International Law

For this outsider, the parliamentary and judicial response to the Zuma administration’s failure to detain Sudanese President Omar al-Bashir and turn him over to the International Criminal Court (ICC) provides a window in to the state of South African democracy. To me, it is clear that the Zuma government broke both South African and international law by not only failing to hold al-Bashir, though specifically ordered to do so by the South African judiciary, but also facilitated his clandestine departure. South African law is relevant because the South African government at the time incorporated the ICC treaty into its own legal system. Neither the judiciary nor the parliament is taking the Zuma administration’s violation of the law quietly. The Pretoria high Court has “invited” the National Director of Public Prosecutions to look into how South Africa violated a court order to hold al-Bashir. Judge President Dunstan Mlambo said, “A democratic state based on the rule of law cannot exist or function if the government ignores its constitutional obligations.” The parliamentary debate was raucous. The official opposition, the Democratic Alliance (DA), stated that the Zuma government was in contempt of both the South African court and the ICC. A DA parliamentarian, Steven Mokgalapa said, “The African National Congress (ANC) government, led by Zuma has committed a crime of assisting a wanted man to run from the law.” Congress of the People (COP) leader Mousiuoa Lekota is quoted by the media as saying, “You lied to us. You said you will uphold the constitution, uphold the law and be an example. You have misled the people of our country and now we are ashamed before the nations of the world.” (“Terror” Lekota – his nickname comes from soccer – is a Robben Island veteran and was once an ANC stalwart; a former Minister of Defense, he broke with the ANC when it removed Thabo Mbeki from the party leadership.) The ANC defense boils down to the propositions that heads of state are immune from the ICC. (The Rome Statute specifically says that heads of state are subject to ICC jurisdiction.) Further, that al-Bashir was attending an Africa Union summit, rather than making an official visit to South Africa. However, some ANC leaders are roundly attacking the ICC and calling for South Africa to withdraw. In what is likely to be a swipe at the United States, ANC Secretary General Gwede Mantashe said on local radio that the ICC “is a tool in the hands of the powerful to destroy the weak and it is a court that is focusing on Africa, Eastern Europe, and the Middle East.” He said South Africa should consider leaving the ICC: “If I was in government, I would give notice, get out of that, it was not what was envisioned.” Justice and Constitutional Development Deputy Minister John Jeffrey is quoted as saying that the ICC “has diverted from its mandate and allowed itself to be influenced by powerful non-member states. We signed up for a court that was going to hold human beings accountable for their war crimes – regardless of where they were from. We perceive it as tending to act as a proxy instrument for those states who see no need to subject themselves to its discipline, to persecute African leaders, and effect regime change on the continent.” The al-Bashir episode provides a muddled picture of South African democracy. The government appears to have acted illegally. The judiciary and the legislature have reacted vociferously. But, nobody seems to expect that anything will happen.

From the perspective of the expectations of Nelson Mandela, South Africa has been treading water, if not worse, especially since the national elections of 2014. Economic growth remains an anemic 2 percent or less, thereby challenging Mandela’s assumption that poverty could be eliminated rapidly. Public concerns about corruption remain unaddressed. Parliament appears increasingly dysfunctional. Its procedures are under assault by Julius Malema’s Economic Freedom Fighters and stonewalling tactics by the Zuma government over corruption. All the while, the Zuma government appears to be consolidating executive power at the expense of the other, theoretically co-equal branches of government. It has twice kept out the Dalai Lama, apparently to keep Beijing happy, while it welcomed Sudanese President Omar al-Bashir with a red carpet to keep the African Union happy. Though wanted by the International Criminal Court (ICC) for genocide, the Zuma government forestalled Bashir’s arrest, which was required by South African law and mandated by the judiciary, by assisting in his clandestine departure. Once one of the strongest supporters of the ICC, the ruling party, the African National Congress (ANC), now denounces it in neo-colonial terms similar to the denunciations by Zimbabwe’s Robert Mugabe and Kenya’s Uhuru Kenyatta. Democracies often go through bad patches of governance. However, democratic institutions including an independent judiciary, civil society, and the rule of law provide a corrective mechanism. Up to now, all three have fulfilled this role in post-apartheid South Africa and have been a basis of optimism about the future of the country. The al-Bashir incident will be a test of the extent to which that optimistic conclusion is still valid. The bottom line appears to be that the Zuma government broke South African law by failing to arrest Bashir and undermined the judiciary by failing to implement its ruling. The courts are now demanding that the Zuma government provide an explanation in seven days for how Bashir entered the country, was not arrested, and then left, though there was a court order requiring the government to ensure that he not leave. Civil organizations are saying that they will likely sue the government for contempt of court, but will delay filing until the government responds to the courts with its explanation. The opposition Democratic Alliance has roundly denounced the government’s behavior. It can be anticipated that it will raise the issue in the National Assembly. Meanwhile, the media, including social media, is expressing outrage over the Zuma government’s behavior. Nothing that happens in South Africa now will result in Bashir’s arrest and handover to the ICC. But the courts and civil society may be able to hold the Zuma government accountable. However, if they fail to do so, or are successfully thwarted by Zuma and the ANC, South Africa will have moved away from democracy conducted according to the rule of law. The next week or so could be significant for South Africa’s future.

In a long expected report, Amnesty International has claimed that the Nigerian security services have detained 20,000 men and boys since 2009 and that 7,000 of those detainees died in detention under inhumane circumstances. Amnesty also reports that 17,000 people were killed in northeast Nigeria in the same time frame, meaning that 41 percent of deaths occurred under Nigerian custody. Amnesty concludes in its report that the highest ranks of the security services were aware of the abuses and were even complicit in some cases. Accordingly, Amnesty calls on the Nigerian government to open cases against nine senior military figures, including the current chief of defense staff. Amnesty reports that it communicated with the Nigerian government on multiple occasions and provided the government with advance notice of its findings. Former President Goodluck Jonathan’s administration appears to have taken no steps in response to the Amnesty findings. The report is fully credible. It details the security services’ flagrant human rights abuses with great precision. For the report, Amnesty conducted six field investigations, 412 interviews, reviewed ninety videos, and studied many photographs. Word of the Amnesty report has been circulating for some time. Amnesty may have delayed its issuance until after the national elections because it is, in effect, a damning indictment of the Jonathan administration. With the June release of the report, nobody can accuse Amnesty of intervention in Nigeria’s elections. Since independence, if not before, conditions in Nigerian prisons have been horrific. Amnesty quotes Nigerian official complaining that they were deprived of funds to run the detention centers, which became grossly overcrowded. This may have led to a policy of deliberate starvation to reduce detainee numbers. In response to the abuses, Nigerian President Muhammadu Buhari may be encouraged to move quickly to purge the upper echelons of the security services, replacing Jonathan’s appointments with his own. Should he wish to do so, he could also ask the ICC to open an investigation. However, Buhari is a nationalist, and he is unlikely to call in an external judicial body. Instead, he is more likely to reinvigorate existing or create anew Nigerian institutions to address human rights abuses. Amnesty’s statistics cover the period between 2009 to the present and are restricted to northeast Nigeria. The group is known for being conservative with their estimates. Compared to Amnesty’s reported 17,000 deaths, the Council on Foreign Relations’ Nigeria Security Tracker (NST) estimates that since May 2011 Boko Haram has killed 12,138, the security services have killed 5,274, and that 11,441 have died in the fighting between the security services and Boko Haram. However, the NST records events that take place throughout the entire country and events involving Boko Haram in neighboring countries. As such Amnesty’s statistics and the NST’s are not directly comparable. *An earlier version of this post stated that Amnesty International called on the ICC to open cases against military officers, this has been corrected to state that Amnesty International has called on the Nigerian government.

Ashley Deeks is an associate professor at the University of Virginia Law School. She formerly served in the State Department’s Office of the Legal Adviser and was an international affairs fellow at the Council on Foreign Relations. This past week, the NATO Cooperative Cyber Defense Center of Excellence put on its annual Cyber Conflict (CyCon) conference in Tallinn, Estonia. Rather than summarize some of the panels, which offered important insights into the most pressing issues in the cyber arena, this post looks across those panels to identify common themes that arose during the conference. At least one important refrain emerged: an anxiety about the lack of a robust, clear legal framework within which to conduct and evaluate cyber operations. Grappling with the Rules—or Lack Thereof This was not a legal conference. Indeed, part of its appeal is that it brings together a mix of technologists, military officials, academics, lawyers, and corporate officials. Nevertheless, one of the most noticeable themes I detected across panels was a strong interest in increasing the clarity of international law regulating cyber operations. Senior policy speakers such as Adm. Mike Rodgers and NATO Assistant Secretary General Sorin Ducaru repeatedly referred to the importance of operating in accordance with the law. Many at the conference seemed to view legal rules as promoting stability and, therefore, security. Yet comments such as these embodied a tension: while policymakers agreed on the importance of acting in accordance with legal rules, others pressed for increased clarity about what, exactly, those rules are. Indeed, one workshop at the conference was devoted to exploring the options for cyber norm development. And the conference’s international law-related panels were standing room only: there was obvious interest in hearing ideas about how to apply or tweak existing international law to fit the cyber context. Questions at the conference about the cyber rules of the road sorted themselves into three buckets: who creates the rules; what the rules should look like; and how procedurally to develop these rules. Who Will Create the Rules? States, of course, are the primary (and some say only) creators of international law. Whether by concluding treaties or creating customary law by engaging in extensive state practice over time, states generally dictate what the rules of the road will be. But one confounding factor, at least in today’s cyber world, is that the large majority of state practice is done secretly and rarely sees the light of day. Far more than many other areas of geopolitical activity, states’ actual conduct in the cyber arena remains unknown and, to a large extent, unknowable to other states. For this reason, products such as the Tallinn Manuals are garnering intense interest. The first Tallinn Manual, produced by an independent group of experts mostly drawn from NATO member states, came out in 2013. The Manual proffered what the experts saw as the current state of the law relevant to cyber operations that involved a state’s resort to force or a state’s conduct of armed conflict. Version 2.0 picks up where the first version left off, and will set forth the experts’ views on what international law applies to cyber activity that falls below the level of armed conflict or the use of force—activity such as cyber espionage or denial of service attacks. Because the Manuals have been crafted by recognized experts, and because the Manuals provide a systematic examination of what the rules seem to be today, many actors are treating the Manual as the closest thing to an authoritative source on the current state of the law. What Should the Rules Look Like? As to the content of the rules, another tension manifested itself. On the one hand, many hope to use existing international law as the key source of cyber rules. But several speakers highlighted that existing rules require some modifications in order to fit neatly with cyber activity. For example, international law allows a state to undertake “countermeasures” against another state that has committed an international law violation against it. But before a state takes a countermeasure, it is supposed to request that the law-breaking state stop the violation and, if the violation continues, to inform the violating state of the impending countermeasures. Those notice requirements may make less sense in the cyber context, given the speed at which cyber activities take place. Likewise, a state may act in self-defense when an armed attack is “imminent,” but how should a state assess the imminence of an attack when it discovers a logic bomb on its system and cannot tell what action might trigger a severe and near-instantaneous attack? These and other examples discussed at CyCon reveal the need for states to fine-tune existing rules, to the extent that major cyber players even accept that the existing rules are the proper baseline from which to work. Russia and China may reject this proposition. By What Process Should We Establish those Rules? On the third question—that of process, and how to develop the rules—there is an apparent divide among states, and between some states and NGOs. Some NATO members with robust cyber capabilities seem content to assert that they are acting lawfully, on the basis of relatively general international rules, but seem disinclined to provide detail about how they are applying those rules. Smaller states, academics, and NGOs seem to be pressing for a more detailed legal framework. A Chinese speaker raised questions about the Tallinn process, based on a concern that it was a Western project that failed to account for the views of other actors. In short, stark differences remain about what process, if any, states should use to reach firmer consensus about the cyber rules of the road. The Tallinn 2.0 process is just getting underway, with an estimated completion date of 2016. Those drafting the 2.0 Manual are actively engaging with non-Western states to ensure that the product accurately reflects the current legal positions not just of NATO members but of a range of states. Though such consultations might complicate the drafting, they are likely to pay off in the longer run if they provide the 2.0 Manual with additional legitimacy.

The following is a guest post by my colleague Yanzhong Huang, senior fellow for global health at the Council on Foreign Relations. The Trans-Pacific Partnership (TPP), a regional trade and investment agreement currently being negotiated by twelve countries representing 40 percent of global GDP, has pushed to the surface old and new questions about the complex relationship between trade and global health. Will intellectual property provisions included in the treaty hinder, as the skeptics fear, developing countries’ access to safe and more affordable drugs? To what extent will the investment provisions (known as investor-state dispute settlement, or ISDS) open doors for private firms to challenge the sovereign rights of national governments to regulate in favor of public health? What should the United States do to advance special rules for certain industries and foster innovation without undermining public health standards of citizens in all signatory nations? In this next installment of The Internationalist podcast series, CFR Senior Fellow for Global Health Yanzhong Huang speaks with Suerie Moon, research director and co-chair of the Forum on Global Governance for Health at the Harvard Global Health Institute. Listen in to hear Moon’s important insight into the potential dangers to global health governance contained in the current TPP agreement and how she thinks those pitfalls can and should be avoided.

Coauthored with Naomi Egel, research associate in the International Institutions and Global Governance program at the Council on Foreign Relations. Although ongoing negotiations with Iran have captured global attention, they are not the only critical nuclear meeting underway. On Monday, UN member states launched the latest five-year review conference (RevCon) of the Treaty on the Nonproliferation of Nuclear Weapons (NPT). This core legal instrument of the nonproliferation regime provides the basis for international efforts to prevent nuclear proliferation. But expectations are modest. Unlike the last RevCon in 2010, no breakthroughs are on the horizon. Still, the month-long meeting in New York offers an opportunity to develop a plan for further progress during the next five-year cycle that will strengthen the basic bargains at the core of the NPT. The NPT, which came into force in 1970, rests on three mutually reinforcing pillars. States without nuclear weapons agree not to acquire them. The five officially recognized nuclear weapons states (the United States, Russia, China, France and Great Britain) agree to move toward disarmament. And nonnuclear weapons states should be granted access to civilian nuclear technology for peaceful energy development. This essential bargain is inherently fragile, and the challenges are growing, as our newly updated Global Governance Monitor: Nuclear Proliferation, details. Four non-recognized nuclear weapons states (India, Israel, North Korea, and Pakistan) are known to possess weapons, and recognized nuclear weapons states are generally perceived to be dragging their feet on disarmament. Moreover, the spread of ostensibly peaceful nuclear technology brings new proliferation dangers. Despite these underlying tensions, the last RevCon in 2010 achieved historic results. Parties approved a 64-part action plan [PDF] to advance progress in all three areas of nonproliferation, disarmament, and peaceful uses of nuclear energy. Particularly noteworthy was the endorsement of a conference to discuss the establishment of a weapons of mass destruction (WMD)-free zone in the Middle East. Progress in advancing these goals, alas, has been uneven. The deadline for the Middle East conference has come and gone. More significantly, the deterioration of the U.S.-Russia relationship has curtailed bilateral progress on disarmament by the two nations with (by far) the biggest nuclear arsenals. Although both countries continue to comply with the 2011 New Start treaty (which limits each country to 1,550 deployed strategic warheads by 2018), prospects for a follow-on treaty are dismal, and Russia has cancelled cooperative nonproliferation initiatives. A hostile Russian statement [PDF] on the first day of the review conference reinforced these tensions. This perceived inertia comes at an awkward time. The last five years have witnessed the rise of a vigorous humanitarian disarmament initiative, a broad movement of nonnuclear weapons states and civil society actors frustrated by the slow pace of disarmament. Many of its members call for a total ban on nuclear weapons, akin to the Chemical Weapons Convention or the Mine Ban Treaty. The United States and other P5 members adamantly oppose such a ban. The major global bright spot has been the negotiation of a framework agreement between Iran and the P5+1 (the permanent five Security Council members plus Germany). If the preliminary terms are fully implemented, this accord will grant Iran gradual relief from sanctions and access to peaceful nuclear energy in return for internationally monitored limitations on its nuclear enrichment activities and its full compliance with the NPT. Beyond reducing the specific threat posed by Iran, U.S. officials regard the framework agreement as a demonstration that noncompliance with the NPT can be addressed. Given this context, achieving a consensus outcome document will be a tall order. That should not stop U.S. negotiators from doing all they can to strengthen the three pillars of the nonproliferation regime, including by advancing the goals outlined in the 2010 action plan and securing agreement on other critical issues where progress is possible. Reinvigorate commitment to the NPT: The United States should redouble efforts to close the loophole under Article X of the NPT that enables parties to withdraw scot-free after they have violated treaty provisions, as North Korea did in 2003. Working with other permanent Security Council members, the Obama administration can ensure that there is no “get out of jail free” card in the future, by passing a resolution mandating automatic sanctions on countries that abuse Article X. The United States should also work with its partners in the Nuclear Suppliers Group to agree to cease exports of all nuclear related materials (including for peaceful purposes) to any such country. Continue to advance old, but valuable ideas: In parallel with these steps, the United States should promote steps toward disarmament that enjoy broad support, despite longstanding challenges. The Obama administration should continue to endorse universalization of the Comprehensive Test Ban Treaty, notwithstanding continued Congressional resistance to approving U.S. ratification of this treaty. It should also continue advocating the negotiation of a Fissile Material Cutoff Treaty (FMCT), despite the high hurdles (notably Pakistan’s opposition). Support the IAEA: The United States can also build international goodwill by enhancing the third pillar of the NPT, expanded access to peaceful nuclear energy, which benefits more parties than any other provision. On Monday, Secretary of State John Kerry made a welcome gesture in this direction, announcing that the United States will donate an additional $50 million to the IAEA’s peaceful uses initiative. The Obama administration should build on this initiative by agreeing to increase funding to advance the IAEA’s work in areas such as promoting global health and boosting agricultural yields. At the same time, the United States must continue to encourage all countries to implement the Additional Protocol, a safeguards agreement that allows IAEA inspectors enhanced access to make sure states are not developing clandestine nuclear weapons programs. Consolidate nuclear security gains: At the RevCon, the United States should take advantage of the opportunity to strengthen the relationship between the NPT regime and the biennial Nuclear Security Summit (NSS) that the Obama administration began in 2010. While there are advantages to the informal, flexible NSS format, there is a danger that momentum will slow and progress will be lost when a new U.S. administration takes office. To consolidate the gains it has spearheaded, the United States must create an enduring mechanism to advance nuclear security after the NSS summits end in 2016. The way to do so is by strengthening the IAEA’s own nuclear security mandate, giving it both the responsibility and adequate funding it needs to coordinate and implement the myriad initiatives promoted and developed by the NSS process. While expectations are modest, the overall state of the nuclear nonproliferation regime is strong. The NPT is necessarily a delicate balance between the haves and have nots, between the goals of nuclear nonproliferation, disarmament, and peaceful access. It is not perfect. But nor is it replaceable. Despite ongoing challenges, the nuclear nonproliferation regime—with the NPT at its core—has been largely effective, as our Global Governance Monitor lays out. The challenge for U.S. negotiators over the next month is to advance these conflicting goals within the limits of the possible.

The big idea emerging from the Global Conference on Cyberspace 2015—the latest iteration of the London Process—is the Global Forum on Cyber Expertise (GFCE). According to The Hague Declaration, the GFCE will facilitate “inclusive and greater collaboration in the area of capacity building and exchange of expertise in the cyber domain.” These purposes, and the language describing them, suggest the forum will target low-hanging fruit. Although skepticism might eventually prevail, the GFCE reflects policy needs, normative principles, and political interests that make it potentially significant. The GFCE Under its Framework Document, the GFCE will be “a flexible, action-oriented and consultative forum” involving “countries, companies and intergovernmental organisations.” In a “voluntary, complementary, inclusive and resource driven” manner, the forum will “build cyber capacity and expertise” through initiatives on cybersecurity, cyber crime, data protection, and e-governance. GFCE activities will be non-binding but consistent with international law, including human rights, and will “contribute to bridging the digital divide.” The GFCE will inventory existing capacity-building activities, facilitate new projects, and host high-level policy discussions. The forum has forty-two founding members—twenty-nine countries, seven private-sector entities, and six intergovernmental organizations. Policy Needs Cybersecurity policy reflects three overlapping but distinct tracks that, at present, reflect different prospects for international cooperation: Most countries classify cyber threats under traditional security categories—crime, terrorism, espionage, and armed conflict. Increasingly, policy and law in each category confront problems that limit the effectiveness of collective action. Frustrated by worsening cyber threats, a number of countries—including the United States—are developing “full spectrum” capabilities, including offensive capabilities, to deter state and non-state adversaries. This approach raises different challenges, including how deterrence works in cyberspace, but they are not traditionally addressed through international cooperation. Countries have adopted an “all hazards” approach to cyber threats that involves improving cyber due diligence, defensive, and resilience capacities, including information sharing, especially for cyber-enabled critical infrastructure. As The Hague Declaration observed, “the area of capacity building and exchange of expertise within the cyber domain is rapidly becoming one of the most important topics on the international cyber agenda.” The GFCE enhances the “all hazards” track and its momentum in cyber diplomacy. It seeks to build capacity to defend against the range of cybersecurity threats, including threats from criminals and threats to digital data. The GFCE will not displace existing capacity-building activities, but it aims to link and weave these disparate efforts into a bigger, stronger global regime for strengthening cyber due diligence, defense, and resilience. Normative Principles Cyber capacity building is becoming prominent because all states need to improve their cybersecurity. However, the GFCE also has a normative edge in embracing a multistakeholder approach to improving cybersecurity as part of achieving “a free, open and secure cyberspace.” This approach and rhetoric connects with the multistakeholder model of Internet governance and Internet freedom issues that have been sources of contention among states. The GFCE’s references to human rights are also important. The Hague Declaration mentions the Universal Declaration of Human Rights and International Covenant on Civil and Political Rights. It also states the GFCE will be consistent with the UN Guiding Principles on Business and Human Rights, which addresses the human rights responsibilities of companies. These principles cover civil and political rights (e.g., not exporting technologies governments use to violate freedom of expression) and economic, social, and cultural rights (e.g., facilitating use of Internet-enabled technologies to advance the rights to education and health). Less developed is the objective of bridging the digital divide. This concept is associated more with expanding access to information and communication technologies (ICTs) than strengthening cybersecurity. These goals are not incompatible, and the GFCE might support initiatives that increase access to more secure ICT services and narrow the digital divide. Political Interests Although cyber capacity building is important to many states, the GFCE particularly aligns with U.S. interests. In keeping with its commitment to capacity building, the United States supports the GFCE and announced two initiatives with the African Union to improve cybersecurity in Africa, one with Japan and Australia on Southeast Asia, and one with Canada on worldwide cyber threats. But, the GFCE is important to the United States for reasons beyond capacity building. The GFCE allows the United States to show pragmatic leadership in an area of policy need, and the forum reinforces normative principles the United States has long championed. The GFCE helps U.S. efforts to push past damage Snowden caused to its reputation and diplomatic relations. U.S. prominence in the GFCE contrasts with the absence of China and Russia in the list of founding members. In addition, the U.S. initiatives in Africa and Southeast Asia demonstrate that, despite Snowden, countries will partner with the United States in ways and on a scale no other cyber power can match.

This week, Net Politics is taking a look at the work of the UN Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security, which is meeting this week in New York.  From its first incarnation in 2004, the UN’s Governmental Group of Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (GGE) tussled over whether international law applied to the use of information and communication technologies (ICTs) by states. This struggle explains why some experts considered it a breakthrough in June 2013 when the GGE stated that “[i]nternational law, and in particular the Charter of the United Nations, is applicable, and is essential in maintaining peace and stability and promoting an open, secure, peaceful and accessible ICT environment.” With that resolved, the GGE has turned to address how international law applies to state use of ICTs. International Law Applies to State Use of ICTs ... Really? The significance accorded to the GGE’s celebrated statement exceeds its actual importance. Recall what happened in and after June 2013. The United States was preparing to confront China over economic cyber espionage, but Snowden’s disclosures about the NSA’s cyber espionage derailed that plan. But, international law does not prohibit or regulate espionage. So at the moment the GGE agreed international law applies to state use of ICTs, international law did not (and still doesn’t) apply to one of the most important state uses of ICTs that cause international security problems. The GGE recommendation did not fare better where international law has rules. Since the release of the 2013 GGE report, the United States has refused to discuss many activities Snowden disclosed, such as offensive cyber operations against foreign nations, let alone explain how they complied with international law. The United States has argued its international legal obligations to protect privacy did not apply to its foreign surveillance activities, which angered allies. China continues to cite the principles of sovereignty and non-intervention in dismissing human rights concerns about its Internet censorship. Russia used cyber operations in its annexation of Crimea and intervention in Ukraine. Iran hacked a Las Vegas casino, and North Korea launched a cyberattack against Sony. Given such behavior, it is fair to ask whether the rules of international law really apply in any meaningful way. Challenges to GGE Efforts on How International Law Applies As the GGE considers how international law applies, it has to navigate legal, technological, and political challenges. Legally, many rules relevant to ICT use in international security contexts are general in nature. For example, international law prohibits the use of force by states except in self-defense in response to an armed attack. Assessing how this rule applies requires fact-specific, case-by-case analyses of incidents. Was Stuxnet a use of force or an armed attack? International lawyers have tackled this question, but controversies surrounding how the law applies to Stuxnet demonstrate the difficulties associated with legal analysis. Technologically, assessing how international law applies requires identifying how technological features of ICTs affect the functioning of legal rules. ICTs allow states to obscure their involvement in cyber operations, which complicates the application of international law on state responsibility. Technology also offers states ways to calibrate effects so that their actions stay under key legal thresholds. So, states can target and disrupt civilian computers during armed conflict as long as the effects do not qualify as an “attack” in the law of armed conflict. These capabilities make cyber attractive to states and create disincentives for adjusting pre-cyber rules to account for what cyber technologies make possible. The elasticity and utility of cyber technologies explain why the U.S. Director of National Intelligence predicted that, rather than massive cyber attacks, the United States confronts “an ongoing series of low-to-moderate level cyber attacks from a variety of sources over time, which will impose cumulative costs on US economic competitiveness and national security.” Similarly, the Commander of U.S. Cyber Command emphasized the need for more offensive cyber power to deter persistent and growing threats that defenses and international law are not stopping. Politically, focusing on how international law applies reveals that states have different interests and compete for influence in cyberspace. As the Snowden-triggered controversies show, serious disagreements exist among leading democracies about how international human rights law applies to state use of ICTs. The gap is more profound between democracies and authoritarian states. These problems are deeply political, and the differences among states—especially between democracies and authoritarian governments—inform the larger competition for power and influence intensifying in international relations. This context means that GGE discussions involve political sub-texts, particularly between the United States and China, that involve more than ICTs and that will make reaching anything more than superficial consensus difficult. Given that it took the GGE nearly a decade to agree that international law applied to state use of ICTs, it is hard to see this process easily overcoming the legal, technological, and political problems inherent in assessing how international law applies. Consensus that cyber activities might, in unspecified situations, violate sovereignty, the principle of non-intervention, the use-of-force prohibition, rules on discrimination and proportionality in the law of armed conflict, or human rights would merely restate that international law applies. This outcome would be no more impressive or important than it was the first time.

This is a guest post by Cheryl Strauss Einhorn, a journalist and adjunct professor at the Columbia University Graduate School of Journalism. Ivorian politics are colorful. Yet it may still surprise some that a court in the Ivory Coast sentenced former First Lady Simone Gbagbo to twenty years in prison for her role in the 2011 post-election violence even though prosecutors only requested ten years. The court convicted her of undermining state security, while the prosecution only charged her for disturbing public order. The hefty sentence comes after the government refused to honor an arrest warrant and transfer Gbagbo to the International Criminal Court (ICC). The government claimed that Gbagbo could receive a fair trial and that a foreign transfer could harm national reconciliation. In contrast the Ivorian government deported her husband, former President Laurent Gbagbo, to The Hague three years ago, where he awaits trial for crimes classified by the Court as “crimes against humanity.” Specifically, he is blamed for over 3,000 deaths that resulted from the civil war that erupted after he refused to accept electoral defeat by current President Alassane Ouattara. So did Simone Gbagbo receive a fair trial? The Ivorian court’s severe decree suggests otherwise. Courts are more likely to alter a judgment to make it more lenient than stringent, and rarely do courts convict beyond prosecution’s request. In fact, Human Rights Watch criticized the Ivorian government for refusing to send Gbagbo to the ICC saying the case was not carried out "in accordance with the standards of a fair trial." Why did the government think that she could get a fair trial in her home country when it did not believe that her husband could? After all Simone Gbagbo is a politician in her own right, president of the Parliamentary Group of the Ivorian Popular Front (FPI) and a celebrity figure with nicknames like the “Hillary Clinton of the Tropics” and the “Iron Lady” by her supporters, and the “Blood Lady,” by her opponents. She earned the epithets after co-founding the socialist FPI with Laurent in 1982 and joining parliament where she and her husband were fierce critics of “neo-colonialism,” once describing France’s Nicolas Sarkozy as “the devil.” But the current conviction suggests that she is more than a firebrand; she is someone capable of encouraging violence, having abetted her husband in silencing opponents of his regime. The government has not publicly explained its reasoning for keeping Gbagbo’s trial at home. Likewise it has not commented on the trial’s unusual outcome, nor must it since there is little evidence that the court’s activism is having a destabilizing effect on the security of the country just seven months before its next presidential election. Might Gbagbo’s incarceration increase the questions from her supporters about whether the trials against her and her husband are politically motivated? It’s possible since Gbagbo supporters say President Ouattara’s one-sided justice is evident, claiming he’s ignored abuses committed by some of his own supporters, who allegedly also contributed to election violence. In January, Ouattara mentioned the possibility of pardoning Simone Gbagbo, but nothing has come of it. Is her conviction evidence that no one is above the law, or might her sentence seem like retribution as justice?

The videos disseminated online by the self-proclaimed Islamic State of the murder of captured persons have become grisly icons of this group’s infamy. These depictions of the slaughter of individuals and groups contain evidence of the Islamic State’s commission of crimes under international law. But these videos are more than digital records of war crimes. The videos themselves violate the law of armed conflict and constitute war crimes. The Atrocity Videos The Islamic State has posted videos on the Internet that record the killing of people detained by the group during the armed conflicts in which it is engaged. The videos are premeditated products; they reflect planning, preparation, staging, symbolism, rehearsal, and editing. These efforts demonstrate that the videos were not random acts but were undertaken with the direction, knowledge, and support of the Islamic State’s leadership. The videos have attracted attention under international humanitarian law (IHL) because they provide evidence of the Islamic State’s commission of crimes during armed conflict. These crimes form part of what a UN commission described as the Islamic State’s “coordinated campaign of spreading terror among the civilian population” involving “murder and other inhumane acts, enslavement, rape, sexual slavery and violence, forcible detainment, enforced disappearance and torture.” The scale and severity of the Islamic State’s violations of IHL led the UN commission to call for holding the group’s members and commanders accountable for war crimes, crimes against humanity, and the crime of genocide. The campaign of inhumane acts and terror involves not only the violence recorded in the videos but also the posting of the videos online. Disseminating the videos on the Internet exploits cyberspace to humiliate the victims and spread terror among civilian populations under Islamic State control or threatened by the group. The videos form part of the “information warfare” the Islamic State conducts in order to communicate with supporters, radicalize new adherents, recruit fighters, humiliate adversaries, and spread terror. Prohibitions in International Humanitarian Law In treaties and customary international law, IHL prohibits:                   Acts that humiliate, degrade or otherwise violate a person’s dignity; Acts or threats of violence the primary purpose of which is to spread terror among civilians; and Measures or acts of terrorism directed at persons protected by IHL, including detainees and civilians.   Making videos that record the execution of individuals and groups captured by the Islamic State, and putting the videos online for viewing all over the world, represent outrages on the personal dignity of those killed. In addition, posting these videos violates IHL because, as the Tallinn Manual on the International Law Applicable to Cyber Warfare states, the law of armed conflict prohibits "employing cyber means to communicate a threat of kinetic attack with the primary purpose of terrorizing the civilian population." Online distribution is also an act of terrorism directed against persons protected by IHL. The Islamic State uses these violent videos to send messages about what happens to those who oppose it. Posting and distributing the videos online allows the Islamic State to communicate this terror-laden message to individuals and populations under the group’s control and in theaters of ongoing armed conflict. Crimes under International Humanitarian Law Under the Rome Statute establishing the International Criminal Court, committing outrages on personal dignity is a war crime, an offense that applies to the degradation of the dignity of dead individuals. By putting its videos on the Internet, the Islamic State enabled the virtual degradation of the victims and their dignity on a global scale. International criminal tribunals have also charged and convicted individuals of war crimes for perpetrating acts or threats of violence the primary purpose of which was to spread terror among civilian populations. Under this jurisprudence, posting the Islamic State’s videos online can be interpreted as threats of violence intended to terrorize civilians and, thus, a war crime. Under IHL, persons are individually responsible for committing war crimes, crimes against humanity, and the crime of genocide. Under the Rome Statute, individuals are also criminally responsible if they contribute to the commission of these crimes with the aim of furthering a group’s criminal activities or with the knowledge of the group’s intention to commit such crimes. Under this rule, those making and posting the Islamic State’s videos are criminally accountable even if they did not directly participate in killing people. The “straight to video” manner in which the Islamic State planned and perpetrated these atrocities demonstrates that the people involved in producing and disseminating the videos contributed significantly to the commission of war crimes. In waging war, the Islamic State exploits the Internet and its applications strategically, with the atrocity videos synthesizing physical violence and digital communications in unprecedented ways. Meeting this threat requires applying IHL principles to how the Islamic State uses cyberspace to shape its criminal cruelty into digital instruments of degradation and terror. Cyber technologies are becoming more important in armed conflicts, but a fundamental tenet of the laws of war remains critical—the right of belligerents to adopt means of injuring the enemy is not unlimited.

Today, the Biological Weapons Convention (BWC)—the first treaty to ban an entire class of weapons—marks the 40th anniversary of its entry into force. Reflections on this milestone will examine the BWC’s successes and travails, such as its ratification by 173 countries, its lack of a verification mechanism, and what the future holds. Although not prominent in these discussions, the BWC relates to cybersecurity in two ways. First, the BWC is often seen as a model for regulating dual-use cyber technologies because the treaty attempts to advance scientific progress while preventing its exploitation for hostile purposes. Second, the biological sciences’ increasing dependence on information technologies makes cybersecurity a growing risk and, thus, a threat to BWC objectives. The BWC as a Model for Cybersecurity The BWC addresses a dual-use technology with many applications, including the potential to be weaponized. Similarly, cyber technologies have productive uses that could be imperiled with the development of cyber weapons. Those concerned about cyber weapons often turn to the BWC for guidance because of characteristics biology shares with cyber—the thin line between research and weaponization, the global dissemination of technologies and know-how, the tremendous benefits of peaceful research, and the need to adapt to new threats created by scientific and political change. The BWC supports actions to prevent weaponization and foster peaceful exploitation of the biological sciences, including: Prohibitions on weaponization and transferring the means of developing bioweapons; Requirements to implement domestic measures to prevent weaponization; Obligations to cooperate and provide assistance in addressing BWC violations; and Undertakings to facilitate exchange of information, materials, and technologies for peaceful research. However, the BWC maps poorly against cybersecurity problems. Cyber weapons, weaponization, and attacks by states and criminals have become ubiquitous. The BWC required destruction of stockpiles of bioweapons, but many countries accepted this obligation and the weaponization ban because they concluded bioweapons had little national security utility. The same cannot be said for cyber technologies. States find cyber exploits useful for multiple national security tasks, including law enforcement, counter-intelligence, espionage, sabotage, deterrence, and fighting armed conflicts. Tools used to prevent biological weaponization, such as imposing licensing and biosecurity requirements on biological research facilities, make little sense for cyber given the nature of cyber technologies and their global accessibility. Experts have called for a norm requiring countries to assist victims of cyberattacks, which echoes the BWC’s provision on assistance in cases of treaty violations. However, political calculations, not normative considerations, determine whether governments offer assistance to countries hit by cyberattacks—behavior consistent with other contexts where states provide discretionary assistance, such as after natural disasters. Nor have countries embraced export controls on cyber technologies in the manner seen with biological technologies. Countries harmonizing export controls on dual-use technologies through the Wassenaar Arrangement added "intrusion software" to this regime in December 2013. However, this decision reflected human rights concerns about authoritarian governments using such software, a reason having no counterpart in export controls supporting the non-proliferation of bioweapons. Perhaps led by the United States, the Wassenaar Arrangement might create more export controls for cyber technologies, but here the BWC offers a cautionary tale. Developing countries have long considered that export controls on biotechnologies imposed for non-proliferation reasons violate their BWC right to gain access to equipment, materials, and information for peaceful purposes. Whether a similar controversy emerges if Wassennaar participants agree to more export controls on cyber technologies remains to be seen, but this path is not one the BWC suggests would be easy or effective. The Cybersecurity Challenge in the Biological Sciences The more important aspect of the BWC-cyber relationship involves the biological sciences’ increasing exploitation of, and dependence on, information technologies (IT). In describing scientific developments for the BWC review conference in 2011, the BWC Implementation Support Unit noted that "[i]ncreasingly the life sciences are referred to as information sciences. Digital tools and platforms not only enable wetwork but are increasingly able to replace it." Cybersecurity problems increase as dependence on information technologies deepens. Biological research enabled by information technologies is vulnerable to cyber infiltration by foreign governments, criminals, or terrorists and theft of data or manipulation of facilities. The cybersecurity challenge has been recognized in some policies. In the United States, Executive Order 13546 (2010) identified the need for cybersecurity in facilities handling dangerous pathogens, which led to amended regulations. As the biological and information sciences converge, cybersecurity becomes increasingly important for responsible biological research. Despite awareness of this dependence, the BWC process has not focused on cybersecurity. Neither the 2011 review conference nor meetings in 2012-14 identified the security of information and the ubiquity of IT systems as issues arising from developments relevant to the BWC. As planning for the next BWC review conference in 2016 unfolds, cybersecurity should be included to ensure the BWC’s next chapter does not ignore a problem the biological sciences face now and in the future.

First Lady Dame Patience Jonathan has a big personality and is a powerful political figure. She holds multiple Nigerian university degrees. She has been the permanent secretary in the Bayelsa state government, usually the most senior civil service position. She was appointed by the governor who is a political ally of her husband, President Goodluck Jonathan. She has consistently advocated on behalf of more women in national life. She also acquired brief notoriety in the United States when she initially described the Chibok kidnapping as a fraud designed to embarrass her husband. Recent media reporting on Patience Jonathan’s verbal assaults on All Progressives Congress (APC) presidential candidate Muhammadu Buhari and the opposition’s response provides a glimpse into the current national electoral campaign. The Nigerian media reports the first lady as allegedly calling for the supporters of her husband’s Peoples Democratic Party (PDP) to “stone” those canvassing for “change.” The APC has since made a formal complaint against the first lady to the International Criminal Court for inciting violence. The first lady’s media aide, Ayo Ademuyi, has since said, “Dame Patience Jonathan is a woman of peace that can never in any way be identied with violence before, during, and after elections.” At another campaign venue, the first lady said Buhari was “brain dead." Buhari’s health has become a significant campaign issue. So much so that one opposition figure complained that the first lady was commenting on Buhari’s health rather than his intelligence or political acumen when she said he was brain dead. In Kogi state, Patience Jonathan is quoted as saying, “I thank you very much the people of Kogi. This time around, I came to thank you very well. I brought some gift for you. I brought rice. I brought brocade. I brought many thanks for you. It is not for election but to thank you very well.” In Sokoto, “to empower women,” she distributed 1,200 bags of rice, 5,000 bundles of brocade, 5,000 wrappers, 800 blankets, and 2,000 rubber mats to women in 23 local government areas. Her campaign rhetoric specifically targets women, emphasizing the number of women in the Jonathan administration. According to Nigerian media, the APC’s campaign organization has responded with a statement describing Dame Jonathan as “an incredibly crude woman,” and “thanked” Nigerians for putting up with her. The statement, signed by the APC’s director of media and publicity, Malam Garba Shehu, called on Jonathan to put the First Lady “in bridles" and protested Jonathan’s use of “worship centres” as platforms for official statements: “If predecessor presidents did not use the mosques or churches to make official statements of public importance, it is wrong for President Jonathan to start something that is already sending the wrong message.” Shehu also accused the president of exploiting religion for political gains. Further, the APC campaign organization is accusing Jonathan of disbursing large sums to “religious leaders in order to buy their conscience.” The use of incendiary rhetoric, the distribution of largess, and the appeals to religious identity do not paint a pretty picture. It is likely that the APC is as guilty in intent as the PDP, but with one difference. The PDP has deep pockets. The APC does not. Some of my Nigerian interlocutors have suggested that one of the motivations for postponing the elections from February 14 to March 28 was that the longer campaign period would bleed the APC dry. Come election day, we will see what consequence this may have had.

The UN Human Rights Council has convened for its 28th regular session, and its agenda includes revisiting Snowden-sparked debates about the right to privacy in international law. In explaining his actions, Snowden appealed to the Universal Declaration of Human Rights and human rights treaties. He wanted to expose the peril he believes pervasive government surveillance poses to the right to privacy, and his leaks catalyzed many privacy-related controversies. For example, Snowden’s revelations about U.S. and British signals intelligence programs launched efforts in the UN and the European Union (EU) concerning the International Covenant on Civil and Political Rights (ICCPR), EU privacy law, and the European Convention on Human Rights (ECHR). The UN General Assembly adopted a resolution on the right to privacy in the digital age, and the High Commissioner for Human Rights and Special Rapporteur for the Promotion and Protection of Human Rights while Countering Terrorism issued reports. The EU made demands on the United States in the context of data-sharing relations. Privacy advocates challenged UK  surveillance activities under the ECHR before a British tribunal and the European Court of Human Rights. But, after much deliberation, debate, and diplomacy, where do things stand? Have the key Snowden villains—the United States and United Kingdom—altered their approaches to their international legal obligations? Has the UN succeeded in illuminating how international law handles privacy challenges posed by digital technologies? Have countries spared by Snowden’s disclosures, including authoritarian states notorious for not respecting privacy, embraced UN interpretations of the right to privacy and improved compliance with international law? Looking across the post-Snowden landscape suggests that little has changed despite all the activity. UN human rights bodies have done what they often do—highlight painful gaps between what the UN claims international law requires and what governments do. In many countries where privacy has long been an empty right, it has been business as usual, or worse. The British government believes it has effectively defended its position in domestic litigation and wants stronger surveillance powers from Parliament. Changes in U.S. signals intelligence have occurred, some of which are unprecedented, but they owe more to factors other than international law. In the United Nations UN activities have followed a familiar pattern. The General Assembly’s resolution was contentiously negotiated, was claimed as vindication by countries that did not agree about what the resolution meant, and, tellingly, was adopted without a vote. UN officials asserted that existing international law provided compelling answers to all privacy-related questions raised by member states—an assessment, critics observed, that lacked analysis of state practice on complex issues, such as extraterritorial jurisdiction, what "arbitrary and unlawful" interference with privacy means, balancing secrecy and transparency in surveillance programs, and the extent of discretion governments have in confronting security threats. And, as often occurs and is happening again this month, a UN human rights perspective disconnected from the way states behave comes before the Human Rights Council, the membership of which typically includes a rogue’s gallery of states renown for their lack of interest in human rights, including privacy. In Authoritarian Countries Authoritarian governments do not appear to have had any "come to Snowden moments." Human Rights Watch condemned a proposed new Chinese counter-terrorism law  because it would establish "a total digital surveillance architecture subject to no legal or legislative control" inconsistent "with international law and the protection of human rights." Just as Snowden began his temporary asylum in Moscow in the fall 2013, researchers described Russian surveillance capabilities as "an Orwellian network that jeopardizes privacy and the ability to use telecommunications to oppose the government." In 2014, Human Rights Watch asserted that Russia "took a leap backwards demonstrating little respect for its human rights obligations." In the United Kingdom A British tribunal rendered decisions in December 2014 and February 2015, which held that, after the British government provided transparency on safeguards it had in place, it was in compliance with the ECHR concerning receipt of surveillance information from the NSA. Given the storm Snowden stirred up about the UK’s signals intelligence activities, the change required for the tribunal to consider the government in full ECHR compliance was strikingly limited. Although they claimed victory, privacy advocates were upset the tribunal did not strike down the U.S.-UK information-sharing arrangement on substantive grounds. Whether the European Court of Human Rights reaches a different conclusion remains to be seen. To complement its recent wins in the courts, the British government has expressed interest in new legislation that would expand its surveillance powers. In EU-U.S. Data-Sharing Relations The EU used the Snowden-generated controversies to make demands on the United States in negotiating data-sharing arrangements, namely the Safe Harbor and "Umbrella" agreements. This scenario replays difficulties the EU and the United States have long had on privacy.The EU has not re-interpreted EU privacy law because of Snowden’s actions, but it has exploited the disclosures to strengthen its negotiating position with the United States. For its part, the United States has not altered its stance on its ICCPR obligations because it negotiates privacy deals with the EU. In the United States A February 2015 progress report from the Director of National Intelligence (DNI) highlights changes implemented since President Obama announced reforms in Presidential Policy Directive-28 (PPD-28) in January 2014. Some changes address concerns about the privacy of U.S. persons that are anchored in U.S. law not international law. Other changes relate to EU negotiating demands, such as the commitment to pursue legislation to permit nationals of designated countries to seek redress in U.S. courts for inappropriate handling of personal data. Some reforms relate to debates about international law, particularly whether U.S. treaty obligations on privacy apply outside U.S. territory. Under PPD-28, the U.S. intelligence community now treats information collected on foreign nationals outside the United States under rules equivalent to those on the treatment of information on U.S. persons. David Medine, Chairman of the Privacy and Civil Liberties Oversight Board, argued that this decision is unprecedented because “no country on the planet [...] has gone this far to improve the treatment of non-citizens in government surveillance.” But the Obama administration has not expressly grounded this move in international law. PPD-28 and the DNI’s progress report do not link this change to international law. Nor does the decision seem inspired by the UN’s, ECHR’s, or EU’s respective approaches to privacy in international law. Rather, this shift might reflect a claim of American exceptionalism—the United States is undertaking something exceptional with privacy in the digital age that only America would dare to attempt, even after events as damaging as Snowden’s leaks. And, like all claims of American exceptionalism, it is highly provocative but, nevertheless, consequential for reasons well beyond international law.

Alex Grigsby is the assistant director for the Digital and Cyberspace Policy program at the Council on Foreign Relations. Tim Maurer and Duncan Hollis from the New America Foundation published a piece in Time last week in which they proposed the idea of creating a Red Cross (yes, that one) for cyberspace. In a nutshell, they argue that a global federation of Computer Emergency Response Teams (CERTs), similar to the Red Cross and Red Crescent movement, could provide neutral, impartial and independent cybersecurity assistance to those who require it. According to Maurer and Hollis, this is required to "restore trust in the Internet and protect information technology that increasingly supports critical infrastructure, and through it, human existence." They both expounded on the idea earlier this week at a New America Foundation event. Kudos to Maurer and Hollis for pitching the idea and starting the debate—it’s definitely one worth having. However, if past experience is any indication, a neutral, impartial and independent global cybersecurity entity that can provide assistance to those in need faces enormous challenges. There have been efforts in the past to set up an organization akin to a federation of CERTs. The International Telecommunication Union (ITU), a UN agency, has run a global cyber security incident response team known as ITU-IMPACT since in 2008. ITU-IMPACT bills itself as an impartial, trusted and politically neutral information sharing and analysis platform with membership open to all ITU member states. Despite this, the organization has struggled with legitimacy issues. Certain countries (particularly in the West) are reluctant to share confidential and sensitive information with it as UN organizations are routinely and successfully targeted for foreign intelligence purposes. Why would a country share confidential vulnerability information with an entity with a high likelihood of getting intercepted? That partially explains why the countries with the most advanced cybersecurity capabilities (e.g. Russia, the United States, Japan, the United Kingdom, Singapore, France) are not IMPACT members. Furthermore, the experience with ITU-IMPACT also highlights the challenge of creating politically neutral international entities. Ever since IMPACT’s creation, it has become a political football reflective of a larger debate at the ITU as to the organization’s appropriate role in cybersecurity and Internet governance. These divisions have hampered IMPACT’s effectiveness and credibility. Maurer and Hollis are well aware that building a Red Cross-like entity on the back of the existing CERT community is going to be difficult. For example, they note the impartiality and neutrality challenges as some CERTs are run by governments (e.g. US-CERT, the Canadian Cyber Incident Response Centre, Colombia’s CERT). That’s only part of the problem. It is not inconceivable that three-letter intelligence agencies use government-run CERTs to gain insight into others’ security vulnerabilities or use them to disclose previously classified indicators of compromise to shut down certain state-sponsored cyber activity. This is an existing challenge in the CERT community which already hinders global cybersecurity cooperation. As much as it would be desirable, it’s hard to imagine that self-interested countries would voluntarily give up this capability for some higher humanitarian purpose. Lastly, the Red Cross and CERTs derive their value from fundamentally different sources, which makes transferring the model from one community to another difficult. In cases of armed conflict, the Red Cross provides assistance to the sick and wounded based on publicly available medical information—doctors generally have the same background and the knowledge required to treat a patient doesn’t differ all that much from one country to another. While CERTs are generally well trained, a CERT’s effectiveness in responding to an incident is only as good as the existing information they have on hand, such as a large databank of malware samples, indicators of compromise, and information fed to it by its client base. The information asymmetry that exists among CERTs makes it less likely that a team dispatched to solve a computer security problem will have all the information it needs to do its job than a doctor or nurse sent to treat the sick and wounded. At its most fundamental level, a lack of trust among the main cybersecurity actors hampers cybersecurity cooperation because everyone senses they are vulnerable. It also doesn’t help that cybersecurity is often portrayed as a national security issue which makes everyone jittery and reluctant to cooperate. Developing a cyber Red Cross presumes that some form of trust already exists in order for a federation of CERTs to emerge. Baby steps, like setting the norms and response times for CERT requests for assistance, are required first. Tom Millar from US-CERT alluded to this in his remarks at the New America panel when he said (and I’m roughly paraphrasing) that responding to a request for assistance shouldn’t take three days while a foreign ministry considers its options. Only once everyone has the same baselines for international cyber cooperation and have experience interacting with each other will we be in a better position of talking about a Red Cross for cyberspace.

This is a guest post by Cheryl Strauss Einhorn, a journalist and adjunct professor at the Columbia University Graduate School of Journalism. They’ve got him, but can they get him? That’s the question before the International Criminal Court (ICC) as it finally confronts Dominic Ongwen, the number two commander in Joseph Kony’s Lord’s Resistance Army (LRA). The Court has been after him for a decade, almost as long as it has been in existence. So can it bring Ongwen to justice? The dilemma: Ongwen is not only a perpetrator; he is also a victim of the LRA. A group that must also be brought to justice, the LRA is blamed for killing over 100,000 people and kidnapping some 60,000 children across 5 central African nations during the past 25 years. Ongwen himself was one of those stolen children. Kidnapped at the age of 14 on his way to school in 1988, Ongwen allegedly shed his childhood for murder and mayhem, quickly rising through the ranks. This raises an important issue for a Court that has shed a spotlight on the problem of child soldiers, but must recognize that Ongwen is charged with crimes he committed as an adult. Ongwen, the first Ugandan rebel to face the Court, is not going to make it easy for the Court to bring him to justice. For example, when asked by a judge what his job is he replied “I am unemployed, and that is all.” While Ongwen later admitted “Prior to my arrival at the court I was a soldier in the LRA,” it is his right to try to defend himself and dodge incriminating questions; it is the Court’s obligation to effectively mete out justice. Will the Court consider his personal history as a mitigating factor in his confirmation hearings in April that provide the preliminary step to decide whether a case will be referred for trial? Certainly, these facts could be relevant to his legal defense. In fact, in his home country of Uganda, Ongwen was banking on returning home a free man. Back in 2000, the Ugandan government passed an Amnesty Act allowing thousands of former LRA combatants, including those who willingly joined the rebels, to qualify for a full pardon. The reason: an effort to enable communities to sidestep the murky issue of culpability stemming from being, like Ongwen, both a perpetrator and a victim. In a videotaped interview with the Ugandan Army Ongwen said “I have shown my true character by coming out. I don’t want to die in the wilderness. If the call for amnesty is mere politicking, then I leave it in the hands of the authorities holding me.” The Ugandan authorities chose to turn him in to the Court. Uganda’s state minister for foreign affairs, Henry Oryem Okello, told the press that President Museveni was compelled to send Ongwen to the Court because his alleged crimes extended beyond Uganda’s borders and into other countries where the LRA was active, including the Democratic Republic of the Congo (DRC) and South Sudan. Specifically, the Court alleges that in 2005 Dominic Ongwen was the LRA’s commander of the Sinia Brigade and accuses him of three counts of crimes against humanity, as well as four counts of war crimes, including murder and the cruel treatment of civilians. As recently as a month ago Ongwen told the Ugandan Army, “Even up to now, I dream about war every night.” So what will happen? The Court will again have to forge new ground. It will have to show that it can prove its charges against Ongwen and it must push the conversation of child soldiers forward, not by accepting a false choice between clemency and sanction, but instead by showing that understanding and compassion are not at odds with justice.