Speech by State Secretary Markus Ederer at the Cyber Cooperation Summit in Berlin on 4 December 2014
--check against delivery--
Excellencies, Ladies and Gentlemen,
It is a great pleasure to have you all here at the German Foreign Office.
I would like to extend a special greeting to the principals and team members of the EastWest Institute, co-host of this important 2014 Cyber Cooperation Summit. And I have the sad obligation of paying homage to the late John Mroz, who for so many years guided the EastWest Institute.
No welcome would be complete without acknowledging the contribution of the sponsors. Today, you are playing a double role: Not only does your generosity make this conference possible, but as representatives of the IT industry and of civil society, you participate as essential stakeholders in Internet affairs.
Allow me to share with you some thoughts that show how the internet also changes us foreign policy players in our day-to-day work, in our actions and reactions and in the way we communicate with our stakeholders.
My first reflex when describing the Internet would be: Opportunities
A few weeks ago, Germany’s leading internet news site, Spiegel Online, published a remarkable op-ed. piece: A sixteen-year-old described how, for the first time in his life, he bought and read a paper magazine. From his writing, he appeared to be a well-educated, articulate and thoughtful young man -- in fact, he bought the magazine because it contained a special on the macroeconomics of market economies, or, as he called it, “capitalism”. Yet this young man had never before had the urge to obtain or read a print product. All his information he got online.
To me, this story indicates to what extent the Internet changes our lives.
This is true for individuals as well as for institutions: When I began working as a diplomat, we would get letters from citizens politely enquiring about this or that aspect of foreign affairs.
Today, we have a German and an English Facebook page, a German-language Twitter channel with 210.000 followers and an English-language one with 40.000 followers. And we have plenty of web presences and Twitter channels via our Embassies abroad in Chinese, Arabic and Russian…you name it.
The Internet brought politics closer to the people, made politics more transparent, more responsive, and in a way more democratic.
The Internet has also changed the social fabric in which we live, as we communicate instantly and seamlessly across borders and societies: This is a world of opportunities. And the biggest opportunity will be to create a truly global village.
But the creation of this global village also leads me to my second thought: Challenges
The Internet and cyber technology present dangers, too. In fact, the cyber space is a potential new theatre of distrust and conflict.
Numerous states are pursuing military cyber-capabilities. However, traditional political-military strategies are difficult to adjust to the cyber-space.
During the Cold War, the opposing parties relied on defense efforts as well as arms control and confidence building measures. Such defensive approaches require that the consequences of any attack be clearly and credibly communicated ex ante to any potential adversary. This can be difficult in cyber-space, where you often have to guess who the adversary is.
Uncertainty about the origin of hostile cyber-action is a characteristic of cyber-incidents. As a consequence, the masters of cyber capabilities favor the offense. This introduces an element of dangerous instability into international affairs.
The dependence of the modern world on the Internet also means that cyber incidents can escalate into “real-life” conflict or even war. Consider the following scenario: A country is in a state of political turmoil. Relations with the neighboring state are strained. All of a sudden, the main telephone and internet provider becomes victim to a software bug. Nobody can make phone calls, there are no e-mails. Government, banks, security services are paralyzed. Critical infrastructure is affected. The damage is enormous. All because of some hard-to-detect malware. Who planted it? For what reason? Suspicions run high that the less friendly neighbor perpetrated a cyber-attack. How to respond? The danger of escalation is evident.
Therefore I believe that we urgently need to adapt to this new conundrum of offense and defense – or should I say lack of defense in the cyber space.
A third thought that I would like to share with you is about the question of: Trust
The Internet’s importance is developing faster than international politics can react. In principle, the Internet is built on trust, between the providers and the users, the users amongst themselves, but also between governments and their people.
Take it at the most personal level: How much trust does it require for you to post your thoughts and ideas online? A lot – I trust. And now just wonder how much trust businesses need to make production processes Internet-dependent, which is the essence of the “Internet of Things”. Then consider how important trust is for states whose critical infrastructure requires safe, secure and reliable IT systems.
There are things we can do on our own: We can make a commitment to protect our IT systems, to make them more resilient. However, to preserve and further develop the global Internet, we have to build and rebuild trust.
Technical solutions, such as chip-based security technology, can help. But they must be flanked by political agreement between all stakeholders on how to ensure that the internet remains open, free, safe, and dynamic.
My suggestion is to use this Cyber Cooperation Summit to explore ways of building and re-building this kind of trust in the internet.
And this brings me to my fourth point: Rules of the road.
Rebuilding trust can be done by agreeing on certain rules of the road that will guide behaviour.
We cannot allow cyberspace to be a rule- or lawless abode. Fortunately, there is an emerging international consensus on this point.
The United Nations General Assembly has confirmed that international law, and in particular the UN Charter, is applicable to cyberspace.
At the same time, there is consensus that state sovereignty and international norms and principles that flow from sovereignty apply to State conduct of cyber activities and to their jurisdiction over IT infrastructure within their territory.
From this starting point, let me propose some rules for the discussion at this Cyber Cooperation Summit:
1) States should not allow IT infrastructure located on their territory to be used for actions that violate international law.
2) States should protect critical information infrastructure located on their territory, and should have adequate cyber security provisions.
3) States should respond to inquiries and appeals for help in case of a cyber-emergency.
4) States must respect individuals’ universal human rights “online” as well as “offline”.
Let me expand on this last point: Individuals enjoy the same universal human rights “online” as “offline”.
This includes the freedom of expression -- including the freedom to seek and impart information --, the freedom of assembly and association, and the right to privacy.
Respect for the right to privacy has proven particularly thorny. May the state collect unlimited electronic data on individuals, and insist that the business community assist in doing so?
We welcome in this regard that just last week, the draft resolution based on a German-Brazilian initiative on the “Right to Privacy in the Digital Age” found unanimous consensus in the Human Rights Committee of the UN General Assembly. We look forward to the resolution’s adoption in the Assembly and to the issue being taken forward in the Human Rights Council.
We need to balance freedom and security. That balance needs to be well thought through and made subject of a political discourse, nationally and internationally.
And the instruments of security need to be proportional to the costs they impose on our privacy.
We also need to discuss the collection, storage, processing and analysis of “big data” by private companies. Some firms associated with the use of “big data” are facing critical questions whether they sufficiently respect individuals' privacy rights.
Unless clients are satisfied with the answers, these firms' business may – and I predict: will – suffer.
The European Parliament included this point last week in its resolution on consumer rights in the European digital market, when it called for the swift adoption of the new modernised Data Protection Package. A high level of protection of personal data, user safety and control over one’s personal data and a stable, predictable legislative environment in which businesses can flourish, have to be balanced.
The imperative to balance privacy and security leads me to my fifth and last point: Shared interests.
Rules for cyberspace must be complemented by concrete confidence-building measures.
I outlined to you in the beginning the danger of escalation stemming from cyber incidents. A good way of preventing such escalation is to engage in transparency and confidence-building. The Organisation for Security and Cooperation in Europe (OSCE) has made important progress in this field: In December 2013, Participating States agreed a first set of measures to reduce the risks of misperception, escalation, and conflict that may stem from the use of ICT.
It is encouraging that the implementation of these measures has begun, in a serious and workmanlike fashion. This sends an important signal: International cyber security is a common concern. It should be pursued regardless of political differences, in the interest of global stability.
We are looking forward to supporting the new OSCE chair, Serbia, in taking this work forward, and we will do our share in 2016, when Germany will be at the helm of the OSCE.
The EastWest Institute’s 2014 Cyberspace Cooperation Summit here at the Federal Foreign Office in Berlin promises to be an important milestone in a multi-annual process. It builds on four previous such conferences, in Dallas, London, New Delhi, and Silicon Valley (2013).
In your work, I encourage you to be as inclusive and interactive as possible. Use the opportunity to exchange views between government, industry and civil society representatives. This may well be a step to build the trust that is so urgently needed.
I wish you all good and fruitful discussions. You are doing a tremendously important job!
Thank you very much.