U.S. Does Not Sign France’s Cyberspace Security Agreement

At the UNESCO Internet Governance Forum, French president Emmanuel Macron issued an initiative to set international Internet procedures for cybersecurity, including revealing tech vulnerabilities. Fifty nations, 90 nonprofits and universities and 130 private corporations and groups have endorsed the “Paris Call for Trust and Security in Cyberspace” — but not the United States. U.S. companies Google, Facebook, IBM, and HP signed on to the agreement, which outlines nine goals but doesn’t bind signatories legally to comply.

Wired reports that, among the goals, the Agreement focuses on “helping to ensure foreign actors don’t interfere with elections” and preventing private companies from retaliating for a cybercrime by “hacking back.” Microsoft revealed that it “worked closely with the French government” on the agreement.

“It’s an opportunity for people to come together around a few of the key principles: around protecting innocent civilians, around protecting elections, around protecting the availability of the Internet itself,” said Microsoft president Brad Smith. “It’s an opportunity to advance that through a multi-stakeholder process.”

Russia, China, Iran, Israel, and the United Kingdom also did not sign the agreement. Wired points out that, “on the Internet, corporations like Microsoft are increasingly taking on responsibilities once reserved for nation states.”

“If you look over the past three or four years, we’ve really seen a groundswell of private leadership,” said Public Knowledge cybersecurity policy director Megan Stifel. “The private sector is now willing to say that we can and we will do more.”

In fact, in April, Microsoft issued its own Cybersecurity Tech Accord, signed by more than 60 technology corporations. It also “publicly advocated for the regulation of facial recognition technology and said it was developing its own set of principles for how it should be use,” and “took action against the hacking group known as Fancy Bear.”

Bloomberg reports that Samsung Electronics is another one of the tech companies supporting the Paris agreement, “a reaction to cyber-wars that, over the past years, disrupted elections in places like the U.S and France and hobbled businesses through attacks such as WannaCry and NotPetya.” In addition to attacks on the 2016 U.S. presidential election, Microsoft “spotted cyber-assault attempts on all major candidates during the French elections last year.”

Macron also hosted about 70 “executives, politicians, city mayors and entrepreneurs for lunch on Monday at the Elysee presidential palace to discuss … cybersecurity threats, election tampering and fake news.” Tech companies, including Microsoft, noted the importance of keeping hardware and software upgraded “to address security loopholes, and [preserve] the integrity of the supply chain.”

The Wall Street Journal reports that, “a team of French regulators will spend six months monitoring how Facebook removes certain kinds of illicit content as part of a pilot program to establish a new model for regulating global technology companies.” Facebook will invite these government officials onto its premises to explain how the company monitors and takes down “hate speech” content, but won’t allow “French regulators any say in how Facebook polices specific pieces of content.”