Justice Lawyers Try to Define Cyber War

Justice Lawyers Try to Define Cyber War

By Colin Clark Tuesday, February 16th, 2010 6:22 pm
Posted in Cyber Security, International, Policy

Run for the hills! The Justice Department’s lawyers are trying to figure out just what would constitute an act of war during a cyber attack. OK, it may not be that bad, but the specter of a room full of government lawyers trying to decide what constitutes an act of war when it occurs via the Internet is not terribly reassuring.

To be fair, no one has come up with a decent answer to what turns out to be a very thorny question. The hardest question to answer in cyber war is the one that used to be pretty simple: who attacked us. But the structural anonymity of the web allows attackers to mask their origins.

When the Obama administration announced creation of its cyber task force, led by Melissa Hathaway, there was great hope that the White House effort would finally answer the very basic question: what constitutes an attack on the United States that we can legally and morally respond to with overwhelming force.


Hathaway appeared last week at an event at the National Press Club and I asked her what the answer might be. She pointed to the International Telecommunications Union (ITU) as a possible source for answers. She said the cyber world bore striking similarities to radio. Both transcend borders and provide crucial international services. The ITU is a UN agency that manages frequency and other central international issues that affect radio.

The ITU’s leader has a pretty good idea how high the stakes are. “The next world war could begin in cyberspace,” Hamadoun Touré, ITU secretary general said in October last year. At the time, Toure pledged to have “a global agreement with every country to protect its citizens online, not to harbor cyberterrorists, and not to start an online attack.” He’s not there yet.

And the Obama White House clearly decided to put off its decision on what could spark a war. After all, a bunch of Justice Department lawyers, no matter how smart and dedicated, can’t make such a momentous decision without strong direction from the Oval Office. It will have to be an interagency decision, so watch Jim Jones to see when the National Security Council wades in to push things along.

But Hathaway’s comparison of radio with cyber is pretty compelling. One big difference — radio direction finders and other technologies exist to determine the source of a radio broadcast with a pretty high degree of certainty. We’re not there yet with cyber and we may have to wait for it before the policy decision can be made.

Join the Conversation

Byron Skinner February 16th, 2010 at 10:23 pm

Good Evening Folks,

The legal problem here is the same one that has been with us since 9/11 and the Supreme Court has dodged efforts to issue a clear constitutional based decision.

The question is where is the firewall between domestic terrorists and international terrorists. In the cyber world as Colin said it very unclear where an action physically originated. If it was done on American soil, unless the President declares martial Law it is a domestic legal problem.

The problem here is that the US Cyber Command is a Military organization under the Department of Defense and the Pose Comitatus law clearly comes into play. At that point the problem would come under the jurisdiction of the Department of Homeland Security, which is not a part of Cyber Command, I know the FBI has an adviser roll with the Cyber Command but thats conditional to what the President or the Attorney General will allow.

I know it sounds like legal wish wash but when a case comes into Federal District Court any chance of a conviction is rather slim. The US Code is very clear about the roll the Military can play and what information that can be exchanged.

Non Mirandaized information taken after a suspect is taken into Federal custody but before a suspect is turned over to civil authorities is simple wasted and non admissible in a trial.

But this information may be of upmost importance to the military is taking action against the attack. What is more important? Military necessity or a legal conviction?

ALLONS,
Byron Skinner

Jeff February 17th, 2010 at 11:52 am

The Supreme Court can only speak as cases come before it. I’m unaware of any cases that have come before the bench that specifically address cyberwar.

Miranda Rights only apply to self incrimination. So unless you’re interigating the suspect without his permission or a lawyer present its not a wasted effort. So anything that can be collected through observation and investigation can be used. The fact thar his crime occured online doesn’t really change anything here.

BOOMER February 17th, 2010 at 12:23 pm

“TO PROTECT AND DEFEND THE CONSTITUTION OF THE UNITED STATES AGAINST ALL ENEMIES FOREIGN AND DOMESTIC” That one phrase alone tells me that the US MILITARY is our true homeland security and no other government agency regardless of what the cronies in the white house and senate say. Any violent or incompacitating act against the people of the US in general which is motivated by religion — race — greed — political offiliation should be considered terrorism. terrorism should not be divided into groups the way they did murder which allows too many to get off too easy. Laws need to be written in 6th grade language for all to understand regardless of thier background and education and be single scoped (terrorism is terrorism/ murder is murder/ trafficking is trafficing) regardless if it’s 1 or 100 the punishment is the same.

Byron Skinner February 17th, 2010 at 2:29 pm

Good Morning Jeff,

You are correct, no Cyber cases have come up before the Supremes recently. Back in the 90’s the Supreme Court ruled in a could of hacker cases, but they were very narrow rulings. The only item of interest in that they ruled that the internet was in fact public property and that the law of land line tele communication applied, in most cases.

The definitive question and perhaps the Detroit Christmas underware bomber case might address this is how much information can the intelligence people get before the suspect has to be given his rights? Can any of this information be used to determine what, if any crime was committed.

I would guess when a Cyber attack case come does up, it won’t be from any nation state or any terrorists organization but from an individual operating outside any recognized authority and without any guidance. Since Cyber Command is under the DoD and most likely the crime won’t be committed by a member of the armed forces of the United States or on DoD property there is really very little in the US Code that could convict as well as it is very doubtful that the DoD would provide much information regarding the scope of the crime.

If Cyber Command was under the DHS, the task of trying someone would be much clearer and the burden of proof of damages would be far less and wouldn’t become a National Security issue.

ALLONS,
Byron Skinner

Propellerhead February 18th, 2010 at 3:49 pm

I can tell you what happened in the Internet world when our networks (or a peers network) was attacked. Didn’t wait for lawyers or anyone. Any bad behavior is a breach of contract (usage license) by a connecting network anywhere on the Internet. The router engineers make a few calls, and remove the offending network(s) from the entire Global internet in the space of 10 mins or so using route table updates. It is up to the cut off provider to prove they have stopped the attack and will play nicely before their routes are pulled from the ‘black hole’. Same for any small sparse group of IPs scattered world-wide. In the case of a large scale attack, it is dealt with like cancer surgery. And, be assured the commercial internet backbones are at least 2 orders of magnitude bigger then any government network.

Indian Medicine February 18th, 2010 at 10:16 pm

I think the comments have pointed to the legal theories and prosecution conflicts of “Cyber Threats & Offenses”.

The distinction between a “Domestic Hacker”, and an “Intentional Foreign HOIS Agent” are legally differentiated by “Intent”; which sets the stage for the State & Federal Courts and AG’s to address.

The States do have a “foundational” definition of various levels of “Cyber” theft offenses, too include intentional interference with Corporate, and Individual “Legitimate Cyber Day to Day Operations”.

I would suggest that the Feds look at the various State Statutes for foundational guidance on developing, or amending Federal Cyber Statutes, too include ‘evidence requirements”.

Kenf February 19th, 2010 at 2:09 pm

Bryon, excellent summary of the core issues. I believe we need to work this issue like we do in regards to the FAA and hijacked planes. The Civilian agency (Homeland) is lead and has a procedure to contact the DoD when there is a situation of sufficient severity. The DoD is the Red Team who takes deceive action (based on a playbook and escalating responses). Homeland can then do the legal forensics to determine if criminal prosecution is warranted and possible. Let the meat eaters hunt and kill, let the lawyers and cops investigate. These are their core competencies.

George February 20th, 2010 at 2:45 pm

Feds should look around at corporate and other gov’ts (e.g. Israel, China) to see what they consider to be attacks, what the results of different attacks would be, how to detect these attacks, how to respond to attacks, and how to prevent cyber attacks. Personally, think that China is No. 1 threat in this regard, and it has probably been probing US cyber defenses for last 15 years. Feds should probably classify any attack which interferes with computer infrastructure or government agency as a federal crime. If the attack origin cannot be determined, then assume and treat it as an international attack.

JCitizen February 21st, 2010 at 8:01 am

George, I agree that China is the number one threat. They’ve been trying to get through my perimeter gateway for two years. They finally learned to at least do the attacks from civilian or university ISPs. They used to be nakedly blunt and originate directly from military installations. Talk about brash and open confrontation!!

Now they probably use the botnets that fill the PRC at large.

Dan February 27th, 2010 at 10:43 pm

Is that phrase from the Constitution or from team of lawyers who created that oath for the military?—Two different things.

Walter L. Johnson March 16th, 2010 at 3:40 pm

We’re over thinking this. Information needs to be retreved from a suspect before they are put in the system. Call it a preprocessing and santization process. and as far asthe IT end of it,Get the Geeks on the project, they are the ones that created the ability to harm our systems. In addition, Cyber attacks/terrorism will always be with us, the way to eliminate it is to rethink mechanical/automatic methods of preventing this. Prevent and report the attack then punish the perp.
Get with the program people!!!

LegalEagle March 25th, 2010 at 9:19 am

Interrogating. Miranda Rights apply to the law. The law states that Miranda Rights are to be read to each and every individual that is under the penalty of the law and placed under arrest. The fact is Miranda does not apply to just self incrimination, if you’re speaking of the suspect, it is, therefore, additionally, speaking and addressing the arresting officer as well as the court. Miranda reads: You have the right to remain silent. Everything you say and do can and will be held against you in a court of law. Do you understand?
Miranda originated around a murder case. A person beat the case because his Miranda Rights were not read to him. It is still the law. It will continue to be the law. The fact is, if some attorney would get off it and investigate those persons who have been placed under arrest without having had his/her Miranda Rights read to him/her, there would be one hellacious class action lawsuit set forth and an abundance of cases dismissed.

Tru March 25th, 2010 at 9:22 am

As soon as you do, they’ll find another way to get through. True.

*required

NOTE: Comments are limited to 2500 characters and spaces.

By commenting on this topic you agree to the terms and conditions of our User Agreement