International cyber norms: an Australian private sector perspective
9 Dec 2016|

On 10 November the government announced the appointment of Australia’s first ambassador for cyber affairs, ASPI’s Toby Feakin. A key role for Toby and his team over the next 12 months will be to help further refine, strengthen and implement norms of behaviour in cyberspace.

Norms in their simplest form are shared expectations of proper behaviour. They can evolve to keep pace with technological change and have the ability to incorporate the voices and opinions of multiple actors, even those nations with which we may ordinarily ideologically conflict. Norms have emerged as the best answer to the complicated question: how do you create international rules for acceptable online behaviour without stymying freedom of expression, economic exchange and technological innovation?

Australian private sector organisations should be active voices in the norms debate. Norms are a key vehicle to positively influence the direction of the online environment, of which business is a key participant. As owners, innovators and operators of the technology that underpins the backbone of Australia’s critical infrastructure, industry is also well placed to lend expertise devising acceptable international behaviours to aid its protection.

Private sector involvement in norm formation isn’t without historical precedent. The Dutch East India Company famously helped to entrench the concept of the freedom of the seas. Developed in response to a Portuguese policy seeking to carve out an exclusive trading zones in South and Southeast Asia, the Dutch company convincingly argued that the world’s oceans should be open to unrestricted access and trade by all.

Many nations have laws dictating what should and shouldn’t go on in cyberspace. But internationally, states have widely different interpretations on everything from freedom of speech and cyber arms control, to what even constitutes the very fabric of ‘cyberspace’. This makes a purely legal solution hard to find. Many governments, including Australia’s, have looked to cyber norms to fill the breach. By combining norms and existing international law, it’s hoped that we can maintain stability and avoid conflict in an increasingly volatile online environment.

Norms discussions have unfolded in many forums, including academic and non-government led processes, but the most tangible norm formation has taken place at exclusively state-based forums such as the UN Group of Governmental Experts.

One of the biggest practical barriers to legitimising the norms model has been effective implementation and compliance monitoring. Those obstacles could be alleviated by encouraging the private sector, who own and operate most of the world’s internet infrastructure, to become more involved in the norms discussion. And as key participants in a multi-stakeholder internet, the private sector deserves their own seat at the table.

Some in the academic community (PDF) forgave the omission by suggesting that the private sector has little interest in norm formation, due to a belief that they’ll have little success in influencing government cyber policymakers, or due to a fear that putting their heads above the parapets will lead to increased and unwanted regulation.

The Australian government has carried out fantastic norm formation work via leadership roles in the UN and as a norms champion in the Asian region. But the Australian private sector’s ability to augment and contribute to this process has largely gone unrealised. Earlier this year, Commonwealth Bank participated in an ASPI project to gauge the Australian private sector’s interest in and opinions on norms, the bank’s perceptions around the potential impact of norms on industry, and how governments could engage more broadly on norm formation.

This workshop and ASPI’s subsequent publication shows that there’s strong interest within the private sector on engaging in the norms discussion, and that high-level thinking is already taking place about which specific behaviours enable economic exchange while boosting stability and security online. Norms singled out for praise include those which encourage the free flow of information across national borders, protect the public core of the internet (such as the DNS), and prohibit the theft of intellectual property.

Cyber security is a shared responsibility for all participants in the digital economy, and the government’s decision to appoint an ambassador for cyber affairs is a shrewd move that will help to enable broader collaboration. By creating a figurehead for engagement on international cyber issues, the government has positioned itself to leverage expertise and experiences that lie in the private sector, this will help to create a stronger, holistic and coordinated Australian approach to cyber space.