Sec. 3. United States international cyberspace policy
521 words·~2 min read·
/bill/115/hr/3776/eh/section-3A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Congress declares that it is the policy of the United States to work internationally with allies and other partners to promote an open, interoperable, reliable, unfettered, and secure internet governed by the multistakeholder model which promotes human rights, democracy, and rule of law, including freedom of expression, innovation, communication, and economic prosperity, while respecting privacy and guarding against deception, fraud, and theft. In implementing the policy described in subsection (a), the President, in consultation with outside actors, including technology companies, nongovernmental organizations, security researchers, and other relevant stakeholders, shall pursue the following objectives in the conduct of bilateral and multilateral relations:
Clarifying the applicability of international laws and norms, including the law of armed conflict, to the use of ICT. Clarifying that countries that fall victim to malicious cyber activities have the right to take proportionate countermeasures under international law, provided such measures do not violate a fundamental human right or peremptory norm. Reducing and limiting the risk of escalation and retaliation in cyberspace, such as massive denial-of-service attacks, damage to critical infrastructure, or other malicious cyber activity that impairs the use and operation of critical infrastructure that provides services to the public.
Cooperating with like-minded democratic countries that share common values and cyberspace policies with the United States, including respect for human rights, democracy, and rule of law, to advance such values and policies internationally. Securing and implementing commitments on responsible country behavior in cyberspace based upon accepted norms, including the following: Countries should not conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.
Countries should cooperate in developing and applying measures to increase stability and security in the use of ICTs and to prevent ICT practices that are acknowledged to be harmful or that may pose threats to international peace and security. Countries should take all appropriate and reasonable efforts to keep their territories clear of intentionally wrongful acts using ICTs in violation of international commitments. Countries should not conduct or knowingly support ICT activity that, contrary to international law, intentionally damages or otherwise impairs the use and operation of critical infrastructure, and should take appropriate measures to protect their critical infrastructure from ICT threats.
Countries should not conduct or knowingly support malicious international activity that, contrary to international law, harms the information systems of authorized emergency response teams (sometimes known as computer emergency response teams or cybersecurity incident response teams ) or related private sector companies of another country. Countries should identify economic drivers and incentives to promote securely-designed ICT products and to develop policy and legal frameworks to promote the development of secure internet architecture.
Countries should respond to appropriate requests for assistance to mitigate malicious ICT activity aimed at the critical infrastructure of another country emanating from their territory. Countries should not restrict cross-border data flows or require local storage or processing of data. Countries should protect the exercise of human rights and fundamental freedoms on the Internet and commit to the principle that the human rights that people have offline enjoy the same protections online.