Cyber Operations and International Law: A “Secret” Legal Analysis?February 4, 2013 # 9:11 am # Armed Conflict, Foreign Policy, Human Rights, Intelligence, International Law, International Organizations # No Comment
Today’s New York Times reports:
A secret legal review on the use of America’s growing arsenal of cyberweapons has concluded that President Obama has the broad power to order a pre-emptive strike if the United States detects credible evidence of a major digital attack looming from abroad, according to officials involved in the review.
That decision is among several reached in recent months as the administration moves, in the next few weeks, to approve the nation’s first rules for how the military can defend, or retaliate, against a major cyberattack. New policies will also govern how the intelligence agencies can carry out searches of faraway computer networks for signs of potential attacks on the United States and, if the president approves, attack adversaries by injecting them with destructive code — even if there is no declared war.
The rules will be highly classified, just as those governing drone strikes have been closely held. John O. Brennan, Mr. Obama’s chief counterterrorism adviser and his nominee to run the Central Intelligence Agency, played a central role in developing the administration’s policies regarding both drones and cyberwarfare, the two newest and most politically sensitive weapons in the American arsenal.
The Times asserts that “International law allows any nation to defend itself from threats, and the United States has applied that concept to conduct pre-emptive attacks.”
A few comments.
First, there is a debate as to whether “International law allows any nation to defend itself from threats. . .” Article 51 of the United Nations Charter provides that:
Nothing in the present Charter shall impair the inherent right of individual or collective self-defence if an armed attack occurs against a Member of the United Nations, until the Security Council has taken measures necessary to maintain international peace and security. Measures taken by Members in the exercise of this right of self-defence shall be immediately reported to the Security Council and shall not in any way affect the authority and responsibility of the Security Council under the present Charter to take at any time such action as it deems necessary in order to maintain or restore international peace and security. (emphasis added)
There is a long debate about the extent to which customary international law and interpretations of Article 51 allow for the use of force in response to a threat and while I believe that it is lawful to response to some threats, the Times claim is a bit too simplistic.
Second, and more importantly, I worry about secret legal claims. I understand the complexity of cyber operations and not wanting to state our legal case such that potential adversaries are informed about our capabilities. But the hallmark of law is that it is to be public. And if we seek to advance the content of customary international law in the cyber field, we need to assert our legal claims in a public way. It would seem to be that the broad contours of our legal analysis could be made public in such a way that we would not tip our hat.