11 ABRAHAm d. SoFAER, dAvid ClARk, and wHitFiEld diFFiE are not yet ready to be bound by restrictions that suggest their public complaints that they believe they should bind others. Many U.S. officials and experts may believe that international cooperation will at best reduce U.S. security. The exchange of information on cyber vulnerabilities, even with allies, could help to expose these weaknesses to states that are willing to exploit them. The joint use and enhanced defence capabilities of all states would strengthen those whose networks the United States wants to penetrate for information or other purposes. While it is possible to reach agreement on the fact that an area of cyber activity is likely to be the subject of international agreement, the appropriate measures for this purpose will be different and it will also be necessary to agree on the form of participation in the implementation of these measures. These difficulties and objections are real and difficult obstacles to international cooperation. They cannot be overcome by invoking global generalities about the values of international cooperation. However, they do not exclude international agreements on many aspects of cybersecurity.
On the contrary, they reflect objections based on national security, policy and ethical concerns, known in other areas of international engagement, and which can be effectively managed through the adoption of cyber-agreement parameters, agreements that are designed with due consideration for these concerns. The United States is pursuing agreements in such areas, despite the risks it may bring in terms of security and/or economic benefits. A useful example (based on the incidents described in the July 2010 GAO report, S. 34-35) is the U.S. Trade Representative`s aggressive and successful attempt to use international trade agreements as a basis to prevent China, in 2007, to regulate the commercial sale of products such as routers, smart cards, secure databases and operating systems, and to convince South Korea to abandon a plan to establish a national encryption standard as part of a large-scale takeover of Voice Over Internet protocol systems. As the United States applies strict cybersecurity standards for the commercial sale of products or otherwise opens trade barriers related to cybersecurity, it should expect that it will not be able to convince other states to open their markets to U.S. sales under similar circumstances. The optimal policy in these situations is to limit the transactions that national security actually requires, while accepting and moaning of lesser risks when they are offset by compensatory benefits. An appropriate approach, taking these concerns into account (1), would at least limit initial efforts to areas of activity appropriate to international cyber security agreements; 2. Deterrence and the definition of the types of measures that Member States should take with regard to each of the activities they include in these agreements; and (3) design the administrative structure and functions of a unit that should be used for this purpose in order to preserve what is currently working well, while improving what does not work. The definition of activities that are included or excluded by international agreements, international regulatory systems regularly define the areas of activity for which they are applied or considered non-applicable. The International Civil Aviation Organization (ICAO), for example, continues – ant to the Chicago, Montreal, and other conventions , regulates civil aviation, but has no authority over aircraft and military activities.
Such restrictions are common and often necessary in international agreements to obtain the broad support necessary for potentially useful cooperation. The following areas of cyber-activity are likely to be excluded from an international agreement at this stage or will be included only to a limited extent: (a) aspects of cyberwarfare; b) cyber-intelligence; c) restrictions on storytelling