back to article French diplomat: Spies gonna spy – there aren't any magical cyberspace laws that can prevent it

A French diplomat has suggested that future global regulation of cyberspace could exempt spying from regulation "as long as some specific sectors are preserved". Although he prefaced his comments by saying "I speak on my behalf, not for France," Jean Heilbronn went on to tell an audience at French infosec conference FIC2019: " …

  1. Doctor Syntax Silver badge

    Is it possible that a prohibition on spying could upset diplomatic job prospects?

    1. Anonymous Coward
      Anonymous Coward

      Damage diplomatic job prospects? Hardly. Diplomats exists so that politicians don't have to talk to each other much. Using formally, codified language that often means the opposite of what the words say, they act as spies in suits, intermediaries, representatives of national interest, and negotiators.

      Whether cyber spying is formally banned by international treaty or not, the man is correct that it will still go on. Better to deal with the spying, rather than create rules that could embarrass or restrict those countries who maintain that they stand for the rule of law whilst having no impact on those who don't care.

      Our man here is acting as a representative of national interest, since the outcome of such rules would be bad for France (not to mention other liberal democracies). I could see countries like Russia and China supporting a treaty to outlaw cyber spying, because they'd ignore and deny it, whilst the Western powers struggled with reputational harm when they got caught, or find that their own courts were intervening to stop them spying.

    2. Peter2 Silver badge

      The simple point is that it's not outlawed because there is a fundamental need for countries to have information about what's going on. If it was illegal, then it'd be a universally flouted law.

      Spying is basically just like war. Nobody actually wants war, but everybody recognises that it's basically impossible to ban. Hence, they put laws in place such as a requirement to inform countries that they are at war before attacking them, and laws of civilized conduct whilst at war etc.

      In the same way, it's commonly accepted that spies will steal information to let politicians know what's going on. It's accepted that they won't then blow up the oppositions factories or arrange "accidents" for competing researchers etc.

  2. Fred Flintstone Gold badge

    Spying is OK as long as WE do it..

    I figured I'd summarise the interview and the perspective of each participating country.

    No, it is NOT OK. I can understand that, from your point of view, you want to leave the door open but no, it's not OK. If you want to make it OK, regulate it, ensure the regulation is applied and fines are issued to everyone who thinks the rules do not apply to them.

    And I would still not be OK with it.

    1. Rich 11 Silver badge

      Re: Spying is OK as long as WE do it..

      ensure the regulation is applied

      His point is that that is pretty much impossible. When he said he thinks that IP theft is beyond the pale, all I could hear was the Chinese chuckling.

    2. Stork

      Re: Spying is OK as long as WE do it..

      If I take the big perspective, I think some spying is necessary. Think the cold war, I think security was improved by having better information about the other side.

      And I don't think ip theft is limited to China. My wife's biotech used to worry about the other side of the Pacific, and UK legislation clearly allows for this as well.

      1. Anonymous Coward
        Anonymous Coward

        Re: Spying is OK as long as WE do it..

        If I take the big perspective, I think some spying is necessary. Think the cold war, I think security was improved by having better information about the other side.

        There's a difference between accepting it as a necessary evil and trying to say it's perfectly normal and OK, and it's my impression that that was was was attempted here (I may be wrong, of course, but that's the impression I got).

    3. Anonymous Coward
      Anonymous Coward

      Re: Spying is OK as long as WE do it..

      One of the causes of WW1 was that governments replied too much on newspaper statements and the public pronouncements of the madder politicians. As with Brexit and Trump, the desire of newspapers to sensationalise in the interests of sales led to disaster.

      Really effective spying might even have prevented, or at least limited, WW1. It could have ensured that Archduke Ferdinand didn't get assassinated and it could have enabled both Germany and France realise that war was not to their advantage. At the start of the war, France didn't realise the effectiveness of German machine guns and Germany didn't realise the effect that the Kaiser's wild pronouncementrs were having. There are plenty more examples.

      I say let them spy the hell out of one another, and let's have bigger and better Wikileaks.

      1. Anonymous Coward
        Anonymous Coward

        Re: Spying is OK as long as WE do it..

        let's have bigger and better Wikileaks

        No - at least not in the way Wikileaks is working at present (and certainly not with Saint Jules™ involved in any way).

        I am absolutely for press freedom (to the point that I am actively involved in protecting journalists and sources), but with serious caveats. Investigative journalism, yes, invasion of privacy (celeb "journalism") no. The current principles work: hacking is and remains illegal until such time as it can be proven that the break in or leak was for the common good which then functions as a means to reduce or even commute possible consequences. If we allow this excuse to work for all and sundry we'll open the gates to Hell some more because every idiot will want to have a go and then excuse it as "trying to find some misdeeds" (basically the current Wikileaks model - that started with hacking and only got the common good label later).

        1. Anonymous Coward
          Anonymous Coward

          Re: Spying is OK as long as WE do it..

          Perhaps I should have clarified what I meant by "better" Wikileaks. I was distinguishing the idea from the present implementation.

          We need better investigative journalism. Unfortunately in the UK the right wing takeover by Murdoch, Dacre and the Barclays pretty much killed anything other than partisan shouting, but elsewhere in the world there are places where journalism is a respected profession (and Boris Johnson would never get a job). I think that's what we need more of. More Suddeutsche Zeitung, more NYT in fact.

      2. Peter2 Silver badge

        Re: Spying is OK as long as WE do it..

        One of the causes of WW1 was that governments replied too much on newspaper statements and the public pronouncements of the madder politicians.

        I'd disagree rather strongly.

        Admiral Fisher retired on reaching 70 years of age in 1911. That year, he predicted that war with Germany would break out in October 1914, following the (then) anticipated completion date of work on the Kiel Canal to allow the passage of battleships.

        He was wrong; The Kiel Canal was completed in July 1914, and war commenced in August 1914.

        In short, WW1 started when it did because that suited the then German empire. They wanted to escape from being a powerful European power into being a great power with their own (expanded) overseas empire. The problem in this was that Germany was blocked in by the Russian empire to the east, the French empire to the west, and by Britain's Royal Navy by sea. It was also the case that everywhere was already a colony or protectorate of one of the existing colonial countries, so expanding meant doing so at their expense.

        The German expectation was that they could have a short victorious war by thrusting into France and taking Paris, and then forcing France out of the war (Schlieffen_Plan) before turning on Russia and knocking them out of the war, and then doing a peace deal with Britain, who couldn't fight alone on land due to having one relatively small army, compared to Germany having quite a few field armies.

        Presumably the plan would have been to have been to take colonies as war reparations mostly from France and Russia, and then just get Britain to agree to this so they could actually get to those colonies without being blocked by the RN.

        This plan went pear shaped with the first battle of the Marne. Germany ended up trapped fighting a prolonged two front war against both France and Russia, with Britain imposing a naval blockade against Germany and busying itself taking all of the German colonies whilst training up and deploying a preposterously large armed force of ~8.5 million in France and introducing things like Tanks, which the Germans couldn't industrially manage to produce in worthwhile numbers.

        So fundamentally, spying wouldn't have helped prevent WW1.

        I say let them spy the hell out of one another, and let's have bigger and better Wikileaks.

        I honestly doubt that it will make much difference. People only find about about these things when they are covered by the mass media, who are basically a political party in their own right these days and (attempt to) control the flow of information by lying through omission.

  3. imanidiot Silver badge
    WTF?

    Spying will happen, if not by nations then by high level criminals

    So taking very good precautions is a necessity either way. Even if the nations themselves don't do the spying and/or hacking, there's plenty of criminals out there who benefit from doing such (possibly sponsored or at least purposely ignored by whatever nation they are in). And since no security is 100% hack proof, maybe it's better NOT to put everything on the internet...

    I don't know what the temperature in hell currently is, but this politician is actually saying things that make sense. Yes he probably has a national interest too, as highlighted above, but it still makes sense.

    1. A.P. Veening Silver badge

      Re: Spying will happen, if not by nations then by high level criminals

      "I don't know what the temperature in hell currently is"

      Well below freezing, the Nordic mythology is correct in that regard.

      1. MonkeyCee

        Re: Spying will happen, if not by nations then by high level criminals

        "I don't know what the temperature in hell currently is"

        According to Pterry it's -140C and 700C at the same time.

    2. Anonymous Coward
      Anonymous Coward

      Re: Spying will happen, if not by nations then by high level criminals

      Spying will happen, if not by nations then by high level criminals

      The current problem is that it's sometimes bloody hard to distinguish the two.

  4. Twanky

    I don't think we need a new global agreement to stabilise cyberspace

    I agree with M. Heilbronn.

    If we *did* have such an agreement it would need an international verification body. <sarc>Perhaps teams of observers to make sure that signatories don't have their fingers crossed behind their backs as they sign the treaty.

    After all of the recognised nations have signed up the body could move on to negotiating similar agreements with terrorist groups and organised crime bosses. What could possibly go wrong?</sarc>

    By far the best way to achieve global stability in cyberspace would be to harden the bit of it that each nation has authority over.

    "No Mrs Trellis, you can't connect that IoT crap to your BT Internet HomeHub; you're putting our country's infrastructure at risk". If she won't disconnect it then disconnect her house. Take a similar approach to companies.

    When our own state's cyber experts discover a vulnerability in some common piece of kit does the state take the view that the vulnerability should be fixed before it is used against us or does it store the knowledge and use it against some other state (or terrorist group or crime boss) - and thereby leave it's own citizens open to attack? I know which approach would lead to more stability.

    We need to *learn* from each other's mistakes. I reckon that when the news broke that Germany's Chancellor Angela Merkle's communications had been intercepted by US state actors the reaction among Germany's spooks was not "how could they do that to us?" but "how could we have let that happen?".

    We've analyzed their attack, sir, and there is a danger. Should I have your ship standing by?

  5. poohbear

    Um, are spies allowed to use secure encrypted communications then?

    1. Twanky
      Joke

      are spies allowed to use secure encrypted communications then?

      Only if we trust them.

      Oh, wait.

  6. MNGrrrl
    Facepalm

    No, we can fix it

    We can fix this. Sixty years ago planes were disintegrating in midair. It was so bad the public was demanding action, and so the government (mine, united states, probably elsewhere too) created an investigative and regulatory body -- the FAA and NTSB. Together, they literally combed the wreckages, identifying engineering failures, human failures, and separating fact from fiction. Manufacturers were required to show their work, with the designs available for public inspection. Designs were tested in laboratories and certified as ready for use. Deaths plummeted. Planes got safer. And within just twenty years, planes went from one of the deadliest ways to travel to one of the safest.

    What my industry needs isn't laws about encryption, or more laws to punish criminals. What we need is proper engineering standards, enforced by a regulatory body that holds companies that make software and hardware accountable. We don't have that now, and that, more than any other reason, is why our industry is a shit show of failure. Failure is the norm in this industry, with most IT projects -- about 70%, failing to either be implimented at all, not meeting requirements, or going over budget. These are institutional failures, and it's been encouraged by a lack of public awareness and a false narrative that says we have to tolerate failure to be on the 'cutting edge'.

    We do not.

    1. Tomato42

      Re: No, we can fix it

      I already hear the screams "but but but money!"

  7. Snowy Silver badge
    Facepalm

    Just because something is hard.

    Does not mean we should give up trying to stop it.

  8. Zippy´s Sausage Factory
    Unhappy

    I think he's labouring under the belief that state-sponsored espionage against foreign nations will continue to be the largest sector.

    I, however, disagree. I think many nations will find it difficult to resist the temptation to constantly surveill their own citizens, for whatever purpose (China just launched an app to "whistleblow on a debtor", for crying out loud), and cybercriminals will be ready to steal intellectual property or personal information for the highest bidder.

    I think it's naive to assume state-sponsored espionage is actually going to even be relevant in a few years' time if online criminality continues growing at the rate it appears to be.

  9. Grinning Bandicoot

    Think Spies as a Protective Service.

    In the 60's USians had learned of a possible fatal weakness in the Soviet's nuclear forces. The weakness was corrected by leaking to Soviet spies and thereby establishing veracity the essence of the USian command and control interlocks. Besides G. Washington used spies in his battles against the Germans and to date has not held to account by the N Y Times and Washington.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon