Categories
frontpage In the Journal Intelwars Volume 11

Volume 11, Issue 1

A Comparative Study of Domestic Laws Constraining Private Sector Active Defense Measures in Cyberspace
by Brian Corcoran

The U.S. private sector is vulnerable in cyberspace. In response, an increasingly mainstream national security argument calls for amending U.S. law to permit private sector actors to employ so-called “active defense” measures—a group of loosely-defined technical measures that fall on a spectrum between passive firewalls (clearly legal) and offensive counterattacks (clearly illegal). Proponents argue that such measures could slow, identify, or even deter offenders in cyberspace; provide unclassified evidence for use in civil cases; or support a government response. Critics warn of careless or incompetent actors and second-order effects—of companies starting a war. Strikingly, the U.S. debate over active defense measures is missing a comparative view of the rest of the world. There are no answers to straightforward descriptive questions, such as, “are active defense measures illegal (or otherwise constrained) in other countries?”This Article is the first sizable study to answer some of those basic comparative questions. It surveys the laws of twenty countries, (1) finding a remarkable uniformity of approaches that, while not yet rising to the standard of an international norm or custom, is closer than most assume and (2) concluding that even if Congress relaxes U.S. law to permit certain private sector active defense measures, laws around the world will continue to constrain private sector activity.

The Syrian Detention Conundrum: International and Comparative Legal Complexities
by Dan E. Stigall

The phenomenon of battlefield detention by non-state groups is increasingly common and has been recently brought into focus by events in Syria where, as part of the international effort to counter the Islamic State of Iraq and Syria (“ISIS”), the United States and coalition partners have worked “by, with, and through” a non-state armed group called the Syrian Democratic Forces (“SDF”).  That successful partnership has resulted in significant battlefield victories—and the resultant detention by SDF of more than 2,000 ISIS foreign fighters. A detention conundrum has, however, been created by the modern reliance by states on non-state actors for counterterrorism operations, and their simultaneous reluctance to accept the return of terrorists captured and detained by non-state actors in the course of those operations. Specifically, SDF partners have signaled that they do not have the capacity or authority for the continued detention of the foreign terrorist fighters captured in the course of the successful counter-ISIS effort. Moreover, the countries of origin of these captured terrorists are reluctant to accept their return, citing to legal obstacles to repatriation. The inability of non-state partners to detain foreign fighters indefinitely, coupled with the refusal of countries to repatriate their nationals, risks the release of dangerous terrorists. To assist in navigating this complex situation, this Article illuminates the international and comparative legal issues associated with the detention of terrorists by non-state armed groups and clarifies the legal issues relating to the repatriation of detained foreign terrorist fighters by the SDF in Syria. Through this analysis, the Article ultimately demonstrates that international law and the domestic law of many international partners generally permits the lawful transfer of foreign fighters from the custody of a non-state entity to government authorities for prosecution, rehabilitation, or other appropriate means of preventing their return to terrorism.

Law Wars: Experimental Data on the Impact of Legal Labels on Wartime Event Beliefs
by Shiri Krebs

On June 1, 2018, Razan Al-Najjar, a twenty-one-year-old Palestinian paramedic, was killed by Israeli fire during demonstrations along the Israel-Gaza border. Her death triggered intense debates about whether Israeli soldiers intentionally targeted her, in violation of international law. Despite the many fact-finding efforts, the facts are not settled, the legal debates linger, and meaningful accountability seems further away than ever. This episode highlights the growing focus of wartime investigations on legal truth. Furthermore, it suggests that, in the context of the Israeli-Palestinian conflict, framing facts in legal terms triggers backlash, anger, and denial. In other words, using legal terminology to frame public perception of wartime events is ineffective for dispute resolution. This Article explores this general claim employing interdisciplinary theories and methods using the 2018 Gaza border demonstrations as an illustrative example. It then tests these hypotheses with a 2017 survey experiment fielded in Israel with a representative sample of 2,000 Jewish-Israeli citizens. This experimental data provides systematic evidence of the effect legal labels have on people’s beliefs about contested wartime actions committed by their fellow nationals. The findings demonstrate that discussing events using common legal labels, such as “war crimes,” significantly decreases Jewish-Israelis’ willingness to believe information about Palestinian casualties and fails to stimulate feelings of empathy toward the victims. Jewish-Israelis tend to reject facts described using war crimes terminology and are more likely to feel anger and resentment than guilt or shame. These findings contribute to the broader debate about the role played by international law during armed conflicts, suggesting that, rather than serving as an educational and informative tool, it is cynically perceived as a political tool.

A Postmortem for International Criminal Law? Terrorism, Law and Politics, and the Reaffirmation of State Sovereignty
by Vincent-Joël Proulx

This Article explores the intersection of International Criminal Law and domestic legal systems in the counterterrorism arena, with a particular focus on the United Nations Security Council’s promulgation of relevant legal obligations. This account critically examines the ways in which ICL, and international law more broadly, can address terrorism, and then investigates the viability of expanding the International Criminal Court’s jurisdiction to encompass crimes of terrorism. In analyzing ground-breaking UNSC resolutions imposing wide-ranging counterterrorism duties on states, I shed light on that organ’s “quasi-legislative” exercise of its powers and the implications for the implementation of those obligations in domestic law. Ultimately, I argue that the global counterterrorism campaign can only be pursued meaningfully through what I term a “transnational network of criminal and civil law.” This system is based on giving states the power to write and enforce their own counterterrorism laws under a UNSC mandate.

Photo by Astrid Riecken (CC BY 2.0)

Share
Categories
Featured frontpage In the Journal Intelwars

Volume 10, Issue 2

Issue 2

Totemic Functionalism in Foreign Affairs Law
by Elad D. Gil

In many Western democracies, and particularly in the United States, foreign affairs are primarily an executive enterprise. Owing to the executive’s relative institutional advantages over the legislature and the judiciary—in expertise, knowledge, speed, unitary structure, and democratic accountability—courts afford the President considerable deference in cases relating to foreign affairs. But there is something deeply flawed in the way judges apply functionalist reasoning in this context. Instead of using functionalism for what it is—a contextual and adaptable paradigm for ascertaining whether and how much deference is desired in order to make the challenged policy or act work best—judges frequently simply rely on the executive’s special competence to apply a de facto presumption of near-total deference, which this Article terms “totemic functionalism.” This Article traces the conceptual underpinnings of totemic functionalism and critically analyzes its pervasive effect in foreign affairs law. Using three case studies and other recent examples, it then shows how totemic functionalism undermines the system of checks and balances, first between the organs of government and then, indirectly, inside the executive branch.

Getting Past the Imperial Presidency
by Deborah Pearlstein

In an age in which the “imperial presidency” seems to have reached its apex, perhaps most alarmingly surrounding the use of military force, conventional wisdom remains fixed that constitutional and international law play a negligible role in constraining executive branch decision-making in this realm. Yet as this Article explains, the factual case that supports the conventional view, based largely on highly selected incidents of presidential behavior, is meaningless in any standard empirical sense. Indeed, the canonical listing of presidential decisions to use force without prior authorization feeds a compliance-centered focus on the study of legal constraint rooted in long-since abandoned understandings of how and why legal systems function. While the reality that law does not operate as an on/off switch has long been accepted among legal scholars when it comes to ordinary law—all legal rules face “the fact of violation,” uncertainty in meaning, and a complex array of human motives and incentives for acting—these phenomena seem yet to have informed our understanding of law’s role in shaping decision-making surrounding state uses of force. This Article argues that accounting for these features of law is especially relevant to the study of constitutional and international regulations of state use of force. Applying a more contemporary understanding of how law works, the Article illustrates how shifting our methodological approach away from compliance-centered metrics of legal constraint may require reinterpreting the conventional set of examples we have long assumed we understood. At a minimum, it requires redesigning our approach to the empirical study of executive branch decision-making. And it suggests we may need to rethink what mechanisms may most effectively constrain the “imperial presidency” in the years ahead.

The Mutual Assistance Clauses of the North Atlantic and EU Treaties: The Challenge of Hybrid Threats
by Aurel Sari

Mutual assistance clauses serve a dual purpose. They commit their signatories to stand up to a common threat and are thereby meant to deter potential aggressors. Their dual purpose places them at the crossroads between war and peace and the intersection between law and strategy. The rise of hybrid threats, however, has led many to question whether the mutual assistance guarantees found in the North Atlantic and EU Treaties remain suited for our present security environment. Adversaries employ tactics that increasingly seem to blur the dividing line between war and peace. The hybridization of warfare thus poses a risk that adversaries may circumvent classic security guarantees. The purpose of this Article is to compare the mutual assistance clauses of the North Atlantic and EU Treaties to determine their scope of application, clarify the nature and extent of the obligations they impose on the contracting parties, and assess their vulnerability to hybrid threats. The analysis confirms that the provisions in question are at risk of subversion, but that the impact of this threat is more limited than is often assumed. Nevertheless, this Article argues that there is no room for complacency. NATO, the EU, and their member states should take steps to strengthen legal interoperability in order to increase the legal resilience of their collective security arrangements against the challenges posed by hybrid threats.

The Law Enforcement Paradigm under the Laws of Armed Conflict: Conceptualizing Yesh Din v. IDF Chief of Staff
by Shelly Aviv Yeini

While the two traditional paradigms for the use of force in international law are law enforcement under international human rights law and conduct of hostilities under laws of armed conflict, this Article examines the possibility of a new paradigm of law enforcement under the laws of armed conflict. In the judgment of Yesh Din v. IDF Chief of Staff (Yesh Din) recently given by the Supreme Court of Israel, the court endorsed this entirely new paradigm, which challenges the traditional distinction between law enforcement and the conduct of hostilities. This Article explores the legal justifications of the paradigm and examines whether it has legal grounds to rely upon. It further demonstrates that the new paradigm is vague, permissive, and extremely under-developed. The new paradigm has the potential to be abused by states picking and choosing the norms they wish to apply from either international human rights law or the laws of armed conflict. It is a common saying that “hard cases make bad law.” The arguably problematic judgment of Yesh Din is the result of a complicated and challenging situation that has created bad law indeed.

Credit: Illustration by Adam McCauley

Share
Categories
Featured frontpage In the Journal Intelwars

Volume 10, Issue 1

Issue 1

Yemen: Is the U.S. Breaking the Law?
by Oona Hathaway, Aaron Haviland, Srinath Reddy Kethireddy and Alyssa T. Yamamoto

The almost four-year long brutal civil war in Yemen between the central government of President Abdu Rabbu Mansour Hadi and a Shi’a Islamic movement called the Houthis shows no signs of slowing. A coalition of countries led by Saudi Arabia has provided extensive support to President Hadi, including by conducting an ongoing military campaign against the Houthis. In the course of this military campaign, the Saudi-led coalition has been accused of violating international humanitarian law by killing hundreds of civilians through airstrikes, as well as contributing to a humanitarian disaster by imposing a blockade. Though not a member of the Saudi-led coalition, the United States has provided invaluable support to the coalition’s campaign through weapons sales, mid-air refueling of coalition aircraft, targeting assistance, and other training and logistical support. This Article surveys and analyzes a variety of domestic and international law that may apply to the U.S. role in Yemen and finds that continued U.S. support for the Saudi-led coalition in Yemen may violate several domestic and international laws. The article concludes by considering whether and how the laws might be enforced and U.S. legal violations brought to an end.

The Return of Gunboat Diplomacy: How the West has Undermined the Ban on the Use of Force
by Patrick C. R. Terry

This article outlines how the West’s manifold attempts at reforming the jus ad bellum, by permitting an increasing number of exceptions to the ban on the use of force, has led to a serious weakening of the structures on which the conduct of international affairs has rested since the end of WWII. The belief that the invocation of novel justifications for resorting to the use of force could be restricted to the West and its close allies has proved unfounded as many states from Russia via the Arab peninsula to Turkey are now also laying claim to the right to use force in an increasing number of cases. Thus what was once heralded as a modernizing effort actually has led to an erosion of the ban on the use of force.

Uncertainty in the Law of Targeting: Towards a Cognitive Framework
by Michael N. Schmitt and Major Michael Schauss

This article offers a cognitive framework for thinking about the confluence of uncertainty and the IHL rules governing targeting. In abstract discussions, the tendency has been to understand the requisite level of certainty for engaging a target as a particular threshold, that is, as “certain enough” to satisfy the requirement to confirm a target as a military objective, qualify harm as collateral damage or military advantage that must be factored into the proportionality calculation, or require the taking of feasible precautions in attack to minimize harm to civilians and civilian objects. In our view, this approach neither reflects targeting practice, nor adequately operationalizes the balance between humanitarian considerations and military necessity that all “conduct of hostilities” rules must reflect. We suggest that the issue is more nuanced, that dealing with uncertainty involves a multifaceted situational assessment when planning, approving or executing attacks. The article is our attempt to widen the aperture of discussion about battlefield ambiguity and doubt.

War Powers far from a Hot Battlefield: Checks and Balances on Presidential War-Making through Individual and Unit Self-Defense
by E. L. Gaston

While soldiers, marines, and their surrounding units have long been assumed to have a right to defend themselves, reliance on this right to individual and unit self-defense has expanded significantly since 2001. It has been applied to uses of force across a range of conflict situations, from being regularly used to counter ambiguous and asymmetric threats in Iraq and Afghanistan, to justifying drone strikes and low-footprint special forces engagements far from a “hot battlefield.” In the latter situations, though, the legal remit to use force is more controversial, and use of individual and unit self-defense to justify significant strikes or engagement in hostilities have raised legal questions. This article will explore the domestic and international legal bases for these extended self-defense strikes and operations.

Fiduciary Duty, Honor, Country: Legislating a Theory of Agency into Strategic Civil-Military Relations
by Major Dan Maurer

Dissent, annoyance, mutual frustration, misplaced trust, breaches of confidentiality, unwelcome candor, and differing senses of obligation, loyalty, and service are all recurring themes in the day-to-day theater that is the civil-military relationship between American political and military strategic elites. The health of these relationships matters significantly for the fitness of the outcomes for which these parties are accountable. Wars (whether and how to fight them), budgets (how much to spend, on what, and for whom), force structure (how to organize the means of national defense), and personnel (who to recruit and retain, and who—if anyone—should be excluded from service) are the critical issues, and these parties often disagree over these fundamental questions. The efficiency, prioritization, thoughtfulness, and public explanations of these issues will also be turbulent in the wake of unsteady, rocky strategic civil-military relationships. Congress, no less than the Executive Branch and military leaders, has a stake and a say in these relationships.

Photo: Reuters

Share
Categories
Featured frontpage Intelwars Online Student Articles

A Quantum Leap in International Law on Cyberwarfare: An Analysis of International Cooperation with Quantum Computing on the Horizon

Dominic Rota[*]

Introduction

The monumental technological advances of computer systems in recent years have given birth to a new battleground of warfare: cyberspace. The international legal regime, however, has not caught up to the threats posed by existing technologies, nor developed an adequate consensus on what is beyond the pale. Furthermore, the cyber arms race is on the verge of becoming even more dangerous as quantum computing technology will become a reality in the not-so-distant future.

The competition to create the first viable quantum computer is heating up, as quantum computers offer the ability to cripple militaries and topple the global economy.[2] Quantum computers will likely be able to break all modern encryption schemes, including those on which the banking, communications, defense, and healthcare industries rely.[3] Because quantum computers have the ability to perform calculations in simultaneity and perform factoring operations vastly more efficiently than conventional computers, a single quantum computer could hijack even the strongest of encryption schemes in less time “than it takes to snap one’s fingers.”[4] As Dr. Arvind Krishna, the Director of IBM Research, recently stated, “[a]nyone that wants to make sure that their data is protected for longer than 10 years should move to alternate forms of encryption now.”[5] We could see the first workable quantum computer in little more than five years.[6]

The United States likely still possesses the advantage in quantum computer development.[7] Indeed, American technological titans such as Microsoft, IBM, Intel, and Google have made massive investments in quantum computing over the past few years.[8] Most recently, the U.S. House of Representatives unanimously passed the National Quantum Initiative Act (“NQIA”).[9] The NQIA would direct the President to implement a “National Quantum Initiative Program” to accelerate the research and development of quantum computing science and its applications in technology.[10] The NQIA calls for approximately $1.275 billion in funding for the program in its first five years.[11]

The U.S.’s lead, however, may diminish as other nations and their companies aggressively work to catch up. The European Union (“EU”) has made quantum research a “flagship project” over the next decade, committing to investing upwards of €1 billion to research, more than five times the current U.S. government allocation.[12] Meanwhile, China leads the international community in “non-hackable quantum-enabled satellites” and possesses the world’s fastest supercomputers.[13]

And while nations compete with one another in quantum innovation, the laws governing cyberwarfare remain indeterminate and unsettled. Do cyberattacks rise to the level of an armed attack, such that they warrant a formal act of “self-defense” or a declaration of war against a sovereign nation? Perhaps it is not surprising that the international community has yet to implement a legal framework to regulate cyberattacks and warfare. Perhaps there are no simple answers to the questions the advent of cyberwarfare presents. But what is surprising is that there has been so little progress at the international level in establishing uniform expectations of state conduct, considering that this long-speculated-about possibility has largely become a reality. Yet cyberattacks and cyberwarfare still demand the legal practitioner consider “issues of self-protection, the ability to fend off (or deny) an attack, attribution about the source of attack, and effectiveness of response.”[14]

This Article addresses the challenges of establishing a unified legal framework over the “modern arms race” of quantum computers and other cyber operations, and explores potential solutions for the international governance over cyberwarfare. I argue that a uniform international policy and legal framework is needed, as opposed to the mere hope that a technology-based solution will protect developed nations against attacks by quantum computers. Although a technology-based solution, such as the development of quantum-resistant algorithms and technologies, could indeed provide a means of defense for developed nations, such a solution is not viable for those states without the technological capability to shield against attacks from quantum computers.

Part I provides a brief introduction to the history of modern-day encryption technologies, as well as how major public-key encryption schemes protect against threats emanating from the weaponization of conventional computers. Part II provides an explanation of how a quantum computer exploits the basic tenets of quantum mechanics, and demonstrates how quantum computers could swiftly penetrate encryption schemes. Part III turns to legal analysis, and the current theoretical challenges in establishing a concrete international legal regime to address the threat of cyberwarfare in general.

Finally, Part IV proposes a number of approaches the international community may take to address the approaching threat posed by quantum computing. It analyzes the use of force in cyberattacks, a perennial challenge in international law.

I.          Overview of Encryption Technology

As the global community becomes increasingly reliant on the electronic communication of sensitive information (e.g. trade secrets, medical records, and bankcard information), “the rewards for intercepting that information grow.”[15] Both private and public sector entities have sought to ensure security and protection for their private data.[16] Encryption technologies, perhaps “the most important technological breakthrough in the last . . . thousand years,”[17] have enabled the safe and secure transmission of private data in the Information Age.

The basic idea of contemporary encryption is intuitive. An encryption algorithm is a method that uses a large, secret number called a key, to encrypt the message to be secured, called the plaintext.[18] On the other end, a computer that receives the ciphertext transmission and knows the key that was used for encryption can easily translate it back into to the plaintext.[19] A computer that intercepted the ciphertext but did not know the key would be unable to make sense of it; without the key, the message is nonsense. Moreover, internet encryption uses keys that are at least 128-bit numbers, with a minimum of around 3.40 × 1038 possibilities for each key.[20] It would take years for a conventional computer to guess a given key by working its way through all the possibilities.[21]

The internet relies on an ingenious technique called public-key cryptography to scale the benefits of encryption to an internet that relies on members of the general public interacting in ways meant to be kept secret with third-parties with whom they have no relationship and therefore no previously agreed upon private key.[22] Public-key cryptography generates a publicly available key from a secret key that is ultimately necessary to decrypt the data.[23] This two-stage process allows public users of the internet to transmit encrypted information that could only be decrypted by the holder of the private key.[24] This technique underlies most encryption on the internet, including that which safeguards financial transactions and personal information.[25]

Public-key encryption is difficult for an intercepting computer to break. While many of the most commonly used methods could be broken by efficiently factoring the long public keys, this is a notoriously difficult mathematical operation when the public key is of substantial length.[26] Fortunately, there are no known efficient factoring algorithms that can run on traditional computers.[27] A 232-digit number took scientists two years to factor running hundreds of computers in parallel.[28] Breaking the codes that shield information on the internet, then, is comfortably beyond the capabilities of governments, saboteurs, and terrorist organizations. But, by harnessing the counterintuitive principles of quantum mechanics, quantum computers can be vastly more efficient at factoring large numbers. Consequently, the mass of information on the internet protected by public-key encryption could be vulnerable to exposure by even a relatively weak quantum computer.

II.          Overview of Quantum Computing Technology

Transistors are the basic building block of modern computing; as a general matter, the smaller a transistor can be fabricated, the greater the computing power resident in a given physical space on a computer chip. Current computers are built on classical, or Newtonian, mechanics,[29] but quantum computers are built on transistors of individual atoms, a scale we are already approaching.[30] This is the secret to the promise and threat of quantum computing, and goes beyond merely fitting more transistors into the same amount of space. By storing information in continuous, rather than binary variables, quantum computers will deliver a computing power qualitatively different from traditional computing.

A.    The “Qubit”

In standard computers, the transistors, which are part of an integrated circuit, switch “on” or “off” to pass or block electrical pulses.[31] A bit is a piece of data that is represented by either the binary values “1” or “0,” representing the functions of “on” or “off,” respectively.[32] This mechanical architecture underlies the binary structure of contemporary computing information. Information, in the form of bits, is fed through a processor, which completes calculations iteratively, or one-at-a-time, according to algorithms established by the software’s coding.[33]

In quantum computers, the qubit is equivalent to the classical computer’s bit. A qubit is a more powerful mechanism of information storage, though, because it exploits the superposition principle, a fundamental feature of quantum mechanics.[34] The superposition principle permits the storage of information as continuous variables rather than discrete, binary variables. In other words, a qubit is a probabilistic distribution that can encode an infinite number of values between 0 and 1. Classical computers can only store information in 0s and 1s, and all the complex calculations they perform are built upon combinations of 0s and 1s. In contrast, quantum computers will be able to store information in a probabilistic distribution of infinite values between 0 and 1, and the calculations of the combinations of this distribution can be incomprehensibly complex.

More importantly for the fate of the global encryption paradigm, quantum computers are theorized to not only be faster, but also qualitatively better at factoring, jeopardizing the system of public-key encryption on which the internet relies. Indeed, in 1994, long before the first quantum computers were built, MIT Professor Peter Shor developed an algorithm that uses quantum, continuous variables to factor large numbers vastly more efficiently than scientists believe can be done with binary variables and traditional computers.[35] The promise of this algorithm has been demonstrated in small scale experiments with quantum computers.[36] In short, when it comes to cracking public-key encryption, quantum computers will be guessing in a manner which far exceeds the computational power of existing classical computing.

B.    Quantum Encryption: Fighting Fire with Fire

Since nations and private corporations possess an interest in developing quantum computing technology, much of today’s international efforts in this field are directed towards creating “next-generation cryptography that is ‘quantum proof.’”[37] The mission of post-quantum cryptography, or “quantum-resistant cryptography,” is to develop systems secure against assaults by both quantum and classical computers.[38] First, many hope that quantum-proof encryption can be developed on classical computers by developing encryption schemes that are not vulnerable to rapid factoring.[39] The United States Department of Commerce’s National Institute of Standards and Technology (NIST), “initiated a process to solicit, evaluate, and standardize one or more quantum-resistant public-key cryptographic algorithms”[40] which would be able to run on classical computers. At the end of 2017, the NIST accepted approximately seventy submissions of candidate quantum-resistant algorithms, all of which were explored and reviewed at a national conference in 2018.[41]

Second, researchers are working on ways of encrypting information using quantum computing. The first quantum-resistant transaction took place in 2004, when Viennese researchers exploited the phenomenon of photon entanglement to transfer a €3,000 deposit into their bank account.[42] Three years later, a Swiss company used quantum encryption technology to protect the results of an election in Geneva.[43] In 2017, China launched the world’s first “quantum satellite,” which the Pentagon deemed a “notable advance.” This satellite used the first space-to-ground quantum key technology used to establish “hack-proof” communications.[44]

Most of this encryption relies on quantum key distribution, a form of quantum encryption that exploits the quantum mechanical properties of photons (particles of light), which move in a particular direction (or polarization) while vibrating.[45] Similar to sunglasses, polarized filters in quantum key distribution systems only allow photons with certain polarizations to pass through.[46] At the sender’s end of a fiber optic network, a laser generates a series of single photons, each in one or two polarizations: vertical, representing a “1”, or horizontally, representing a “0”.[47] At the receiver’s end, the polarization of the photon is measured.[48] If a hacker intercepts the photon, it is compromised due to the collapse of the energy state, reflecting a value different from the value of probabilistic distribution between polarizations of 0 and 1. This renders it impossible for the hacker to send an accurate duplicate of the photon.[49] Thus, if the values of the key do not match between, then the key is discarded, alerting the communicating parties that they are being bugged.[50]

Despite the promising developments in developing quantum-proof encryption technology, it is still a relatively nascent field, with such research “far behind the progress of quantum computers themselves.”[51] Furthermore, despite the fact that researchers have made progress in securing transactions and interactions between sending and receiving parties, the technology has not addressed the security of data “at rest.”[52] Indeed, the developments of defensive measures may prove to be too little, too late, as the prospect of quantum cyberwarfare becomes a reality. Thus, while the international community should certainly try to play catch-up in innovating defensive responses to quantum computing, it must also address the need for global cooperation with regard to cyberattacks and cyberwarfare.

1. Quantum Computing Attack: A Case Study with the 2007 E-Stonia Attacks

There is no doubt that conventional methods of cyberattack (e.g. worms, Trojans, phishing, denial-of-service, ransomware, spyware, etc.) can be effective in targeting computer information systems, networks, and infrastructures, for the purposes of stealing, altering, or destroying information and data. But quantum computing offers remarkable efficiency in piercing encryption schemes and would dramatically increase potential cyber-exposure. To demonstrate the ease by which quantum computers could cripple a nation, a quantum computing attack will be contrasted with that of a conventional form of cyberattack, the distributed denial-of-service (“DDoS”), which was the primary tool for Russian-sponsored cyber-attackers in the Estonian incident of 2007.[53]

By 2007, Estonia had established so impressive a computer network that it had been nicknamed “e-Stonia”.[54] In the context of rising geopolitical tensions with its larger neighbor Russia, Estonia suffered what was at the time the most comprehensive cyberattack in history.[55] Using the method of “distributed denial-of-service” (DDoS), Russian-backed operatives maintained the assault for approximately twenty-two days, causing blackouts in Estonia’s major commercial banks, telecoms, media outlets, and other essential government servers.[56]

The aim of a DDoS attack is to “cut off users from a server or network by overwhelming it with requests for service.”[57] While standard denial-of-service attacks involve a single attack upon a single victim, the DDoS requires hordes of compromised computers, or “bots,” to carry out a single task in unison.[58] Essentially, when the cyberattacker, or “botmaster,” has infected and converted a sufficient number of vulnerable systems, it forms a “botnet” of zombie computer systems.[59] In turn, this botnet, controlled by the botmaster, sends a flood of requests to a target server or network, resulting in the overload or complete collapse of its functionality.[60] This form of attack merely denies internet users the capacity to access important functions over the web server.

An attack from a quantum computer could be fundamentally different. Whereas the DDoS attack against Estonia was a form of technological carpet-bombing, a quantum computer attack can be far more precise; a clinically efficient sniper. Quantum computers would not be focused on denying access, but rather infiltrating and gaining access to the system through parallel, computational factoring; the attacker would be able to steal, alter or destroy encrypted information. Had a quantum computing attack been employed in Estonia in 2007, the citizens could have faced far greater consequences, potentially including the absolute loss of confidential information necessary for functioning in a national economy.

In the present landscape, intelligence agencies around the world are archiving intercepted communications that have been transmitted through existing encryption technologies, which, as discussed, are currently mathematically uncrackable.[61] They wish that through quantum computing they will soon be able to decrypt this presumably valuable information.[62] Other rogue actors, however, see quantum computing as more than an intelligence gathering tool. Indeed, it could be a means to attack the banking and financial systems at the heart of any regional and/or global economy.[63]

III.          The International Conundrum

Computer systems across the globe are more linked than ever before. Because of this, “information can, and does, travel between networks at distances that make it difficult to predict the ripple effects of an action with any precision.”[64] Quantum computing technology has the capacity to breach encryption at any node along the information highway. Yet, despite the international community’s continuous talk of the danger of cyberattacks, efforts to harmonize global cooperation have been “rudimentary.”[65]

Discourse on cyberwarfare has arisen from the law of international armed conflict. Despite discussion in the abstract, it was not until the 2007 cyberattacks on Estonia that the international community moved to discuss in earnest cyberspace as a domain of war.[66] In response to those attacks, the North Atlantic Treaty Organization (NATO) established the Cooperative Cyber Defense Centre of Excellence (NATO CCD COE) in Tallinn, Estonia. A few years later, the CCD COE invited an independent group of experts to produce a manual on the international law governing cyber warfare, which became the Tallinn Manual 1.0 on the International Law Applicable to Cyber Warfare.[67] The use of cyber weapons continued, notably by Russia during its war with Georgia in 2008[68] and by Israel and the United States against Iran in 2010,[69] prompting the CCD COE to invite a new International Group of Experts to expand the Tallinn Manual’s scope to include governance of cyber operations during peacetime. This project developed into the preeminent treatise on cyber operations of today: Tallinn Manual 2.0 on the International Law Applicable to Cyber Warfare.[70] Although NATO’s product has spurred international cooperation in the area of cyberwarfare, it has not been internationally adopted as a legal protocol for war- and peace-time cyber operations. In fact, it is silent on the indirect effects of cyberattacks and their relationship to international criminal law, trade law, or intellectual property law, for example.[71]

While major efforts have been directed towards defining cyber operations within the scope of armed conflict, developed nations continue to suffer substantial economic losses as a result of international cybercrime and cyberespionage.[72] A 2014 report by the Center for Strategic and International Studies reports the economic costs of malicious cyber activity as averaging 0.8% of global gross domestic product.[73] Considering this amounts to losses in the hundreds of billions of dollars, the use of cyber operations to economically cripple a nation or trade group appears to be a viable means of conducting covert warfare.

The ideal solution to prevent cyberwarfare would be the formulation of an international agreement, either through existing international or regional organizations, or the development of a novel international coalition. Before this can happen, however, the international community must navigate a labyrinth of uncertainty around issues of attribution of cyber operations. Moreover, the international community has yet to take its first turn in this maze: adequately defining “cyberwarfare” and “cyberattacks.”

A.    Defining a “Cyber Attack”

Achieving a concerted international effort is challenging because of perennial ambiguity surrounding the definition of “cyberattack” and how to differentiate military cyber operations from civilian cyber espionage, which has prevented coordination and understanding between countries.[74] Moreover, the discussions thus far have not accounted for the heightened threat posed by quantum computers.

In the past several years, various organizations have attempted to create uniform definitions. In 2010, the U.S. Joint Chiefs of Staff defined a “cyberattack” as a “hostile act using computer or related networks or systems, and intended to disrupt and/or destroy an adversary’s critical cyber systems, assets, or functions.”[75] In 2012, Professor Oona Hathaway and Rebecca Crootof made their own attempt at devising a broad definition of a cyberattack: “[a] cyberattack consists of any action taken to undermine the functions of a computer network for a political or national security purpose.”[76] For its part, the Tallinn Manual offered the following definition: “[a] cyberattack is a cyber operation, whether offensive or defensive, that is reasonably expected to cause injury or death to persons or damage or destructions to objects.”[77]

None of these definitions, however, explicitly addresses the potential effects of a cyberattack on a state’s broader infrastructure. The Tallinn Manual’s definition, indeed, arguably fails to grapple with a variety of risks, including: the scrambling of financial records or a stock market crash; a false electronic signal causing a nuclear reactor to power down; an electronic blackout of air traffic control systems; an exposure of medical, educational, and personal information; or even an entire shut-down of large segments of the electrical grid.[78] Debate continues regarding the appropriate, essential language that captures the critical elements of a “cyberattack,” but does not permit an overly-broad construction.[79]

Another challenge in codifying a definition of cyberattack arises from the fact that nation-states are often unable to determine whether an attack was civilian or military in origin,[80] or more importantly, whether the attack was ordered by a hostile state or committed by a rogue private actor.[81] The difficulty of attributing cyberattacks lies in the fact that there are “generally no flags being flown, no soldiers to question, and no physical weapons to determine the country of origin.”[82] Moreover, there is generally a considerable amount of time that elapses before it is clear from which actor or nation the attack originated.[83] Due to the common practice of intentional misdirection by cyber actors, many scholars and legal practitioners have criticized the very notion of expanding the U.N.’s construction of self-defense under Article 51 to include responses to alleged cyberattacks.[84] If sovereign nations lack the capacity to accurately (and timely) determine the source of an attack, acting in self-defense is unwise, critics argue, given the substantial risk of misdirected retaliation.[85]

Despite this uncertainty, some nations and private organizations have attempted to form coalitions to address impending threats, including the power of quantum computers.

B.    Current Global Efforts

This section discusses the current lay of the land regarding international governance over cyberwarfare, and its readily apparent inadequacies in combating the potential threat of quantum computing-enabled attacks. To demonstrate the fragmented nature of international policy, this part is further divided into sections outlining the (1) international military efforts and (2) civilian efforts with respect to information security and data privacy.

1. International Military Efforts

A few months after the U.S. National Institute of Standards and Technology launched a post-quantum cryptography project “designed to identify quantum-resistant public-key cryptographic algorithms,”[86] Congressman Michael McCaul, Chairman of the House Homeland Security Committee, stated the need for a “coalition of like-minded nations to prepare for the quantum future and ensure [the international community] ha[s] the right cyber defenses in place when it comes.”[87] Yet, with the dawn of quantum computers approaching, efforts to institutionalize international cooperation on cyber governance lag behind.[88] This is largely due to states’ reluctance to restrict their sovereign control of cyberspace.[89]

Indeed, in cyberspace, state sovereignty extends beyond physical borders, reaching “any cyber infrastructure located on their territory and activities associated with that cyber infrastructure.”[90] Cyberspace includes the following layers: physical, logical, and social.[91] The physical layer of cyberspace “comprises the physical network components” such as cables, routers, servers, and computers; the logical layer consists of “connections that exist between network devices” including “applications, data, and protocols” permitting exchange of information across the physical layer; and the social layer pertains to “individuals and groups engaged in cyber activities.”[92]

It is no wonder, then, why states, particularly developed nations, would be reluctant to surrender potential cyber weapons.[93] Such cyber operations provide military commanders highly-preferable alternatives to traditional warfare.[94] Indeed, they can allow the military to attack enemy forces while minimizing the risk of death and injury to friendly forces, allies, or civilians.[95] Moreover, many cyberattacks are likely to be much cheaper than equivalent conventional attacks.[96]

In 2014, NATO, at its summit in Wales, recognized that a cyberattack may rise to the same level of harmfulness as a conventional attack.[97] It also established two institutional structures designed to respond to the threat of cyberwarfare: 1) the Cyber Defense Management Board, and 2) the NATO Cooperative Cyber Defense Centre of Excellence.[98] The Cyber Defense Management Board has generated a Computer Incident Response Capability (NCIRC) to protect its own system infrastructure and the NATO CCD COE, as discussed above, has been instrumental in shaping a framework of international law through the publication of the Tallinn Manual 1.0 and Tallinn Manual 2.0.[99]

2.  Civilian-Based and Private-Sector Efforts

The bulk of the global effort to shape the law of cyberwar has fallen on organizations concerned with non-military conceptions of information security and data privacy. Perhaps the most prominent is the European Union’s “Network & Information Security (NIS) directive,” which has taken substantial measures to improve cooperation on cyber security.[100] The Directive takes a three-pronged approach: 1) requiring EU states to implement minimal-level national capabilities by establishing Computer Emergency Response Teams (CERTs); 2) encouraging state authorities to cooperate and effectively coordinate across the integrated EU network; and 3) developing a risk-management protocol by which information is shared effectively between private- and public-sector regimes.[101] Moreover, in 2017, the European Commission dedicated €1 billion to quantum technology research.[102] Hopefully, these advances will generate an additional series of directives by the EU, and perhaps push state authorities to consider viable civilian defense strategies with an understanding of the revolutionary potential of quantum technology.

International and regional cybercrime suppression treaties have also included provisions for global cooperation in cyber operations.[103] Examples of these treaties include the Council of Europe’s Convention on Cybercrime and the League of Arab States’ Arab Convention on Combating Information Technology Offenses.[104] These agreements provide for “mutual assistance” to investigations or proceedings concerning criminal offenses related to computer systems and data, and for gathering of electronic evidence.[105] The Council of Europe’s Convention on Cybercrime additionally bans a wide variety of criminal activity such as system and data interception and interference, as well as the theft of intellectual property.[106] Still, however, the Convention does not adequately address the possibility of cyberwarfare. Indeed, it does not address cyberattacks in the context of warfare.[107] Further, by its structure, it lacks enforcement protocols to ensure adherence.[108] Thus, despite it being a binding treaty, the lack of enforcement mechanisms in the protocol renders the agreement rather malleable, only “partially develop[ing] cooperative behavior” amongst the signatory states.[109]

Another approach, encouraged by the Tallinn Manual 2.0, is to encourage the United Nations’ authorization of regional organizations to conduct enforcement action against cyber threats.[110] However, the promotion of regional cooperation has been at most a “piecemeal” effort.[111] Consider the Association of Southeastern Asian Nations (ASEAN) Convention on Counter-Terrorism (ACCT), which includes cyber operations as an “area of cooperation” among its member states.[112] Though it promotes the importance of taking a cooperative effort in combating cyberattacks, by its nature ASEAN remains dissociated from the efforts of other regional cooperative alliances.

Ultimately, these efforts will be largely ineffective if the world’s powerful military rivals, particularly the United States, Russia, and China, are unwilling to enter into a binding international agreement that limits their offensive cyber warfare capabilities.

IV.          Approaches to International Uniformity on Cyber Policy

Thus far, this Article has identified several obstacles to achieving uniform international policy on the governance of cyberwarfare, and explained why such uniform governance will be necessary to safeguard information as quantum computers become commercially available. Part A of Section IV, which explains three existing models of analyzing cyberattacks as “force” or “armed conflict,” explores the means by which the international community may scrutinize the use of militarized quantum computing and suggests a possible framework for nation-states to adopt. Part B analyzes the challenges in establishing internationally binding protocols and conventions against the use of weaponized quantum computers.

A.    Ascertaining an Approach to Analyzing the Force of Cyber Attacks

In contrast to traditional attacks, cyberattacks may be threatening primarily because of their indirect effects.[113] Often, these indirect results arise from their sheer unpredictability.[114] For example, a virus that may have been intended for a particular target may accidentally replicate from the target-point and propagate elsewhere, resulting in greater damage than anticipated.[115] Indeed, quantum computing attacks that decrypt widely-used encryption systems will have implications for the global internet. Thus, while quantum computers are in the early stages of technological maturity, it is imperative that the international community clarify its definition of cyberattack.

There are three major methods of analyzing the force of cyberattacks: instrument-based, target-based, and effects-based approaches.[116] Each framework has its respective advantages and disadvantages, and the solution likely resides somewhere in between.

The first approach to analyzing the force of cyberattacks is the “instruments-based” approach, which focuses on the technique utilized in an attack.[117] In other words, this approach emphasizes the inherent differences among the forms of cyberattack.[118] This framework has been widely adopted by international agreements that address “conventional weapons” (e.g., chemical weapons), but has faced major criticism in application to cyberattacks. More specifically, scholars argue that the adoption of such a protocol for cyberattacks could prevent nations from responding to certain categories of attacks, even if the consequences of the attack extended far-beyond the intended target. Furthermore, with technology rapidly evolving, categorically excluding certain forms of attack is problematic, given that a more “enhanced” version of such technological means could rise to the level of force required for national response.[119] Nevertheless, as will be discussed below, the instrument-based approach could be of value when addressing the prospect of weaponized quantum computers.

The second approach, the “target-based” model, centers the legal analysis on the target of the attack.[120] This is problematic because countries may define their own “critical” infrastructure in idiosyncratic ways, and could arbitrarily expand or contract the definition of a cyberattack as it applies to them.[121] However, scholars still suggest that the categorizing of all infrastructure as “critical” puts the attacker directly on notice of the nation’s intent to defend itself, resulting in a deterrent effect against potential attacker.[122]  Yet, categorizing all cyber intrusions into targeted critical infrastructure as cyberattacks would suggest that a nation would effectively be “at war” with any nation that conducts such intrusions, regardless of their tangible consequences.[123] Moreover, if a cyber intrusion is carried out against “non-critical” infrastructure, but the consequences are devastating, this approach would seem to fail. Because of these limitations, the “target-based” approach is inadequate to deal with the unique challenges of cyberwarfare.

The third approach, and the most popular, is the “effects-based approach.”[124] This framework structures its inquiry around “repercussions and results.”[125] A cyberattack that produces the equivalent result of a physical, kinetic attack has a higher probability of qualifying as an “armed attack,” while cyberattacks that result in political or economic coercion, though damaging, are less likely to qualify.[126]

Critics, however, have attacked effects-based proposals, arguing that they “can be too easily manipulated to create results supporting the geo-strategic goals of the nation conducting the inquiry.”[127] Moreover, because the indirect harms of cyber operations may not manifest immediately, this framework may have “limited utility for a state’s leaders under pressure to determine the appropriate response to such an attack.”[128]

Attacks by quantum computers, particularly in a world in which only a handful of states have access to them, present unique challenges for defining a cyberattack. Indeed, even if the international community were to settle on a definition for cyberattacks in general, it may not be adequate to address the profound power disparity presented by the control of quantum computing by a few states or sub-national actors.

Rather, I recommend the fusion of the “instruments-based” with the “effects-based approach” when analyzing the use of quantum computers to deliver a cyberattack. Under this test, a state would first need to determine if the attack employed the rapid, parallel factoring of complex encryption schemes that is only possible with quantum computers. If the victim state determined that the perpetrator used a quantum computer, it would be on notice that a repeat attack against a full array of indefensible network targets is possible.

Second, the victim state would then need to consider the “effects” of the quantum-computing attack, factoring in such indirect effects[129] as prospective economic and political aftermath. Perhaps what is most difficult about applying the effects-based approach with quantum computing is the extent to which the indirect effects will be indeterminate or simply too far-reaching to quantify clearly. A quantum computing attack would indicate that the attacker had the capability to pierce all encryption schemes, and the indirect effects of the attack could therefore include the compromise of encrypted internet information beyond the scope of the initial attack. In other words, having knowledge of the instruments used to propagate the cyberattack would directly inform the analysis of the secondary effects of the cyberattack. This, of course, presupposes that the victim state does not have the technological means to defend against attacks based on quantum computer factoring. Nevertheless, a viable means of quantum defense remains incomplete, and the proposed approach not only factors in this absence but also affords those states lacking the means to achieve a technology-based solution the legal capacity to consider retaliation with more traditional force where appropriate.

In the same way that states had to re-conceptualize the use of force after the advent of nuclear weapons, quantum computing requires us to reconsider how we approach cyberattacks.  Even if the effects-based approach is the most plausible standard for cyberattacks in general, it matters if an attack is made with a quantum computer. Until the international community’s cyber systems have evolved in such a manner so as to reduce the threat of quantum computing attacks to that of conventional cyberattacks, this proposed approach would provide nations with a viable and efficient means of responding with appropriate force to a quantum computing attacks as they arise.

B.    Towards A Convention Against the Use of Weaponized Quantum Computers

Once the international community has settled on how to analyze whether an operation using a quantum computer constitutes the use of force, it must implement a legal regime to regulate the improper use of such computers.

Professor Mary Ellen O’Connell has expressed concern over the militarization of cyber issues.[130] Rather, Professor O’Connell proposes the equivalent of an international agreement reducing stockpiles of chemical weapons to cyber operations.[131] But while broad regulation of cyber operations is an ideal approach, there is considerable difficulty in securing stringent regulatory policy in the international context.[132]

However, there have been successes. The Nuclear Non-Proliferation Treaty (“NPT”) and Chemical Weapons Convention (“CWC”) offer examples of “treaties in other ‘dual-use’ areas that are analogous to cyber space.”[133] These treaties seek to terminate the use or possession of chemical and nuclear weapons, while promoting the use of chemicals and nuclear power for non-military purposes.[134] For both the CWC and NPT, the Security Council of the United Nations may become involved if members violate these treaties.[135]

Disarmament of quantum computers (perhaps the “Weaponized Quantum Computer Convention”) modeled after the CWC and NPT would provide a framework for countermeasures, sanctions, and law enforcement for signatory states. Member-states would still be permitted to use quantum computing for non-military purposes. There would, of course, be profound enforcement challenges involved, but the success of these treaties can provide the international community a plausible way forward.

In the meantime, as Professor Chayes argues, voluntary non-binding pledges could start an international domino effect of nations issuing “confidence building measures” (“CBMs”), doing something to protect against the threat of attack by quantum computers while acknowledging state concerns about sovereignty.[136]

On the road to an international agreement or binding protocol, intermediate actions could send a message to the international community that there is a strong international consensus in favor of cyber disarmament. Without international enforcement, CBMs should not be the highest aspiration of global efforts. While interim diplomatic measures, such as voluntary pledges, may be a useful signal that states are committed to developing a robust legal framework against cyberattack, the world must recognize that quantum computers do not operate on clunky legislative time. While the world spins its legal and decision-making wheels for years to come, quantum computers only need a matter of moments to threaten encrypted information.

Conclusion

Quantum-computing attacks have substantial differences both from physical attacks and traditional cyberattacks. A nation can easily comprehend the physical effects of destructive nuclear bombs, but may not be adequately technologically advanced to understand the ripple effects of the use of quantum computing to break major encryption schemes across classified and otherwise protected computers and networks in the public and private sector.

Scholars are in near unanimity that current piece-meal efforts between nations and international organizations are unsustainable. As the dawn of quantum computing technology approaches, and as developed nations continue to express a clear reluctance to forfeiting highly-effective technologies, the world could enter into a “Quantum Cold War.” And, just as the threat of “mutually assured destruction” by nuclear warfare caused the United States and Soviet Union to exhibit restraint in the use of their own unclear stockpiles, the international community could head into a similar stalemate of a quantum “hold-out.” This possibility, of course, remains to be seen; but this possibility does not preclude the need for sound international policy.

 

Featured image by Varsha Y S via Wikimedia Commons.

 

[*] J.D. Candidate, Belmont University College of Law, Class of 2018. First and foremost, it is with genuine appreciation that I thank Mr. James Toomey, Executive Editor for Online Content, and the Harvard National Security Journal Online, for their tireless work in ensuring this piece is in top shape for publication. Next, I would like to express my sincerest of gratitude to Professor Jeffrey Usman not only for his patience through the drafting process, but also his dedication to each and every student who seeks his guidance and direction. Moreover, my utmost thanks to Dr. Steve Robinson, Associate Professor of Physics at Belmont University, who provided a scientist’s eye in examining the quantum computer content, and to Mr. Nicholas Pleasant, who catapulted my legal research forward on international law and governance over cyberspace. Moreover, I would like to recognize my attorney-mentor, Mr. Scott Larmer, who steadfastly encouraged me to write on a legal topic that is technologically-forward and complimentary to my background. Lastly, I would like to thank Ms. Lauren Kisner and Mr. Robert Ketter, for providing meaningful and response feedback, when I needed it the most.

[2] See Idalia Friedson, The Quantum Computer Revolution Is Closer Than You May Think, National Review (May 2, 2017), http://www.nationalreview.com/article/447250/quantum-computing-race-america-can-win-must-keep-pushing-hard.

[3] See Amelia Heathman, Quantum Computing: the Most Exciting Thing in Computing Is Also the Most Terrifying, Verdict (July 21, 2017), https://www.verdict.co.uk/quantum-computing-the-most-exciting-thing-in-computing-is-also-the-most-terrifying/.

[4] Id.

[5] Tom Foremski, IBM Warns of Instant Breaking of Encryption by Quantum Computers: “Move Your Data Today,” ZDNet (May 18, 2018), https://www.zdnet.com/article/ibm-warns-of-instant-breaking-of-encryption-by-quantum-computers-move-your-data-today/.

[6] See id.

[7] See The race is on to dominate quantum computing, The Economist (Aug. 18, 2018), https://www.economist.com/business/2018/08/18/the-race-is-on-to-dominate-quantum-computing (“IBM led the way in 2016 with a 5-qubit computer and then a 20-qubit one in 2017 . . . Its latest ‘quantum processing unit’ (QPU), which was announced last November, has 50, one qubit more than Intel’s. Both were overtaken in March by Google’s Bristlecone, with 72 qubits.”); see also Arthur Herman, At Last America Is Moving on Quantum, Forbes (Aug. 20, 2018), https://www.forbes.com/sites/arthurherman/2018/08/20/at-last-america-is-moving-on-quantum/#2e8607005327 (“But a House bill and a White House proposal are signs that America’s political establishment is starting to get it: This is one high-tech race America can’t afford to lose.”).

[8] See Sabrina Dougall, IBM, Google and Intel jostle for quantum computing supremacy, Computer Bus. Rev. (Jan. 11, 2018), https://www.cbronline.com/news/ibm-google-intel-quantum-computing.

[9] See John Russell, House Passes $1.275B National Quantum Initiative, HPC Wire  https://www.hpcwire.com/2018/09/17/house-passes-1-275b-national-quantum-initiative/ (last visited Oct. 20, 2018).

[10] See Summary: H.R. 6227 – 115th Congress (2017-2018), Congress.gov, https://www.congress.gov/bill/115th-congress/house-bill/6227 (last visited Oct. 20, 2018).

[11] The bill provides the following allotment to the various organizations, who are to be members of the National Quantum Coordination Office: (1) $400 million for the National Institute of Standards and Technology (“NIST”) Activities and Workshops; (2) $250 million for the National Science Foundation (NSF) Multidisciplinary Centers for Quantum Research and Education; (3) $625 million for the Department of Energy (“DoE”) Research and National Quantum Information Science Research Centers See H.R. 6227, 115th Cong. (2018).

[12] See Aaron Stanley, Is the U.S. Getting Its Act Together on Quantum Computing?, Forbes (June 26, 2018), https://www.forbes.com/sites/astanley/2018/06/26/is-the-u-s-getting-its-act-together-on-quantum-computing/#b1cf1c6704f5.

[13] See Is China winning race with the US to develop quantum computers?, South China Morning Post (Apr. 9, 2018), https://www.scmp.com/news/china/economy/article/2140860/china-winning-race-us-develop-quantum-computers.

[14] Antonia Chayes, Rethinking Warfare: The Ambiguity of Cyber Attacks, 6 Harv. Nat’l Sec. J. 474, 478 (2015).

[15] Daniel J. Sherwinter, Surveillance’s Slippery Slope: Using Encryption to Recapture Privacy Rights, 5 J. on Telecomm. & High Tech. L. 501, 512 (2007).

[16] See id. (“[Encryption] is of critical importance as governments, companies, individuals, and others are increasingly in possession of data requiring protection. Moreover, no one wants their trade secrets, employee information, customer information, or other private data compromised.”).

[17] Id. (quoting Lawrence Lessig, Code: And Other Laws of Cyberspace 35 (1999)).

[18] See Gary C. Kessler, Basic Concepts of Cryptography, An Overview of Cryptography (last visited Aug. 11, 2018), https://www.garykessler.net/library/crypto.html#purpose.

[19] See id.

[20] See Oracle, Key Length and Encryption Strength, Sun Directory Server Enterprise Edition 7.0 Reference (2010), https://docs.oracle.com/cd/E19424-01/820-4811/aakfw/index.html.

[21] See Steven Alexander, How big is 2**128, The Bug Charmer (June 27, 2012), http://bugcharmer.blogspot.com/2012/06/how-big-is-2128.html.

[22] See GlobalSign, What is Public-key Cryptography (last visited Sept. 27, 2018), https://www.globalsign.com/en/ssl-information-center/what-is-public-key-cryptography/.

[23] See id.

[24] See id. (“It is computationally infeasible to compute the private key based on the public key.”).

[25] See Larry Hardesty, Beefing up public-key encryption, MIT News (Feb. 15, 2013), http://news.mit.edu/2013/beefing-up-public-key-encryption-0215 (“Most financial transactions on the Internet are safeguarded by a cryptographic technique called public-key encryption.”).

[26] See Jennifer Chu, The beginning of the end for encryption schemes? MIT News (Mar. 3, 2016), http://news.mit.edu/2016/quantum-computer-end-encryption-schemes-0303 (“[F]actoring large numbers is . . . devilishly hard.”).

[27] See id.

[28] Id.

[29] See generally Amit Hagar, Quantum Computing, Stanford Encyclopedia of Philosophy, http://plato.stanford.edu/entries/qt-quantcomp/ (last updated June 16, 2015).

[30] See Cason Schmit, Intellectual Property’s Upcoming Quantum Leap: Projecting the Future Challenges Facing Quantum Information Technology Through a Historical Perspective of the Computer Revolution, 95 J. Pat. & Trademark Off. Soc’y 271, 274 (2013).

[31] See generally Binary Code: Computer Science, Encyclopedia Britannica, https://www.britannica.com/topic/binary-code (last visited Jan. 28, 2018).

[32] Id.

[33] See Schmit, supra note 29, at 275.

[34] The superposition principle states that any classical wave or field can be in a state of superposition, where the total superposition can be reduced into more fundamental components (e.g., destructive interference). The superposition principle is especially curious in quantum mechanics because, unlike with classical waves, when measuring a quantum system’s state in superposition, the result “collapses” into a more fundamental state (i.e. “spin up” or “spin down”). See Hagar, supra note 28.

[35] See Jason Bloomberg, This is Why Quantum Computing Is More Dangerous Than You Realize, Forbes (Aug. 11, 2017), https://www.forbes.com/sites/jasonbloomberg/2017/08/11/this-is-why-quantum-computing-is-more-dangerous-than-you-realize/#203d4bd53bab.

[36] See id.

[37] Id.

[38] See id.

[39] See, e.g., Joshua Holden, How Classical Cryptography Will Survive Quantum Computing, Nautilus (Dec. 27, 2017), http://nautil.us/blog/-how-classical-cryptography-will-survive-quantum-computers (“[C]ryptographers aren’t just giving up. . . . Research is . . . being done into . . . systems running on ordinary computers but based on problems that are not in the hidden subgroup category. These problems involving solving systems of multivariable polynomials, finding the shortest distance from a point on an n-dimensional skewed grid of other points, and finding the closest bit of string to a set of other bit strings.”).

[40] Id.

[41] First PQC Conference, Nat’l Inst. of Standards and Tech., https://csrc.nist.gov/events/2018/first-pqc-standardization-conference (last updated April 19, 2018).

[42] Devin Powell, What is Quantum Cryptography?, Popular Science, https://www.popsci.com/what-is-quantum-cryptography (last updated Mar. 3, 2016).

[43] Id.

[44] Id.

[45] Powell, supra note 41.

[46] Sherwinter, supra note 14, at 531.

[47] See William Jackson, How Quantum Key Distribution Works, GCN (Oct. 29, 2013), https://gcn.com/articles/2013/10/29/how-quantum-key-distribution-works.aspx.

[48] Id.

[49] This phenomenon is more generally known as the “no-cloning theorem.” Id.

[50] Sherwinter, supra note 14, at 532.

[51] Bloomberg, supra note 34.

[52] Id.

[53] Scott J. Shackelford, From Nuclear War to Net War: Analogizing Cyber Attacks in International Law, 27 Berkeley J. Int’l L. 192, 193 (2009).

[54] Id.

[55] Id.

[56] Id.

[57] Distributed Denial of Service: Anatomy and Impact of DDoS Attacks, Kaspersky Lab, https://usa.kaspersky.com/resource-center/preemptive-safety/how-does-ddos-attack-work (last visited Oct. 20, 2018).

[58] Id.

[59] Id.

[60] Id.

[61] Will Hurd, Quantum Computing Is the Next Big Security Risk, Wired (Dec. 7, 2017),  https://www.wired.com/story/quantum-computing-is-the-next-big-security-risk/.

[62] Id.

[63] Id.

[64] Eric Boylan, Applying the Law of Proportionality to Cyber Conflict: Suggestions for Practitioners, 50 Vand. J. Transnat’l L. 217, 235 (2017).

[65] Chayes, supra note 13, at 510.

[66] Id.

[67] Tallinn Manual 1.0 on International Law Applicable to Cyber Warfare (Michael N. Schmitt, ed., 2013).

[68] Prior to its armed attacks, Russia implemented several cyberattacks to undermine Georgia’s limited internet infrastructure. Cyberattacks directed at Georgia included Distributed Denial of Service (DDoS) attacks, the redirection of Georgian internet traffic through Russian telecommunication firms, and malicious programs known as “botnets.” See John Markoff, Before the Gunfire, Cyberattacks, N.Y. Times  (Aug. 12, 2008), http://www.nytimes.com/2008/08/13/technology/13cyber.html.

[69] In an effort to drastically halt Iran’s ability to develop a nuclear weapon, the United State and Israel jointly developed a computer virus, known as “Flame,” in order to gather intelligence in preparation for cyber-sabotage. This cyber operation, conducted jointly by the CIA and Israeli military, introduced destructive software such as the “Stuxnet virus,” which caused major mechanical malfunctions in Iran’s nuclear enrichment equipment. This is believed to be one of, if not the first, cyber-sabotage campaigns by the United States. See Ellen Nakashima, Greg Miller & Julie Tate, U.S., Israel developed Flame computer virus to slow Iranian nuclear efforts, officials say, Wash. Post (June 19, 2012), https://www.washingtonpost.com/world/national-security/us-israel-developed-computer-virus-to-slow-iranian-nuclear-efforts-officials-say/2012/06/19/gJQA6xBPoV_story.html?utm_term=.3e457e43571d.

[70] Tallinn Manual 2.0 on the International Law Applicable to Cyber Warfare (Michael N. Schmitt, ed., 2017) [hereinafter Tallinn Manual 2.0].

[71] Id. at 2–3.

[72] Center for Strategic and International Studies, The Economic Impact of Cybercrime and Cyber Espionage, 3 (July 2013), https://csis-prod.s3.amazonaws.com/s3fs-public/legacy_files/files/publication/60396rpt_cybercrime-cost_0713_ph4_0.pdf.

[73] In comparison, CSIS estimates the costs of Maritime Piracy at 0.02% globally; Transnational Crime at 1.2% globally; Counterfeiting/Piracy at 0.89% globally; and Narcotics at 0.9% globally. It additionally estimates Pilferage at 1.05% in the United States and Automobile Accidents at 1.0% in the United States. Center for Strategic and International Studies, Net Losses: Estimating the Global Cost of Cybercrime, 11 (June 2014), https://www.sbs.ox.ac.uk/cybersecurity-capacity/system/files/McAfee%20and%20CSIS%20-%20Econ%20Cybercrime.pdf.

[74] See Oona A. Hathaway & Rebecca Crootof, The Law of Cyberattack, 100 Cal. L. Rev. 817, 882 n. 315 (2012) (“The White House predicts that a shared understanding about norms of acceptable cyber-behavior will bring ‘predictability to state conduct, helping prevent misunderstandings that could lead to conflict.’”) (quoting Office of the President, International Strategy for Cyberspace: Prosperity, Security, and Openness in a Networked World 9 (2011)).

[75] Memorandum from Gen. James E. Cartwright on Joint Terminology for Cyberspace Operations 5 (Nov. 2011), http://www.nsci-va.org/CyberReferenceLib/2010-11-joint%20Terminology%20for%20Cyberspace%20Operations.pdf.

[76] Hathaway & Crootof, supra note 73, at 826.

[77] See Tallinn Manual 2.0, supra note 69, at 416.

[78] Hathaway & Crootof, supra note 73, at 823.

[79] Id.

[80] See Chayes, supra note 13, at 482.

[81] See id. at 487.

[82] In fact, as Noah Simmons writes, cyberattacks essentially operate “out of the shadows,” with their “paths often being obscured through re-routed and masked IP addresses.” Noah Simmons, A Brave New World: Applying International Law of War to Cyberattacks, 4 J.L. & Cyber Warfare 42, 101 (2014).

[83] See id. at 100.

[84] See id. at 101.

[85] See id.

[86] Mathew J. Schwartz, Post-Quantum Crypto: Don’t Do Anything, Bank Info Security (Feb. 22, 2017), http://www.bankinfosecurity.com/quantum-crypto-dont-do-anything-a-9737.

[87] U.S. Representative Michael McCaul, Chairman, House Homeland Security Comm., Keynote Address at the RSA Conference (Feb. 14, 2017).

[88] See, e.g., Chayes, supra note 13, at 510 (“Efforts to institutionalize international cooperation are rudimentary.”).

[89] See Tallinn Manual 2.0, supra note 70, at 12.

[90] Id. at 11.

[91] Id. at 12.

[92] Id.

[93] See James M. Acton, Cyber Weapons and Precision-Guided Munitions, Carnegie Endowment for Int’l Peace (Oct. 16, 2017), https://carnegieendowment.org/2017/10/16/cyber-weapons-and-precision-guided-munitions-pub-73397 (“[T]he use of cyberspace for military purposes can confer potential tactical advantages to an attacker, including by further improving force exchange ratios, while placing few, if any, additional demands on the logistical network needed to supply frontline forces.”).

[94] See Major Arie J. Schaap, Cyber Warfare Operations: Development and Use Under International Law, 64 A. F. L. Rev. 121, 158 (2009) (“Some obvious benefits include less physical destruction, less cost than other types of traditional warfare, and the ability to still achieve the same results with less risk to military personnel.”).

[95] Id.

[96] Id.

[97] See North Atlantic Treaty Organization, Wales Summit Declaration, (Sept. 5, 2014), https://www.nato.int/cps/ic/natohq/official_texts_112964.htm (“Cyber attacks can reach a threshold that threatens national and Euro-Atlantic prosperity, security, and stability. Their impact could be as harmful to modern societies as a conventional attack.”).

[98] See Chayes, supra note 13, at 510.

[99] Tallinn Manual 2.0, supra note 69, at 1.

[100] See Chayes, supra note 13, at 512 (citing Press Release, European Commission, Great news for cyber security in the EU: the European Parliament successfully votes through the Network & Information Security (NIS) directive,  (March 13, 2014), https://ec.europa.eu/digital-single-market/en/news/great-news-cyber-security-eu-european-parliament-successfully-votes-through-network-information).

[101] See Chayes, supra note 13, at 512.

[102] See Press Release, European Union, Quantum Europe 2017: Towards the Quantum Technology Flagship,  (Feb. 2, 2017), https://www.eu2017.mt/en/Press-Releases/Documents/pr170217_EN.pdf.

[103] Tallinn Manual 2.0, supra note 69, at 75.

[104] See Treaty No. 185: Convention of Cybercrime, Council of Europe, https://rm.coe.int/CoERMPublicCommonSearchServices/DisplayDCTMContent?documentId=0900001680081561 (last visited Oct. 20, 2018); see also Arab Convention on Combating Information Technology Offences, League of Arab States, https://dig.watch/actors/arab-league (last visited Oct. 20, 2018).

[105] Id.

[106] Details of Treaty No. 185: Convention on Cybercrime, Council of Europe, https://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/185 (last visited Jan. 28, 2018) (“[The treaty’s] main objective, set out in the preamble, is to pursue a common criminal policy aimed at the protection of society against cybercrime . . . .”).

[107] See id.

[108] Id. (stating that the treaty will be enforced “especially by adopting appropriate [domestic] legislation and fostering international cooperation.”).

[109] Chayes, supra note 13, at 513.

[110] Tallinn Manual 2.0, supra note 69, at 360.

[111] See Chayes supra note 13, at 513.

[112] See ASEAN Convention on Counter Terrorism 7 (2012), https://asean.org/wp-content/uploads/sites/13/2012/05/ACCT.pdf.

[113] See Reese Nguyen, Navigating Jus Ad Bellum in the Age of Cyber Warfare, 101 Cal. L. Rev. 1079, 1098 (2013) (“Cyber attacks challenge traditional notions of warfare because, compared to traditional weapons, worms, viruses, and botnets may have a scope of impact that is potentially far broader; their effects may be highly unpredictable; their payload may often be reversible; and they may be difficult to attribute to a particular source.”).

[114] See id.

[115] Simmons, supra note 81, at 52 n. 26 (“The first Internet worm, the Morris worm, was intended to simply map out the scope of the Internet. Due to a coding error, it replicated much faster than anticipated and resulted in a DoS attack on the Internet . . . .”).

[116] See id. at 53.

[117] See id. at 54.

[118] See id. at 54 (“This approach would differentiate attacks carried out by viruses, worms, network intrusions, Distributed Denial of Service (DDOS), etc.”).

[119] Cf. id at 55 (“[T]echnology in the field of cyber-attacks is constantly changing, which poses a significant impediment to this type of framework. Were countries to pass a treaty condemning certain types of cyber weapons . . .  new technology and forms of cyber warfare could very well exist before ratification or execution.”).

[120] See Nguyen, supra note 112, at 1119 (“As the name suggests, the target-based view frames its legality analysis not around the instrumentality used to execute the attack, but around the status of the attack’s target.”).

[121] Id. (“Countries may define their own critical infrastructure in different ways.”).

[122] See Eric Talbot Jensen, Computer Attacks on Critical National Infrastructure: A Use of Force Invoking the Right of Self-Defense, 38 Stan. J. Int’l L. 207, 228 (2002).

[123] Id. at 1120 (“[B]y categorizing all cyber intrusions into critical infrastructure as acts of war, the target-based approach puts the United States at war with China, Russia, and a number of other countries that have already penetrated U.S. infrastructure systems for unknown purposes.”).

[124] Id. at 1122 (“[The effects-based approach] is the most widely accepted view.”).

[125] Id.

[126] Id.

[127] Id. at 1122.

[128] Id.

[129] The most prominent effects-based approach was offered by scholar Michael Schmitt, who recommended that a nation utilize the following six-criteria in analysis whether a cyberattack rises to the level of a use of force: (1) severity, (2) immediacy, (3) directness, (4) invasiveness, (5) measurability, and (6) presumptive legitimacy. See Michael N. Schmitt, Cyber Operations and the Jus Ad Bellum Revisited, 56 Vill. L. Rev. 569, 576 (2011).

[130] See Mary Ellen O’Connell, Cyber Security without Cyber War, 17 J. of Conflict & Security L. 187, 190–191 (2012) (“[I]nternational legal rules on the use of force, especially the rules on self-defense, raise important barriers to military solutions to cyber space problems. Indeed, the law of self-defense should have little bearing in discussions of cyber security.”).

[131] Id. at 190 (“Another apt analogy [to cybersecurity] is to the chemical sector. Chemicals are an indispensable part of everyday life in the 21st century, but chemicals can also be made into devastating weapons of mass destruction. To prevent this, the Chemical Weapons Convention prohibits the use and possession of chemical weapons.”).

[132] Chayes, supra note 13, at 497 (“Professor O’Connell’s suggested analogy to piracy [and chemicals] does not take account of the difficulties securing deep regulatory regimes.”).

[133] Mary Ellen O’Connell, Louise Arimatsu & Elizabeth Wilmshurst, International Law Meeting Summary: Cyber Security and International Law 9 (2012), https://www.chathamhouse.org/sites/files/chathamhouse/public/Research/International%20Law/290512summary.pdf.

[134] Id.

[135] Id.

[136] See, e.g., Chayes, supra note 13, at 518.

Share
Categories
Featured Features frontpage Intelwars Online

Intelligence Collection of the People, by the People and for the People: How Crowdsourcing the Detection of WMDs Could Change the Way We Protect Ourselves

[*]

Jonathan Fischbach[†]

Introduction: Widely Distributed Detection Systems (WDDSs)

On July 21, 2007, as part of a controlled experiment, a twenty-six year old male smuggled a source of radioactive Co-60 onto the campus of Purdue University in West Lafayette, Indiana.[1] The Co-60 source, stored in the subject’s backpack, was a radioactive isotope that could form the core of a radiological dispersal device, popularly known as a “dirty bomb.” Undetected, the subject concealed the backpack in a parking lot adjacent to a high-rise building in Purdue’s engineering complex.

Fifteen minutes later, the Indiana Department of Transportation (INDOT) was tipped to the presence of radioactive nuclear material on Purdue’s campus. INDOT deployed a team of agents to locate and recover the material, each equipped with a gamma-ray detection sensor attached to a cell phone. The cell phones were networked with a server that had previously analyzed gamma-ray detection data from Purdue’s campus to calculate a local radiation baseline.

As the INDOT team fanned across Purdue’s campus, the agents’ cell phones sent digital packets conveying the detected gamma-ray counts to the computer server. Patented image processing software run by the server projected a visual map that displayed in real time the deviation between the gamma-ray levels detected at each agent’s location and the previously determined radiation baseline. Within five minutes, the agents detected significantly elevated gamma ray levels. Two minutes later the team located the backpack, and safely secured the nuclear material. The whole INDOT operation lasted twelve minutes.

The success of this experiment heralds a new mode of intelligence collection in which data acquired jointly by government and non-government actors is aggregated and analyzed to swiftly locate a weaponized substance. This collection is enabled by means of a “widely distributed detection system” (WDDS), a term I coin to refer to an integrated network of individual devices with three features: (1) portable detectors capable of identifying and reporting the presence of hazardous nuclear, chemical, or biological material, (2) a central server that correlates real-time readings against historical baseline data to distinguish true threats from false positives, and (3) image processing technology that triangulates verified threat data to pinpoint the location of an illicit substance.[2]

Much of this technology exists. Physicists at Purdue University have developed a WDDS utilizing cell phones equipped with inexpensive gamma-ray sensors to detect nuclear radiation.[3] Notably, the correlation capability and image processing software patented as part of the Purdue WDDS is not limited to nuclear detection, but could be adapted to analyze samples of chemical or biological material. The most formidable hurdle that remains is engineering a portable sensor to detect weaponized chemical and biological agents. However, recent innovations in portable DNA sequencing and mass spectrometry portend the near-term prospect of cell phone-enabled biological and chemical analyses that could support a WDDS. A miniature DNA sequencer that plugs into a USB drive and generates real-time data is commercially available and widely used, and its manufacturer has announced a mobile-phone-based successor.[4] Newly innovated handheld mass spectrometers use a vacuum to sample ions directly from the air and provide chemical analyses in real time.[5] Smaller and more portable mass spectrometers could be developed in the near future, but even current models can be affixed to vehicles with adequate space and power capacity, including buses, fire trucks, ambulances, and many cars.[6]

This Article discusses the promise of WDDSs from the perspective of the American intelligence community (IC). First, I outline the technical and legal ways in which networked portable detection can augment existing intelligence capabilities and substantially diminish the threat of a WMD attack in America, particularly in densely populated areas targeted by hostile actors. Second, I illustrate how the government can nest WDDSs within legal and policy frameworks that protect the privacy and dignity of WDDS participants, and establish a blueprint for reconfiguring the IC’s strained relationships with the American public, building the foundation for future collaborations.

I. The Intelligence Advantages of WDDSs

As collection platforms, WDDSs are compelling because they excel in precisely the areas where traditional intelligence tools are least effective. First, the performance of a WDDS is optimized in regions of high population density—target rich environments for terrorists where intelligence leads can be difficult to operationalize. As the number of devices increases in a specific location, the cumulative data reported before an incident produces a more accurate baseline measurement, which then diminishes the probability of registering a false positive in that area. Should terrorists subsequently attempt to carry nuclear, chemical or biological material through congested space, the numerous portable detectors in proximity to the weapon would quickly alert the WDDS to the presence of the material and its location. Indeed, a well-subscribed WDDS would presumably deter hostile actors from even attempting to smuggle weaponized materials through populated areas, allowing the government to allocate additional resources to monitoring more remote targets. Though the precision and accuracy of detectors will improve over time, the sheer number of measurements reported in populated areas can statistically overcome minor errors in individual readings, such that WDDSs can function effectively even as detection technology continues to advance.

Second, WDDSs are uniquely capable of disrupting lone actor attacks and other homeland threats that are challenging for the government to track using traditional intelligence methods. In theory, a sophisticated syndicate could design and transport a WMD that leaves a light “physical trail” by minimizing the emission of trace substances. While such a weapon might be more difficult for a WDDS to identify, the effort to develop the WMD could create a significant “social trail” for the government to monitor—perhaps through communications among co-conspirators, money transfers, the sale and transport of component materials, or the travel of known weapons experts.[7] An attempted WMD attack by a lone actor may leave a comparatively light or indiscernible social trail, but a device configured without the aforementioned resources would likely generate a physical trail that could easily be identified by a WDDS, even in sparsely populated regions.[8] Thus the comparative advantage of WDDSs in detecting physical trails nicely complements the IC’s existing capability to monitor social trails; most plausible attack strategies would leave clues of one type or the other.

Third, WDDSs offer unique intelligence advantages in the immediate aftermath of an event. Though the primary objective of intelligence is to disrupt attacks before they occur, accurate intelligence in the seconds, minutes, and hours after a WMD attack can substantially reduce injuries and casualties by enabling first responders to identify and evacuate the zone of danger, and direct first aid to the subset of endangered individuals actually impacted by the attack. In a WMD attack, the dispersal of weaponized nuclear, chemical or biological agents would not be linear, uniform, or easily modeled, but would vary according to numerous factors that would be extraordinarily difficult to predict.[9] Traditional intelligence and law enforcement tools are designed to prevent mass casualty events, and lack the breadth or granularity to produce person-level impact data after an attack occurs. But WDDSs offer exactly these capabilities. Anyone carrying or transporting a personal detector in close proximity to an attack would report contemporaneous data that not only reflects the fact of their exposure to a toxic substance, but also quantifies the level of exposure. Collectively, data reported from the attack zone would reveal the origin of the event and the vectors of the substance released in the attack, thereby enabling informed first responders to divert people away from the known and projected dispersal path.

Finally, WDDSs allow the government to process information it probably could not collect unilaterally under the Fourth Amendment. Though the government enjoys some latitude to acquire environmental data in public places without a warrant,[10] the Supreme Court has expressed discomfort with warrantless monitoring of public areas that is pervasive or lengthy in duration.[11] In circumstances where the government identifies a prospective WMD threat but lacks probable cause to obtain a surveillance warrant, localized WDDS data reported voluntarily by private subscribers could fill an intelligence gap that might otherwise preclude the government from tracking a nascent but potentially dangerous subject. Far from an end-run around the Fourth Amendment, WDDSs embody the principle that when private parties willingly provide information to the government, the government’s use of that information does not offend the Constitution.[12]

II.    Building Public Support for WDDSs

In most contexts it would be foolish to ask individuals to voluntarily adopt a technology that enables the IC to access a continuing stream of data from their personal devices. Yet WDDSs offer a plausible argument for pioneering this novel and desirable arrangement. First, society does not recognize a fundamental right to conceal weaponized nuclear, biological or chemical material from the government. Configured properly, a WDDS would only record the levels of highly toxic nuclear, biological or chemical substances in a specific location at a particular time. Since little if any legitimate behavior is exposed by this data, the government’s acquisition and use of WDDS data would not chill the exercise of constitutionally protected freedoms.

Nor is it far-fetched to envision communities promoting WDDSs to local residents, particularly in areas that hostile actors are likely to target. A variety of personal motivations could catalyze grassroots support for WDDSs, including patriotism, civic responsibility, peace of mind, or even the economic benefit of owning property or operating a business in a locality secured by a reputably well-subscribed WDDS.

Finally, individuals could conclude that participating in a WDDS is in their self-interest. In the event of a nuclear, biological, or chemical attack, people in the vicinity of the attack with access to a networked portable detector will know definitively whether they have been exposed to radiation or a toxic substance, and their level of exposure. Even if the risk of an event is low, WDDSs provide comfort by reducing the likelihood of injury or emotional anguish resulting from insufficient information after an attack. Notably, the cost of participating in a WDDS—providing personal information to the government—is a price people routinely pay to enhance their probability of surviving an unforeseen event. Indeed, many individuals with diabetes, epilepsy, or uncommon food and drug allergies wear medical alert bracelets that disclose sensitive health information to first responders who may need to render assistance.[13] The intrusion from conveying non-biographic location and environmental data to the government is mild by comparison.

Notwithstanding these benefits, the prospect of using WDDSs to collect and aggregate environmental data evokes two serious misgivings. First, any technology used to link a personal device to a government server presents, at least in theory, a means for the government to obtain other information stored on, accessible through, or collected by that device. As the Supreme Court has observed, “[t]he sum of an individual’s private life” can be reconstructed through data procured from a cell phone.[14] Aside from information about the user, many personal devices have superior audio and video recording capabilities that can be used to monitor legitimate, constitutionally-protected activity that occurs within range of the device’s microphone or camera.

Second, as the government’s missions and surveillance tools evolve, many fear that advancing technology coupled with a heightened threat environment will inexorably lead to an omniscient monitoring capability that eliminates privacy in American society. From this perspective, even if a WDDS reports innocuous information that serves an important security purpose, any program that dramatically increases the volume of data gathered by the IC hastens the onset of a dystopia in which the government is irrevocably tangled in the private lives of its citizens.

These concerns are not a critique of WDDSs per se, but reflect deep-seated doubts about the IC’s capacity to self-regulate, honor boundaries, and tolerate reasonable risk in the service of cherished democratic values. To overcome these apprehensions and build the trust required for WDDSs to succeed, the IC must exercise three new muscle movements antithetical to the current culture of intelligence collection. First, the IC must formulate a legal framework for WDDSs that imposes ironclad constraints on the exploitation of WDDS data, and deputizes private actors to help enforce those requirements. Second, the IC must dispel its perceived ambition to terminally encroach on Americans’ privacy by enacting policies that not only clarify the limits of the government’s intelligence authorities, but go further to affirmatively demarcate the zone of activity where Americans can conduct their lives without fear of being surveilled. Finally, the IC must sustain an open dialogue with private constituencies through an outreach program that solicits and addresses public critique of the status quo. Each proposal is discussed below.

These challenges are daunting, but they present a golden opportunity for the IC to overcome the public’s current misgivings about domestic information gathering in a context where Americans would be favorably inclined to seek the security advantages of collaborating with the government. The success of this endeavor could transcend the emergence of WDDSs as a critical security shield, and allow the IC to reap substantial benefits from a generally improved relationship with the public.

A. A New Legal Approach to Accommodate Collaborative Intelligence Gathering

Until now, the IC has equated effective intelligence gathering with secrecy and obscurity. The legal framework initially developed to regulate intelligence collection was moored to an ideal of intelligence activity as a unitary executive branch function with minimal public profile. Over time, the IC has retreated from this standard in response to external pressure for increased accountability, or the need to engage other branches of government. For example, the intelligence abuses reported by the Church and Pike Committees in 1978 impelled Congress to enact the Foreign Intelligence Surveillance Act (FISA) in order to regulate electronic surveillance conducted in the United States.[15] However, the IC continued to resist congressional involvement in overseas intelligence collection until the late 2000s, when it asked Congress for a more efficient legal process to compel the private assistance required to intercept overseas communications traversing domestic telecommunications infrastructure (resulting in the FISA Section 702 program).[16]

Today’s IC is unquestionably more transparent than its predecessors. However, over the last four decades this change has been incremental, not transformative. The IC typically regards calls for increased oversight and accountability as potential losses to be minimized—not as a transactional exchange with the public that could yield operational benefits.

In hindsight, the legal structure erected to fortify the IC against public exposure has not always served the government well. The unauthorized Snowden disclosures in 2013 demonstrated that discrepancies between perception and reality in the realm of intelligence activity can lead to undesirable outcomes—there, policymakers compelled the IC to undertake reforms, but IC elements earned no commensurate credit or trust with the public by successfully meeting these new obligations.[17] Widespread concern that the Snowden leaks have eroded the norm of classified information remaining secret should reinvigorate the discussion of whether additional investments in transparency can mitigate the impact of subsequent leaks and rehabilitate the IC’s relationship with the public.

If these conditions empower the IC to barter a measure of secrecy for the efficacy offered by a collaborative intelligence venture, the legal protections required to spur public participation in WDDSs should be feasible for the government to implement. As illustrated by criticism of the former Section 215 bulk telephony metadata program and the recent debate over the reauthorization of FISA Section 702, the public’s comfort with intelligence collection appears to be a function of four factors. The first factor is whether the collection program is confined to the executive branch or regulated by multiple branches. The debate over Section 702 reauthorization reflected that while privacy and civil liberties groups contest certain elements of the Section 702 program, they at least implicitly acknowledge the benefits that should accrue from the congressional regulation and judicial review mandated by the FISA Amendments Act.[18] Significantly, discussions surrounding the Section 702 reauthorization process led commentators to propose similar reforms to executive branch collection programs that lack analogous oversight or judicial safeguards, noting that these programs engender less trust and support outside government.[19]

The second factor concerns who holds the data. Negative reaction to the revelation that the government acquired bulk telephony metadata under Section 215 of the USA Patriot Act induced Congress to replace the bulk metadata program with a more politically palatable regime in which private phone providers retain exclusive custody of telephony metadata, permitting government searches only pursuant to particularized orders from the Foreign Intelligence Surveillance Court.[20] Rational or not, the demise of Section 215 bulk collection underscores the reality that private companies are still seen as more trustworthy stewards of personal information than government agencies; it is hard to envision private parties voluntarily transmitting sensitive information to repositories accessible only to government personnel.

The third factor is whether the government must obtain consent to collect an individual’s personal information. With relatively little scrutiny the IC obtains information that individuals voluntarily provide to government agencies to receive many entitlements and services, including passports and visas, government benefits, and access to the financial system. Though it may be impractical to withhold this information from the government, collection programs acquiring only voluntarily disclosed information better empower individuals to manage their profile with the government and limit the risk that personal information in the government’s custody will be used to undermine the subject’s liberty or welfare.

Finally, there is the question of whether the government can use consensually collected information against the subject in criminal proceedings. Controlling exposure to the criminal justice system is a paramount concern of IC critics. While the Fourth Amendment significantly restricts the government’s acquisition of non-public information for law enforcement purposes, it affords fewer protections to information the government acquires consensually or pursuant to its foreign intelligence authorities. Hence, one of the most controversial elements of the Section 702 program is the government’s use of United States person information incidentally acquired without a warrant to support law enforcement activity.[21] Ultimately, WDDSs are unlikely to attract public support if individuals can incriminate themselves by voluntarily reporting detection data to the government.

Collectively, this analysis suggests a viable legal framework for WDDSs. To maximize the appeal of WDDSs, the IC should propose that Congress enact a statute to create and fund the WDDS infrastructure. This statute would legislate congressional oversight of WDDSs, and require that WDDSs host information in repositories that are maintained by private entities and accessible only to a limited group of trained government operators. The operation of this program would be regularly audited by a panel of overseers representing the government, private industry, and civil liberties organizations.

The panel would oversee compliance with four specific requirements. First, the government would be permitted to collect information only from individuals “opting in” to a WDDS, and subscribers could discontinue their participation at any time. Second, WDDSs would only collect a device’s geographic coordinates and detection readings; the law would expressly prohibit WDDSs from gathering any additional content, or any metadata identifying the reporting device. Third, the government would be barred from using detection reports to incriminate the person transmitting the data to the WDDS. Since anyone transporting WMD material would induce devices nearby to report the illicit substance, in practice this requirement would not hinder the government from prosecuting the perpetrator of a WMD attack using evidence gathered from other networked devices in the vicinity of the weapon. Finally, the panel would audit and investigate false positives generated by a WDDS in order to minimize government searches or seizures prompted by inaccurate reports.

B. Increasing Comfort with WDDSs through Strategic Policy Compromise

 Viewed in isolation, WDDSs operating within the legal constraints outlined above would minimally intrude on a participant’s privacy. Yet the public is unlikely to support WDDSs if the government’s acquisition of detection data could undermine civil liberties by amplifying in unpredictable ways the government’s existing surveillance capabilities. Unfortunately, the public is not well positioned to assess the marginal impact of WDDSs, because the IC has never meaningfully delineated the substantive parameters of its intelligence activities. While the IC’s surveillance authorities are bounded by the definition of foreign intelligence in FISA and Executive Order 12333, these definitions are so broad that to a lay member of the public they rule nothing out.[22]

Among the three primary attributes of intelligence collection—what is collected, how it is collected, and who is targeted—the importance of protecting the “how” and the “who” is intuitive and easy to justify, but ambiguity surrounding the “what” has less obvious tactical advantages, and profound social consequences. The government acknowledges in other contexts that members of vulnerable minority groups, or organizations that coalesce around unpopular viewpoints or lifestyles, are susceptible to the fear that broadly scoped intelligence authorities threaten their personal privacy and the integrity of their community.[23] These anxieties can chill the exercise of constitutional rights and freedoms and diminish the quality of life for many segments of the population that the IC must win over to develop a viable WDDS capability.[24] On the other hand, there is little evidence to suggest that a narrower and more precise articulation of the threats that drive intelligence collection would reduce the utility of the government’s surveillance authorities. Indeed, criminal wiretaps remain an effective law enforcement tool, even though the illicit activity that activates these authorities must be criminalized through laws crafted “with sufficient definiteness that ordinary people can understand what conduct is prohibited and in a manner that does not encourage arbitrary and discriminatory enforcement.”[25]

In 2014, President Obama issued Presidential Policy Directive 28 (“PPD-28”), a declaration of the objectives, principles and limitations governing the United States’ signals intelligence collection activities overseas.[26] PPD-28 is intended to reassure foreign governments, companies and citizens that the United States’ acquisition of overseas communications is not boundless or undisciplined, but reasonably calibrated to advance America’s national security interests without capriciously violating the privacy of foreign entities lacking constitutional rights or procedural recourse in America’s courts. It provides, in relevant part, that “[s]ignals intelligence shall be collected exclusively where there is a foreign intelligence or counterintelligence purpose to support national and department missions and not for any other purposes.”[27]

Though this excerpted language characterizes the United States’ national security mission at a high level of generality, as a whole, PPD-28 provides an apt framework for codifying strategic policy concessions to encourage participation in WDDSs. In essence, these concessions should restrict the availability of intrusive intelligence methods in circumstances where the use of surveillance tools may technically be legal, but their impact would be too corrosive to justify the expected intelligence gains. The ideal vehicle for these concessions is a new executive order or policy directive that parses the expansive definition of foreign intelligence in FISA and Executive Order 12333, and enumerates the protected activities and behaviors that fall either outside this definition or beyond the new policy limits promulgated by the President. Executed properly, this proclamation would reassure members of vulnerable communities that they will not be surveilled absent a strong, documented connection to a serious threat.

C.     Promoting WDDSs through Direct and Sustained Public Outreach

Even in an optimized legal and policy climate, the IC will need to successfully market WDDSs to parties outside the government, including minority groups and privacy advocates. Historically the IC has shown little enthusiasm for directly engaging the public, and lacks the outreach capability deployed by agencies in other sectors where public support is a more prized commodity. Perhaps this reticence reflects an assumption that the differences between intelligence agencies and privacy advocates are so foundational that outreach is unlikely to reveal common ground or produce tangible results. The IC might also resist public exchanges on intelligence matters because relevant information is often classified or sensitive, and counterparts may not be incentivized to handle such information with discretion.

What scant dialogue exists between the IC and the public is brokered by the Civil Liberties Privacy Officers (CLPOs) at IC components.[28] CLPOs are tasked with ensuring that IC components comply with the civil liberties and privacy protections codified in existing laws, regulations and policies. This approach misses the point. Public apprehension toward the IC is driven less by the IC’s failure to meet its current obligations than by a perception that those obligations are themselves insufficient. CLPOs removed from the operational activity at their components and positioned outside the decisional chain of command have limited means of instigating the change the public may demand as a condition of supporting WDDSs.

WDDSs alter the IC’s outreach calculation by reconceiving the public as a resource to develop, rather than an adversary to placate. This new dynamic mitigates the concerns that generally discourage the IC from proactively approaching the public. Since the WDDS concept and infrastructure are unclassified by their nature, the IC can describe and explain the initiative without restraint or fear of inadvertently disclosing non-public information. Additionally, WDDSs’ security benefits and limited intrusiveness offer a natural point of convergence and mutual interest to bridge the divide that separates the IC and its skeptics on other issues. Though advocates may be inclined to tie WDDSs to considerations surrounding more sensitive intelligence activities, an IC outreach team could lay the groundwork for more wide-ranging conversations through advance preparation and selective declassification of appropriate information.

This backdrop illuminates the contours of an effective outreach strategy to support WDDSs. First, the IC must establish a forum where public groups can engage an IC delegation in an atmosphere that nurtures honesty and trust. The IC’s outreach team should include representatives from a broad cross-section of the community who have extensive experience, relevant subject matter expertise, and substantial influence at their home agency. The membership of this team should remain stable over time to encourage cross-constituency relationships and partnerships. Finally, the outreach team should have a mandate to vet through IC leadership serious proposals emerging from this forum to strengthen privacy and civil liberties protections in IC programs.

Conclusion

Too often we in the IC bemoan the difficulty of executing our national security mission in a democracy. We cite the litany of advantages enjoyed by our adversaries operating in political structures where power is centralized, civil liberties are curtailed, communication channels are monitored, and the media and private industry act as organs of the government. This tilted playing field excites our fears, and foments doubt that democratic societies can remain secure.

The truth, however, is that America’s intelligence agencies have never in their history attempted to tap the most powerful resource unique to a democracy—its supporters. Swearing by secrecy as an article of faith, the IC blinds itself to the prospect of exponentially multiplying its intelligence capabilities by offering millions of people the choice to protect their democracy and way of life against catastrophic threats. The technology underlying WDDSs enables Americans to make this choice without betraying or sacrificing the rights and freedoms that distinguish us from our enemies. WDDSs only report the levels of nuclear, chemical, or biological agents in a specific location at a particular time. They are agnostic to the building blocks of a person’s private life—biographic information, biometric data, electronic accounts, communications content and metadata, social media activity, financial data, pattern of life, or any other identifying information.

Recent events offer a sobering reminder that traditional intelligence tools may be effective at anticipating attack plots, but they are not perfect. In July 2017, two men directed by ISIS attempted to create an improved chemical device to disperse “highly toxic hydrogen sulfide” in Sydney Airport.[29] Two months later, ISIS-inspired attackers detonated a “bucket bomb” at a London subway station, injuring twenty-nine people.[30] While the public demands an infallible capability to disrupt WMD attacks, this aspiration is unrealistic without a safety net that can secure through technical means the WMDs in our homeland that traditional intelligence tools fail to identify. Widely distributed detection systems may be the missing piece to a puzzle that has long vexed the government—but only if the IC can confront the modern WMD threat by learning to partner with the people it protects.

 

[*] The annual Galileo Awards competition, sponsored by the Office of the Director of National Intelligence (ODNI), solicits innovative proposals from Intelligence Community (IC) personnel to address a specific challenge identified by ODNI.  Submissions are judged by senior leaders in the IC.  Winners may be eligible to receive a cash award, and can apply for funding to implement their idea through a pilot program.  The theme for the 2017 Galileo Competition prompted participants to explore “the human factor” by considering how IC policies, practices and norms could be adapted to help the IC keep pace with continuously adapting adversaries.  This paper is one of two submissions selected as a 2017 Galileo Award winner.

[†] Jonathan Fischbach is an attorney for the United States government. The positions expressed in this article do not necessarily reflect the views of any agency for which he works, or the views of the United States.

“people walking on city street san francisco 01” by radcliffe dacanay is licensed under CC BY 2.0

 

[1] Telephone interview with Dr. Ephraim Fischbach, Professor of Physics, Purdue University (Aug. 5, 2017).

[2] For an example of a system that would qualify, see Ephraim Fischbach & Jere Jenkins, Radiation Detection: There’s an App for That, 68 Bull. of the Atomic Scientists, 63, 63–64 (2012).

[3] U.S. Patent No. 7,994,926 (issued Aug. 9, 2011).

[4] Liz Harley, Just a SmidgION: Oxford Nanopore Announce iPhone-Powered Sequencing, Front Line Genomics (May 27, 2016), http://www.frontlinegenomics.com/news/5452/just-a-smidgion-oxford-nanopore-announce-iphone-powered-sequencing.

[5] Dalton T. Snyder, et al., 88 Miniature and Fieldable Mass Spectrometers: Recent Advances, Analytical Chemistry, 2, 2–3 (2016).

[6] See Flir Systems, Inc., Flir Griffin G510 2 (2018) (describing a portable mass spectrometer that can run on 100–240 volts alternating current); Melissa Ng, Power of a Car Battery, The Physics Factbook (2001), https://hypertextbook.com/facts/2001/MelissaNg.shtml (describing car batteries as producing 12 volts direct current); Power a Laptop or TV with a Car Power Adapter, Family Handyman, (last visited Aug. 30, 2018), https://www.familyhandyman.com/electrical/power-a-laptop-or-tv-with-a-car-power-inverter/view-all/ (describing widely available $30-$50 car mounted power inverters “that take[] 12-volt direct current (DC) and change[] it to 120-vold alternating current (AC)”); see also Jeremy Laukkonen, The Right Car Power Adapter Can Juice Up Your Electronics On the Road, Lifewire (Mar. 10, 2018), https://www.lifewire.com/juice-up-your-electronics-on-the-road-534756 (describing the use of power adapters to power household electronics from a car battery); Jeremy Laukkonen, Understanding Car Power Inverters, Lifewire (Mar. 22, 2018), https://www.lifewire.com/what-is-a-car-power-inverter-534721 (same). Cf. Snyder, supra note 5, at 2 (“In order to be portable, the electronics [of a portable mass spectrometer] should be rugged, inexpensive, and designed to minimize power consumption, enabling operation from battery power.”).

[7] See generally K. Lee Lerner, Weapons of Mass Destruction, Detection, Encyclopedia.com (2004), https://www.encyclopedia.com/politics/encyclopedias-almanacs-transcripts-and-maps/weapons-mass-destruction-detection (discussing the process and challenges of detecting WMDs).

[8] See Ershad Sharifahmadian, Yoonsuk Choi & Shahram Latifi, Remote Detection of Weapons of Mass Destruction using Wideband Radar, 121 Int’l J. of Computer Applications 20, 20 (2015) (discussing the power and promise of methods to physically detect the presence of WMDs).

[9] See Fischbach, supra note 2, at 65 (“One of the important reminders of the Fukushima accident is that the fallout drifts are carried by winds that are essentially a turbulent fluid. The random settling of fallout from this turbulence creates many hot spots, which a mobile phone-based system could help pinpoint.”).

[10] See, e.g., United States v. Knotts, 460 U.S. 276, 281 (1983) (holding that the Fourth Amendment does not prohibit the government from tracking a defendant’s movement along public streets).

[11] See Richard M. Thompson II, Cong. Research Serv., R42511, United States v. Jones: GPS Monitoring, Property, and Privacy 7–11 (2012).

[12]   Significantly, the government’s passive receipt of WDDS data voluntarily provided by private citizens would not be considered a “search” for Fourth Amendment purposes.  See Apodaca v. New Mexico Adult Probation And Parole, 998 F.Supp.2d 1160, 1174 (D.N.M. 2014) (“A Fourth Amendment search occurs either where the government, to obtain information, trespasses on a person’s property or where the government violates a person’s subjective expectation of privacy that society recognizes as reasonable to collect information.”) (citing United States v. Jones, 565 U.S. 400, 409 (2012)). As described supra, a WDDS would only convey information transmitted directly to the government by individuals voluntarily opting into the WDDS.  Networked portable detectors do not report environmental data subject to a reasonable expectation of privacy; nor can this arrangement colorably be characterized as a trespass by the government. Cf. Carpenter v. United States, 138 S. Ct. 2206, 2220 (2018) (holding that the government’s review of defendant’s cell site location information was a Fourth Amendment search that required a warrant, even where this data was held by third party cell providers.  The Court reasoned that “in no meaningful sense does the user voluntarily assume the risk of turning over a comprehensive dossier of his physical movements.”) (quotations and alterations omitted).

[13] See S. Rahman, D. Walker & P. Sultan, Medical identification or alert jewellery: an opportunity to save lives or an unreliable hindrance? 72 Anaesthesia 1139, 1142 (2017) (noting that the global population served by UK medical alert bracelet manufacturer MedicAlert numbers in the “millions” worldwide); Susan Gilbert, Lifesaving Medical History Coming in a Flash, N.Y. Times (Aug. 21, 1996) (noting that medical alert bracelets were worn by five million people worldwide in 1996), https://www.nytimes.com/1996/08/21/us/lifesaving-medical-history-coming-in-a-flash.html.

[14] Riley v. California, 134 S.Ct. 2473, 2489 (2014).

[15] See Thomas Young, 40 Years Ago, Church Committee Investigated Americans Spying on Americans, Brookings (May 6, 2015), https://www.brookings.edu/blog/brookings-now/2015/05/06/40-years-ago-church-committee-investigated-americans-spying-on-americans/.

[16] See Chris Inglis & Jeff Kosseff, Hoover Institution, In Defense of FAA Section 702: An Examination of Its Justification, Operational Employment, and Legal Underpinnings 5–7 (2016), https://www.hoover.org/sites/default/files/research/docs/ingliskosseff_defenseof702_final_v3_digital.pdf; Radio Address by George W. Bush, President of the United States (July 28, 2007), https://georgewbush-whitehouse.archives.gov/news/releases/2007/07/print/20070728.html (“In his testimony to Congress in May, Mike McConnell, the Director of National Intelligence, put it this way: We are ‘significantly burdened in capturing overseas communications of foreign terrorists planning to conduct attacks inside the United States.’ To fix this problem, my administration has proposed a bill that would modernize the FISA statute.”);  FISA for the 21st Century: Hearing Before the S. Comm. on the Judiciary, 109th Cong. 2 (2006) (statement of Gen. Michael V. Hayden, Director, Central Intelligence Agency) (requesting and commenting on modernization of FISA); see also H. R. Rep. 95-1283, pt. 1, at 27-28 (1978) (“The committee has explored the feasibility of broadening this legislation to apply overseas, but has concluded that certain problems and unique characteristics involved in overseas surveillance preclude the simple extension of this bill to overseas surveillance.”); Foreign Intelligence Surveillance Act of 1978: Hearings Before the Subcomm. On Intelligence and the Rts. of Ams. Of the S. Select Comm. on Intelligence, 95th Cong. 47 (1978) (statement of Adm. Stansfield Turner, Director, Central Intelligence Agency) (“[A]s to the idea of broadening the provisions of the bill so as to make them applicable to electronic surveillance activities conducted abroad, I believe that such a step would be inappropriate and unwise.”)

[17] See Abigail Geiger, How Americans have viewed government surveillance and privacy since Snowden Leaks, Pew Res. Ctr. (June 4, 2018), http://www.pewresearch.org/fact-tank/2018/06/04/how-americans-have-viewed-government-surveillance-and-privacy-since-snowden-leaks/ (“Americans became somewhat more disapproving of the government surveillance program itself in the ensuing months, even after then-President Barack Obama outlined changes to the NSA data collection.”).

[18] See Jake Laperruque, How Congress Should Evaluate Section 702’s Security Value When Debating Its Reauthorization, Lawfare (June 16, 2017), https://www.lawfareblog.com/how-congress-should-evaluate-section-702s-security-value-when-debating-its-reauthorization (“Even Congress’ most vociferous privacy watchdogs . . . acknowledge the value of Section 702 and are not demanding its expiration.”); see also Laura K. Donohue, Section 702 and the Collection of Int’l Telephone and Internet Content, 38 Harv. J. L. & Pub. Pol’y 117, 150–152 (2015); Elizabeth Goitein & Faiza Patel, Brennan Center for Justice, What Went Wrong with the FISA Court 28 (2015).

[19]  See Timothy H. Edgar, Hoover Institution, Go Big, Go Global: Subject the NSA’s Overseas Programs to Judicial Review 8 (2016) (“Today, the only way to fully protect Americans’ privacy is to subject the NSA’s global programs of surveillance to the scrutiny of all three branches of government, which means subjecting them to FISA. One way to do this is suggested by the much maligned section 702 of FISA. A reformed section 702 of FISA could be the model for a new provision in title VII of FISA requiring authorization of the NSA’s global surveillance programs by the Foreign Intelligence Surveillance Court.”), https://www.hoover.org/sites/default/files/research/docs/edgar_webreadypdf.pdf.

[20] See Ewen MacAskill, The NSA’s bulk metadata collection authority just expired. What now?, The Guardian (Nov. 28, 2015), https://www.theguardian.com/us-news/2015/nov/28/nsa-bulk-metadata-collection-expires-usa-freedom-act.

[21] See Laperruque, supra note 15 “As I’ve written previously, the government’s ability to freely use Section 702 data to investigate any federal crime is a serious problem.”).

[22] See Mana Azarmi, Urgent Fix Needed: USA Liberty Act Needs to Better Focus Surveillance Under FISA 702, Ctr. For Democracy and Tech. (Oct. 20, 2017), https://cdt.org/blog/urgent-fix-needed-usa-liberty-act-needs-to-better-focus-surveillance-under-fisa-702/ (“[T]he problem remains that the definition of foreign intelligence information includes catchalls that allow the government to capture content merely related to ‘the conduct of the foreign affairs of the United States’ or to the ‘national defense or the security of the United States.’ This sweeps in a lot of innocent conduct.”).

[23] See The White House, Presidential Policy Directive 28: Signals Intelligence Activities (Jan. 17, 2014) [hereinafter PPD-28], https://obamawhitehouse.archives.gov/the-press-office/2014/01/17/presidential-policy-directive-signals-intelligence-activities (“[O]ur signals intelligence activities must take into account that all persons should be treated with dignity and respect, regardless of their nationality or wherever they might reside, and that all persons have legitimate privacy interests in the handling of their personal information.”).

[24] See Colin Moynihan, A New York City Settlement on Surveillance of Muslims, The New Yorker (Jan. 7, 2016), https://www.newyorker.com/news/news-desk/a-new-york-city-settlement-on-surveillance-of-muslims (“One lawsuit, filed in federal district court in Brooklyn by the American Civil Liberties Union and others, maintained that more than a decade of ‘suspicionless surveillance’ of Muslims had violated the Constitution and ‘profoundly harmed’ thousands of people whose names were placed in secret police files.”); see also Elizabeth Stoycheff, Under Surveillance: Examining Facebook’s Spiral of Silence Effects in the Wake of NSA Internet Monitoring, 93 Journalism & Mass Comm. Q. 296, 307 (“For the . . . majority . . . of participants, being primed of government surveillance significantly reduced the likelihood of speaking out in hostile opinion climates. . . . This is the first study to provide empirical evidence that the government’s online surveillance programs may threaten the disclosure of minority views and contribute to the reinforcement of majority opinion.”)

[25] Kolender v. Lawson, 461 U.S. 352, 357 (1983).

[26] See PPD-28, supra note 18.

[27] See id., at Sec. 1(b).

[28] See, e.g., U.S. Off. of The Dir. of Nat’l Intelligence, Intelligence Cmty. Directive 107, 2 (2018), https://fas.org/irp/dni/icd/icd-107.pdf; About CIA: Privacy and Civil Liberties at CIA, U.S. Central Intelligence Agency (Mar. 26, 2018, 7:05 p.m.), https://www.cia.gov/about-cia/privacy-and-civil-liberties.

[29] See Jacqueline Williams, Australia Details ‘Sophisticated’ Plot by ISIS to Take Down Plane, N.Y. Times (Aug. 4, 2017), https://www.nytimes.com/2017/08/04/world/australia/sydney-airport-terror-plot-isis.html.

[30] Sewell Chan, Patrick Kingsley & Ceylan Yeginsu, ‘Bucket Bomb’ Strikes London’s Vulnerable Underground, N.Y. Times (Sept. 15, 2017), https://www.nytimes.com/2017/09/15/world/europe/uk-london-underground-tube-explosion.html.

Share
Categories
Featured Features frontpage Intelwars Online

Not Your Grandfather’s Zone of Twilight: Civil Military Relationships in Debatably Legal Precision Strikes

Major Dan Maurer*

The disappearance of a sense of responsibility is the most far-reaching consequence of submission to authority. – Stanley Milgram[1]

Introduction

This spring, for the second time, President Trump ordered a precision air strike against another nation’s sovereign territory on the ground that it had used unlawful chemical weapons against its own civilian population, warranting a “strong deterrent” message to uphold international laws and norms.[2] He did so without the explicit authorization of Congress, acting only on his executive powers under Article II of the Constitution.[3] Moreover, his action was based on ill-defined and much debated principles of jus cogens norms and the evolving international legal standard that purports to authorize states to intervene in each other’s sovereign territory where such norms are threatened.[4] In short, Trump’s order operated in a legal grey area, both domestically and internationally, creating a novel challenge for military and civilian officers of the executive branch who are both required to execute the president’s lawful orders and sworn to uphold the Constitution and the laws of war.

When President Trump decided to strike Syrian territory this time, the United States, France, and Great Britain each contributed military force. This time, the use of force was met with Russian counter-rhetoric, calling it an “act of aggression” that is “destructive of the entire system of international relations,” because it lacked a United Nations Security Council mandate, was not self-defense under the meaning of the U.N. Charter, and had no support from any other corner of international law of armed conflict.[5] Moreover, whether President Trump had sufficient legal authority under U.S. law to order these strikes is strongly questioned by some while supported by others.[6]

More than the traditional jus ad bellum issues usually argued over, like proper authority, last resort, just cause, success probability, and macro-proportionality, decisions like this one raise another kind of legal and ethical challenge, a special case of tension that intensifies the already complicated challenges of American civil-military relations among presidents, Congress, and senior military officers. When a president orders the use of military force to strike an adversary’s strategic military capabilities with precision attacks, but does so based on “deeply rooted [American] historical practice,”[7] without reliance on traditional domestic and international legal authorities, senior commanders and the president’s principal military advisor must plan for and execute in a zone of twilight unforeseen even by Justice Jackson.[8]

Discussion among strategic level civil-military authorities, especially given the lack of concrete legal guidance, is characterized by what Eliot Cohen famously called an “unequal” dialogue, given that the President, of course, must always decide.[9] Emphasizing the significance of this dialogue between military and civilian decision-makers, Lieutenant General James Dubik, now an academic philosopher, has elevated what Cohen thought of as practical reality into a “Principle of Continuous Dialogue,” which serves as one of his five necessary pillars in a blend of jus ad bellum and jus in bello justification.[10] Or, in a similar context, what a lawyer would understand to be his or her dutiy to communicate with, and act with diligence for, the client.

Knowing that this dialogue between these unequal partners must happen is one thing; knowing what to say is another. What is the content of the dialogue—what questions should senior military agents ask of their senior civilian principals under conditions where jus ad bellum legitimacy is precariously perched? After all, the Department of Defense’s own Law of War Manual, reflecting US Government policy, has regarded the combination of just war principles, obligations under international treaties, and customary international law (most of it) to be binding on our decisions when, where, why, and how to use military force—irrespective of the reason, duration, tempo, scale, or means used.[11] What could or should the senior military advisor do, given both his subordination to civil authority and his intrinsic moral agency, if he receives unsatisfying answers, or no answers at all, to questions about the legitimacy of an operation? This article offers 13 generic questions that should outline the form and content of the dialogue. I do not imagine that they be used as a script for examination of the civilian decision-maker; rather, the answers to probing questions like these should help inform military and other decision-makers of their legal and ethical duties with respect to these sorts of “twilight” engagements. Absent answers to questions of this sort, it would be right to question whether the senior military agents are adequately following their own policies and rules, or communicating with their principal and exercising their implied duty of diligence—whether it be on behalf of the civilian administration or the public they defend.

This article is based on two assumptions about the legal framework in which this dialogue occurs, and which appear unlikely to change. First, I assume that American presidents will continue to exercise their war power muscle with foreign precision strikes absent explicit domestic or international authorization, based on reasons like those proffered by retired general and judge advocate Charlie Dunlap,[12] the Justice Department’s Office of Legal Counsel,[13] and the White House. Further, I assume that Congress will not intercede with any restraining or clarifying legislation. If these assumptions hold true, serious strategic concerns related to the amount of force, the duration of force, and—most importantly—the purpose of force will remain sources of friction in civil-military relationships. This friction potentially undermines the legitimacy of certain operations (and that of the actors involved) in the eyes of both the domestic and international public. In turn, a lack of legitimacy could contribute to the perception that two core legal principles of modern war, rooted in military doctrine, have been violated: that the use of violent force be indispensable (“military necessity”) as the only viable means left (a “last resort”), and be proportional in light of the objective (the universal “good” consequences outweighed the universal “bad” consequences of violent action).[14]

I. Questions Based on Principled Premises

In this Article, I propose a number of questions that might form the substance of the (hopefully) rich and meaningful dialogue that Cohen and Dubik, among others, advocate. I wish to emphasize that these thirteen questions implicate not only jus ad bellum (and some jus in bello) concerns, but also practical and legal considerations touching the Constitution, legislation, history, and political theory. Constitutionally, the President is the commander-in-chief of the armed forces, whether in peacetime, war, or some epoch in-between, and has independent (though not unfettered) discretion in foreign affairs and the use of military force.[15] Congress, too, has war-making powers, even if those powers are inconsistently used and have generally been relegated to budget, oversight, and confirmation hearings. On this front, Congress has a history of general acquiescence to presidents’ unilateral deployments of force when the engagements are expected to be “limited.”[16] The constitutional extent to which military leadership possesses independent decision-making authority (if any), and the legal relationship of military authority to the Executive and Legislative branches and the public is less clear.

This relationship, however, is not completely opaque. The Goldwater-Nichols Act created the office of the Chairman of the Joint Chiefs of Staff (CJCS), who serves as the primary military advisor to the President and Secretary of Defense, is the highest ranking military officer, and is responsible for helping mediate capabilities, resources, and plans among the various Combatant Commands.[17] The commanders of those Combatant Commands, in turn, are directly accountable for operations to the Secretary of Defense and the President. More fundamental than the organization command and control diagram, these military officers swear an oath to “support and defend the Constitution of the United States against all enemies, foreign and domestic . . . bear true faith and allegiance to the same . . . [and to] well and faithfully discharge the duties of the office.” Furthermore, the War Powers Resolution grants the President a modicum of unilateral authority with certain caveats.[18]

Moreover, historical patterns of practice have created some robust and predictable expectations where statutory and constitutional law is silent. For example, senior officers will obey lawful orders, resign under pressure,[19] or accept relief from command[20] without creating a panic of a pending coup d’état.

Similarly, at the senior strategic level, military officers do not, in fact, simply wait for orders and execute snappily without dissent, like well-trained Stormtroopers. Rather, political leaders have always relied on military leaders’ sound judgment based on technical expertise and experience, generating an unequal but continuous dialogue concerning the use of force. From Samuel Huntington, we know there ought to be at least some formal barrier between those responsible politically and those responsible militarily, with a traditionally high amount of discretion afforded to the military experts.[21] From Peter Feaver and others, an instructive way to think about the nature of the civil-military relationship is as that of a principal (civilian political leader) who relies upon specially-selected agents (senior military commanders or members of the Joint Chiefs of Staff) to carry out tasks that are beyond the technical capability or desires of the principal. [22]

From all of this, we can deduce three basic characteristics of the military-civilian relationship that shape the decision-making dialogue. First, senior strategic military and political leaders are separated—in terms of duty to serve the public—by a marginal difference of degree. Both seek to accomplish, ultimately, the same goal of lawful national security. Second, the relationship is fundamentally one of generalized, political authority over professional, ostensibly apolitical specialization. Finally, the military agent is expected to provide a trinity of services: advice (about how to employ military force), action (employing military force), and ability (advising and acting with a certain competence). These characteristics form the premises for these thirteen questions.

II. Thirteen Questions to Guide the Conversation

Before each question, I will first discuss the compelling concern—sometimes ethical, sometimes factual, sometimes legal, or all three—from which it follows.

1. First, it would be a contradiction in terms if “limited” operations the President may order solely under Article II authority could constitutionally last for an indefinite period. In order to properly judge the kind and tempo of force required, senior military leaders ought to know how long the civilian leadership anticipates the commitment will be. Both the jus ad bellum and jus in bello versions of proportionality are implicated here, for the amount of violence and damage inflicted is a partly a function of how long the thumb presses the trigger, not just what kind ammunition is fired. Therefore, the dialogue should include an answer to the question: What expectation does the President have for the duration of this use of force?

2. As President Trump once said of our forces in Afghanistan, field commanders are often given “total authorization.” Lest we face an egregious MacArthuresque interpretation[23] of that authority, military agents ought to know[24] whether they have independent discretion to escalate the battle where the initially intended results are usually quantifiable. The intended smaller scope of authority in these cases is not a set of handcuffs (especially where there is no constraining domestic authority); indeed, it still may be necessary to intensify and enlarge the scope of engagement as conditions on the ground evolve. But expansion risks exceeding the original scope and the original “just cause.” In other words, it is not enough to conclude that—in jus ad bellum terms—we had a high probability of success, or that we initially had the “right intention.” The question here is who has the authority to make decisions regarding the scope of the engagement. Will the combatant commander, or the relevant subordinate field commander, have independent authority to escalate, reduce, or terminate commitment of military force without prior authorization by, or notification of, the President and Secretary of Defense, collectively known as the National Command Authority?

3. Both the military agent and civilian principal must have a clear notion of where the scope of authority begins and ends. These questions might be considered applications of what Dubik calls the “Principle of Final Decision Authority.”[25] Given the technical acumen and experience residing with senior strategic military agents, civilian political leadership must rely in part on the actions of their experts. Because ultimate accountability, in a democracy, for the state’s use of armed force falls on the backs of civilians, the concern is how long of a leash ought to restrain the expert’s independent judgment. Two related questions, addressing this concern, might be: What military criteria, if any, justify a decision to escalate, and what are the criteria for reducing and terminating the use of force?

4. Next, we ask about justification. Borrowing from criminal law theories of punishment, is the military action intended to be a specific or a general deterrent? Is it incapacitation, meant to disable the adversary’s ability to continue doing what has earned our condemnation? Are the effects of the strike intended to be short term or is the incapacitation to be indefinite? Is the use of force basic retribution or retaliation (lex talionis), or a restoration (“restitution”) of some preferred status quo ante? Or is it more like “rehabilitation”—to alter the adversary’s behavior so that it will not want to engage in that wrong behavior again?

The principle of rational justification—the intent behind the use of force—gives the military planner more context from which to design the kind of force appropriate to the circumstances, just as a judge considers the various theoretical intents of the justice system when choosing to mete out a particular sentence. From the legal point of view, this analysis implicates both jus ad bellum principles of just cause and right intention, but also speaks to the principle of “proportionality”—that the degree of violence used should be proportional to the military objectives sought. At bottom this question reflects the wisdom of the adage “don’t take a butter knife to a gun fight,” and its converse, “don’t drop a bomb when a shovel will do just fine.” Beyond simply identifying a target (e.g., an individual, a weapons or command and control facility, base camp location, or force capability), what is the principle of rational justification for application of this military force?

5. Relatedly, the parties should have a meeting of the minds about what interests are at stake if no military action is taken. As described by President Trump, the second Syria strike was a manifestation of a “vital national interest”: “[t]he purpose of our actions tonight is to establish a strong deterrent against the production, spread and use of chemical weapons . . . [e]stablishing this deterrent is a vital national security interest of the United States.”[26] A vital national interest is something (physical or metaphysical) of extraordinary value to be protected—with violence and sacrifice if necessary; it cannot be one’s own use of the force justifying one’s decision to use that force. Therefore, it would not be sufficient in decision-making conversations to suggest that a military action advances a national interest. We need to know how and which one. Implying the jus ad bellum principle of just cause, the follow-up question ought to be: How does this principle of rational justification support a specific, articulable national interest?

6. But military action is never really one-sided (to paraphrase Clausewitz, it is a polarized wrestling match), nor does it occur in a geopolitical vacuum. This remains true even when we intend our application of force to be swift, localized, and overwhelming. Part and parcel of all military planning is the assessment of the enemy’s “most dangerous” and “most likely” courses of action, to consider how they will perceive our actions and are likely to respond. It is not enough to simply do this military calculation; the National Command Authority should explicitly acknowledge these risks and add to them its own analysis of the diplomatic, economic, and political consequences. While President John F. Kennedy once instructed his Joint Chiefs to be more than mere military tacticians and technical experts, the most appropriate use of this sprawling judgment is when both the agent and principal have this conversation, and the earlier the better.[27] In question form: For any principle of rational justification identified, has the National Command Authority anticipated and weighed the effects of likely adversary responses?

7. Of course, actions and reactions can have a long life-span. For lack of a better phrase, the parties, ostensibly aiming for “limited” and “brief,” would like to avoid “mission creep” or at least sense the areas in which it is likely to spawn. Though in some sense this is merely a practical problem, it nevertheless still implicates concerns over proportionality, right intention, and just cause. In other words, is it possible to forecast plausible scenarios in which our use of force has strayed too far from the original intention and the just cause, and—as a consequence—risks being a disproportionate response? Of those anticipated adversary responses, which of them require (or imply) additional U.S. military presence, force, or other action beyond that which is needed for current proposed operation?

8. Part mission creep-avoidance and part good neighbor-conduct, the President must determine where the agent’s responsibility ends. Unlike an attorney consulting with others in his firm about his client’s case, the military practitioner has no such freedom to maneuver unless granted such freedom by the civilian administration which is ultimately responsible for our foreign relations. A commander should therefore be able to answer: To what extent may the military commander responsible for execution of military operations notify, consult with, or advise ally or partner nation military counterparts?

9. But it is not only with other nations’ military leaders that soldiers may interact. During the American Civil War, Congress regularly called serving officers to testify about battles and campaigns recently fought, [28] imposing an incalculable cost in time and distraction and forcing opportunities to create rifts (or widen existing ones) between the commander-in-chief and his field generals.[29] Of course, the President’s prerogative to expect that confidential or classified discussions will remain so is balanced against the officer’s oath to support the Constitution and rule of law, in a system where Congress must be informed of national military strategy and resource requirements.[30] Because it is a delicate and often contentious matter of balancing candor (to Congress and the public) against fidelity (to the office of the President), the senior military leadership must know the depth and breadth of its authority to communicate with Congress, case-by-case. Therefore, to what extent may the military commander or CJCS notify, consult with, or advise individual members of Congress, congressional committees or subcommittees about the planning and execution of this operation (before, during, or after it concludes)?

10. Again concerned about the proper balance between candor and confidentiality, communication about the use of force extends beyond Pennsylvania Avenue and Capitol Hill. Does the President want uniformed leaders available to sit before Sunday morning political talk show hosts, or to tweet to the public? Prudence suggests that the military agent and civilian principal have a meeting of the minds about: to what extent may military commander or CJCS notify or communicate with the public about this operation via media?

11. In highly contentious situations like the second Syria strike, or other forms of limited U.S. military intervention, initial claims of legal authority by the Executive may face a strong cross-examination both domestically and internationally. General Dunlap has suggested that, beyond satisfying a vital national interest, President Trump’s strike decision was lawful because: (1) the act was “brief and limited,” (2) Congress has not previously acted to restrict his authority to direct such attacks for such purposes, and (3) the act is a continuation of precedent that has created a “hybrid” norm of international law combining elements of reprisal, jus cogens, and hostis humani generis (when the fact pattern involves the “virtually universally prohibited weapon of mass destruction [] used against civilians”).

Unfortunately, and as General Dunlap knows well, that vaulted status of precedent is not meaningfully or universally enforced in international law. Nor does “precedential” mean “sacrosanct.” Neither “brief” nor “limited” are defined legal terms, and are unhelpful to planning where applied retroactively. Finally, Congress’s inaction to date does not necessarily imply acquiescence henceforth (though the Supreme Court does give this fact some weight[31]). The urgency of the moment is often an available justification for expansion of presidential power in the face of congressional passivity.[32] But these justifications are not permanent restraints on congressional confrontation. If General Dunlap’s criteria are to be guideposts for commanders and factors to consider in a legal analysis, the answers to these thirteen questions ought to further refine what it means to be “brief and limited,” whether the act does in fact represent a continuation of good precedent, and whether Congress has constrained or enabled the President’s unilateral discretion and command (or could be expected to), all of which military leaders must be assured to warrant the performance of their duties when the President acts without external legal justification. What diplomatic and/or political-centric efforts will be made to secure non-Article II legal legitimacy for current or future military action?

12. It is an essential task for a military leader when advising his or civilian principal to move the dialogue back to the gritty, painful reality of combat, even where it appears clean and surgical. Merely presuming that the President prefers low risk operations across the board, while surely sensible, is insufficient. Before having military options placed on the table, presidents ought to define their anticipated cost in lives and treasure, both our own and that of the intended target. At least for the second part, this question would help better clarify potential challenges on grounds of jus ad bellum “probability of success” and jus in bello concerns for distinction between combatant and non-combatants, limitation of unnecessary collateral damage (micro-proportionality), and prevention of unnecessary suffering. Therefore, what is the President’s expectation for a) the risk to U.S. forces (in terms of materiel and personnel) and b) the risk of non-combatant collateral damage?

13. A final question once more addresses the scope of the military agent’s responsibility and authority—at what point is she alone expected to publically describe and explain the action? To what extent does the President desire the military itself to describe its own use of force? The answer to this question may have implications for the degree of trust (and therefore confidence) the public is able to sustain in the leadership of its Armed Forces, especially if the timing of that communication leads to inconsistencies between the military’s messages and those of the White House. When will the President expect the military to provide the public and/or Congress an explanation for, and description of, the use of this force—before, during, or after its application?

Does answering thirteen questions seem unreasonable or implausible? Given the stakes involved—to American foreign policy, to legal legitimacy, to public support, to the actual risk of lives and property overseas—I think this is not too much to ask. These questions, however they may be answered, can address three primary concerns inherent in the use of force where jus ad bellum legitimacy is questionable. To loosely borrow a concept from fiscal law, the answers to these questions speak to Purpose, Time, and Amount.[33] What purpose drives the use of this force? How much time do we need to use force to achieve that purpose? What kind and amount of force achieves that purpose in that time? In other words, what makes the engagement “brief and limited?”

III. Consequences: an Articulable Basis for Dissent?

Does not answering some or all of these questions grant the strategic military leader freedom to exercise principled dissent?[34] Or might that inability or reticence even establish the conditions by which a duty to dissent is created? On the one hand, a strategic military leader may think that this inability or reticence is a prima facie signal that the decision to use force is probably unlawful, not just a bad idea. In such a scenario, the question of whether one should continue participating in that dialogue and enabling the political decision to use force is not one of virtuous “principled dissent” at all—it is simply the officer’s duty to not follow an illegal order.

Unfortunately, two facts suggest that such a black and white dilemma is unlikely. First, I hoped to convey that this unequal dialogue (at least in the particular kind of scenario suggested by the second Syrian strike) involves a substantial number of questions, and probably even more derivative questions. In other words, the scope of considerations coupled with the bureaucratic and interpersonal dynamics of the key players make this an exceptionally complex space. Second, I hoped to convey that there is almost certainly no textbook “right” or “wrong” answer to any of the questions. The problem is inherently “wicked.”[35] There is, therefore, a better-than-negligible possibility that a senior officer could conclude the decision is probably lawful, but morally questionable. This is where the issue of “principled dissent” does surface.

Regrettably, the “protected space”—or circumstances—in which that surfacing happens is by no means universally marked.[36] Though he speaks more about the manner in which a senior officer could manifest his or her dissent, Marine Lieutenant Colonel Andrew Milburn  controversially suggested that the reason for dissenting involves a kind of proportionality analysis: it is right to disagree, and disobey if ignored, when the order is immoral, where immoral means “that [it] is likely to harm the institution writ large—the Nation, military, and subordinates—in a manner not clearly outweighed by its likely benefits.”[37] But Milburn does not discuss on what grounds that reasoning is supported. The answers to the sort of questions I have offered might be worth examining as those potentially cogent, acceptable, and legally-justifiable grounds for dissent. If they do offer that sort of value, it would significantly reduce the danger that dissent or disobedience (say, through resignation) is publically perceived as a disrespectful slap in the face of civilian control of the military, or some sort of existential threat to democracy based on the military leader’s political preferences or personality biases.

Peter Feaver has argued against the use of resignation as a means for military officers to register dissent with the decisions of their civilian superiors:

Resignation in protest is a public political act of defiance against a sitting commander in chief, and its intended result is to produce a political crisis that paralyzes and perhaps reverses the trajectory of a president. To be fair, such a political crisis would not be tantamount to a coup, but it could be a civil–military clash of considerable consequence.[38]

Feaver’s description would indeed result in a perverse perception of the military’s relationship to civilian authority, but is not an inevitable consequence of resignation. Rather, where the public views the act of resignation as executed on the basis of coherent principles outlined ex ante, it would be more likely to view it favorably. The conscious act of asking and answering these thirteen questions may save not only the senior military leader’s conscience but also the moral legitimacy of the military itself from that leader’s choice as a moral agent to disobey, publically dissent, or resign in protest.

Deeper study is needed, but we might say with reasonable confidence that without answers to these thirteen questions, entering into this zone of twilight should be considered high risk (from both a restraint and legitimacy point of view), regardless of how many allies or partners are along for the ride. Where there is no domestic or international legal authority beyond Article II for a given military action, the senior military officer is caught between a duty to the law (including international law of armed conflict) and following the orders of the commander-in-chief under the essential justification “because I, the President, said so.”

The substantive dialogue in this Q&A permits both civilian and military leaders to read clearly from the same page inside the zone of twilight created by precision military strikes absent explicit legal justification. Indeed, it will help maintain shared expectations and improve the quality of expert planning, the depth of the civilian judgment, and the trust between civilian and military authorities as they design, plan, and execute the strike. Most importantly, though, this dialogue represents the tacit acknowledgement that the legitimacy of a military operation (whether wholly legal, wholly public, or a bit of both) is important enough to worry about, and that its absence yields more questions than answers.

 

“F15 Fighter Jet Belly” by TheBusyBrainis licensed under CC BY 2.0

*Dan Maurer is an active duty Army lawyer and Non-Resident Fellow at West Point’s Modern War Institute. As a combat engineer officer, he deployed to Iraq as a platoon leader; later, he was the first judge advocate selected to serve as a Fellow on the Army Chief of Staff’s Strategic Studies Group. His scholarly interests gravitate toward strategic civil-military relationships, and has authored Crisis, Agency, and Law in U.S. Civil-Military Relations (Palgrave MacMillan, 2017), a chapter about the subject in Strategy Strikes Back: How Star Wars Explains Modern Military Conflict (Potomac Books, 2018), and a forthcoming article suggesting some amendments to the Goldwater-Nichols Act in volume 10 of Harvard National Security Journal. Major Maurer has guest lectured at the United States Military Academy and the Royal United Services Institute (RUSI) in London, and has published at Small Wars Journal, Military Review, Lawfare, and in several leading specialty law reviews on criminal procedure and dispute resolution subjects. He has practiced as a military prosecutor, appellate counsel, senior legal counsel to a brigade deployed in Iraq, as the Chief of Military Justice for a large Midwestern installation, and currently serving in Italy as a Chief of Operational Law. These views do not represent the positions of the Army Judge Advocate General’s Corps, the Department of the Army, or Department of Defense.

[1] Stanley Milgram, Obedience to Authority 8 (2009).

[2] Eline Gordts & Willa Frej, Trump Orders Strikes On Syria In Retaliation For Chemical Attack, HuffPost (Apr. 13, 2018, 9:04 PM), https://www.huffingtonpost.com/entry/trump-strikes-syria-retaliation-chemical-attack_us_5acc7508e4b07a3485e7e642?guccounter=1.

[3] See id.

[4] See Charlie Dunlap, Do the Syria strikes herald a new norm of international law? Lawfire (Apr. 14, 2018), https://sites.duke.edu/lawfire/2018/04/14/do-the-syria-strikes-herald-a-new-norm-of-international-law/.

[5] Statement by Vladimir Putin, President, Russian Federation (Apr. 14, 2018), http://en.kremlin.ru/events/president/news/57257.

[6] Compare, e.g., Jack Goldsmith & Oona Hathaway, Bad Legal Arguments for the Syria Airstrikes, Lawfare (Apr. 14, 2018, 1:54 PM),  https://www.lawfareblog.com/bad-legal-arguments-syria-airstrikes with Charlie Dunlap, Yes, There Are Plausible Legal Rationales for the Syria Strikes, Lawfare (Apr. 14, 2018, 9:00 AM), https://www.lawfareblog.com/yes-there-are-plausible-legal-rationales-syria-strikes.

[7] Apr. 2018 Airstrikes Against Syrian Chemical-Weapons Facilities, 2018 WL 2760027 (O.L.C. May. 31, 2018), at 1, https://www.justice.gov/olc/opinion/file/1067551/download.

[8] See Youngstown Sheet & Tube Co. v. Sawyer, 343 U.S. 579, 637 (1952) (Jackson, J., concurring).

[9] See Eliot A. Cohen, Supreme Command: Soldiers, Statesmen, and Leadership in Wartime 12 (2002); see also generally Eliot A. Cohen, The Unequal Dialogue: The Theory and Reality of Civil-Military Relations and the Use of Force, in Soldiers and Civilians: The Civil-Military Gap and American National Security 429 (Peter D. Feaver, Richard H. Kohn eds., 2001).

[10] See James M. Dubik, Just War Reconsidered: Strategy, Ethics, and Theory 138 (2016).

[11] See U.S. Dep’t of Defense, Office of the General Counsel, Law of War Manual 8–15 (2016), https://www.defense.gov/Portals/1/Documents/pubs/DoD%20Law%20of%20War%20Manual%20-%20June%202015%20Updated%20Dec%202016.pdf?ver=2016-12-13-172036-190.

[12] Dunlap, supra note 4.

[13] Steven Engel, Dep’t of Justice, Office of Legal Counsel, Memorandum Opinion on April 2018 Airstrikes Against Syrian Chemical-Weapons Facilities (2018), https://www.justice.gov/olc/opinion/file/1067551/download.

[14] See Law of War Manual, supra note 11, at 41–42 (discussing jus ad bellum principles of “necessity” and “proportionality”).

[15] See U.S. Const. art. II. For scholarship illustrative of the breadth of disagreement over the scope of the President’s powers, compare Lawrence Lessig & Cass Sunstein, The President and the Administration, 94 Colum. L. Rev. 1, 1 (1994) (arguing that the “unitary executive” theory of presidential power is “just plain myth”) with Steven G. Calabresi & Saikrishna B. Prakash, The President’s Power to Execute the Laws, 104 Yale L. J. 541, 550 (1994) (countering that “the originalist textual and historical arguments for the unitary Executive, taken together, firmly establish the theory”).

[16] See U.S. Const. art. I; see also Youngstown Sheet & Tube Co., 343 U.S. at 610 (Frankfurter, J., concurring) (“The powers of the President are not as particularized as those of Congress.”).

[17] See 10 U.S.C. §§ 152, 153.

[18] See 50 U.S.C. § 1541.

[19] See, e.g., Eun Kyung Kim, McChrystal on resignation: ‘I wanted to stay in the job’, Today (Oct. 14, 2016), https://www.today.com/news/mcchrystal-resignation-i-wanted-stay-job-1B7854301.

[20] See Matthew Moten, Presidents & Their Generals: An American History of Command in War 227–70 (2014).

[21] See Samuel P. Huntington, The Soldier and the State: The Theory and Politics of Civil-Military Relations 83–85 (1957); see also Cohen, Supreme Command, supra note 9, at 7–8.

[22] See generally Peter D. Feaver, Armed Servants: Agency, Oversight, and Civil-Military Relations (2003); Daniel Maurer, Crisis, Agency, and Law in US Civil-Military Relations (2017). For a cogent criticism of the micro-economic agency modeling of these relationships, see Dubik, supra note 10, at 61–69.

[23] See William Manchester, American Caesar 758–59 (1978); H.W. Brands, The General vs. The President: MacArthur and Truman at the Brink of Nuclear War 335, 348 (2016).

[24] See Dan Maurer, Meeting of the Minds: How Presidents and Generals Stake out Their Territory, Lawfare (May 18, 2017), https://www.lawfareblog.com/meeting-minds-how-presidents-and-generals-stake-out-their-territory.

[25] See Dubik, supra note 10, at 149–50.

[26] Gordts & Frej, supra note 2 (embedded video).

[27] Memorandum from John F. Kennedy, President of the United States, to Lyman Louis Lemnitzer, Chairman, Joint Chiefs of Staff, on Relations of the Joint Chiefs of Staff to the President in Cold War Operations (National Security Action Memorandum 55) (June 28, 1961),  https://www.jfklibrary.org/Asset-Viewer/sjtthyMxu06GMct7OymAvw.aspx.

[28] See generally, e.g., U. S. Congress, Report of the Joint Committee on the Conduct of the War (1865), https://archive.org/details/reportofjointcomm01unit.

[29] See Doris Kearns Goodwin, Team of Rivals: The Political Genius of Abraham Lincoln 425–26 (2006).

[30] See 10 U.S.C. § 153(b)(3).

[31] See Dames & Moore v. Regan, 453 U.S. 654, 686 (1981) (“Past practice does not, by itself, create power, but ‘long-continued practice, known and acquiesced in by Congress, would raise a presumption that the [action] had been [taken] in pursuance of its consent.’”) (quoting United States v. Midwest Oil, 236 U.S. 459, 474 (1915)).

[32] See Peter M. Shane & Harold H. Bruff, Separation of Powers Law: Cases And Materials 830 (2d ed., 2005).

[33] See generally U. S. Gov’t Accountability Off., Off. of Legal Couns., Principles of Fed. Appropriations L. 2-1–2-92 (4th ed., 2016).

[34] For background on the concept of principled dissent, see generally Andrew R. Milburn, Breaking Ranks: Dissent and the Military Professional, 59 Joint Forces Q. 101 (2010), http://www.dtic.mil/dtic/tr/fulltext/u2/a536591.pdf.

[35] See T.C. Greenwood & T.X. Hammes, War planning for wicked problems, Armed Forces J. (2009), http://armedforcesjournal.com/war-planning-for-wicked-problems/ (“There is increasing awareness within the Defense Department that wars are interactively complex or ‘wicked’ problems.”).

[36] See Don M. Snider, Strategic Insights: Should General Dempsey Resign? Army Professionals and the Moral Space for Military Dissent, Strategic Stud. Inst. (Oct. 21, 2014),  https://ssi.armywarcollege.edu/index.cfm/articles/Should-General-Dempsey-Resign/2014/10/21 (But [the legitimate space of military dissent] is a narrow [one], indeed. Knowing with certitude which acts fall in this narrow space will never be easy.”).

[37] Milburn, supra note 35.

[38] Peter D. Feaver, Resignation in Protest? A Cure Worse Than Most Diseases, 43 Armed Forces & Soc. 29, 32–33 (2016).

Share
Categories
5G CFIUS Featured Features frontpage Intelwars International Trade Mobile Networking Online

5G, Standard-Setting, and National Security

Eli Greenbaum*

Introduction

Anxieties about 5G—the soon-to-be-deployed[1] fifth generation mobile networking standard—are playing a starring role in national security debates. This next-generation technology promises faster speeds and more stability than existing telecommunication networks and is expected to facilitate revolutionary technologies such as autonomous vehicles and smart electricity grids.[2] Indeed, because of these opportunities, the Trump Administration’s 2017 National Security Strategy established a clear goal of deploying “secure 5G Internet capability nationwide.” On the other hand, inadequately secured 5G could leave critical infrastructure vulnerable to hostile exploitation. In early 2018, a leaked proposal revealed that the Administration had been considering the extreme step of nationalizing the country’s 5G telecommunications network in order to counter security concerns about Chinese technology.[3]

Similar national security concerns also featured prominently in the March 12, 2018 presidential order prohibiting Broadcom’s proposed $117 billion takeover of Qualcomm. That prohibition was recommended by the Committee on Foreign Investment in the United State (CFIUS), an interagency committee established to monitor the national security implications of foreign investment.[4] CFIUS explained its reasoning in a letter to the parties which shed some light on the committee’s normally secretive deliberations.[5] The letter cited several concerns, including worries that the proposed takeover could result in decreased R&D spending, unease with Broadcom’s ties with foreign parties, and alarm regarding the potential disruption of supply relationships with the United States government. In addition, CFIUS asserted that the proposed takeover could adversely affect national security by leading to Chinese “dominance” of the international 5G standard-setting process.[6] The letter described in an ominous tone how Chinese companies have “increased their engagement” in the standardization process and upped their investment in 5G research and development. Omens of this struggle for 5G were seen in the considerable number of Chinese-owned patents covering 5G technology.

While the other national security concerns raised by CFIUS may be legitimate, this Article argues that those associated with dominance of the international standard-setting process are not. First, I point out that concerns regarding international standard-setting buck steady United States policy across administrations. Second, I argue that characterizing Chinese participation in the international standardization process as a threat to national security is counterproductive to American interests. Finally, I question whether Chinese ownership of patents essential to 5G technology should be characterized as an issue of national security at all.

The United States has consistently supported transparent international standard-setting processes, based on well-articulated economic and trade objectives. The United States has always been aware of the risks associated with standard-setting, but has taken an active role in supporting processes designed to mitigate those concerns. The CFIUS letter retreats from such policies and makes no effort to explain why. The letter expresses quick concern for the national security consequences of Chinese “influence” or “dominance” over standard-setting, but fails to explain either how existing standards processes could succumb to Chinese sway or how such power could be exercised to undermine national security. As this Article shows, there are compelling motivations for the country’s existing policies on international standard-setting, and the CFIUS letter does not offer any justification for changing this direction.

I. Standards and International Trade

Mobile networking standards are developed mainly by voluntary international organizations. A good part of such 5G standards, for example, will be hammered out by members of the Third Generation Partnership Project (3GPP), an umbrella standards group that also shaped the prior generations of cellular technology. 3GPP provides an international forum to discuss developing standards and (ideally) converge on the best technical solutions for designing the technology. Participants in the 3GPP process include private firms and other stakeholders, such as government bodies and research organizations.[7] Each entity participates in the process through a regional standards organization—many Chinese firms, for example, participate through the China Communications Standards Association (CCSA). Discussions and negotiations among this varied membership aim at establishing common technical specifications for communication networks.[8] These shared standards allow for global interoperability across different networks and devices.

In recent years, China has made a concerted effort to increase its engagement with the international standards process.[9] Indeed, the United States has historically urged China to participate in such international efforts, including as part of China’s obligations under international law. Such legal obligations include the WTO Agreement on Technical Barriers to Trade (the TBT Agreement),[10] with which China agreed to comply when it acceded to the World Trade Organization (WTO) in 2001.[11] The multilateral TBT Agreement aims at ensuring that national standardization efforts and associated activities do not “create unnecessary obstacles to international trade.”[12] For example, the TBT Agreement provides that countries should generally use “relevant international standards”[13] rather than devising unique local requirements. Consistent with the TBT Agreement, the position of the United States across a number of administrations has generally been that unique, local standards risk the creation of discriminatory barriers to trade.[14] As such, the United States has advocated for international standardization efforts in order to shrink such barriers.[15]

In spite of these international commitments, China has sometimes emphasized the development of alternative national standards. The United States has often criticized these national standards as protectionist measures intended to shield domestic Chinese industries from foreign competition.[16] For example, in 2003, the Chinese government mandated that all wireless devices support WAPI, a China-specific encryption standard[17] incompatible with wireless encryption standards used outside of China.

This move was widely criticized by the United States and international community. Industry groups expressed concern regarding the security of the standard and the availability of intellectual property rights necessary to employ it.[18] International standards associations asserted that requiring the Chinese WAPI requirement would “fracture the world market.”[19] In March 2004, the United States Trade Representative, Secretary of Commerce, and Secretary of State sent a joint letter to the Chinese government protesting the adoption of WAPI.[20] The letter suggested that the requirements “discriminate against foreign companies” in order to develop “the Chinese high tech sector.”[21] The letter encouraged the Chinese government to participate in “existing standard-setting bodies”[22] in order to develop appropriate wireless network standards, instead of mandating unique Chinese requirements.

As the WAPI incident shows, standards can be used as trade barrier to favor domestic industry or interests. Consistent United States trade policy has aimed at encouraging China (and other countries) to reduce such barriers by using agreed international standards. The CFIUS letter, therefore, conflicts with this policy—if the United States sees increased Chinese “influence” in the international standards process as a national security threat and, as a result, bans transactions with firms that may have Chinese affiliations, then China may in some situations choose to reduce its engagement in that international process. Instead, China may insist on alternative standards that could act as trade barriers against foreign firms.[23] In other words, by challenging Chinese participation in the structures of international standard-setting, the CFIUS letter works to frustrate consistent United States policies that view such participation as furthering national trade and economic objectives. More troubling, the CFIUS letter neither acknowledges its differences from established policy, nor justifies its departure from those practices.

II. Standards and Transparency

Belying CFIUS’s concerns, leading international standards organizations do not easily lend themselves to “dominance.” Indeed, it is difficult to see such bodies and their members quietly surrendering to the manipulation feared by CFIUS. The processes of 3GPP, for example, incorporate important elements of openness and transparency. 3GPP makes publicly available meeting reports which list participants, their contributions, and voting results.[24] Studies show that 3GPP even provides “effective means of active participation” for small entities and start-ups, and that the organization does not discriminate against contributions proposed by such smaller entities.[25] Internal 3GPP processes ensure that “power is shared across regional and organizational lines.” [26] Appeals within the organization are available to members that oppose any ruling.[27] As a last resort, claims of manipulation and collusion can be—and sometimes are—brought before national courts.[28] Recent votes in other standards organizations also show that such transparency can assist security and privacy advocates in beating back powerful interests.[29]

The United States has consistently advocated for open and transparent standard-setting processes with minimal government intervention. Under domestic law, for example, the National Technology Transfer and Advancement Act generally mandates that the federal government use “voluntary consensus standards.”[30] The statute has been construed as expressing a “strong preference” for market-developed standards satisfying certain criteria of “openness” and “transparency.”[31] These principles require that “procedures . . . be open to all interested parties”, and that parties be “provided meaningful opportunities to participate in standards development on a non-discriminatory basis.”[32]

Moreover, the United States has supported these principles in international law. A multilateral committee established under the TBT Agreement, for example, adopted a set of six principles for international standards, including openness, transparency and impartiality.[33] The United States has promoted these principles across the world,[34] incorporated them into free trade agreements,[35] and criticized China for failing to abide by them.[36]

The historical American commitment to open and transparent processes serves the interests of the United States. Indeed, transparency itself allays the very perils of foreign “dominance” and “control” that concerned CFIUS. During the previously discussed WAPI incident, the United States and international commercial actors criticized the non-transparent processes that led to the adoption of that encryption standard, including the fact that the algorithm was not made publicly available.[37] According to WAPI critics, this closed process made it impossible to evaluate the technical fitness of the China-specific standard. Moreover, third parties could not know if intentionally-inserted backdoors were hidden in WAPI.[38]

The CFIUS letter undermines the consistent support of the United States for open and transparent market standards. Rather than promoting openness, the letter suggests that the United States will keep its thumb on the standards scale in order to defend murky notions of its own national security. Moreover, if meddling in the standards process rouses foreign governments to also intervene, or to create foreign standards to counter the United States’ intervention, then the CFIUS letter itself increases the risk of the nontransparent foreign “influence” and “control” that it feared.[39]

III. Standards and Intellectual Property

The CFIUS letter sees Chinese ownership of 5G patent rights as an ominous warning of hi-tech dominance. However, given the rules and policies of prominent standards organizations—which generally aim to make technology available to all implementers of a standard[40]—it is difficult to see how patents could be leveraged into the technological control feared by CFIUS. Governments and standards organizations alike readily acknowledge that agreed technological specifications can incorporate patented, proprietary technology.[41] Indeed, firms often jockey for the economic advantages of having their own proprietary, patented technology incorporated into the agreed standard.[42] Such patent rights are often described as “Standard Essential Patents” (or “SEPs”), since infringement of the patent is essential for proper implementation of the standard.  SEPs can provide a steady stream of royalty payments, since designing around an “essential” patent is by definition impossible and firms that wish to manufacture or sell standard-compliant products must pay such royalties or risk infringement liability.

Neither standards organizations nor regulatory authorities have ignored the problems of potential dominance associated with requiring the use of patented technology in technical standards. First, the patent policies of standards organizations typically impose disclosure obligations.[43] Speaking broadly, these rules often require participants to disclose whether they hold patents that could be infringed by a proposed specification. With this knowledge, the members or the standards organization can search for non-proprietary alternatives to the patented technology. Second, such patent policies often require members to make available any proprietary technology to firms implementing the standard, often on “fair, reasonable and non-discriminatory” (FRAND) terms, and less frequently on a royalty-free basis.[44] Courts have enforced these obligations in civil suits.[45] Moreover, both the Federal Trade Commission and the Department of Justice have sometimes stepped in to impose their interpretation of these rules.[46]

The enforcement of these policies sets real limits on patentees’ rights. For example, one of a patentee’s strongest remedies is to obtain a court injunction against infringing activities.[47] A growing consensus, however, sees such injunctive relief as inconsistent with a FRAND licensing commitment. For example, the Federal Circuit in Apple Inc. v. Motorola  Inc. held that a patentee’s claim for injunctive relief may be barred by an earlier FRAND licensing commitment.[48] In addition, developing jurisprudence concerning FRAND commitments has devoted substantial attention towards minimizing the abusive monetization of SEPs. A number of courts have noted the importance of the FRAND licensing obligation for avoiding “hold-up,” or the collection of excessive patent royalties.[49] Some courts have limited the total aggregate royalty on a device to a specific quantity, and awarded patentees only a proportionate share of that limited amount.[50] In sum, U.S. courts have generally enforced licensing commitments with a view towards ensuring that intellectual property rights do not unfairly block implementation of the standard.[51] As such, it is unlikely that any entity or organization could parlay 5G patents into “control” of the standard.[52] Chinese companies may end up holding important patents, but they will face serious legal and practical barriers to technological dominance in a way that could threaten national security.

Scholars do debate the appropriate enforcement of the FRAND commitment, and whether current jurisprudence provides for an effective check on patentees.[53] But regardless of what the appropriate balance between the rights, privileges, and obligations of patentees turns out to be, the United States should not discourage foreign engagement in international standard-setting. A consequence of such limited involvement would be more foreign technology developed outside the aegis of standards organizations, free of licensing commitments. Non-committed patentees would only have greater flexibility to seek injunctions and higher royalty rates and thus, outside of the standards organizations, find it easier to pursue the alleged control of standards against the national security interests of the United States. Going back yet again to the example of the WAPI encryption standard—in that case, non-Chinese firms expressed strong concern that the Chinese companies privy to the WAPI technology were under no obligation to make the relevant intellectual property available to market entrants.[54] Not being subject to any licensing requirements, the WAPI technology holders could have demanded onerous royalties or even access to other proprietary technology in exchange for the rights necessary to access the Chinese market.[55] In an open international standard-setting process, which the United States has long pursued, this kind of control would be significantly more difficult to achieve.

Conclusion

National security concerns regarding 5G technology are unlikely to fade. At the same time, concerns regarding the nation’s telecommunications infrastructure should not be confused with misgivings about the international standard-setting process. Standard-setting unquestionably implicates significant societal values, most prominently issues of privacy and encryption policy.[56] Certainly, the standard-setting process can be open to manipulation by individual firms,[57] cartels[58] and perhaps even countries.

However, these risks can be managed within the structures of existing United States trade and economic policy.  Legal and regulatory bulwarks already cabin these concerns, to protect both the integrity of the standards process as well as the interests of the United States. The CFIUS letter makes no attempt to explain the inadequacy of the existing framework, even as it departs from consistently-held United States policy regarding the international standards process.

* Partner, Yigal Arnon & Co., Jerusalem, Israel. J.D., Yale Law School; M.S., Columbia University.

“Cell Phone Tower Sunset Cell phone antenna” by Mike Mozart is licensed under CC BY 2.0

[1] Industry groups recently completed the specifications for 5G systems. See Rel-15 success spans 3GPP groups, 3GPP (June 14, 2018), http://www.3gpp.org/news-events/3gpp-news/1965-rel-15_news.

[2] See, e.g., 5G Mobile and Wireless Communications Technology 8 (Afif Osseiran et. al. eds., 2016).

[3] Tim Wu, Should Trump Nationalize a 5G Network, N.Y. Times (Jan. 31, 2018) https://www.nytimes.com/2018/01/31/opinion/nationalize-5g-network.html. For more background on the government’s security concerns regarding Chinese telecommunications technology, see Mike Rogers & C.A. Dutch Ruppersberger, U.S. House of Representatives Permanent Select Committee on Intelligence, 112th Cong. Investigative Report on the U.S. National Security Issues Posed by Chinese Telecommunications Companies Huawei and ZTE vi (2012) (concluding that the risks associated with the provision of Chinese-made “equipment to U.S. critical infrastructure could undermine core U.S. national-security interests”); see also Federal Communications Commission, Statement of Chairman Ajit Pai Re: Protecting Against National Security Threats to the Communications Supply Chain Through FCC Programs, FCC 18-42, (April 17, 2018) (justifying a proposal to prohibit certain purchases of telecommunications equipment from companies posing a national security threat by noting that the country “stand[s] on the precipice of the 5G future”).

[4] The CFIUS regime is codified at 50 U.S.C. App. § 2170 (2018). The purpose of CFIUS review is to “determine the effects” of a transaction “on the national security of the United States”. Id. §2170(b)(a)(A)(i); see also generally Jonathan Wakely & Andrew Indorf, Managing National Security Risk in an Open Economy: Reforming the Committee on Foreign Investment in the United States, 9 Harv. Nat. Sec. J. 1 (2018).

[5] See, e.g., Christopher M. Tipler, Defining ‘National Security’: Resolving Ambiguity in the CFIUS Regulations, 35 U. Pa. J. Int’l L. 1223, 1242 (2014) (describing how scholars and practitioners can typically only “speculate” on the specific risks that CFIUS considers national security threats).

[6] Letter from Aimen N. Mir, Deputy Assistant Secretary, Investment Security, Department of the Treasury, to Mark Plotkin, Covington & Burling LLP and Theodore Kassinger, O’Melveny & Myers LLP (Mar. 5, 2018) https://www.qcomvalue.com/wp-content/uploads/sites/13/2018/03/Letter-from-Treasury-Department-to-Broadcom-and-Qualcomm-regarding-CFIUS.pdf. Other government bodies have expressed similar concerns. See e.g., Tara Beeny, Supply Chain Vulnerabilities From China In U.S. Federal Information And Communications Technology 34-37(2018) (discussing supply chain concerns resulting from China’s “role in setting international technology standards” and ownership of associated intellectual property).

[7] Justus Baron & Kirti Gupta, Unpacking 3GPP Standards, J. Econ. & Mgmt. Strategy (forthcoming 2018)

[8] See generally Third Generation Partnership Project Agreement § 2.1 (2007).

[9] See, e.g., Jorge L. Contreras, Divergent Patterns of Engagement in Internet Standardization: Japan, Korea and China, 38 Telecomm. Pol’y 916, 929 (2014) (describing how Chinese involvement in Internet standardization efforts has “expanded rapidly in recent years”).

[10] Agreement on Technical Barriers to Trade, Apr. 15, 1994, Marrakesh Agreement Establishing the World Trade Organization, Annex IA, Legal Instruments – Results of the Uruguay Round vol. 27, 33 I.L.M. 1144 [hereinafter TBT Agreement].

[11] World Trade Organization, Ministerial Conference, Protocol of the Accession of the People’s Republic of China § 13, WT/L/432 (Nov. 23, 2001).

[12] TBT Agreement, Preamble.

[13] Id. ¶ 2.4.

[14] Office of the United States Trade Representative, 2014 Report On Technical Barriers To Trade 6 [hereinafter 2014 USTR TBT Report]  (asserting that “standards-related measures that are nontransparent, discriminatory, or otherwise unwarranted can act as significant barriers to U.S. trade”).

[15] Id. at 36.

[16] See, e.g., Office of the United States Trade Representative, 2018 National Trade Estimate Report on Foreign Trade Barriers 97 (2018) (“China has continued to pursue unique national standards in a number of high technology areas where international standards already exist. The United States continues to press China to address specific concerns, but to date this bilateral engagement has yielded minimal progress.”).

[17] The motivation for the WAPI requirement was not completely clear, but it may have been directed either towards China’s own security concerns or towards reducing the costs to Chinese firms for the use of foreign intellectual property. See Brian J. Delacey et. al., Government Intervention in Standardization: The Case of WAPI, 10-11 (2006), https://papers.ssrn.com/sol3/papers.cfm?abstract_id=930930.

[18] Id. at 11-12

[19] Letter from Paul Nikolich, Chairman, Institute of Electrical and Electronics Engineers (IEEE)  802 LAN/MAN Standards Committee to Li Zhonghai, Chairman, Standardization Administration of China (SAC), and Wang Xudong, Minister, Ministry of Information Industry (Nov. 23, 2003).

[20] Letter from Robert B. Zoellick, United States Trade Representative, Donald I. Evans, Secretary of Commerce and Colin L. Powell, Secretary of State to Zeng Peiyan, Vice Premier of the People’s Republic of China (Mar. 15, 2004).

[21] Id.

[22] Id.

[23] China has in the past promoted alternative standards when it believed that the international standards process was biased against Chinese interests. See, e.g., Michael Murphree & Dan Breznitz, Standards, Patents and National Competitiveness 7 (2016) (describing how China promoted an alternative video standard in order to increase its bargaining power in negotiating royalty rates).

[24] Justus Baron & Kirti Gupta, Unpacking 3GPP Standards, J. Econ. & Mgmt. Strategy (forthcoming 2018)

[25] Kirti Gupta, The role of SMEs and Startups in Standards Development (manuscript at 1) (2017), https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3001513

[26] Baron & Gupta, supra note 7, §4.2.

[27] Third Generation Partnership Project, 3GPP Working Procedures, § 29 (2016).

[28] See, e.g., TruePosition Inc. v. LM Ericsson Telephone Co., 2012 WL 3584626, at *2 (E.D. Pa. Aug. 2012) (refusing to dismiss claims that defendants “collaboratively manipulated 3GPP’s processes and procedures to gain unfair advantages for their” own technology).

[29] See, Kieren McCarthy, ISO blocks NSA’s latest IoT encryption systems amid murky tales of backdoors and bullying, The Register (Apr. 25, 2018), https://www.theregister.co.uk/2018/04/25/nsa_iot_encryption/; Brandon Vigliarolo, TLS 1.3 is approved: Here’s how it could make the entire internet safer, TechRepublic (Mar. 26 2018), https://www.techrepublic.com/article/tls-1-3-is-approved-heres-how-it-could-make-the-entire-internet-safer/.

[30] National Technology Transfer and Advancement Act, 15 U.S.C. § 272 (b) – (e) (2018).

[31] Office of Mgmt. and Budget, Exec. Office of the President, OMB Circular A- 119, Federal Participation in the Development and Use of Voluntary Consensus Standards and in Conformity Assessment Activities 4, 9, 31 (2016), https://www.nist.gov/sites/default/files/revised_circular_a-119_as_of_01-22-2016.pdf.

[32] Id. at 16.

[33] Committee on Technical Barriers to Trade, Second Triennial Review of the Operation and Implementation of the Agreement on Technical Barriers to Trade, G/TBT/9 (Nov. 13, 2000).

[34] See Am. Nat’l Standards Inst., U.S. Standards Strategy 13 (2015) (asserting that the United States should work with other WTO members in support of the TBT Agreement and associated committee decisions).

[35] See generally United States Trade Representative, 2014 Report On Technical Barriers To Trade 20 (2014) (describing free trade agreements that “expand upon transparency obligations provided for in the TBT Agreement”).

[36] See United States Trade Representative, 2017 USTR Report to Congress on China’s WTO Compliance 61-62 (“The United States urged China to take a market-based and technology neutral approach to the development of next generation wireless standards . . . .”) [hereinafter 2017 USTR China WTO Report].

[37] See United States Trade Representative, 2006 USTR Report to Congress on China’s WTO Compliance 47 (protesting China’s making available of the WAPI algorithm to only 11 Chinese companies); see also Delacey, supra note 17, at 11.

[38] Stewart A. Baker, Deposing Tim Cook, Lawfare (Feb. 27, 2016), https://www.lawfareblog.com/deposing-tim-cook.

[39] See Stacy Baird, Government at the Standards Bazaar, 18 Stan. L. & Pol’y Rev. 35, 61 (2007) (“An action by the U.S. government … to intervene in the market to mandate a standard would be perceived by foreign governments as, at a minimum, hypocritical to U.S. foreign policy, and more likely, support for similar behavior by the foreign government.”).

[40] See, e.g., Mark A. Lemley & Carl Shapiro, A Simple Approach to Setting Reasonable Royalties for Standard-Essential Patents, 28 Berkeley Tech. L.J. 1135, 1137 (2013) (stating that policies of standards organizations aim to assure “companies implementing the standard that they will not be blocked from bringing their products to market or held up so long as they are willing to pay reasonable royalties”).

[41] See, e.g., Elyse Dorsey & Matthew R. McGuire, How the Google Consent Order Alters the Process and Outcomes of FRAND Bargaining, 20 Geo. Mason L. Rev. 979, 979 (2013) (describing FRAND policies in standards organizations and corresponding policies of the Department of Justice and the Federal Trade Commission).

[42] See Delacey, supra note 17, at 7 (describing how the wireless security standards process “became a battleground for commercial groups vying to place their IP” in the standard).

[43] See Joseph Farrel, et. al., Standard Setting, Patents, And Hold-Up, 74 Antitrust L.J. 603, 624-630 (2007). The Chinese standards association participating in the development of 5G standards imposes disclosure obligations broadly similar to the requirements of other standards organizations. See China Communications Standards Association, Intellectual Property Rights Policy, § 3 [hereinafter CCSA IPR Policy].

[44] Farrel, supra note 43, at 609; see also CCSA IPR Policy, supra note 43, at § 4.

[45] See generally Norman V. Siebrasse & Thomas F. Cotter, Judicially Determined FRAND Royalties, in The Cambridge Handbook Of Technical Standardization Law 365 (Jorge L. Contreras ed. 2017).

[46] See generally Dorsey & McGuire, supra note 42.

[47] See eBay Inc. v. MercExchange, L.L.C., 547 U.S. 388 (2006) (Kennedy, J., concurring) (“[A]n injunction, and the potentially serious sanctions arising from its violation, can be employed as a bargaining tool to charge exorbitant fees to … practice the patent”).

[48] Apple Inc. v. Motorola Inc., 757 F.3d 1286, 1332 (Fed. Cir. 2014). See also Huawei Technologies Co. Ltd. v. Samsung Electronics Co. Ltd., Case No. 3:16-cv-02787-WHO, 2018 U.S. Dist. LEXIS 63052, at *31 (N.D. Cal. April 13, 2018) (stating that the “bulk of precedent” supports the position that enforcing the injunction of a Chinese court on SEPs “would frustrate specific domestic policies against [such] injunctive relief”).

[49] Ericsson, Inc. v. D-Link Sys., Inc., 773 F.3d 1201, 1209 (Fed. Cir. 2014) (stating that “SEPs pose two potential problems that could inhibit widespread adoption of the standard … Patent hold-up exists when the holder of a SEP demands excessive royalties after companies are locked into using a standard.”); In re Innovatio IP Ventures, LLC, MDL Docket No. 2303, Case No. 11 C 9308, 2013 U.S. Dist. LEXIS 144061, at *61 (N.D. Ill. Sept. 27, 2013) (stating that “one of the primary purposes of the RAND commitment is to avoid patent hold-up”).

[50] See TCL Commc’n Tech. Holdings, Ltd. v. Telefonaktiebolaget LM Ericsson, CASE NO: SACV 14-341 JVS(DFMx), CASE NO: CV 15-2370 JVS(DFMx),2017 U.S. Dist. LEXIS 214003, at *46 (C.D. Cal. Nov. 8, 2017) (limiting Ericsson FRAND royalties to a share of a total aggregate rate); In re Innovatio, 2013 U.S. Dist. LEXIS 144061, at *169 (taking a “top-down” approach to determining FRAND royalties).

[51] Siebrasse & Cotter, supra note 45, at 366 (stating that “overall” the principles emphasized by the courts have reduced “concerns over the potential for SEPs to induce holdup and royalty stacking”). Civil suits and regulatory investigations in foreign jurisdictions (including China) have imposed broadly similar, if not more restrictive, limitations on FRAND-committed patentees. See generally The Cambridge Handbook of Technical Standardization Law (Jorge L. Contreras, ed. 2017).

[52] No doubt, China’s increased holdings of standard essential patents will have economic effects, notwithstanding any accompanying FRAND obligations. See Andrew Polk, China is Quietly Setting Global Standards, Bloomberg, May 7, 2018. A full discussion of the distinction between economic competition and national security threats is beyond the scope of this essay. See, e.g., Raj Bhala, National Security and International Trade Law: What the GATT Says, and What the United States Does, 19 U. Pa. J. Int’l Econ. L. 263, 273 (1998).

[53] See, e.g., Jorge L. Contreras, Much Ado About Hold-Up, U. Illinois L. Rev., (forthcoming 2018) (asserting that the “debate surrounding patent hold-up in markets for standardized products is now well into its second decade with no end in sight”).

[54] Delacey, supra note 17, at 2.

[55] See also 2017 USTR China WTO Report, supra note 36, at 9 (alleging that Chinese officials “require or pressure the transfer of technologies and intellectual property to Chinese companies, depriving U.S. companies of the ability to set market-based terms in licensing negotiations”).

[56] See e.g.,  Laura DeNardis & William J. Drake, Protocol Politics: The  Globalization of Internet Governance 71 (2009) (“decisions about encryption protocols must strike a balance between providing individual privacy online and responding to law enforcement and national security needs”).

[57] See Am. Soc’y of Mech. Eng’rs v. Hydrolevel Corp., 456 U.S. 556 (1982) (standards association held liable under antitrust law when the employee of a member firm unlawfully manipulated its procedures); Rambus, Inc. v. Infineon Techs. AG, 330 F. Supp. 2d 679, 696–97 (stating that “by hijacking or capturing an SSO, a single industry player can magnify its power and effectuate anticompetitive effects on the market in question”).

[58] See Allied Tube & Conduit Corp. v. Indian Head, Inc., 486 U.S. 492 (1988)  (in a standards organization, steel producer violated the antitrust laws together with other manufacturers, sales agents and members of the steel industry).

Share