Robert Chesney (University of Texas School of Law)
International Law Studies (Naval War College) (forthcoming 2013)
Computer Network Operations (“CNOs”) famously give rise to a number of international law complications, and scholars have duly taken note. But CNOs also raise important questions under the heading of U.S. domestic law, particularly when the government does not intend for its sponsoring role to be apparent or acknowledged. This brief essay, which builds on my prior work exploring the convergence of military and intelligence activities, introduces readers to four of the most important domestic law questions raised by CNOs. First, must Congress be notified of a given CNO, and if so, which committee should receive that notice? Second, must the CNO in question be authorized by the President himself, or can authority be moved down the chain to other officials—or perhaps even automated? Third, what is the affirmative source of domestic law authority for the executive branch to conduct various types of CNO? Fourth, and finally, does categorizing a CNO as covert action subject to Title 50 carry with it a green light (from a domestic law perspective) to violate international law?
Syracuse University College of Law
Most cyber-intrusions now and in the foreseeable future will take place outside the traditional consensus normative framework for uses of force supplied by international law. For the myriad, multi-layered and multi-faceted cyber-attacks that disrupt but do not destroy, whether state-sponsored or perpetrated by organized private groups or single hacktivists, much work remains to be done to build a normative architecture that will set enforceable limits on cyber intrusions and provide guidelines for responses to disruptive cyber-intrusions. In this paper, my interest is directed at a subset of those cyber-attacks – those where terrorists are responsible or attribution is not known but points in terrorists’ direction, and where the effects are very disruptive but not sufficiently destructive to cross the traditional LOAC and Charter self-defense thresholds.
For this subset of cyber attacks, counterterrorism law may offer a useful complementary normative supplement to LOAC and the Charter. Especially over the last decade, a corpus of counterterrorism law has evolved as domestic and international law in response to transnational terrorism. In contrast to the dominant pre-September 11 conception that countering terrorism involved either the use of military force or enforcement of the criminal laws, counterterrorism law now incorporates a diverse range of responses to terrorism, many of which are borrowed, sometimes in modified form, from existing international and domestic law. Based on a maturing international legal regime, this article concludes that over time and through state practice, along with legal, strategy and policy development in the international community a set of counterterrorism law norms for cyber war could emerge.
AARON BRECHER, University of Michigan Law School – JD Candidate Author
Cyberattacks are capable of penetrating and disabling vital national infra-structure, causing catastrophic economic harms, and approximating the effects of war, all from remote locations and without the use of conventional weapons. They can be nearly impossible to attribute definitively to their sources and require relatively few resources to launch. The United States is vulnerable to cyberattacks but also uniquely capable of carrying out cyberattacks of its own. To do so effectively, the United States requires a legal regime that is well suited to cyberattacks’ unique attributes and that preserves executive discretion while inducing the executive branch to coordinate with Congress. The trouble is that it is unclear which domestic legal framework should govern these attacks. The military and intelligence communities have disputed which of their respective legal regimes should control. The choice between the frameworks raises important issues about the policy benefits of the executive branch keeping Congress informed regarding cyberattacks that it conducts. It also raises constitutional questions about the branches’ respective roles in warmaking when the chosen course of conduct blurs the line between an intelligence operation and an act of war. This note argues that, in the absence of an independent congressional authorization to use force against a target, the covert action statute, which demands written reports from the president to the congressional intelligence committees in advance of operations, should presumptively govern, and that the president should issue an executive order to that effect.
ERIC TALBOT JENSEN, Brigham Young University School of Law
Malicious cyber activities are becoming more and more commonplace, including between nations. This has caused great speculation as to the rules that govern military cyber operations, particularly during armed conflict. The upcoming publication of the Tallinn Manual on the International Law Applicable to Cyber Warfare is indicative of the importance of this discussion. This article analyzes the application of the law of armed conflict principles of proportionality and precautions to cyber operations, including reference to the Tallinn Manual. In most cases, the existing law provides a clear paradigm to govern cyber activities. However, this article identifies several areas where governments and military operators might question how to apply these principles to a specific cyber operation. In these areas, greater precision is needed to provide clear guidance to those who plan, order, and conduct cyber operations.
Since 9/11, legislators and commentators alike have hailed expiration dates — or “sunset provisions” — as a means to moderate the government’s tendency to curtail individual freedoms in response to security crises. Sunsets’ advocates explain that they provide Congress with an opportunity to reevaluate counterterrorism legislation after the crisis atmosphere has passed, enabling legislators to adjust any policy whose infringement on civil liberties appears, in retrospect, unjustified by its benefits.
This article demonstrates that, rather than guarding against the long-term entrenchment of overly robust security measures, sunsets have the opposite effect. The article begins by illustrating that Congress’s high expectations for counterterrorism sunsets have not been borne out by their impact. It then explains that the failure of sunsets to prompt meaningful reevaluation of post-crisis counterterrorism measures stems from two sources. First, optimism over sunsets’ potential relies on several inaccurate assumptions about how the state of the world will change between the time a statute is enacted and its sunset date. And second, it fails to account for the President’s outsized role in counterterrorism policymaking. Finally, the article identifies sunsets’ hidden cost: paradoxically, by insisting on including sunset provisions, legislators concerned about overzealous counterterrorism legislation actually facilitate the enactment of such statutes. And as sunsets do not subsequently correct overzealous policy, they enable the long-term entrenchment of the very policymaking errors they are designed to prevent. The article concludes that citizens and legislators concerned about the civil liberties costs of counterterrorism policy should reject claims that sunsets are an effective answer to those concerns.
Homeland Security and the Inmate Population: The Risk and Reality of Islamic Radicalization in Prison
Since 9/11, commentators and policy makers have expressed alarm about an emerging threat within the prison systems of the West — a threat of terrorist attacks carried out by radicalized inmates released into society. This chapter explores what we know about the risk of Islamic radicalization in prison and the effectiveness of policies that have been implemented in response to that risk. Although the principal focus of this study is the United States, the approaches of several European nations — the U.K., France, Spain, and the Netherlands — are considered where relevant.
Our conclusion is a largely negative one: We know very little about the degree of risk posed by radicalization in the prison system. Indeed, little is known about even the most basic details of the issue, such as the number of Muslims in the prison system or their demographics. A similar conclusion can be made about the current policy response of governments to the perceived risk. Commentators have listed a range of options for responding to the threat of radicalization, including increased screening of Muslim chaplains in prison, restrictions on religious literature available to inmates, and the segregation of radicalized offenders. Although some of these changes may seem commonsensical, and all appear well-intentioned, there remains a significant lack of careful thinking about the rationales for many widely shared prescriptions.
Our ultimate conclusion is that a broad-based commitment is needed on the part of Western governments to gather evidence about the real risks of radicalization in prison and to formulate a coordinated response after that evidence has been gathered. This will require change in orientation within the United States, in particular, which has lagged behind Britain and other nations in collecting this kind of information. In light of the powerful emotions that are provoked by the fear of prison radicalization, the failure to move ahead with this kind of research effort will mean that policy will inevitably be carried along not by reason, but by the political passions inevitably at play.