An Assessment of International Legal Issues in Information Operations: Difference between revisions

From Cybersecurity Wiki
Jump to navigation Jump to search
 
(21 intermediate revisions by 2 users not shown)
Line 1: Line 1:
==An Assessment of International Legal Issues in Information Operations==
==Full Title of Reference==
An Assessment of International Legal Issues in Information Operations


==Full Citation==
==Full Citation==


Department of Defense Office of General Counsel, "An Assessment of International Legal Issues in Information Operations," [[http://www.au.af.mil/au/awc/awcgate/dod-io-legal/dod-io-legal.pdf ''web'']] (1999)
Department of Defense Office of General Counsel, ''An Assessment of International Legal Issues in Information Operations'' (1999).  [http://www.au.af.mil/au/awc/awcgate/dod-io-legal/dod-io-legal.pdf '' Web'']


[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&view=detailed&startkey=DOD_OGC:1999&f=wikibiblio.bib BibTeX]
[http://cyber.law.harvard.edu/cybersecurity/Special:Bibliography?f=wikibiblio.bib&title=Special:Bibliography&view=detailed&action=&keyword=DOD_OGC:1999 ''BibTeX'']


==Key Words and Categorization==
==Categorization==
* Resource by Type: [[US Government Reports and Documents]]
* Threats and Actors: [[States]]
* Issues: [[Cyberwar]]; [[Government to Government]]
* Approaches: [[International Law (including Laws of War)]]


Law Espionage Treaties Government International-Law Global Communities Agreements United-Nations Legislation International-Relations Law-Enforcement
==Key Words==
[[Keyword_Index_and_Glossary_of_Core_Ideas#Combatant_Status | Combatant Status]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Computer_Network_Attack | Computer Network Attack]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Cyber_Warfare | Cyber Warfare]], 
[[Keyword_Index_and_Glossary_of_Core_Ideas#Kinetic_Attack | Kinetic Attack]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#National_Security | National Security]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Lawfare | Lawfare]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Laws_of_War | Laws of War]]


==Synopsis==
==Synopsis==
International law consists of binding legal obligations among sovereign states. Two of the basic principles of the international legal system are that sovereign states are legally equal and independent actors in the world community, and that they generally assume legal obligations only by affirmatively agreeing to do so. The most effective instruments in creating international law are international agreements, which may be either bilateral or multilateral. Some of these agreements, such as the United Nations Charter, establish international institutions that the parties agree to invest with certain authority. It is also generally accepted that there is a body of customary international law, which consists of practices that have been so widely followed by the community of nations, with the understanding that compliance is mandatory, that they are considered to be legally obligatory.
===New Legal Challenges Presented by Information Operations===
Many traditional military activities are included in current concepts of “information operations” and “information warfare,” including physical attacks on information systems by traditional military means, psychological operations, military deception, and “electronic warfare” operations such as jamming radar and radio signals. The application of international law to these traditional kinds of operations is reasonably well settled. Similarly, electro-magnetic pulse (EMP) weapons and directed-energy weapons such as lasers, micro-wave devices, and high energy radio frequency (HERF) guns will probably operate in a manner similar enough to that of traditional weapons that one could apply existing legal principles to them without much difficulty. It will not be as easy to apply existing international law principles to information attack, a term used to describe the use of electronic means to gain access to or change information in a targeted information system without necessarily damaging its physical components. One of the principal forms of information attack is likely to be computer network attack, or in today’s vernacular, the “hacking” of another nation’s computer systems.
===Laws of War===
After an discussion of relevant international law, the memo concludes that the laws of war authorizes a nation engaged in an international armed conflict to employ armed force to attack lawful military targets belonging to the enemy. Resolutions of the United Nations Security Council (UNSC) may also authorize the use of armed force as provided in the UN Charter.
===Use of Force in "Peacetime"===
After an overview of international law and case law, the memo notes that one trend in international law is to provide some kind of remedy for every violation of a nation’s rights under international law. Some of these remedies are in the nature of self-help, such as armed self-defense, the interruption of commercial or diplomatic relations, or public protest. Other remedies may be sought from international institutions, such as an imposition of coercive measures by the Security Council, or a declaratory judgment or an order to make reparations from an international tribunal. The issue for the victim is to choose the most effective available sanction. The issue for a nation contemplating an action that may be considered to violate the rights of another nation under international law is to accurately predict what sanctions such action may provoke.
===Application of International Law to Computer Network Attacks===
The conclusion is that there is no way to be certain how these principles of international law will be applied by the international community to computer network attacks. By logical implication, to the extent that a nation chooses to respond to a computer network attack by mounting a similar computer network attack of its own, the issue of whether the initial provocation constituted an armed attack may become a tautology. If the provocation is considered to be an armed attack, the victim may be justified in launching its own armed attack in self-defense. If the provocation is not considered to be an armed attack, a similar response will also presumably not be considered to be an armed attack. Accordingly, the question of the availability of the inherent right of self-defense in response to computer network attacks comes into sharpest focus when the victim of a computer network attack considers acting in self-defense using traditional military means. The issue may also arise if the response causes disproportionately serious effects (e.g., if a state responded to a computer network attack that caused only minor inconvenience with its own computer network attack that caused multiple deaths and injuries). As in all cases when a nation considers acting in self-defense, the nation considering such action will have to make its best judgment on how world opinion, or perhaps a body such as the International Court of Justice (ICJ) or the UNSC, is likely to apply the doctrine of self-defense to electronic attacks. As with many novel legal issues, we are likely to discover the answer only from experience.
==="Active Defense" in Cyberwarfare===
International law of self-defense would not generally justify acts of “active defense” across international boundaries unless the provocation could be attributed to an agent of the nation concerned, or until the sanctuary nation has been put on notice and given the opportunity to put a stop to such private conduct in its territory and has failed to do so, or the circumstances demonstrate that such a request would be futile. Nevertheless, in some circumstances the National Command Authority (NCA) might decide to defend U.S. information systems by attacking a computer system overseas, and take the risk of having to make an apology or pay compensation to the offended government. Among the factors the NCA would probably consider would be the danger presented to U.S. national security from continuing attacks, whether immediate action is necessary, how much the sanctuary nation would be likely to object, and how the rest of the world community would be likely to respond.


International law consists of binding legal obligations among sovereign states. Two of the basic principles of the international legal system are that sovereign states are legally equal and independent actors in the world community, and that they generally assume legal obligations only by affirmatively agreeing to do so. The most effective instruments in creating international law are international agreements, which may be either bilateral or multilateral. Some of these agreements, such as the United Nations Charter, establish international institutions that the parties agree to invest with certain authority. It is also generally accepted that there is a body of customary international law, which consists of practices that have been so widely followed by the community of nations, with the understanding that compliance is mandatory, that they are considered to be legally obligatory.
===Other Laws===
====Space Law====
The memo then discusses space law, on the basis that space segments are critical to so many important information systems. It concludes that there is no legal prohibition against developing and using space control weapons, whether they would be employed in orbit, from an aircraft in flight, or from the Earth’s surface. The primary prohibition is against weapons that entail the placing of nuclear weapons in orbit or that would employ a nuclear explosion in outer space. The use of space control systems in peacetime would be subject to both the general principles of international law and to treaty obligations not to interfere with other nations’ space systems and national technical means of verification. These obligations would probably be suspended during an international armed conflict, during which the parties’ conduct would be governed primarily by the law of war. U.S. domestic policy on space control, however, is at best unsettled.
 
====Communications Law====
Turning to communications law, the memo takes the view that international communications law contains no direct and specific prohibition against the conduct of information operations by military forces, even in peacetime. The established practice of nations provides persuasive evidence that telecommunications treaties are regarded as suspended among belligerents during international armed conflicts. Domestic communications laws do not prohibit properly authorized military information operations. Accordingly, neither international nor domestic communications law presents a significant barrier to information operations by U.S. military forces.
 
====Bilateral and Multilateral Agreements====
The United States is a party to literally thousands of multilateral and bilateral international agreements. From their sheer numbers, one would think it inescapable that lurking somewhere in those agreements are provisions that will affect particular information operations activities. This section attempts only to highlight certain kinds of “typical” agreements that are likely to contain obligations relevant to the conduct of information operations.


==Policy Relevance==
====Foreign Domestic Laws====
This section discusses foreign criminal law addressing computer-related offenses, space activities, communications, and the protection of classified information all raise important issues for information operations that would  affect U.S. information operations activities.


''Policy and Legal Implications, relevant law.
====Espionage Law====
According to the memo, information operations activities are unlikely to fall within the definition of spying in wartime, although a limited category of activities related to information operations may so qualify. Information operations activities are more likely to fall within the category of peacetime espionage. Perhaps more importantly, the reaction of the world community to information operations that do not generate widespread dramatic consequences is likely to be very similar to its reaction to espionage, which has traditionally been tepid.


==Case Examples==
===International Efforts to Restrict "Information Warfare" and Observations===
There is little likelihood that the international legal system will soon generate a coherent body of “information operations” law. The most useful approach to the international legal issues raised by information operations activities will continue to be to break out the separate elements and circumstances of particular planned activities and then to make an informed judgment as to how existing international legal principles are likely to apply to them. In some areas, such as the law of war, existing legal principles can be applied with considerable confidence. In other areas, such the application of use of force principles to adopting an “active defense,” it is much less clear where the international community will come out, and the result will probably depend much more on the perceived equities of the situations in which the issues first arise in practice. The growth of international law in these areas will be greatly influenced by what decision-makers say and do at those critical moments. So far, says the memo, there are many areas where legal uncertainties create significant risks, most of which can be considerably reduced by prudent planning.


==Additional Notes and Highlights==
==Additional Notes and Highlights==
Expertise Required: Law - Moderate
Principal Author: Phillip A. Johnson (Colonel USAF, Retired)


'' * Outline key points of interest
Outline:
* Include quotes if relevant/useful
  I. Introduction
* Consider how these themes relate to other cases, broader thematic areas, etc''
      A. Sources and Application of International Law
      B. Essentials of Treaty Law
      C. New Legal Challenges Presented by Information Operations
  II. The Law of War
      A. Essentials of the Law of War
      B. Application to Information Operations
      C. Assessment
  III. International Legal Regulation of the Use of Force in "Peacetime"
      A. International Law Concerning the Use of Force among Nations
      B. Acts not Amounting to the Use of Force
      C. Application to Computer Network Attacks
      D. An “Active Defense” against Computer Network Attacks
      E. Assessment
  IV. Space Law
      A. Introduction
      B. Space Law Treaties
      C. Specific Prohibitions of Military Activities in Space
      D. Domestic Law and Policy
      E. International Efforts to Control "Weaponization of Space"
      F. Assessment
  V. Communications Law
      A. International Communications Law
      B. Domestic Communications Law
      C. Assessment
  VI. Implications of Other Treaties
      A. Mutual Legal Assistance Agreements
      B. Extradition Agreements
      C. The United Nations Convention on the Law of the Sea (UNCLOS)
      D. Treaties on Civil Aviation
      E. Treaties on Diplomatic Relations
      F. Treaties of Friendship, Commerce, and Navigation
      G. Status of Forces and Stationing Agreements
  VII. Foreign Domestic Laws
      A. Introduction
      B. Cooperation in Investigations and Prosecutions
      C. Effect of Foreign Domestic Law on Actions of U.S. Information Operators
  VIII. Implications of Espionage Law
      A. Espionage under International Law
      B. Espionage during Armed Conflict
      C. Espionage in Peacetime
      D. Assessment
  IX. International Efforts to Restrict "Information Warfare"
  X. Observations

Latest revision as of 15:25, 10 August 2010

Full Title of Reference

An Assessment of International Legal Issues in Information Operations

Full Citation

Department of Defense Office of General Counsel, An Assessment of International Legal Issues in Information Operations (1999). Web

BibTeX

Categorization

Key Words

Combatant Status, Computer Network Attack, Cyber Warfare, Kinetic Attack, National Security, Lawfare, Laws of War

Synopsis

International law consists of binding legal obligations among sovereign states. Two of the basic principles of the international legal system are that sovereign states are legally equal and independent actors in the world community, and that they generally assume legal obligations only by affirmatively agreeing to do so. The most effective instruments in creating international law are international agreements, which may be either bilateral or multilateral. Some of these agreements, such as the United Nations Charter, establish international institutions that the parties agree to invest with certain authority. It is also generally accepted that there is a body of customary international law, which consists of practices that have been so widely followed by the community of nations, with the understanding that compliance is mandatory, that they are considered to be legally obligatory.

New Legal Challenges Presented by Information Operations

Many traditional military activities are included in current concepts of “information operations” and “information warfare,” including physical attacks on information systems by traditional military means, psychological operations, military deception, and “electronic warfare” operations such as jamming radar and radio signals. The application of international law to these traditional kinds of operations is reasonably well settled. Similarly, electro-magnetic pulse (EMP) weapons and directed-energy weapons such as lasers, micro-wave devices, and high energy radio frequency (HERF) guns will probably operate in a manner similar enough to that of traditional weapons that one could apply existing legal principles to them without much difficulty. It will not be as easy to apply existing international law principles to information attack, a term used to describe the use of electronic means to gain access to or change information in a targeted information system without necessarily damaging its physical components. One of the principal forms of information attack is likely to be computer network attack, or in today’s vernacular, the “hacking” of another nation’s computer systems.

Laws of War

After an discussion of relevant international law, the memo concludes that the laws of war authorizes a nation engaged in an international armed conflict to employ armed force to attack lawful military targets belonging to the enemy. Resolutions of the United Nations Security Council (UNSC) may also authorize the use of armed force as provided in the UN Charter.

Use of Force in "Peacetime"

After an overview of international law and case law, the memo notes that one trend in international law is to provide some kind of remedy for every violation of a nation’s rights under international law. Some of these remedies are in the nature of self-help, such as armed self-defense, the interruption of commercial or diplomatic relations, or public protest. Other remedies may be sought from international institutions, such as an imposition of coercive measures by the Security Council, or a declaratory judgment or an order to make reparations from an international tribunal. The issue for the victim is to choose the most effective available sanction. The issue for a nation contemplating an action that may be considered to violate the rights of another nation under international law is to accurately predict what sanctions such action may provoke.

Application of International Law to Computer Network Attacks

The conclusion is that there is no way to be certain how these principles of international law will be applied by the international community to computer network attacks. By logical implication, to the extent that a nation chooses to respond to a computer network attack by mounting a similar computer network attack of its own, the issue of whether the initial provocation constituted an armed attack may become a tautology. If the provocation is considered to be an armed attack, the victim may be justified in launching its own armed attack in self-defense. If the provocation is not considered to be an armed attack, a similar response will also presumably not be considered to be an armed attack. Accordingly, the question of the availability of the inherent right of self-defense in response to computer network attacks comes into sharpest focus when the victim of a computer network attack considers acting in self-defense using traditional military means. The issue may also arise if the response causes disproportionately serious effects (e.g., if a state responded to a computer network attack that caused only minor inconvenience with its own computer network attack that caused multiple deaths and injuries). As in all cases when a nation considers acting in self-defense, the nation considering such action will have to make its best judgment on how world opinion, or perhaps a body such as the International Court of Justice (ICJ) or the UNSC, is likely to apply the doctrine of self-defense to electronic attacks. As with many novel legal issues, we are likely to discover the answer only from experience.

"Active Defense" in Cyberwarfare

International law of self-defense would not generally justify acts of “active defense” across international boundaries unless the provocation could be attributed to an agent of the nation concerned, or until the sanctuary nation has been put on notice and given the opportunity to put a stop to such private conduct in its territory and has failed to do so, or the circumstances demonstrate that such a request would be futile. Nevertheless, in some circumstances the National Command Authority (NCA) might decide to defend U.S. information systems by attacking a computer system overseas, and take the risk of having to make an apology or pay compensation to the offended government. Among the factors the NCA would probably consider would be the danger presented to U.S. national security from continuing attacks, whether immediate action is necessary, how much the sanctuary nation would be likely to object, and how the rest of the world community would be likely to respond.

Other Laws

Space Law

The memo then discusses space law, on the basis that space segments are critical to so many important information systems. It concludes that there is no legal prohibition against developing and using space control weapons, whether they would be employed in orbit, from an aircraft in flight, or from the Earth’s surface. The primary prohibition is against weapons that entail the placing of nuclear weapons in orbit or that would employ a nuclear explosion in outer space. The use of space control systems in peacetime would be subject to both the general principles of international law and to treaty obligations not to interfere with other nations’ space systems and national technical means of verification. These obligations would probably be suspended during an international armed conflict, during which the parties’ conduct would be governed primarily by the law of war. U.S. domestic policy on space control, however, is at best unsettled.

Communications Law

Turning to communications law, the memo takes the view that international communications law contains no direct and specific prohibition against the conduct of information operations by military forces, even in peacetime. The established practice of nations provides persuasive evidence that telecommunications treaties are regarded as suspended among belligerents during international armed conflicts. Domestic communications laws do not prohibit properly authorized military information operations. Accordingly, neither international nor domestic communications law presents a significant barrier to information operations by U.S. military forces.

Bilateral and Multilateral Agreements

The United States is a party to literally thousands of multilateral and bilateral international agreements. From their sheer numbers, one would think it inescapable that lurking somewhere in those agreements are provisions that will affect particular information operations activities. This section attempts only to highlight certain kinds of “typical” agreements that are likely to contain obligations relevant to the conduct of information operations.

Foreign Domestic Laws

This section discusses foreign criminal law addressing computer-related offenses, space activities, communications, and the protection of classified information all raise important issues for information operations that would affect U.S. information operations activities.

Espionage Law

According to the memo, information operations activities are unlikely to fall within the definition of spying in wartime, although a limited category of activities related to information operations may so qualify. Information operations activities are more likely to fall within the category of peacetime espionage. Perhaps more importantly, the reaction of the world community to information operations that do not generate widespread dramatic consequences is likely to be very similar to its reaction to espionage, which has traditionally been tepid.

International Efforts to Restrict "Information Warfare" and Observations

There is little likelihood that the international legal system will soon generate a coherent body of “information operations” law. The most useful approach to the international legal issues raised by information operations activities will continue to be to break out the separate elements and circumstances of particular planned activities and then to make an informed judgment as to how existing international legal principles are likely to apply to them. In some areas, such as the law of war, existing legal principles can be applied with considerable confidence. In other areas, such the application of use of force principles to adopting an “active defense,” it is much less clear where the international community will come out, and the result will probably depend much more on the perceived equities of the situations in which the issues first arise in practice. The growth of international law in these areas will be greatly influenced by what decision-makers say and do at those critical moments. So far, says the memo, there are many areas where legal uncertainties create significant risks, most of which can be considerably reduced by prudent planning.

Additional Notes and Highlights

Expertise Required: Law - Moderate

Principal Author: Phillip A. Johnson (Colonel USAF, Retired)

Outline: 

 I. Introduction
     A. Sources and Application of International Law 
     B. Essentials of Treaty Law 
     C. New Legal Challenges Presented by Information Operations 
 II. The Law of War
     A. Essentials of the Law of War 
     B. Application to Information Operations 
     C. Assessment 
 III. International Legal Regulation of the Use of Force in "Peacetime"
     A. International Law Concerning the Use of Force among Nations
     B. Acts not Amounting to the Use of Force
     C. Application to Computer Network Attacks
     D. An “Active Defense” against Computer Network Attacks
     E. Assessment
 IV. Space Law
     A. Introduction
     B. Space Law Treaties
     C. Specific Prohibitions of Military Activities in Space
     D. Domestic Law and Policy
     E. International Efforts to Control "Weaponization of Space"
     F. Assessment
 V. Communications Law
     A. International Communications Law
     B. Domestic Communications Law
     C. Assessment
 VI. Implications of Other Treaties
     A. Mutual Legal Assistance Agreements
     B. Extradition Agreements
     C. The United Nations Convention on the Law of the Sea (UNCLOS)
     D. Treaties on Civil Aviation
     E. Treaties on Diplomatic Relations
     F. Treaties of Friendship, Commerce, and Navigation
     G. Status of Forces and Stationing Agreements
 VII. Foreign Domestic Laws
     A. Introduction
     B. Cooperation in Investigations and Prosecutions
     C. Effect of Foreign Domestic Law on Actions of U.S. Information Operators
 VIII. Implications of Espionage Law
     A. Espionage under International Law
     B. Espionage during Armed Conflict
     C. Espionage in Peacetime
     D. Assessment
 IX. International Efforts to Restrict "Information Warfare"
 X. Observations
Retrieved from "http://cyber.harvard.edu/cybersecurity/?title=An_Assessment_of_International_Legal_Issues_in_Information_Operations&oldid=5375"