It’s Time for a “Don’t Trust, Do Verify” US-Russia Cybersecurity Treaty

Here’s a novel idea. All states snoop on their own citizens, and others. Why not bring the snooping out in the open so that everyone can see what’s going on?…:

[…] A cyber treaty is certain to be based on little trust, with lots to verify.  Technological challenges, however, can be overcome.  Both sides have extensive experience in monitoring public communications. From Solzhenitsyn’s days in a “sharashka” (scientific labor camp) developing decoding technology for Stalin, to the now ubiquitous SORM (an abbreviation for “network eavesdropping”) boxes attached by security services to the equipment of every telco and internet provider in the country, Russian officials know who is doing what to whom.

American systems are more poetically nicknamed: PRISM, MYSTIC, Carnivore, Boundless Informant. Government agencies conduct packet sniffing and people snooping—at home to benefit local law enforcement and abroad to spy on friends and enemies, counter ISIS and track monsters like Bin Laden.

What if each side allows the other to install such systems on the global Internet Exchange Points (IXPs) on their territory and let loose the algorithms and other tools necessary to identify botnets, hackers and disinformation campaigns?

A monitoring center staffed by experts from both countries could be established with anomalies and threats displayed in real time. The UN could supply neutral inspectors and arbitrate disputes.  The treaty should provide protocols for deterring and punishing bad actors.


Original article