20. Manufacturers of ICT hardware and software shall be liable for negligent security failures that cause harm.

Rapporteur: Metta Spencer

Unless you live in a cave, you probably depend on a refrigerator, online bank account, airline traffic control system, oil pipeline, water treatment plant, car, subway, electric power plant, WiFi router, and maybe your pacemaker(1) and insulin pump.(2) Nowadays all of those things can be controlled by computers that can be hacked.(3) When that happens, whose fault is it, and what can you do about it?

If you ask a court who’s to blame, the judge will probably pin it all on a hacker criminal, who probably cannot be found. Yes, the hacker is the main culprit, but the programmers enabled him by writing buggy software that their company’s executives hurriedly sold without having it tested properly. The negligent vendors of such inferior products should be held accountable.

If you buy a TV set that explodes (and that has actually happened!) the manufacturer is liable for damages, but if you buy software, you probably don’t actually own it; you’ve just paid for a license to use it. (Remember that “terms of service” agreement you signed without reading it? That’s when you signed away your claims against the manufacturer, who now cannot be held liable for the software’s shoddy performance or its vulnerability to hacking. But you didn’t have much choice. You could take or leave it, so you signed, as we all do.)

The relevant laws are unlikely to be changed until internet insecurity becomes lethal. So far, the harm that hackers inflict is mostly inconvenience or financial loss—and the financial losses are far greater than the public knows. Banks and corporations avoid publicity about such events.

Read more

19. The UN shall declare cyberspace a peaceful commons and create a binding treaty for international cyber norms.

Rapporteur: Allison Pytlak

Introduction

Since the first instances of malicious cyber operations between states, there has been a growing acceptance of cyber space as a militarized domain. This is a dangerous path to continue down, given the civilian and dual-use nature of cyberspace and digital networks. Such militarization is evidenced in the increasingly formalized role of digital operations in military doctrine and strategy, as well as in the language used to depict activity in this arena, such as through terminologies like “cyber weapon,” “cyber war,” or “cyber bomb”. By treating this primarily as a military and security issue, states and other actors risk institutionalizing and taking for granted the broad idea of cyber conflict. In the on-going discussions at the United Nations (UN), and elsewhere, about norms of responsible behaviour in cyberspace, it’s essential that such norms are viewed as obligatory commitments and that space is also given to articulating a vision of cyber peace.

A) Existing multilateral fora

UN Groups of Governmental Experts

The United Nations has been considering “developments in the field of information and telecommunications in the context of international security” since 1998. The centre of discussion has

Read more

Overview: Cyber Risks

Read Article | Comments

Author: Paul Meyer

Chair, Canadian Pugwash Group | Senior Advisor, ICT4Peace

Cyberspace, the broad term for the system of networked computer systems for which the Internet is the chief embodiment, is a unique, human-created environment. The potential of information and communication technology to benefit humanity is vast and the growth in its use world-wide has been exponential. Today close to four billion people are connected to the Internet and a community of “netizens” has emerged.

Unfortunately, the growth of cyberspace has not been matched by a similar development of global governance for it. Even more worrisome, is the degree to which cyberspace has become “militarized” with states developing capabilities, not only for the defence of their own systems, but also offensive capabilities that threaten damage and destruction to entities beyond their borders. These trends within national security establishments of leading cyber powers have accelerated and the detrimental impact of cyber operations on civilian interests has grown. A narrative of “cyber war” has been espoused by major states, depicting this remarkable product of human ingenuity as just another “war-fighting domain”.

Read more

Video interview with Paul Meyer


Video credit: ICT4Peace Foundation. A longer interview is available on YouTube at https://youtu.be/BveJ3V1ADUo.

To Post a Comment

Please wait a few seconds for the comments to load at the bottom of this page. Then read the ideas other people have shared and reply or add your own knowledge. The space for comments is in a pale font. It’s good to give your comment a title by selecting it and clicking the “B” (for “boldface”). And you can italicize passages with the “I”, indent, add hyperlinks (with the chain symbol) or even attach a photo or graphic from your hard drive by clicking the paperclip at the right side of the space. Have fun with it!