, and the EU is not far behind. "For the first time," said the former head of the State Department, "many, many, many countries … are much more influential than the United States."

Lewis, reflecting his recent conversations in Europe and Asia, was pessimistic. "The Internet will be regulated, and it will be regulated from Brussels and Beijing," he said. "We are a little out of that, because we do not have a good counter."

https://www.politico.com/story/2018/07/22/china-europeglobal-cyber-agenda-us- internet-735083

[ad_2]
Source link