Presentation on theme: "International Legal Aspects of Cyber Security Thomas C. Wingfield Professor of International Law George C. Marshall European Center for Security Studies."— Presentation transcript:
International Legal Aspects of Cyber Security Thomas C. Wingfield Professor of International Law George C. Marshall European Center for Security Studies Garmisch-Partenkirchen, Germany June 11, 2013
International Cyber Law Threats Framework Priority Regimes Top Legal Issues “Act of War”
Threats Sources – States – Corporations – Hackers – Hacktivists – Disgruntled Insiders – Terrorists – Botnet Operators – (Spear)phishers – Spammers – Spyware and Malware Authors – Pedophiles Categories – Confidentiality Espionage Personal Data Theft Data Mining Fraud – Integrity Propaganda / Disinformation Intimidation Destruction – Availability External Information Internal Information
Framework and Priority Possible: Technology Permissible: Law Preferable: Policy Treaty Law Customary International Law – State practice – Opinio juris Persistent objection Jus Cogens
Legal Regimes in Cyberspace Law Enforcement Military Operations Intelligence Collection
Neutrality Infrastructure-in-exile General Rule Absolute vs. Floating Standards Loss of protection – Targets – Belligerency Georgia
Proportionality Schmitt Uncertainties – What is being hit – Precision of targeting – “Blast” radius Solutions – IPE – Hardware/Software – Phone Home Legal vs. Policy STUXNET, et al.
Human Rights Reporting Organization Tracking Cyber Stents Egypt, Libya, Syria, etc.
Attribution Two dimensions – Degree of involvement State responsibility – Certainty MP v. C&C v. BRD Reactive attribution CYBERCOM statement China, Russia,...
State Fingerprints Criteria – Claim of Responsibility High: Lulz Security v. US/UK Low: Unknown exploits (but see MI-6) – Monetization High: Citi names, addresses, e-mails, and transaction histories (200,000) Low: IMF internal e-mails and documents; French Finance Ministry/G-20 – Sophistication Low: (Spear)phishing, many zero-day exploits High: STUXNET Best Resources – Website: Information Warfare Monitor http://www.infowar-monitor.net/ – Book: Cyber Adversary Characterization http://www.amazon.com/s/ref=nb_sb_noss?url=search-alias%3Daps&field- keywords=cyber+adversary+characterization http://www.amazon.com/s/ref=nb_sb_noss?url=search-alias%3Daps&field- keywords=cyber+adversary+characterization
“Act of War” Threat or Use of Force – “Scale and effects” – Schmitt Criteria Severity Immediacy Directness Invasiveness Measurability Presumptive Legitimacy Responsibility Armed Attack – Loss of life, extensive property damage – “Tanks across the border,” 9/11
Questions? Thomas C. Wingfield Professor of International Law George C. Marshall European Center for Security Studies firstname.lastname@example.org +49 (0) 8821 750 2307
Incitement Nuremberg: Streicher v. Fritzsche Genocide Convention: Art. III(c) “Direct and public incitement” Rome Statute: Art. 25(3)(e) Hate Speech – EU Framework Decision (28 Nov 08) Free Speech Rwanda: radio; Estonia: cyber
Hate Speech vs. Free Speech Framework Decision – Public incitement and hatred against persons of a different race, color, religion, or national or ethnic origin – Public approval, denial, or gross trivialization of international crimes, notably genocide First Amendment: Congress shall make no law... abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.
Human Rights: Treaty General Comment No. 34 to Art. 19, ICCPR http://www2.ohchr.org/english/bodies/hrc/comments.htm 3.Freedom of expression is a necessary condition for the realization of the principles of transparency and accountability that are, in turn, essential for the promotion and protection of human rights. 43.Any restrictions on the operation of websites, blogs or any other internet- based, electronic or other such information dissemination system, including systems to support such communication, such as internet service providers or search engines, are only permissible to the extent that they are compatible with paragraph 3. Permissible restrictions generally should be content-specific; generic bans on the operation of certain sites and systems are not compatible with paragraph 3. It is also inconsistent with paragraph 3 to prohibit a site or an information dissemination system from publishing material solely on the basis that it may be critical of the government or the political social system espoused by the government.
Human Rights: Custom “We do not seek to impose any system of government on any other nation, but we also don’t believe that the principles that we stand for are unique to our nation. These freedoms of expression and worship, of access to information and political participation, we believe are universal rights.” President Obama, 16 Nov 09