27 Countries Agreed on 'Acceptable' Cyberspace Behavior. Now Comes the Hard Part
While dozens of countries were able to come together on a joint agreement outlining principles of behavior in cyberspace, the actual consequences for cyber crimes may be drafted away from the world stage.
October 04, 2019 at 08:00 AM
4 minute read
Last week, 27 countries—including the members of the international intelligence alliance Five Eyes—entered into a joint agreement outlining what is and is not acceptable behavior in cyberspace. But as it currently stands, such an endeavor may not carry much legal teeth.
While the agreement does mention that there should be consequences for "bad behavior in cyberspace" and even provides a few prime examples of what that kind of activity might look like, it's scarce on actual details of what a punishment might entail.
So is an enforceable international cybersecurity regulation entirely out of reach? Possibly not, but getting there most likely won't be as simple as bunch of delegates sitting in a room and hashing out terms over coffee.
"This is the arc of cybersecurity development and you see it taking place in pieces, so it's not always uniform, direct, as rational as it might otherwise be," said Mark Schreiber, a partner at McDermott Will & Emery.
Bringing the 27 countries who signed the agreement into alignment on what constitutes foul play in cyberspace may not be part of the problem. For example, the document specifies that while an intelligence organization hacking a military target is fair game, the same cannot be said for attacks on civilian infrastructure.
Schreiber thinks the number of countries that were able to come together on the agreement is impressive, and considers it a "seminal step" to something more substantial.
"Each step is advancement and somewhere, some way there probably will be both a uniform privacy and cybersecurity standard or standard of behavior," Schreiber said.
However, nothing is guaranteed.
Elfin Noce, an associate at Sheppard Mullin, sees the agreement as more of a conversation starter, something that allows countries to begin thinking about what an appropriate response to a cyberattack might look like.
Actually getting an international set of expectations and consequences down on paper would come with a lot of moving parts.
"To do more substantive will require more than just signing onto a statement. They would have to agree on specific measures and then have each country obtain domestic approval for it. That would be very difficult to do, so I'm not sure that we're going to see anything with more substantive teeth anytime soon," Noce said.
But cyber criminals won't necessarily be going unpunished either.
Megan Brown, a partner at Wiley Rein and a former Department of Justice official in the George W. Bush administration, thinks the establishment of norms related to cyber crime consequences will be driven by prosecutions in individual countries rather than a treaty or consensus-based approach.
"If you look back at what, say, the criminal division at the Department of Justice of the United States is doing, they are bringing prosecutions and they're developing norms through indictments and things like that. And I just think that's probably how you're actually going to get meat on the bone for these expectations of consequences," Brown said.
It's possible that the norms developed in some of these countries could eventually become the basis for a more international standard, similar to how the EU's General Data Protection Regulation influenced the forthcoming California Consumer Privacy Act.
Schreiber pointed out there tends to be a "sequential gravitation to norms" on the world stage. But it's difficult to pinpoint what factors will determine who leads the charge on cybersecurity.
"It's not necessarily a matter of who is first. It's who has the political will to drive a process like this," Schreiber said.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllTrending Stories
- 1Memories of a Straight Shooter
- 2It Was a Wild Ride: Check Out the Top In-House Stories of 2024
- 3People in the News—Dec. 27, 2024—Stevens & Lee, Chartwell Law
- 4How I Made Practice Group Chair: 'It's Essential to Have a Clear Vision,' Says Matthew Carey of Marshall Gerstein
- 5A&O Shearman Corporate Partner Heads to Jones Day
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250