Date: 16 Dec 2014, Science, Technology and Culture
Question setter: Michael Clarke

Cyberspace Treaty

“Will a new cyberspace international treaty be under active discussion by the end of March 2015?”


Answer: No
Confidence level: 90%
Mean confidence level (all requests): 47.00%

Governments are too focussed on the advantages they can gain with online surveillance and targeted attacks to tie themselves down in a restrictive treaty. The Americans and the British still consider themselves a bit ahead of the game in cyberspace and do not want to lose their advantage. Some of the most effective spyware and sabotage, regin and stuxnet, is thought to have originated in the US. The security services want to maintain as much freedom of manoeuvre as possible, particularly in the west, where traditional means of information gathering are being thwarted or questioned. They are indirectly supported by those who favour cyber war over real war. So, the desire for digital self-defence is not yet enough to bring a treaty to negotiation. It will likely take a major incident to precipitate action an d co-operation. As we have seen historically that wars and disasters spawn international agreements and institutions, it will be a cyber attack that moves sovereign states to legislate together for the acceptable boundaries in cyberspace. Even if a strike happened tomorrow, active discussion would not be underway within four months.

Outcome: No
Score: 90
Mean score (all respondents): 17.00

Expert opinion:

Answer: No

Selected Expert Answer from Michael Clarke:
Some sort of international cyber treaty would be highly desirable since those countries currently most dominant in the cyber sphere have the most to lose by a growing anarchy in cyberspace, driven both by state as well as non-state actors. There is a growing awareness in major capitals, as well as within the cyber industry, that a tipping point in the dynamics of the internet’s working has probably been reached. The mechanics of an international cyber treaty would be very challenging given the multiplicity of actors involved. But it is not hopeless. Like all treaties, it would depend on a concentration of the powerful who saw a common interest in it. The Missile Technology Control Regime – as opposed to the more classic arms control treaties of the 1970s – would be a reasonable model that might offer some hope.

The growing awareness of the need for an international cyber regime, however, is encapsulated only in a series of disparate conversations. Leadership in the major countries are distracted by many other issues and it is unlikely that active decisions on a cyber treaty would begin, even informally, by this time.

Answer: No

Selected Expert Answer from Derek Wyatt:
Unusually America has an anathema to international treaties or creating new world orders so the idea that there would be an international "treaty" or "understanding" under serious consideration in the time frame is unlikely. China has been a serial attacker of other countries cyber space including the UK so we can count her out. And besides she would rather have her own version of the Internet so it could only be accessed internally. The whole cyber security issue highlights two further problems. The first is there is no world authority to deposit such a treaty (the UNO is clearly passed its sell by date and the G20 is barely a talking shop) but actually what is required first is a new world body for Internet. Pity the UK cannot yet offer the leadership in this space.

Answer: No

Selected Expert Answer from Mettletest Panel:
Presuming the question implies "between major sovereign states" then it is unlikely that talks will be underway that quickly. The idea is being actively debated in media now and the arguments stack up like this -
For: All countries now understand that their infrastructure, security and wealth (including banks and major companies) is at risk from cyber warfare and criminal attack. A treaty to agree the acceptable norms is vital to prevent catastrophe. Any doubts that a threat exists have been dispelled by viruses like stuxnet and regin. The intentions of commercial internet companies to offer better privacy through encryption, will create a "dark net" and the treaty needs to be in place soon, to cope with the opportunities thus offered to the nefarious.
Against: It's pointless. No one trusts all the other countries, or even the major powers, to pay more than lip service to such a treaty. It is too difficult to distinguish between criminals, hackers and governments. Suspicion has grown that the latter, to west and east, are proactive in spying and sabotage, not just defence. Friends and foes are under surveillance.Then, cyber warfare is preferable to real battle, if it can achieve the same ends without bloodshed. Governments love its cheapness and will be reluctant to sign up.

Outcome: No

Comment on outcome from Mettletest Panellist:
Since this question was published there have been many episodes, not least the hacking of Sony by North Korea, that show the desirability of a treaty. They also demonstrate why it will be so difficult to achieve. The conversations remain disparate and no world authority seems to exercise the necessary power. The Shanghai Cooperation Organization (SCO)—China, Kazakhstan, Kyrgyzstan, Russia, Tajikistan, and Uzbekistan—has sent a (revised) draft International Code of Conduct for Information Security to the U.N. As this proposes increased government controls, it is unlikely to find any favour with the U.S., which rejects the limitations on freedom of expression. So, no meaningful discussions yet.