International conferences and treaties amongst nation-states are cute. Following the realists, the nation-states use these outcomes for their own benefit and to grow stronger than their opponents (which try to do the same). According to constructivism, nation-states join these treaties because they want to appear as if they really care about it. If it is about Human Rights or other do-gooder stuff, it perfectly makes sense to be perceived as the nice guy next door. Even though it would also be interesting why and whether some nation-state paint themselves bad on purpose in order to achieve something ‘deterrence’ or so. Anyway, but for the sake of this blog, my impression is that treaties and so on are not really decisive. The European Union is a compilation of treaties which is really successful. Others might not be. But one kind of treaties is the most difficult and therefore the most fragile one: the one involving national security. NATO being a rather positive example, the EU integration of collective defense a rather not yet done. If we add the difficulties of governing cyberspace to the field of international treaties in the sector of national security we get the hot-topic of the past few months: international treaties towards cybersecurity – whatever that might be.
Therefore, representatives of 60 nations (including those from China and Russia) met last week on London in order to discuss how to deal with cybercrime and it becoming more and more prevalent and a threat to…eh people, states and so on. The point, I want to focus on here is: what a waste of resources is that. Kidding. If it were a conference on a crime where everyone agrees should be illegal (child pornography being one or narcotics being another) this conference might actually have worked out and even produced some sort of agreement which is then passed on to people who really are hands-on and after 3 years you might end up with ready-to-implement policy solutions. However, this conference is not about crimes but about national security as the title suggests. Why is that? The question we should answer ourselves is: What is cybercrime.
Cybercrime is basically the application of social engineering and cracking techniques in order trick someone in or get information about someone in order to increase your own financial income. Illegally speaking. Scam, Fraud, Skimming and so on. That is cybercrime. The problem with that is: It is also cyberwarfare. Weapons, Armor and Strategies as well as Tactics in cybercrime as well as cyberwarfare are very similar and most of times even the same. Just the intentions are different: either a political or a criminal/ financial intention. Weapons of cybercrime and -warfare are dual use. An exploit is an exploit is an exploit, similar to a rootkit. It can be used for getting relevant information on the credit card holder who is using the computer but it can also enable you to download non-disclosed government documents. Oh, and how the German government found out, it is also a great tool to spy on your citizens. Kudos guys! Bottom-line is: The conference is about national security in the environment of cyberwarfare. It is also about battling cybercrime. It is also about coming up with strategies to spy on your citizen or censor the Internet. Oh well, the latter was denied of course. So what is the chance that American, Chinese and Russians will discuss their mutual cyberwarfare efforts? Not that high, I am afraid. Security + Cyberspace = Everything included, nothing goes.
I hope at least food and drinks are delicious at the conference, otherwise it would be a total waste of resources. Oh, and if there is an outcome of the conference…it will be kind of useless anyway so: maybe we stick national security to ourselves and continue doing what we are doing already? Law enforcement agencies do a pretty okay job already battling cybercrimes. And the point where a possible resolution would help our law enforcement guys…well, distant future.