Ius Gentium

University of Baltimore School of Law's Center for International and Comparative Law Fellows discuss international and comparative legal issues


1 Comment

All’s Fair in Love and Cyberwar

Elizabeth Hays

A United States drone strikes a car near a gas station in Syria.[1] Inside that car, Junaid Hussain lays lifeless.[2] Though a seemingly normal 21-year-old British man with an education and a wife, Junaid possessed exceptional computer hacking skills and ties to ISIS’s cyber division.[3] Instead of the United States sending a sniper to take out Junaid, a person used his or her trigger finger to direct the drone strike from a computer miles away from the gas station.[4] Throughout history, technology has drastically changed warfare. The advances in cyberspace technology are no exception and the law is struggling to keep up.

hays_blog1_photo1

While country-on-country cyber-attacks have made headlines in the 21st century, such attacks can be dated as far back as the Cold War.[5] In June 1984, a United States satellite detected a large blast in Siberia.[6] That blast turned out to be an explosion on a Soviet gas pipeline.[7] A malfunction in the computer-controlled system that the Soviets stole from a firm in Canada caused the explosion.[8] Unware to them, the CIA caused the malfunction by tampering with the software, resetting  the pump and valve settings to produce pressures far beyond the capabilities of the pipeline welds, which  ultimately resulted in destruction.[9]

The most recent and controversial cyber-attack resulted in WikiLeaks publishing a series of confidential emails exchanged between several key members of the Democratic National Committee.[10] The release negatively impacted the Democratic Party in the public eye and resulted in the call for resignation from the DNC chairperson, the CEO, the CFO, and the Communications Director.[11] Despite President Trump’s initial accusation, these hackers are not just 400 pound guys in a basement; they are sophisticated and, potentially, dangerous adversarial governments.[12]

The United States accused Russian President Vladimir Putin of ordering an “influence campaign” aimed at weakening Hilary Clinton’s campaign and strengthening Donald Trump’s.[13] The campaign consisted of hacking Democratic groups and individuals and releasing that information via third party websites, including WikiLeaks.[14]  Intelligence agencies concluded with high confidence that Russia had intended to undermine American faith in the electoral system by hurting Hilary Clinton’s chances of winning.[15] As a result, in December 2016, America responded with what was arguably its strongest response yet to a state sponsored cyberattack.[16] “All Americans should be alarmed by Russia’s actions” stated Former President Obama.[17] While there is partisan disagreement about the scope and intent of the Russian cyber-attack on the 2016 United States Presidential Election, 77% of Americans from a wide variety of political backgrounds believe that cyber-attacks against computer systems in the United States are a serious threat.[18] Meanwhile, 63% of Americans believe that the United States is not adequately prepared to deal with these cyber threats.[19]

hays_blog1_photo2

While President Trump has repeatedly stated that the Russian hacking had no influence on the outcome of the election, it is becoming clear that cyber-attacks are becoming more prevalent and powerful.[20] Intelligence agencies reported that the Russian election intervention is an old-fashioned Soviet-style propaganda campaign made more powerful by the tools of cyberage.[21] While it may seem like this was a onetime event and new attack, it was actually a part of a campaign that went undetected for years.[22]

The same international laws apply to cyberspace as they do to traditional warfare domains. Yet, cyber-attacks are difficult for the international community to analyze due to their complexity and secrecy. In response to this challenge, the NATO Cyber Centre wrote the Tallinn Manual on the International Law Applicable to Cyber Warfare.[23] Applying the principles of the international law of war in cyberspace, the manual has been the primary guide for armed conflicts.[24] According to the principles in the manual, the Russian cyber-attacks on the DNC are below the threshold of an armed conflict.[25] On the other hand, if Russia had destroyed America’s cyber infrastructure, it would likely be enough to be a use of force and thus a violation.[26]

Yet others experts, such as the chairman of the U.S. Naval War College’s international law department Michael Schmidt, believe that the DNC hack was in fact a violation of international law.[27] For example, the hack could have threatened U.S. sovereignty.[28] The hackers attempted to intervene into the internal fairs of the United States affairs, which includes running elections.[29] However, there would need to be proof that Russia not only stole information but used the information to manipulate election results.[30]

hays_blog1_photo3

Therefore, the DNC hacks still lie in a legal gray zone. While the Tallinn Manual provides excellent guidance on applying international law in cyberspace, the Tallinn Manual 2.0 is in the works to expand upon it.[31] The goal of this additional manual is to examine how international law applies to cyber-attacks below the threshold on an armed conflict.[32] Until then, clever nations will continue to use cyber-attacks, like the DNC hack, to cause harmful effects but not cross the line that would trigger an armed response.[33]

 

Elizabeth Hays is a third year law student at the University of Baltimore School of Law. She completed her undergraduate studies at the University of Baltimore, where she majored in Jurisprudence. Her legal interests include administrative law, national security law, and maritime law. Elizabeth has previously interned with the U.S. Army JAG Corps and the U.S. Coast Guard JAG Corps. Additionally, she participated in the winter study abroad program in Curaçao in 2015/16. She is currently the Co-President of University of Baltimore Students for Public Interest (UBSPI) and a Staff Editor for University of Baltimore Law Forum.

[1] Nick Gutteridge, ISIS Top Hacker Dead: British Jihadi Junaid Hussain Blown up in US Drone Strike in Syria, Express, (Aug. 27, 2015).

[2] Id.

[3] Id.

[4] Id.

[5] War in the Fifth Domain, The Economist (Jul. 1, 2010).

[6] Id.

[7] Id.

[8] Id.

[9] Id.

[10] Harold Stark, How Russia Hacked Us in 2016, Forbes (Jan. 24, 2017).

[11] Id.

[12] Scott Shane, Russian Intervention in American Election Was No One-Off, N.Y. Times (Jan. 6, 2017).

[13] Jill Dougherty, U.S. Election Hacking: Russia Hits Back at ‘Unfounded’ Allegations, CNN Politics (Jan. 15, 2017).

[14] Id.

[15]Paul Krugman, Russia’s Hand in America’s Election, N.Y. Times (Dec. 11, 2016).

[16] David E. Sanger, Obama Strikes Back at Russia for Election hacking, N.Y. Times (Dec. 29, 2016).

[17] Id.

[18] Sarah Dutton, Most Americans Think Russia Tried to Interfere In Presidential Election, CBS News (Jan. 18, 2017).

[19] Id.

[20] Jill Dougherty, U.S. Election Hacking: Russia Hits Back at ‘Unfounded’ Allegations, CNN Politics (Jan. 15, 2017).

[21] Scott Shane, Russian Intervention in American Election Was No One-Off, N.Y. Times (Jan. 6, 2017).

[22] Id.

[23] Jill Dougherty, NATO Cyberwar Challenge: Establish Rules of Engagement, CNN Politics (Nov. 7, 2016).

[24] Id.

[25] Id.

[26] Id.

[27] Id.

[28] Id.

[29] Id.

[30] Id.

[31] Id.

[32] Id.

[33] Id.

Advertisements


Leave a comment

Governmental Media Regulation: U.S. vs. Bhutan

Raiven Taylor

As we all know, the media is used to spread the most recent news and current events. What many people do not know is that the media have rules and regulations they must follow in order to stay on TV and/or the radio. Many rules that regulate the media differ from country to country. Although the U.S. Constitution’s First Amendment guarantees the right to freedom of the press, usually with minimum regulations, other countries, such as Bhutan, which will be explored in this blog, do not have such freedom.

The U.S. gives most leeway to print media, such as newspapers, magazines, and flyers.[i] The only real regulation for print media is to deter defamation. [ii]  Defamation happens when untrue information is printed that may cause harm to someone.[iii] Defamation can be either written (libel) or communicated verbally (slander). Broadcasting media are a little more regulated than print.

Media1

Broadcasting media are also regulated against defamation. In fact, broadcasters and their networks can be sued for slander.[iv] Broadcasting is also heavily regulated by the Federal Communications Commission (FCC).[v] The FCC polices the content of the airwaves and has the authority to fine or revoke broadcasting licenses for violating any of the following: broadcasting obscene programs at any time, broadcasting indecent programs during certain hours, or broadcasting profane language during certain hours.

Having regulations on the media could eventually spill into social media. However, to date, the U.S. has only come up with basic regulations on social media, such as the right of privacy, how one may create social media policies, and protocols for marketing on social media.[vi] Because social media is a growing media source, it has been very hard for the government to regulate.

Media2

On the other hand, Bhutan has more restrictions on media outlets. Even though Bhutan claims to have a Constitution allowing free speech and opinion, Bhutan has an Act that prohibits criticism of the king as well as anything that may undermine or attempt to undermine the security and sovereignty of Bhutan.[vii] The government even restricts and censors topics that involve Nepali-speaking residents having to leave Bhutan.[viii] Many of the media outlets hesitate to push the limits of the regulations because the media depends on the government for funding and support.[ix]

Bhutan is a country that is far behind the times on Internet and television, both of which arrived in 1999.[x]  Even though Bhutan was behind the times, almost 10% of their population is on social media.[xi] Social media gives the Bhutanese an outlet to express their own opinions and views and changed the idea of criticizing the government, giving the younger generation an opportunity to have an opinion. [xii] However, due to the growth of social media and the presence of the population on social media in Bhutan, the government decided in 2014 to draft policy on the use of social media.[xiii]

Media3

The government agreed that a huge benefit of having a social media policy would be for the government to engage its citizens and officials in the use of social media to share government information as a developmental tool for social, economic, and political change.[xiv] Discussions concerning social media use in Bhutan have even led to the idea of incorporating curriculum in the schools to have a social media component.[xv] Even though the Bhutanese government may appear to support the idea of social media and is not trying to regulate social media, the government has created guidelines one must follow when using social media. These include the requirement to be accurate, to never post anything malicious or misleading, to respect the Constitution and all laws, and to act in good judgment.[xvi] These are many things that young people do not think of when posting their opinions.

Given an option between the United States and Bhutan, I would choose to use social media in the U.S. The U.S. may regulate TV, radio, and print, but it does not regulate it in a way that would affect one’s rights. The U.S. can write, state, or show on TV what’s going on in the government, even if they disagree with what the government is doing. On the other hand, Bhutan regulates its media outlets in a way that only shines light on the government’s positive aspects instead of the negative. The Bhutanese government does not allow its citizens to share their opinions if they disagree with what the government is doing. While beneficial to maintaining the status quo in Bhutan, this restriction of rights affects the rights of the media and Bhutanese citizens alike.

Raiven Taylor is third year law student at the University of Baltimiore School of Law and is completing her concentration in International Law. She has an undergraduate degree in Political Science from Bowie State University. She has studied abroad in London, England and Clermond-Ferrand, France. She is an Senior Staff Editor for the Journal for International Law as well as Secretary for the International Law Society. Additionally, Raiven is a Rule 16 student attorney in the Immigrant Rights Clinic. Her passion and interest in international law is human trafficking and international human rights law.

[i] http://study.com/academy/lesson/rules-governing-the-media-definition-examples.html

[ii] Id.

[iii] Id.

[iv] Id.

[v] Id.

[vi] http://blogs.forrester.com/nick_hayes/13-07-31-five_common_legal_regulatory_challenges_with_social_media

[vii] https://freedomhouse.org/report/freedom-press/2013/bhutan

[viii] id.

[ix] Id.

[x] http://www.bbc.com/news/world-asia-25314578

[xi] Id.

[xii] Id.

[xiii] http://www.undp.org/content/bhutan/en/home/presscenter/articles/2015/01/14/bhutan-forms-its-first-social-media-policy.html

[xiv] Id.

[xv] Id.

[xvi] http://www.gnhc.gov.bt/wp-content/uploads/2011/05/RGoB-Draft-Social-Media-Policy.pdf


2 Comments

No Common Heritage: Why the Internet Cannot be Regulated Like the Sea

Matthew Matechik

In the rapidly unfolding digital age, the strongest player on the international stage is not necessarily the state with the biggest weapons or the most soldiers. Instead it is the cyber actor, which may or may not be a state, capable of most effectively leveraging the Internet to achieve objectives. Like the seafaring captains of old, these actors navigate the labyrinth of the Internet to discover, to trade, to pillage, and to conquer. Digital packets are their vessels. The Internet is their sea.

Internet Pirate

Like the sea, the internet encircles the globe. Like the sea, the Internet is used for benign activity, such as commerce and leisure, but also for destructive activity, such as theft and combat. The sea has sailors and pirates; the internet has cyber professionals and hackers. The comparison seems appropriate and begs the questions: Can international law regulate the Internet like it regulates the sea?

The similarities between the Internet as a medium and the sea as a medium suggest that international principles governing the use of the sea could effectively be applied to the use of the Internet. Upon inspection, however, this theory quickly erodes for numerous reasons. Perhaps the most significant obstacle is the lack of a common heritage to the Internet. Common heritage is the critical component that has allowed the law of the sea to develop.

Customs governing the use of the sea probably began to emerge when humans first encountered other humans at sea. These customs grew out of a recognition that the sea was an incredibly vast shared space that no one nation could hold in the way that land territory could be held. The sea was recognized as the common heritage of mankind. Seafaring parties intersected with both allies and enemies in this shared space. Customs and laws continued to develop over millennia to regulate these encounters. As humanity’s access to the sea increased, international norms increased, including codifying many of these customs in the UN Convention on the Law of the Sea (UNCLOS). These laws were based on the idea that all humans enjoyed freedom of the sea because it was common heritage.  The laws fostered shared use of the sea while deterring nefarious actions on the sea.

As a recent phenomenon, the Internet has no such common heritage, although it has become a common resource. The Internet traces its origins back to a research project completed by the United States Defense Advanced Research Projects Agency (DARPA) during the 1960s.[1] Its usage grew exponentially until it became the truly globe-spanning super network of today, reaching an estimated 3 billion people.[2] Because the United States was the primary driver of early Internet adoption, its infrastructure and usage patterns have developed in such a way that most of the world’s internet traffic passes through the United States.[3] This position offers the United States unique advantages and opportunities that the United States is unlikely to relinquish.

Global Internet Map

Other nations have more recently undertaken measures to ensure their own Internet posture also offers unique advantages and aligns with their interests. For example, China has erected “The Great Firewall” around Chinese Internet users, allowing China to censor which traffic is accessible by Chinese users.[4] China is leveraging its Internet power to further its interests at the expense of internet freedom and access. Meanwhile in the European Union, some European leaders are advocating for new Internet regulations that could bolster European tech companies’ positions against their American counterparts.[5] The fortifying of digital space will not enable the international community to adopt any sort of “freedom of the Internet” measures akin to the freedom of the seas.  Quite the opposite in fact, the trend seems to be increasing restrictions on communal use.

Even if the international community did characterize the Internet as a resource to be shared by all, regulation appears to be technically impossible, at least at present, because Internet traffic cannot be finitely quantified and observed in the same way that seafaring vessels can. Sea regulations are enforceable in large part because nations are able to observe a meaningfully quantifiable number of vessels and react by employing the appropriate legal measure. On the sea, the regulator can, for example, react to nefarious activity by boarding a vessel and searching it.

Over the Internet, the regulator would likewise have to conduct inspections in some manner but there are far too many data packets to deal with. By the end of 2016, an estimated 1,000,000,000,000 gigabytes of data will traverse the Internet annually.[6] That number is too large to fathom its significance. Finding nefarious activity among that much data and reacting appropriately while still fostering Internet freedom is technically impossible given the current state of technology. There are simply too many packets traversing the internet.

The lack of common heritage to the Internet and technological limitations on widespread enforcement make the application of the law of the sea’s principles to the Internet impossible for now. The international community must approach the Internet with a fresh perspective that considers its modern and unique characteristics. The Council of Europe’s Convention on Cybercrime, which entered into force in 2004, is currently the leading international convention in this field. The Convention identifies numerous cybercrimes that signatories must address in their domestic criminal laws, requires that certain law enforcement procedures be put into place, and demands that signatories cooperate to investigate and prosecute cybercrimes.[7] The Convention has been ratified by forty-seven states so far and signed by an additional seven.

The Convention shows some real promise because it addresses uniquely cyber issues and has seen at least some adoption. However, it still lacks global utility because it does little to address state-on-state cyber acts and lacks signatures from significant cyber powers, notably China and Russia. The lack of widespread adoption suggests cyber stakeholders with competing interests have a long way to go before they are able to agree on international regulation that works as effectively as sea regulations.

Matthew Matechik is an Evening J.D. student at the University of Baltimore School of Law (Class of 2016). He currently works full-time for the U.S. Federal Government as a Counterterrorism Analyst. He has a Bachelors of Arts (Magna Cum Laude, 2008) from Florida State University. All views in this blog post are Matthew’s own views and do not represent that of the U.S. Government. 

[1] http://www.internetsociety.org/internet/what-internet/history-internet/brief-history-internet

[2] http://www.washingtonpost.com/sf/business/2015/05/30/net-of-insecurity-part-1/

[3] http://faculty.georgetown.edu/irvinem/CCTP748/Internet-Mediology.html

[4] http://abcnews.go.com/Technology/story?id=4707107&page=1

[5] http://www.reuters.com/article/2015/06/23/us-eu-digital-letter-idUSKBN0P32AX20150623

[6] http://www.cisco.com/c/en/us/solutions/collateral/service-provider/visual-networking-index-vni/VNI_Hyperconnectivity_WP.html

[7] http://conventions.coe.int/Treaty/EN/Treaties/Html/185.htm