France has launched a global cyber arms pact — but the US, Russia, and China haven’t signed

Launched by the French government, the Paris Call for Trust and Security in Cyberspace is over-ambitious and has been shunned by countries that really matter.

The news: France’s president, Emmanuel Macron, has unveiled a new multilateral initiative to tackle a global hacking epidemic. The idea is that the signatories to the accord will adhere to a set of common principles for securing cyberspace that are loosely based on previous efforts by the United Nations aimed at defusing tensions online.

The longish list includes principles that would stop cyberattacks on critical infrastructure like electrical grids and hospitals; combat intellectual-property theft online; improve the security of digital goods and services; and outlaw the use of cyber mercenaries to hide the real culprits behind attacks.

The supporters: The Paris Call is backed by more than 50 states, including all of the European Union’s members. It’s also been endorsed by tech giants like Microsoft and Facebook, as well as numerous other companies and nongovernmental organizations. 

Conspicuously absent: The US, Russia, and China, who all have huge cyber offensive capabilities, haven’t signed up—presumably because they don’t want to have their hands tied.  It’s possible they will sign up later, but without them the accord will be missing the players that matter most.

The (over-ambitious) goals: Getting agreement on all of goals at once will be really hard. As we’ve argued before, it would be better to start with a narrower effort to put critical infrastructure off limits to cyberattacks. If this can be made to stick, then a coalition could subsequently be built around broader goals. If this is how the Paris Call works in practice, then it might stand a better chance of success.