I've recently completed a short (10-page) draft meant to serve as a primer on key domestic law questions associated with computer network operations. The paper will be published as part of the proceedings of this past summer's Naval War College conference on cyberwarfare (a wonderful event hosted by Michael Schmitt, who chairs the international law department at NWC). You can get the draft here, and the abstract follows below:
Computer Network Operations (“CNOs”) famously give rise to a number of international law complications, and scholars have duly taken note. But CNOs also raise important questions under the heading of U.S. domestic law, particularly when the government does not intend for its sponsoring role to be apparent or acknowledged. This brief essay, which builds on my prior work exploring the convergence of military and intelligence activities, introduces readers to four of the most important domestic law questions raised by CNOs. First, must Congress be notified of a given CNO, and if so, which committee should receive that notice? Second, must the CNO in question be authorized by the President himself, or can authority be moved down the chain to other officials—or perhaps even automated? Third, what is the affirmative source of domestic law authority for the executive branch to conduct various types of CNO? Fourth, and finally, does categorizing a CNO as covert action subject to Title 50 carry with it a green light (from a domestic law perspective) to violate international law?