A few more details for last night’s news that the U.S. believes international law applies to cyberwar.
First, an article written by Ellen Nakashima for The Washington Post. According to Nakashima, Koh believes that cyberattacks “that cause a nuclear plant meltdown, open a dam above a populated area or disable an air-traffic control system . . . are examples of activity that probably would constitute an illegal use of force.”
Another interesting quote from Koh: “In our view, there is no threshold for a use of deadly force to qualify as an ‘armed attack’ that may warrant a forcible response . . ..”
***
InformationWeek’s J. Nicholas Hoover also covered the CyberComm conference where Koh made his remarks. Hoover quoted Col. Gary Brown, CyberComm’s outgoing SJA, on how the law surrounding cyberexploitation needs work but norms might emerge: “We’re starting to see public condemnation of espionage and starting to see attribution to foreign nations . . . That’s an indication that there might be something different about cyber espionage than regular espionage.”
***
Via Opinio Juris’ Chris Borgen, the text of Koh’s address. Won’t post it all . . .
Question 2: Is cyberspace a law-free zone, where anything goes?
Answer 2: Emphatically no. Cyberspace is not a “law-free” zone where anyone can conduct hostile activities without rules or restraint.
. . .
In assessing whether an event constituted a use of force in or through cyberspace, we must evaluate factors: including the context of the event, the actor perpetrating the action (recognizing challenging issues of attribution in cyberspace), the target and location, effects and intent, among other possible issues.
. . .
Question 5: Do jus in bello rules apply to computer network attacks?
Answer 5: Yes. In the context of an armed conflict, the law of armed conflict applies to regulate the use of cyber tools in hostilities, just as it does other tools. The principles of necessity and proportionality limit uses of force in self-defense and would regulate what may constitute a lawful response under the circumstances.
. . .
Question 8: How should States assess their cyber weapons?
Answer 8: States should undertake a legal review of weapons, including those that employ a cyber capability.
. . .
Question 9: In this analysis, what role does State sovereignty play?
Answer 9: States conducting activities in cyberspace must take into account the sovereignty of other States, including outside the context of armed conflict.
. . .
Question 10: Are States responsible when cyber acts are undertaken through proxies?
Answer 10: Yes. States are legally responsible for activities undertaken through “proxy actors,” who act on the State’s instructions or under its direction or control.
. . .
Why should U.S Government lawyers care about international law in cyberspace at all?
The Answer: Because compliance with international law frees us to do more, and do more legitimately, in cyberspace, in a way that more fully promotes our national interests. Compliance with international law in cyberspace is part and parcel of our broader “smart power” approach to international law as part of U.S. foreign policy.
Again, all credit to Opinio Juris for originally posting these remarks.
2 Pingbacks