Just back from vacation I get to catch up on fun stuff that I missed while I was away. At the top of my list is the Tallinn Manual recently released by a distinguished group of NATO experts. The Manual is a first of its kind effort to codify the international laws applicable to cyber warfare. The director of the project is the renowned Michael Schmitt of the Naval War College and his diverse group of experts from around the globe has made a great start on this herculean task. Here is a taste from the introduction [citations omitted]:
One of the challenges States face in the cyber environment is that the scope and manner of international law’s applicability to cyber operations, whether in offence or defence, has remained unsettled since their advent. After all, at the time the current international legal norms (whether customary or treaty-based) emerged, cyber technology was not on the horizon. Consequently, there is a risk that cyber practice may quickly outdistance agreed understandings as to its governing legal regime.
The threshold questions are whether the existing law applies to cyber issues at all, and, if so, how. Views on the subject range from a full application of the law of armed conflict, along the lines of the International Court of Justice’s pronouncement that it applies to “any use of force, regardless of the weapons employed”, to strict application of the Permanent Court of International Justice’s pronouncement that acts not forbidden in international law are generally permitted. Of course, the fact that States lack definitive guidance on the subject does not relieve them of their obligation to comply with applicable international law in their cyber operations.
The community of nations is understandably concerned about this normative ambiguity. In 2011, the United States set forth its position on the matter in the International Strategy for Cyberspace: “[t]he development of norms for State conduct in cyberspace does not require a reinvention of customary international law, nor does it render existing international norms obsolete. Long-standing international norms guiding State behaviour—in times of peace and conflict—also apply in cyberspace”. Nevertheless, the document acknowledged that the “unique attributes of networked technology require additional work to clarify how these norms apply and what additional understandings might be necessary to supplement them”.
This project was launched in the hope of bringing some degree of clarity to the complex legal issues surrounding cyber operations, with particular attention paid to those involving the jus ad bellum and the jus in bello. The result is this ‘Tallinn Manual’.
UPDATE: To my profound consternation, I find that the version I was provided came with the caveat that it was not to be released publicly. Had I realized that fact I would, of course, not have linked to the document. I have, as a result, removed the link in this post and I extend my heartfelt apologies to those whose work I may have inadvertently disclosed prematurely. Anyone who may have downloaded the paper from me is requested to not disseminate it further.
I understand from Prof. Schmitt that an approved version will be available in edited form on the NATO website soon. We should all look forward to that, as this is a wonderful piece of work. Anyone who has an interest in international law, cyber war, or both will, I am sure, find this worth the time and energy.