In a speech today in South Korea, Secretary of State John Kerry said that the Internet "needs rules to be able to flourish and work properly." This, according to Kerry, is necessary even for "a technology founded on freedom."
Speaking on behalf of the Obama administration, Kerry said that Internet policy is "a key component of our foreign policy."
Kerry made his remarks in the context of talking about how international law is applicable to the Internet. "As I’ve mentioned, the basic rules of international law apply in cyberspace. Acts of aggression are not permissible. And countries that are hurt by an attack have a right to respond in ways that are appropriate, proportional, and that minimize harm to innocent parties. We also support a set of additional principles that, if observed, can contribute substantially to conflict prevention and stability in time of peace. We view these as universal concepts that should be appealing to all responsible states, and they are already gaining traction," said Kerry.
"First, no country should conduct or knowingly support online activity that intentionally damages or impedes the use of another country’s critical infrastructure. Second, no country should seek either to prevent emergency teams from responding to a cybersecurity incident, or allow its own teams to cause harm. Third, no country should conduct or support cyber-enabled theft of intellectual property, trade secrets, or other confidential business information for commercial gain. Fourth, every country should mitigate malicious cyber activity emanating from its soil, and they should do so in a transparent, accountable and cooperative way. And fifth, every country should do what it can to help states that are victimized by a cyberattack.
"I guarantee you if those five principles were genuinely and fully adopted and implemented by countries, we would be living in a far safer and far more confident cyberworld.
"But even with these principles, ensuring international cyber stability will remain a work in progress. We still have a lot of work to do to develop a truly reliable framework – based on international law – that will effectively deter violations and minimize the danger of conflict.
"To build trust, the UN Group of Governmental Experts has stressed the importance of high-level communication, transparency about national policies, dispute settlement mechanisms, and the timely sharing of information – all of them, very sound and important thoughts. The bottom line is that we who seek stability and peace in cyberspace should be clear about what we expect and intend, and those who may be tempted to cause trouble should be forewarned: they will be held accountable for their actions. The United States reserves the right to use all necessary means, including economic, trade and diplomatic tools, as appropriate in order to defend our nation and our partners, our friends, our allies. The sanctions against North Korean officials earlier this year are one example of the use of such a tool in response to DPRK's provocative, destabilizing and repressive actions, including the cyber-attack on Sony Pictures. Now, as the international community moves towards consensus about what exactly constitutes unacceptable behavior in cyberspace, more and more responsible nations need to join together to act against disruptors and rogue actors.
"As we know, malicious governments are only part of the cybersecurity problem. Organized crime is active in cyberspace. So are individual con artists, unscrupulous hackers, and persons engaged in fraud. Unfortunately, the relative anonymity of the internet makes it an ideal vehicle for criminal activity – but not an excuse for working through the principles I described to finding rules of the road and working so that the internet works for everybody else. The resulting financial cost of those bad actors, the cost of cybercrime, is already enormous, but so is the loss of trust in the internet that every successful fraud or theft engenders."