CATEGORIES:
BiologyChemistryConstructionCultureEcologyEconomyElectronicsFinanceGeographyHistoryInformaticsLawMathematicsMechanicsMedicineOtherPedagogyPhilosophyPhysicsPolicyPsychologySociologySportTourism
Implications for International LawCybersecurity and International Law These developments and revelations underscore the expanding importance of cyberspace and cybersecurity in international relations. Stuxnet, Flame, and U.S. actions against al- Qaeda web sites demonstrate deepening interest in the utility of cyber technologies to achieve national security objectives, including armed conflict, covert sabotage, espionage, and counter-terrorism. Like previous advances in communication technologies, states are harnessing the Internet for security needs as opposed to treating cyberspace as a unique political domain. How well existing rules of international law apply to such security-driven behavior is important to explore. This question is not new, but developments, such as Stuxnet and Flame, renew debates about the application of international law to cybersecurity problems. With respect to cyber espionage, the lack of international law on espionage[25] means that Flame and other state-crafted spyware operate without international regulation. The ubiquity of cyber espionage suggests that no consensus exists among states to change this reality, which replicates what happened with every new technology adapted for spying. Unless states begin to perceive cyber espionage as an atypical danger to national security and international order, international law is unlikely to gain traction in this area, no matter how many headlines Flame or future spyware produces. In terms of Stuxnet, attribution of this cyber attack to the United States and Israel does not answer international legal questions about this episode. To analyze Stuxnet under international law requires characterizing what this incident means in legal terms. Commentators have often described Stuxnet in terms of “cyber war,”[26] but governments have not yet responded to Stuxnet (before or after revelations about its origins) as if it constituted an illegal use of force or armed attack or a legal use of force in self-defense. If state use of a cyber weapon designed to damage property is neither a use of force nor armed attack, then how should international lawyers characterize it? Stuxnet is only one incident, so state practice might lack clarity for many reasons. However, even with the problem of attribution resolved, international lawyers confront the problem of how to apply international law on the use of force to cyber weapons and cyber attacks after Stuxnet. The international legal significance of the U.S. government’s alterations to propaganda on al-Qaeda web sites relates to questions about what cyber counter-terrorism might involve in the future. What the State Department accomplished does not appear to violate international law applicable to counter-terrorism. However, will integration of cyber technologies with counter-terrorism strategies lead to more aggressive use of such technologies against terrorist organizations, and, if so, what would such use mean under international law? Some might not consider this question significant because U.S. counterterrorism already involves aggressive and controversial use of lethal weapons against terrorists deployed from drones or by special operations forces. More aggressive use of cyber technologies against terrorists is unlikely to cause the political and legal notoriety non-cyber U.S. counter-terrorism strategies have generated. Cyberspace and International Law The transition of Internet architecture to IPv6 is important to ensuring that the Internet maintains sustained growth—a significant achievement globally for political, economic, and social reasons. And, it is an achievement that owes little, if anything, to international law. IPv6 has been developed, supported, and largely implemented by non-state actors operating without reference to treaties or rules of customary international law. With the transition to IPv6 still underway, assessing how adoption of IPv6 might affect security, privacy, and human rights in cyberspace is difficult, which complicates exploring IPv6’s implications for international law. Certainly, if IPv6 produces security benefits through technological advances, it will mitigate perceptions that new international legal tools or initiatives are needed for cybersecurity problems, such as cyber crime. Possible negative externalities of IPv6 adoption, such as providing new opportunities for cyber crime or repressive governments to undermine privacy and Internet freedom, could affect international law. Many experts consider international legal instruments relevant to cyber crime, such as the Council of Europe’s Convention on Cybercrime,[27] ineffective and inadequate.[28] If cyber criminals find the IPv6 environment as or more conducive to cyber crime than IPv4, then existing international law on cyber crime might become more suspect, possibly falling into disrepute. Similarly, if IPv6 permits governments to attribute Internet activity more readily to specific devices and persons, this outcome might adversely affect enjoyment of Internet-relevant human rights protected by international law, including the rights to privacy, freedom of expression, and freedom of association. The WCIT controversy involves international law in the form of the ITR—a binding treaty adopted in 1988, before the Internet became a global phenomenon. Proposals to amend the ITR to take account of the Internet’s importance could seek to bring more of what is now governed in a decentralized manner largely by non-governmental organizations, such as IETF and ICANN, within formal international law. Some countries have expressed dissatisfaction with the status quo, arguing that it does not respond to their needs and permits the United States to influence Internet governance disproportionately. For example, in June 2011, Russian Prime Minister Vladimir Putin stated a desire to establish “international control over the Internet, using the monitoring and supervisory capabilities of the International Telecommunication Union.”[29] In response to fears that WCIT would change Internet governance, the U.S. House of Representatives declared on May 30, 2012, its concern about proposals that “would justify under international law increased government control over the Internet and would reject the current multistakeholder model that has enabled the Internet to flourish[.]”[30] Similarly, in congressional hearings on May 31, an Internet Society policy official argued that “it is not clear . . . that the international treaty making process represents the most effective way to manage cross-border Internet communications, or that some of the proposals currently being floated are consistent—or even compatible—with the multistakeholder model of Internet governance that has emerged over the past 15 years.”[31] Leaks in early June 2012 of ITU documents being prepared for WCIT produced skepticism about the alleged ITU “takeover” of Internet governance and the argument that “the real conflict is not over governance of the Internet . . . but over the division of the spoils, with international telecommunications operators [within countries] trying to use the I.T.U. to extract revenue from American Internet companies.”[32] In this contentious context, what ITR changes member states of the ITU can negotiate in December 2012 remains to been. Summary Analyses of cybersecurity and cyberspace often involve doubts about the applicability and effectiveness of international law. Information about Stuxnet’s origins and discovery of Flame reinforce these doubts because they highlight the lack of international law (as with cyber espionage) and uncertainty in its application (as with Stuxnet). Nothing about the Stuxnet or Flame revelations suggests that states, especially the great powers and, in particular, those concerned about U.S. cyber power, will scale back cyber espionage activities or development of offensive and defensive cyber capabilities—a situation not conducive to developing international legal rules on cybersecurity challenges. Uncertainty whether IPv6 might benefit cyber criminals and repressive governments focuses attention on the ineffectiveness of existing international legal instruments on cyber crime and on cyber-facilitated human rights. Negotiations on revising the ITR reveal the unimportance of international law to existing Internet architecture and governance and the difficulties facing efforts to change the status quo through new international legal rules. These developments and revelations suggest that international law’s role in shaping what the Obama administration has called “norms of responsible behavior in cyberspace”[33]will be fraught with difficulties for the foreseeable future.
Date: 2015-12-17; view: 707 |