320 likes | 795 Views
International Legal Aspects of Cyber Security. Thomas C. Wingfield Professor of International Law George C. Marshall European Center for Security Studies Garmisch-Partenkirchen, Germany June 11, 2013. International Cyber Law. Threats Framework Priority Regimes Top Legal Issues
E N D
International Legal Aspects of Cyber Security Thomas C. Wingfield Professor of International Law George C. Marshall European Center for Security Studies Garmisch-Partenkirchen, Germany June 11, 2013
International Cyber Law • Threats • Framework • Priority • Regimes • Top Legal Issues • “Act of War”
Sources States Corporations Hackers Hacktivists Disgruntled Insiders Terrorists Botnet Operators (Spear)phishers Spammers Spyware and Malware Authors Pedophiles Categories Confidentiality Espionage Personal Data Theft Data Mining Fraud Integrity Propaganda / Disinformation Intimidation Destruction Availability External Information Internal Information Threats
Framework and Priority • Possible: Technology • Permissible: Law • Preferable: Policy • Treaty Law • Customary International Law • State practice • Opinio juris • Persistent objection • Jus Cogens
Neutrality • Infrastructure-in-exile • General Rule • Absolute vs. Floating Standards • Loss of protection • Targets • Belligerency • Georgia
Proportionality • Schmitt Uncertainties • What is being hit • Precision of targeting • “Blast” radius • Solutions • IPE • Hardware/Software • Phone Home • Legal vs. Policy • STUXNET, et al.
Human Rights • Reporting • Organization • Tracking • Cyber Stents • Egypt, Libya, Syria, etc.
Attribution • Two dimensions • Degree of involvement • State responsibility • Certainty • MP v. C&C v. BRD • Reactive attribution • CYBERCOM statement • China, Russia, . . .
State Fingerprints • Criteria • Claim of Responsibility • High: Lulz Security v. US/UK • Low: Unknown exploits (but see MI-6) • Monetization • High: Citi names, addresses, e-mails, and transaction histories (200,000) • Low: IMF internal e-mails and documents; French Finance Ministry/G-20 • Sophistication • Low: (Spear)phishing, many zero-day exploits • High: STUXNET • Best Resources • Website: Information Warfare Monitor • http://www.infowar-monitor.net/ • Book: Cyber Adversary Characterization • http://www.amazon.com/s/ref=nb_sb_noss?url=search-alias%3Daps&field-keywords=cyber+adversary+characterization
“Act of War” • Threat or Use of Force • “Scale and effects” • Schmitt Criteria • Severity • Immediacy • Directness • Invasiveness • Measurability • Presumptive Legitimacy • Responsibility • Armed Attack • Loss of life, extensive property damage • “Tanks across the border,” 9/11
Questions? Thomas C. Wingfield Professor of International Law George C. Marshall European Center for Security Studies thomas.c.wingfield@marshallcenter.org +49 (0) 8821 750 2307
Incitement • Nuremberg: Streicher v. Fritzsche • Genocide Convention: Art. III(c) “Direct and public incitement” • Rome Statute: Art. 25(3)(e) • Hate Speech • EU Framework Decision (28 Nov 08) • Free Speech • Rwanda: radio; Estonia: cyber
Hate Speech vs. Free Speech • Framework Decision • Public incitement and hatred against persons of a different race, color, religion, or national or ethnic origin • Public approval, denial, or gross trivialization of international crimes, notably genocide • First Amendment: Congress shall make no law . . . abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.
Human Rights: Treaty • General Comment No. 34 to Art. 19, ICCPR • http://www2.ohchr.org/english/bodies/hrc/comments.htm • 3. Freedom of expression is a necessary condition for the realization of the principles of transparency and accountability that are, in turn, essential for the promotion and protection of human rights. • 43. Any restrictions on the operation of websites, blogs or any other internet-based, electronic or other such information dissemination system, including systems to support such communication, such as internet service providers or search engines, are only permissible to the extent that they are compatible with paragraph 3. Permissible restrictions generally should be content-specific; generic bans on the operation of certain sites and systems are not compatible with paragraph 3. It is also inconsistent with paragraph 3 to prohibit a site or an information dissemination system from publishing material solely on the basis that it may be critical of the government or the political social system espoused by the government.
Human Rights: Custom “We do not seek to impose any system of government on any other nation, but we also don’t believe that the principles that we stand for are unique to our nation. These freedoms of expression and worship, of access to information and political participation, we believe are universal rights.” President Obama, 16 Nov 09