cyber warfare, ethics & the regulatory gap · pdf filecyber warfare, ethics & the...
TRANSCRIPT
CYBER WARFARE, ETHICS & THE REGULATORY GAP
Mariarosaria Taddeo
NATO CCD COE - Workshop on Ethics of Cyber Conflict!Rome, November 21st and 22nd 2013
OUTLINE
Proviso I;!
Proviso II;!
The problem;!
The reason/s behind the problem;!
The risk;!
A solution;!
Conclusion.
The focus is not on:!
description of current State practice;!
possible emerging State practices;!
adaptation of existing law to the occurrences of cyber warfare.
PROVISO I
Whether laws and regulations reflect the moral values of contemporary information societies in addressing cyber warfare.
The focus is on considering whether extant laws, State practices, policies address in the right manner the regulation of cyber warfare.
Cyber warfare is the use of ICTs within an offensive or defensive military strategy endorsed by a state and aiming at the immediate disruption or control of the enemy’s resources, and which is waged within the
informational environment, with agents and targets ranging both on the physical and non-physical domains and
whose level of violence may vary upon circumstances.!
(Taddeo, Philosophy & Technology).
PROVISO II
Cyber warfare is transversal.
THE PROBLEM
Laws and regulations evolves over time in response to transformation of the environment to which they apply.
One of the questions to be considered is how laws of cyber warfare should change? Which should be the principles
guiding such changing?
The dynamic nature of the laws makes it unlikely that extant body of law of cyber warfare will remain the same while the technology and the environment will continue to change/evolve.
There are aspects of the occurrences of cyber warfare which prove to be problematic when considered in light of current laws and even of extant ethical frameworks, e.g. Just War Theory.
THE PROBLEM
Consider:!
Ius ad bellum;!
Ius in bello.
The problems concerns both the legal and the ethical framework for warfare.
THE PROBLEM: JUS AD BELLUM
Jus ad bellum and when a State can resort to force.
UN Charter (Article 2(4)) famously states that “All Members shall refrain in their international relations from the threat or use of force against the territorial integrity or political independence of any State, or in any other manner inconsistent with the Purposes of the United Nations”.
Self-defence and UN authorised missions being the only two exemptions.
THE PROBLEM: JUS AD BELLUM
Jus ad bellum and when a State can resort to force.
UN Charter (Article 2(4)) famously states that “All Members shall refrain in their international relations from the threat or use of force against the territorial integrity or political independence of any State, or in any other manner inconsistent with the Purposes of the United Nations”.
(When) does a cyber attach count as use of force?
THE PROBLEM: JUS AD BELLUM
Jus ad bellum and when a State can resort to force.
UN Charter (Article 2(4)) famously states that “All Members shall refrain in their international relations from the threat or use of force against the territorial integrity or political independence of any State, or in any other manner inconsistent with the Purposes of the United Nations”.
How do we deal with those cyber attacks which are do not count as use of force?
THE PROBLEM: JUS AD BELLUM AND SELF-DEFENCE
UN Charter (Article 51): “Nothing in the present Charter shall impair the inherent right of individual or collective self-defence if an armed attack occurs against a Member of the United Nations, until the Security Council has taken measures necessary to maintain international peace and security”.
How do we treat those operations that may be considered a use of force but not an armed attack?
When does a cyber operation amount to an armed attack?
Before declaring war, a state must consider the universal goods expected to follow from the decision to wage war, against the universal evils expected to result, i.e. the casualties.
The criterion to evaluate the goods and the evils is the physical damage.
A state is justified in declaring war only when the foreseeable goods are more than the expected evils.
MORE GOOD THAN HARM
Destroying digital databases, harvesting records, impairing industrial development are deemed to be ethically sound actions in JWT as they do not constitute physical damages in a conflict scenario.
The application of the principle to the occurrences of cyber warfare is problematic, not its validity.
Non violent occurrences of cyber warfare comply by default with the principle of more good than harm.
MORE GOOD THAN HARM
THE PROBLEM: JUS IN BELLO
Additional Protocol I defines the term in Article 49(1): !
“Attacks’ means acts of violence against the adversary, whether in offence or in defence”.
Law practitioners interpret attack in the cyber sphere as something including interference by cyber means with the functionality/usability of an object (Tallinn Manual).
Is this approach assuming a deflated understanding of ‘violence’.
THE PROBLEM: JUS IN BELLO
Articles 51 and 57 of Additional Protocol I!
“An attack which may be expected to cause incidental loss of civilian life, injury to civilians, damage to civilian objects, or a
combination thereof, which would be excessive in relation to the concrete and direct military advantage anticipated”.
Objects are meant to be visible, tangible. !
Non violent case of cyber warfare target data, which do not necessarily enjoy such properties.
OUTLINE
Proviso I;!
Proviso II;!
The problem;!
The reason/s behind the problem;!
The risk;!
A solution;!
Conclusion.
Physical Agents
Physical Targets
Medium/High Level of Violence Low Level of Violence
Digital Agents
Digital Targets
Physical Domain Non-physical Domain
Two domains
THE REASON/S BEHIND THE PROBLEM
Physical Agents
Physical Targets Digital Targets
Physical Domain Non-physical Domain
Traditional warfare
Digital Agents
Medium/High Level of Violence Low Level of Violence
THE REASON/S BEHIND THE PROBLEM
&Physical Targets
Physical Agents
Low/Medium/High Level of Violence
Digital Targets
Cyber warfare
&
Physical Domain Non-physical Domain
Digital Agents
THE REASON/S BEHIND THE PROBLEM
Existing laws and regulation revolve around the concept of traditional warfare, they assume a violent and sanguinary warfare and an anthropocentric approach, e.g. focusing on human rights of life and liberty, avoiding bloodshed.
The traditional conceptualisation of war is challenged by considering non-kinetic cases of cyber warfare and the heterogeneity of the involved agents and targets.
Existing laws and regulations, moral theories are too coarse a sieve for cyber operations.
The scenario posed by cyber warfare slips through the net of existing laws.
THE REASON/S BEHIND THE PROBLEM
No doubt that cyber weapons and cyber attacks should be treated as traditional weapons when they cause equal or similar damage.
THE RISK
However non violent cyber warfare escapes the net of existing laws and regulations of war and falls in a grey
area.
The grey area risks to be under regulated, yet this is where the most of cyber warfare happens.
Existing laws and regulations may satisfactory address the violent cases of cyber warfare.
A SOLUTION: THE APPROACH
With the information revolution, information and information infrastructures have acquired a crucial role in contemporary societies.!
A role which unveils their moral stance, which has to be taken into account when considering how to regulate cyber warfare in contemporary and future information societies.
Join forces: this is not a job for ethicists/lawyers/military only.
The evil is referred to as informational corruption, i.e. the destruction, impoverishment or vandalisation of information.
The ultimate good is the flourishing of informational entities and of the Infosphere.
A SOLUTION: A FIRST STEP
Four principles for the ethical battle of the flourishing vs the corruption of information.
The four principles – zero to three – are overridable, meaning that they represent minimal conditions to be
achieved, zero being the most fundamental and one to three being
progressively desirable.
A SOLUTION: A FIRST STEP
Four principles for the ethical battle of the flourishing vs the corruption of information.
Information corruption ought not to be caused in the Infosphere;
0.
Information corruption ought to be prevented in the Infosphere;
1.
Information ought to be promoted by extending, improving, enriching and opening the Infosphere, that is by ensuring information quantity, quality, variety, security, ownership, privacy, pluralism and access.
3.
Information corruption ought to be removed from the Infosphere;
2.
A SOLUTION: A FIRST STEP
A combination of Just War Theory and Information Ethics.
The rational
JUST CYBER WARFARE
JWT provides set of principles to ensure a fair warfare that remain valid for both traditional and cyber war. !It is the application of these principles to cyber warfare to prove problematic. !We need to extend the scope of JWT.
Cyber warfare is just as long as it is waged against malicious entities and to safeguard the well being of the Infosphere.
Three principles for a just cyber warfare
I. Cyber warfare ought to be waged only against those entities who endanger or disrupt the well being of Infosphere.!
II. Cyber warfare ought to be waged to preserve the well being of the Infosphere.!
III. Cyber warfare ought not to be waged to promote the well being of the Infosphere.
JUST CYBER WARFARE
I. Cyber warfare ought to be waged only against those entities who endanger or disrupt the well being of Infosphere.
An entity may lose its rights to exist and flourish when it (causes informational corruption) comes into conflict with the rights of other entities or with the well-being of the Infosphere.
It is a moral duty to remove such a malicious entity from the Infosphere or at least to impede it from perpetrating more evil.!
JUST CYBER WARFARE
II. Cyber warfare ought to be waged to preserve the well being of the Infosphere.
The second principle limits the task of cyber warfare to restoring the status quo in the Infosphere before the malicious entity began increasing the informational corruption within it.
Cyber war is just as long it repairs the Infosphere from the damage caused by the malicious entity.
JUST CYBER WARFARE
III. Cyber warfare ought not to be waged to promote the well being of the Infosphere.
Cyber warfare ought to be endorsed as an active measure in response to increasing of evil and not as proactive strategy to foster the flourishing of the Infosphere.
Fostering the well-being of the Infosphere falls beyond the scope of a just cyber warfare.
JUST CYBER WARFARE
CONCLUSION
Cyber warfare is one of the most compelling aspects of the so-called information revolution.
Extant laws, regulations and moral framework of warfare struggle to address such novelty.!
We do not need to throw the baby with the bath-water, but we need to consider how to expand the scope of Just War theory so that it will adequately address the non-violent cases of cyber warfare and provide new basis for policy- and law making.!
This is an ambitious endeavour and requires law-makers, military and scholars to join forces.
Mariarosaria Taddeo!PIAS, University of Warwick!
http://taddeo.philosophyofinformation.net/[email protected]
THANK YOU
COPYRIGHT DISCLAIMER!Texts, marks, logos, names, graphics, images, photographs, illustrations, artwork, audio clips, video clips, and software copyrighted by their respective owners are used on these slides for non-commercial, educational and personal purposes only. Use of any copyrighted material is not authorised without the written consent of the copyright holder. Every effort has been made to respect the copyrights of other parties. If you believe that your copyright has been misused, please direct your correspondence to: [email protected] stating your position and I shall endeavour to correct any misuse as early as possible.