One of PCH’s long-term efforts has been to encourage governments to restrict their use of offensive cyber capabilities against the private sector. As you might imagine, this is a reasonably popular idea everywhere except the US, Russia, and China. As the GGE effort in the UN has stalled, we’ve successfully prevailed upon a number of governments, lead by the Dutch and Singaporeans (but with French participation as well) to stand up a purpose-specific commission on this issue, to try to establish a diplomatic norm.
https://cyberstability.org/about/ We’re currently working in two working-groups, one focusing on what the norm would say (i.e. what specific behaviors would be discouraged, and under what circumstances), and the other focusing on the infrastructures about which it would be said (for instance, should hospitals, schools, or the electric grid be excluded from targeting-lists?). I’m coordinating that second working-group, and we have a public survey, in which we’re assessing what people think should be protected: https://www.surveymonkey.com/r/criticalinfrastructure We’re getting very good input from the Internet technical community, but somewhat less from the Internet Governance / Civil Society / Diplomatic communities. Please consider taking the survey (should just take a couple of minutes) to help us establish a broad-based consensus on what infrastructures are worthy of special protection, and encourage others to take the survey as well. Much appreciated, -Bill Woodcock Executive Director Packet Clearing House -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing the moderator at zakwh...@stanford.edu.
