Scott Shackelford

From Nuclear War to Net War: Analogizing Cyber Attacks in International Law

On April 27, 2007, Estonia suffered a crippling cyber attack launched from outside its borders. It is still unclear what legal rights a state has as a victim of a cyber attack. For example, even if Estonia could conclusively prove that Russia was behind the March 2007 attack there is no clear consensus on how Estonia could legally respond, whether with armed force, its own cyber attack, or some other measure. The scholarly literature dealing with these questions, as well as the ethical, humanitarian, and human rights implications of information warfare (IW) on national and international security is scarce. Treatments of IW outside the orthodox international humanitarian law (IHL) framework are nearly non-existent. This underscores the tension between classifying cyber attacks as merely criminal, or as a matter of state survival calling for the same responses as conventional threats to national security. International law has been slow to adapt. The facts on the ground, and the widespread, amorphous use and rapid evolution of the internet in many ways challenge state sovereignty. I will advocate that the best way to ensure a comprehensive regime for cyber attacks is through a new international accord dealing exclusively with cyber security and its status in international law. Yet, the international community lacks the political will to tackle this issue directly. Until such an accord becomes politically viable, it is critical to examine how existing treaty systems may extend to cover the novel facts presented by cybe attacks. Together, existing treaties form a dual track approach to cyber attacks - one that is available for cyber attacks that do not rise to the level of an armed attack, and another that is activated once an armed attack occurs. To that end this paper will examine the most apt analogues in international law to form an appropriate legal regime for the various types of cyber attacks - whether it is humanitarian law (laws of war), human rights law (regulation of nation states behavior), or some novel combination of these and other treaty systems. In framing this regime, it will be argued that cyber attacks represent a threat to international peace and security as daunting and horrific as nuclear war. Yet the nuclear non-proliferation model is not a useful analogy since the technology necessary to conduct IW is already widespread in the international community. Instead, other analogies will rely on communications and cyber law, space law, and the law of the sea. The main failings of existing international treaties that touch on cyber law though are that most do not carry enforcement provisions. Nor do they specify how the frameworks change or fall away entirely during an armed attack. Nevertheless, regardless of whether or not cyber attacks fall below the threshold of an armed attack these bodies of law have a role to play in forming an appropriate regime. The cyber attack on Estonia in April, 2007, presents an example of the dire need for clarity in the international law of non-conventional warfare using modern technology.

Defining Cybersecurity Due Diligence Under International Law: Lessons from the Private Sector

Although there has been a relative abundance of work done on exploring the contours of the law of cyber war, far less attention has been paid to defining a law of cyber peace applicable below the armed attack threshold. Among the most important unanswered questions is what exactly nations’ due diligence obligations are to their respective private sectors and to one another. The International Court of Justice (“ICJ”) has not explicitly considered the legality of cyber weapons to this point, though it has ruled in the Corfu Channel case that one country’s territory should not be “used for acts that unlawfully harm other States.” But what steps exactly do nations and companies under their jurisdiction have to take under international law to secure their networks, and what of the rights and responsibilities of transit states? This chapter reviews the arguments surrounding the creation of a cybersecurity due diligence norm and argues for a proactive regime that takes into account the common but differentiated responsibilities of public- and private-sector actors in cyberspace. The analogy is drawn to cybersecurity due diligence in the private sector and the experience of the 2014 National Institute of Standards and Technology (“NIST”) Framework to help guide and broaden the discussion.

Neither Magic Bullet nor Lost Cause: Land Titling and the Wealth of Nations

Free trade, free markets, and international investment are the paths to prosperity, but despite widespread adoption of these staples of the Washington Consensus more than 1.2 billion people still live on less than

Global Health Governance: International Law and Public Health in a Divided World, by Aginam, Obijiofor

1 per day. The search for determining the missing factor beyond these orthodox remedies for relieving poverty has led some to conclude that it is the growth of local capital markets built on robust, formalized property rights regimes that has led to uneven rates of economic development. This paper offers a critique of this hypothesis put forward in the property rights formalization literature, in particular Hernando de Soto’s work The Mystery of Capital that sparked popular interest in the field. De Soto generally has one big idea per book. In The Other Path, he argued that the reason that informal economies existed was the large degree of bureaucracy in developing countries that forced small businesses to stay unregistered, and caused land to be untitled. The big idea behind The Mystery of Capital is that formalized, state-sanctioned property rights generate capital and promote economic development, as seen in the relative success of the legal systems of developed countries that have formalized their informal economies. This formalization allowed property to generate capital and grow developed economies. The explicit argument then is; if it worked for the West, it will work for the rest. In essence, De Soto and his compatriots argue that “This [formalized property] is the mystery of capital. Solving it requires an understanding of why Westerners, by representing assets with titles, are able to see and draw out capital from them.�? Formalizing property rights is a popular idea. Endorsements range from Ronald Coase, Milton Friedman, Francis Fukayama, Jeanne Kirkpatrick, to David Owen, and Margaret Thatcher. Bill Clinton publicly declared that de Soto was “probably the world’s most important living economist�? for his work on property rights formalization. Even the World Bank now largely agrees with de Soto’s analysis, stating that “[l]and is a key asset for the rural and urban poor.�? The goal of this paper is to determine whether such widespread praise for property rights formalization is justified based on an analysis of the available empirical literature on the subject. Particular attention will be paid to the importance of considering the various derivations of property rights in culturally relative terms. The paper is structured as follows. Part I offers a general introduction to the property rights formalization literature, along with de Soto’s thesis and primary claims. Part II critiques de Soto’s methodology and data. Part III compares de Soto’s results with those of other empirical studies measuring the efficacy of property rights formalization. Part IV focuses on how these lessons have been applied using a case study from Indonesia and examples from South Africa. Finally, Part V summarizes the promise and perils of property rights formalization. In conclusion, property rights formalization does hold the promise of unlocking capital and spurring economic development, but reform must be both comprehensive and culturally relative considering the unique cultural, social, and political heritage of the societies in question.

Should Your Firm Invest in Cyber Risk Insurance

History is replete with epidemics that have decimated ever larger populations, from the Plague of Athens in 430 B.C., to the global swine flu of 1918-9, to AIDS and the dire modern predictions surrounding H-5N1. Due to the rapid pace of globalization, the world is fast becoming a global germ pool. Diseases, such as tuberculosis, that used to be restricted geographically are now striking regions once thought to be safe; an outbreak anywhere is now a threat everywhere. In Global Health Governance: International Law and Public Health in a Divided World, Dr. Obijofor Aginam engages the root causes of public health failures throughout the world. These include underdevelopment, the legacy of colonialism, and poverty, which according to the WHO is the world’s leading cause of ill health and suffering. This perspective is shared by Kofi Annan, arguing that the best cure for disease is economic growth and broad-based development. Dr. Aginam approaches these international public health topics through the lens of international law combining critical analytical and qualitative approaches to explore global health challenges in a divided world.