The US should sign this global cybersecurity pledge, says Temple prof

In France this week, 51 countries, over 130 companies and 90 NGOs and universities signed the “Paris Call for Trust and Security in Cyberspace,” a high-level set of rules and recommendations for making the internet a safer place.

Philly’s Temple University was among the signatories, as professor and researcher Duncan Hollis — who advises Microsoft in cyberspace and international law — affixed Temple’s name to the scroll.

“This is an important milestone for how we think about cyberpolitics,” professor Hollis told Technical.ly via telephone from Paris.

Notoriously missing, though, was one name: that of the U.S. government. No clear reason has yet been giving to the country’s absence in the France-led effort, which was also signed by allies such as Canada, Germany and the U.K.

The four-page document establishes some basic ground rules for online behavior: Stay out of elections, don’t target or hack critical infrastructure, don’t try and shut off the internet. Wired goes as far as to say the non-binding agreement “lacks teeth.”

“We reaffirm that the same rights that people have offline must also be protected online, and also reaffirm the applicability of international human rights law in cyberspace,” the document reads.

Hollis says the call is an open-ended one, and hopes the country joins in at a later date. Why does he feel the U.S. should join this pledge?

“There needs to be some common rules of the road in terms of what are acceptable behaviors,” Hollis said. “Cyberspace is different than territorial regimes, in that it cuts across nations, and so do the problems. You shouldn’t have hospitals targeted, like it happened with the WannaCry ransomware attack. These are the sort of activities that states should pledge to curb.”

In the meantime, and global pledges aside, connected citizens can still take actions to protect themselves from cybercrime. Hollis rolls out the usual recommendations: Use the most up-to-date versions of software products, firewall your connections and be aware of possible phishing attacks.

“A lot of it involves education and people understanding how quickly they can become vulnerable,” the researcher said.