Cyberwarfare and International LawAugust 1, 2009 # 4:28 pm # Armed Conflict, Foreign Policy, International Law # No Comment
Today’s New York Times has its latest article in a series on cyberwarfare. In this piece, John Markoff and Thomas Shanker describe a cyber attack that the United States considered against Saddam Hussein but decided to abandon because of feared colateral damage. Markoff and Shanker explain:
It would have been the most far-reaching case of computer sabotage in history. In 2003, the Pentagon and American intelligence agencies made plans for a cyberattack to freeze billions of dollars in the bank accounts of Saddam Hussein and cripple his government’s financial system before the United States invaded Iraq. He would have no money for war supplies. No money to pay troops.
“We knew we could pull it off — we had the tools,” said one senior official who worked at the Pentagon when the highly classified plan was developed.
But the attack never got the green light. Bush administration officials worried that the effects would not be limited to Iraq but instead create worldwide financial havoc, spreading across the Middle East to Europe and perhaps to the United States.
Fears of such collateral damage are at the heart of the debate as the Obama administration and its Pentagon leadership struggle to develop rules and tactics for carrying out attacks in cyberspace.
After discussing the current debate in the Obama Administration, Markoff and Shanker take a stab at raising the legal issues in their conclusion:
Over the centuries, rules governing combat have been drawn together in customary practice as well as official legal documents, like the Geneva Conventions and the United Nations charter. These laws govern when it is legitimate to go to war, and set rules for how any conflict may be waged. Two traditional military limits now are being applied to cyberwar: proportionality, which is a rule that, in layman’s terms, argues that if you slap me, I cannot blow up your house; and collateral damage, which requires militaries to limit civilian deaths and injuries.
“Cyberwar is problematic from the point of view of the laws of war,” said Jack L. Goldsmith, a professor at Harvard Law School. “The U.N. charter basically says that a nation cannot use force against the territorial integrity or political independence of any other nation. But what kinds of cyberattacks count as force is a hard question, because force is not clearly defined.”
I am excited that the authors raise international law as it connects to cyberwar. But I do have one quibble. The two paragraphs above don’t distinguish as well as they could the differences between the two strands of the law relating to the use of force: the jus ad bellum and the jus in bello. And this leads to a potential misunderstanding of Goldsmith’s comments.
The jus ad bellum is the law relating to the recourse to force– the law that determines when one actor has the right to use military force against another actor. This is actually the issue that Jack Goldsmith is grappling with in his comments. As is well known, Article 2(4) of the United Nations Charter prohibits the “the threat or use of force against the territorial integrity or political independence of any state, or in any other manner inconsistent with the Purposes of the United Nations.” Article 51 of the Charter affirms that states have an “inherent right” to “individual” and “collective” self-defense, “if an armed attack occurs.” So, the critical jus ad bellum questions relate to what constitutes the “threat or use of force” and an “armed attack” when we are discussing cyber actions.
The jus in bello is the law concerning the conduct of warfare. This law deals with the means and methods of combat and includes the principles of proportionality and discrimination. Most of the article deals with this principle of discrimination and the concern that it might be impossible for cyber initiatives to be discriminate.
What I found troubling about the last two paragraphs is that the first one rightly distinguishes between the jus ad bellum and the jus in bello, but then in the final paragraph– which is the final paragraph of the entire article– Goldsmith seems to problematize all of cyberwarfare, when he is really only addressing the jus ad bellum– which was not even the main thrust of the article.