Information conflicts today are becoming a new reality. Quoting the report prepared by an UN Group of Governmental Experts in international information security and read by the UN Secretary General at the 65th session of the UN General Assembly in 2010 “aggressive” use of information and communication technologies poses a threat to international peace and security.
Thus, a significant degree of attention is given by the international community to the problem of regulating social relations in order to prevent, stop and eliminate adverse consequences of conflicts between nations in the information arena.
The main sources of the legal authority in the above area are represented by the United Nations Charter, international treaties concluded in pursuance of the provisions of the UN Charter to maintain international peace and security, international treaties concerning humanitarian aspects of war, and decisions of the International Court of Justice offering interpretations of provisions of the international law allowing the use of force.
Direct application of the norms of international law contained in the sources referred to above is rather problematic due to the peculiar nature of the information domain and, above all, the role of the global cyberspace as an object of law.
Such peculiar characteristics include as follows:
- targeted objects, such as program codes and data arrays are unobservable with ‘a naked eye’ and require the use of special technologies
- Means and agents of targeting are unobservable;
- The cause-and-effect relationship between negative impacts onto computing and communication procedures and instances of applied «force» cannot be traced and are not evident without the use of special methods
- methods for assessing adverse effects of hostile use of information and communication technologies have not been explicitly developed.
Taking the above into account, both the existing legal norms of the international law and the procedure of ascertaining legal facts that give rise to legal relations relating to the use of force, threat of force, an armed attack, or other such events that constitute the subject matter of international law in armed conflicts become rather vague and ambiguous.
Therefore application of norms of international law must be preceded by adaptation of the same to the specific terms, objects and subjects of the information domain and the peculiarities of information and communication technologies used as the so-called «information weapons.» Adaptation of the international law to the new challenges posed by information conflicts will involve three major aspects.
The first aspect of adaptation concerns the development of a coherent interpretation of the guiding principles of conduct of the UN member states as applied to the information domain. Such principles can could be expressed in the form of rules of conduct of nations in the field of information. One possible approach to implementing the above is represented in the draft document International Code of Conduct for Information Security submitted by the Russian Federation together with China, Tajikistan and Uzbekistan to the UN Secretary-General. Preparation of this document took into account the rules of conduct for member-states set-forth in the UN Charter, resolutions of the UN General Assembly concerning Developments in Informatization and Communication in the Context of International Security (1999–2010) and formation of a global culture of cybersecurity (2007–2009).
The second aspect of adaptation concerns formation of a system of trust between nations in the domain of information. Trust is a critical component in preventing information conflicts. The content and configuration of the system of trust requires special consideration.
The third aspect of adaptation of the international law requires a negotiated position of the UN member states towards the following:
- norms of law in terms of information force and information domain and the manner of their legitimation;
- the contents and the manner of legitimation of procedural norms to ascertain
- legal facts and coordinate international investigations;
- the functions, structure and principles of operation of the international monitoring system of global cyberspace;
- the methods to make visible the objects and subjects protected by international humanitarian law.
Regardless of the difficulties associated with preparation and conclusion of international agreements concerning application of international law to information conflicts, it is important to start this work now.
Taking into consideration the ever increasing research effort and the growing practical expertise of nations in applying information and communication technologies to exercise «force» in settling international disputes, the analysis of methods and techniques to use the leverage provided by the international law to information conflicts becomes one of the most topical tasks of the present day.
The importance of international cooperation in this area becomes more and more evident to nations of the world. It is a well-known fact that for quite a while now draft resolutions of the UN General Assembly Developments in Informatization and Communication in the Context of International Security proposed by the Russian Federation and a number of other countries have been passed by consensus. The UN Information Security Group of Governmental Experts (2009–2010) who prepared the report read by the UN Secretary General at the 65th session of UN General Assembly recommended in the report to “take measures to… ensure stability and reduce the risks associated with state use of information technologies.»
Legal basis for international security and peace-keeping is primarily provided by the principles and norms of international law set forth in the UN Charter, the Hague and Geneva Conventions, the rulings of the International Court of Justice, bilateral and multilateral treaties concerning security provisions. Without doubt the above principles and norms are applicable to situations involving a breach of international peace and security through a hostile use of information technologies. At the same time, the international law appears to have certain gaps in the area in question.
Such gaps primarily concern the following issues:
- qualifying information technology as a type of weapons and, consequently, recognizing attacks on information systems of critical elements of the information infrastructure of the opposing state in conflict using information technologies as an armed attack;
- methods and techniques to make visible (in a tangible objective form) attacks carried out with the use of information technologies and their consequences, as well as parties who carry through such attacks;
- methods and ways to ensure security of the elements of the information infrastructure used by individuals and organizations who are under the protection of the international humanitarian law including civilians, prisoners, the wounded and the sick, the International Red Cross, as well as individuals and organizations who work to preserve cultural values;
- methods and means of ensuring national neutrality in the conditions of a hostile use of information technologies by other states;
- methods and techniques to prepare and bring evidence before the International Court concerning the facts of hostile use of information technologies by states with the view of breaching the sovereignty, territorial integrity and political independence of a nation.
It is worthwhile to note that the law as a mechanism for ensuring justice between parties in conflict is primarily based on the presumption of observability (the ability to register using the senses), the ability to objectively document (requires the presence of an outside observer capable of presenting evidence), and the existence of legal facts under relevant legal norms that give rise to, modify or terminate a legal relationship. The cyberspace as the arena where “information force” is exercised including the instances of using information and communication technologies does not, however, possess the above properties.
Adaptation of the existing legal norms to the realities of the present-day shall eliminate the aforesaid gaps in the international legal regulation as regards prevention of hostile use of information technologies.
Adaptation of the international legal norms may be conducted as follows: adaptation of the legal norms set forth in the legal sources themselves; adaptation of the system ascertaining legal facts giving rise to, modifying, or terminating a legal relationship associated with the use of force or humanitarian protection of certain objects and subjects; adaptation of the system of identifying the subject of hostile use of information and communication technologies; making the objects and subjects protected by international humanitarian law visible. All amended legal norms and procedures as the result of the proposed adaptation must be mandatory for all the nations, otherwise such norm and procedures will be considered advisory and will fail to fill the existing gaps in international law.
The search for proper mechanisms to adapt the international law and work out the content the adapted legal norms has already begun. Such proposals, for instance, were formulated in 2011 by the Russian Federation and a number of other nations in an official UN document The International Code of Conduct for Information Security. A sufficiently detailed study of possibilities for adapted legal norms governing the instances of hostile use of information technologies was conducted by an international expert group under a request from the NATO Cooperative Cyber Defense Centre of Excellence in Estonia. Their recommendations are known as The Tallinn Manual on the International Law Applicable to Cyber Warfare (the Tallinn Manual).
Prof. Streltsov A.A.,
Institute of Information Security Issues,
Lomonosov Moscow State University
This article is based on a presentation delivered at the 7th Scientific conference of the International Research Consortium on Information Security, as part of the International Forum on «Partnership of state authorities, civil society and business community in ensuring international information security», held on 22-25 April 2013 in Garmisch-Partenkirchen, Germany. It is published on Digital.Report with an explicit permission from the conference organizers.