LONDON (Reuters) - When ministers, officials, tech executives, Internet activists and security experts meet in London next week to discuss the management of cyberspace, they will be taking some of the first steps down a very long road.
With worries over social media’s ability to fuel unrest, intellectual property theft, computer hacking and military cyberwarfare all rising, experts warn that technology has far outpaced policy.
Fledgling discussions have been taking place over several years, including largely secret talks between the US and China often conducted through proxies such as think tanks.
Other broader meetings — including within the Commonwealth and United Nations — have addressed a host of Internet-related issues. But British Foreign Secretary William Hague and organizers of the London Cyber Summit — due to take place between November 1-2 — aim to take things further still.
A closed session at the conference on international security could be an early step to some kind of ultimate “cyber arms control,” some experts suggest, although that could take years — and would require much greater international trust.
A more likely area for imminent agreement is seen in cooperation to tackle conventional crime, child pornography and perhaps criminal hacking and militancy.
As well as U.S. Secretary of State Hillary Clinton, officials say there will be senior representatives from China, Russia, India and other governments as well as Wikipedia founder Jimmy Wales, executives from Google, Facebook and other firms alongside bloggers and civil society groups.
“We need to have a much more focused debate about cyberspace and the issues that are involved,” said John Duncan, UK special representative for the conference.
“We need to bring together the range of actors involved... The discussions we will have... provide a framework which will allow this debate to go forward in a more structured manner.”
But finding true global consensus, some experts and officials say, could still take a decade or more.
The last year has seen a dramatic rise in reported cyber attacks often linked to governments, from apparent attempts at data theft at the International Monetary Fund and elsewhere often blamed on China to the Stuxnet computer worm attack on Iran’s nuclear program linked to Israel and the United States.
It has also seen the Internet, smart phones and social media revolutionizing politics and dissent, with authoritarian states such as China and Russia alarmed as protest spread virally and rapidly during the “Arab Spring.”
With great power tensions already on the rise, nations are pouring billions into often barely discussed or even understood cyberwarfare capabilities alongside techniques to monitor the Internet and social media.
“A meeting of minds is much more important than diplomatic agreements at this stage,” said John Bassett, a former senior official at UK signals intelligence agency GCHQ and now senior fellow at the Royal United Services Institute. “If we find enough ground to start a dialogue between governments and other players, that would be an excellent result.”
British officials had initially suggested that the conference would aim to begin to frame “norms of behavior” for cyberspace. But such wording has largely been dropped.
Jim Lewis, a senior fellow at the Washington DC Center for Strategic and International Studies and veteran of previous U.S.-China cyber talks, said he believed the conference agenda had been “diluted” to reduce the risk of damaging arguments.
Broadly speaking, the key immediate concern for Beijing, Moscow and other authoritarian capitals is seen to be finding ways to rein in and limit online dissent. Western states particularly the United States, in contrast, are much more worried about rampant intellectual property theft and hacking that they believe often come from within China and Russia.
Earlier this year, Russia, China and others put forward a draft “code of conduct” including an agreement to work together to police the Internet against a range of threats, both criminal and those that threatened “social stability.”
“The main task will be to avoid endorsing it,” said Lewis. “The Chinese and others have to realize there is simply no deal to be done on freedom of speech. The (U.S. constitutional) First Amendment is considered absolutely sacrosanct over here. If they come away realizing that it would be a step forward.”
Like their U.S. counterparts, Britain’s Hague and UK Foreign Office officials say attempting to simply control information exchange and limit dissent is the wrong approach.
Not only might it prove technically impossible but — as Egypt’s Hosni Mubarak found with his Internet shutdown — it can further inflame protest whilst paralyzing the economy.
But some worry that message was somewhat confused by the speed with which British Prime Minister David Cameron threatened to temporarily shut down social networks following London’s August riots.
“I think that was rather an unfortunate aberration,” Nigel Inkster, a former deputy chief of Britain’s Secret Intelligence Service (MI6), said of Cameron’s comments. “I think in this context, he might rather wish he hadn’t made them.”
While officials poured cold water on suggestions the UK has any serious intentions of imposing censorship, some believe Cameron’s move confused the Western position. Speaking on condition of anonymity, one cyber security expert was blunt.
“They (the Chinese) are never going to let the UK (or)... U.S. forget it,” he said. “Cameron threw us back 10 years.”
But for many experts including former MI6 official Inkster — now head of transnational threats and political risk at London’s International Institute for Strategic Studies — the immediate challenge for the West remains reining in hacking and holding those responsible accountable.
Inkster said he had no doubt that much of that originated from China, often from semi-independent hackers with some degree of state patronage or protection. Beijing denies that.
That data theft is seen complicating already difficult relations. But while some say worries over devastating “cyber warfare” are overblown, there seems little doubt a deliberate attack on infrastructure could prompt dangerous escalation — the United States has already warned that it reserves the right to retaliate militarily to a particularly damaging attack.
“What we are seeing in cyberspace is essentially the return of the ‘privateer’,” Inkster said, referring to semi-authorized but privately owned raiding ships sent out by nations in previous centuries to attack their enemies often in time of peace. “And what we know from history is that privateers can, sometimes, start wars... We are talking about states that do retain substantial nuclear arsenals.”
But a more immediate danger, some worry, is that with so many potential aims and topics in play, the London summit ends up as little more than a wasted opportunity.
“There is a risk it could turn into something without any genuine content, particularly if the agenda is ill-defined,” said Graham Wright, a former deputy director for cyber security at the UK Cabinet Office and now a vice president of Northrop Grumman. “But if the conference can identify some principles we can all agree on and energize the international community to implement and build upon these, that would be real progress.”