United States Cyber Command turned ten years old in 2020. It is a unique institution—a military command that operates globally against capable adversaries and yet never fires a shot—and its design has been a work in progress.
Latest in Aegis Paper Series
The United States has one of the world’s strongest and most sophisticated capabilities to launch cyberattacks against adversaries. How does the US Constitution allocate power to use that capability? And what does that allocation tell us about appropriate executive-legislative branch arrangements for setting and implementing cyber strategy?
As its name implies, the 2018 US Department of Defense Defend Forward strategy is principally reactive. The strategy assumes that the United States will continue to suffer harm from competitors and malign actors through cyberspace. Accordingly, it outlines US reactions in order to preempt threats, defeat ongoing harm, and deter future harm.
If information is power, then the corruption of information is the erosion, if not the outright usurpation, of power. This is especially true in the information age, where developments in the technological structure and global interconnectedness of information and telecommunications infrastructure have enabled states to engage in malicious influence campaigns at an unprecedented scope, scale, depth, and speed.
The Israeli equivalent to Defend Forward is far less regulated than its U.S. parallel, and that the Israeli version of Persistent Engagement at home allows domestic action and harnesses the private sector in ways that the U.S. approach does not contemplate.
When a state suffers an internationally wrongful act at the hands of another state, international law allows the injured state to respond in a variety of ways. Depending on the nature, scope, and severity of the initial wrongful act, lawful responses can range from a demand for reparations in response to a low-level violation to a forcible act of self-defense in response to an armed attack. Countermeasures offer an additional way for a state to respond to an internationally wrongful act.
With little fanfare and less public notice, Congress and the executive branch have cooperated effectively over the past decade to build a legal architecture for military cyber operations.
Across the United States and Europe, the act of clicking “I have read and agree” to terms of service is the central legitimating device for global tech platforms’ data-driven activities. In the European Union, the General Data Protection Regulation has recently come into force, introducing stringent new criteria for consent and stronger protections for individuals. Yet the entrenched long-term focus on users’ control and consent fails to protect consumers who face increasingly intrusive data collection practices.
Platforms’ ability to assess the context of content plays a major role in determining whether “new school regulation” sets proportional limits to freedom of speech.
Verified Accountability: Self-Regulation of Content Moderation as an Answer to the Special Problems of Speech Regulation
The “techlash” of the past few years represents a moment of quasi-constitutional upheaval for the internet. The way a few private companies have been “governing” large parts of the digital world has suffered a crisis of legitimacy. Calls to find mechanisms to limit the arbitrary exercise of power online have gained new urgency. This task of “digital constitutionalism” is one of the great projects of the coming decades. It is especially pressing in the context of content moderation – platforms’ practice of designing and enforcing rules for what they allow to be posted on their services.