Cyber Security Agreements

20 ABRAHAm soFAER, dAvid ClARk and wHitFiEld diFFiE influence users in order to encourage the Agency to use private standards and integrate them into the rules and options approved by the Agency. However, in this case, the IGO, with its separate committees of experts, bureaucratic ambitions and likely political agendas, could oppose privately developed proposals in favour of its own priorities and trigger competition measures that constitute an obstacle to continued technical progress. v. DIFFERENCES IN NEGOTIATING INTERNATIONAL AGREEMENTS Any attempt to reach a formal international agreement inevitably entails difficulties and costs, some of which are predictable but others unpredictable. Agreements that are political declarations and do not contain formal obligations pose few problems. But the more formal and inclusive the agreement, the greater the uncertainties. Informal policy statements can be useful in some situations. But formal and universal commitments are sometimes essential for an agreement to achieve its objectives. Formal commitments to prohibit and punish cyberattacks, cooperate in prosecuting aggressors and criminals, and take agreed measures to improve security would promise real results rather than mere oral explanations. Although they are more valuable than informal declarations, multilateral agreements offering universal coverage are difficult and time-consuming to negotiate and, ultimately, they do not guarantee that all signatories will meet their commitments. The conventions on air terrorism and letism, genocide and torture have received the almost universal agreement of States, but even these fundamental obligations are sometimes violated by parties and senior officials. However, these agreements are concluded in full awareness of their imperfections due to their expected benefits.

The process of securing an international agreement on the many controversial cybersecurity-related issues will certainly be complex, with uncertain outcomes on some potentially critical issues. Initially supported multilateral efforts by the United States on climate change, anti-personnel mines, and an International Criminal Court resulted in treaties that the United States refused to ratify. Other States were not prepared to accede to agreements that the United States considers acceptable, in particular the CEC. Efforts to extend the scope of a multilateral agreement on cybersecurity to areas of activity that are not the subject of genuine international consensus seem particularly likely to do more harm than good. The potential costs and uncertainties associated with safeguarding international agreements and, in particular, the use of UN mechanisms can be limited by careful procedures and planning. Bilateral and informal agreements could be used to work towards a wider range of agreements sufficient to strengthen the attempt to create a more conventional multilateral agreement. . . .