December 2017

Approaches to International Cyberlaw: A View from Israel

ByMatthew Waxman and Yuval Shany.

Read More
It’s not often that we come away from international law workshops impressed and inspired by the methodological debates. But that was how we all felt after the HUJ Cyber Security Research Center event on the Tallinn Manuals on Cyber Operations. Before sharing our thoughts, we’d should add that Yuval Shany is the director of the HUJI Cyber Security Research Center and Matt Waxman is an external advisor.

The workshop – which was conducted under Chatham House rules and included current and former officials as well as academics from Israel and NATO members – explored important and substantive questions of international law and cyber operations, including the rules and thresholds regarding sovereignty, force, countermeasures, and self-defense. Some of the most heated and productive debates, however, centered not on the answers to these questions but on the best way to approach them.

For starters, most of the participants seemed to accept that new cyber treaties are unlikely, but that existing international legal frameworks are applicable and should be adapted to deal with cybersecurity and cyberconflict. From this starting point a significant methodological split emerged, with many participants falling somewhere in between.

One approach, reflected to a large extent in the Tallinn Manuals, relies heavily on analogical reasoning. International law doctrine for kinetic operations or actions traditionally taking place in physical space regulates activities on the territory of non-consenting states, appropriate responses to hostile actions, countermeasures, states’ duties to mitigate threats to others, and so on. These rules are not always clear and uncontested, but to the extent they are, international rules for cyber can best – or at least presumptively – be derived by analogy. What do various cyber-activities or responses to cyber-activities most resemble in physical space, and what would their rules dictate? Advantages of this deductive approach include clarity, consistency of legal rules across various domains, and the legitimacy that comes from prior state consent and consensus. Many states therefore gravitate naturally toward this approach.

An alternative approach, whose precise contours have yet to be clearly spelled out, starts not with existing doctrines from physical space but with their purpose: international stability, self-protection of states’ core interests, responsibility for protecting individual rights, and so on. It asks what rules would best contribute to those purposes and what legal principles might underlie them. Critics argue that this tends to reduce law to policy and that the purposes are ill-defined, but this principle-based approach may produce legal interpretations that are more effective and lasting if states find that they serve their common interests.

These competing approaches – and, again, there are also middle-ground or hybrid positions –represent a familiar debate between legal formalism and instrumentalism, but cybersecurity and cyberconflict add some special twists, especially for the United States and Israel. Most significantly, technology is changing rapidly, as are cyber capabilities and vulnerabilities. Accordingly, it is a tricky task to predict in advance how effectively rules may work and serve their interests. States are still developing their strategies and counterstrategies, and much of the planning and operations take place in secret and under conditions of uncertainty regarding future technology and the degree to which other actors can be induced to “play by the rules.”

As top-tier cyber-powers as well as military powers (regionally, in Israel’s case), the United States and Israel may have much to gain from the second functional approach, especially if they combine it with a prudent wait-and-see strategy of legal diplomacy that emphasizes pragmatic responses to real-world contingencies (e.g. public as well as back-channel diplomatic responses to cyberattacks, cyber-intelligence operations, cyber operations against non-state actors, etc.).

A problem, however, is that there is a race between real-world events, spurred by fast changes in technology, and the adaptation of international law. In this race, the latter may be at risk of losing or have a hard time keeping up. Government officials and outside experts are therefore wrestling with ways of accelerating legal adaptation. Against this background, the following were some of the more interesting questions we heard being debated at this workshop:

  • Should states be taking a more active role in explaining publicly their general approach to international law and cyber-operations, including how legal regulation fits with their broader cyber strategy?
  • Are some states miscalculating the relative costs and benefits of secrecy and transparency of specific cyber-operations or responses to them, given a desire to shape international rules through actual practice and justification?
  • With little likelihood of broad multilateral breakthroughs, should small groups of states try to develop and promote diplomatically some common interpretive approaches?
  • What role does the technology industry have to play in international legal adaptation, given that while international law remains the province of states, private companies have extensive influence over this area?
  • Should new institutions be created in order to provide common security solutions, to attribute legal responsibility for cyberattacks, and to engage, where necessary, in collective reaction to large-scale cyberattacks affecting a multiplicity of jurisdictions?

Published Originally at LAWFARE.


Read Less

Bark Vs. Bite: Differentiating Between Non-violent and Violent Radicals on Social Media

ByMichael Wolfowicz.

Read More
The study of radicalization continues to be dominated by theoretical and qualitative studies, with arguments regarding definitions and typologies commanding more space than actual evidence. The same is certainly true for the growing body of research pertaining to online radicalization. In much of the literature, the only numbers are the page numbers. Quantitative investigation appears to have been left to governments and security services with seemingly unlimited access to data. However, the results of government-directed research should also be questioned. The many tools and automated systems governments employ to identify online radicalization are not as efficient as they may claim to be. In this respect, automated identification tools often result in false arrests, on the one hand, while simultaneously failing to identify real and immediate threats, on the other. It has been argued that one of the reasons that such systems are not as efficient or successful as they ought to be is because they are not evidence based. That is, an algorithm is only as accurate as its input, and the inputs on which many systems have been designed have often been based on purely theoretical assumptions. 

The challenge for any security service and for tool designs is how to identify the small percentage of imminent threats within a much larger pool of highly radicalized but non-violent individuals. It is an axiom of science that it is impossible to assess sample bias from looking at the sample alone. So too, it is impossible to identify characteristics that are unique to terrorists solely by examining terrorists or comparing them to each other. In this regard, Joshua Frielich, Gary LaFree, and other leading scholars in the quantitative study of radicalization and terrorism emphasize the need to compare terrorists with non-violent radicals of the same persuasion. Again, since only a small percentage of those holding radical beliefs will go on to commit violence, it is important to identify what characteristics differentiate between these two outcomes of radicalization, rather than what distinguishes them from the general population. 

In our research we have been coding and analyzing the social media behaviors of dozens of terrorists in the 100-day lead up to their attacks. Each terrorist has been matched with a non-violent radical from the same network in order to create the comparison group. So far we have been examining differences in types of activities and other social media level metrics derived from social learning theory. While we have already made many interesting and important findings, few are as interesting as what we found regarding the types of posts being made by radicals.

In the current study we coded for 10 different types of activities, such as text post, image post, video post, etc., and text share, image share, video share, etc. One of the most striking differences is that the non-violent radicals have a significantly greater proportion of original written text posts. This means that non-violent radicals are more likely to post lengthy expositions of their radical beliefs. They articulate themselves, using their own words, almost twice as much as those who go on to carry out terrorism do. The magnitude of the differences is increased by the fact that the non-violent radicals also have fewer posts per day overall compared to the terrorists. Conversely, the terrorist group displayed a significantly higher proportion of “sharing” of radical images and videos, as opposed to original uploads. In this regard, when sharing images and videos, the non-violent radicals are also more likely to add their own thoughts and commentary.

The research team noted that these findings may support theories suggesting that social media can provide an outlet that reduces the risk of violence. This theory posits that by providing a non-violent venue for expressing grievances, and as a platform in which individuals can feel they are contributing from the comfort of their own home, radical social media usage may reduce the likelihood of violence for some percentage of the at-risk population. In this respect, the initial findings from our research seems to suggest that when it comes to online radicalization, those who bark the loudest are the least likely to bite.

This does not mean that those who articulate themselves and use social media as an outlet to voice radical ideas never turn to violence; some certainly do. Rather, the identification of such outcome-specific online behaviors provides additional parameters facilitating the identification of violent individuals. 


Read Less