International Law

The following is a guest post by Theresa Lou, research associate in the International Institutions and Global Governance program. After Burundian lawmakers voted overwhelmingly to withdraw from the International Criminal Court (ICC) on October 12, South Africa and Gambia quickly followed suit and declared their own decisions to leave the court. This isn’t the first time that member nations have threatened to withdraw from the court, but none has ever followed through. This time, however, the ICC’s future seems less certain. Other ICC members, such as Kenya and Uganda, may seek to “capitalize on the momentum,” as Indiana University Professor David Bosco told the New York Times, prompting concerns that the ICC will soon face an African exodus. In an article just published by Foreign Affairs, I argue that despite the ICC’s flaws—such as limited political will and uneven membership—it remains crucial to combating impunity, especially among high-level officials that have committed unspeakable crimes. To abandon the ICC would be to betray victims of atrocities everywhere.

South Africa’s Jacob Zuma administration’s notice to the United Nations of its intention to withdraw from the International criminal Court (ICC) has been received with consternation by civil society organizations such as Amnesty International. However, it is unclear, even unlikely, that the Zuma administration can take such a step without a parliamentary vote. It is also unclear whether parliament would go along. The administration’s move should be seen in the context of South African domestic politics, and as an effort for a politically weakened Zuma to shore up his ‘African’ credentials domestically. Meanwhile, the South African Constitutional Court will rule in November whether the Zuma administration broke domestic and international law by failing to turn over Sudan’s Omar al-Bashir to ICC jurisdiction as required when he visited South Africa for an African Union Summit. (The Court’s ruling will be based on the law at the time of al-Bashir’s visit; South Africa’s moves to withdraw from the ICC will be irrelevant.) The Zuma administration’s ‘respectable’ argument for withdrawal is that the ICC has failed to ‘consult’ on the issue of whether head-of-state immunity trumps an ICC indictment. (Head of state immunity would, of course, emasculate the ICC and largely defeat the purpose of its establishment.) Led by Kenya’s Uhuru Kenyatta and other African heads of state of dubious reputation, claims are regularly made that the ICC is ‘biased’ against Africa and hold Africans to a higher standard than elsewhere. At the most recent African Union (AU) summit, Kenya proposed “… a roadmap for the withdrawal of African nations” from the ICC. Though this proposal failed to pass, the AU interministerial committee is likely to present reform demands at the next meeting of ICC members. Just days before the South African announcement, Burundi became the first African nation to announce its withdrawal from the ICC. Accordingly, Zuma’s moves to withdraw from the ICC will be welcomed by the likes of Sudan’s al-Bashir, Kenya’s Kenyatta, Burundi’s Pierre Nkurunziza, and Zimbabwe’s Robert Mugabe—but not necessarily by South African public opinion. Following a string of scandals and court decisions against him, Zuma is a wounded political figure. The African National Congress’s poor performance in the August local government elections increases his vulnerability. South African civil society, well-organized and articulate, will ensure that administration efforts to withdraw from the ICC is vetted first by parliament and then by the courts. South Africa was one of the founders of the ICC, and the Treaty of Rome has been incorporated into South African domestic law. Hence, withdrawal would be difficult.

Patrick Lin, Ph.D., is the director of the Ethics + Emerging Sciences Group at California Polytechnic State University, San Luis Obispo, where he is an associate philosophy professor. When cyberattacks come from abroad, there’s special panic. We often imagine them to be the opening volleys of a cyberwar that could escalate into a kinetic war. For that reason, hacking back—or cyber-counterattacking—is presumed to be too dangerous to allow. The legal case against hacking back is that the use of force is a power reserved only for governments, not private individuals and companies. The moral case is that it invites retaliations that can strain political and economic relationships or worse. But this is too quick. A deeper ethical analysis reveals reasons why hacking back may not be as problematic as believed. Consider this analogy: Imagine that state-sponsored parties—maybe explorers or military reconnaissance—from two adversarial nations cross paths in unclaimed or contested territory, such as the Arctic region. Nationalism runs high, words are said, and shots are exchanged. Some people are killed. Is this the beginning of a war? On the face of it, this would seem to violate international laws of armed conflict. As declared by the United Nations Charter, article 2(4): “All Members shall refrain in their international relations from the threat or use of force against the territorial integrity or political independence of any state, or in any other manner inconsistent with the Purposes of the United Nations.” And it is within the natural rights of the attacked nation to defend itself. As declared by the UN Charter, article 51: “Nothing in the present Charter shall impair the inherent right of individual or collective self-defence if an armed attack occurs against a Member of the United Nations, until the Security Council has taken measures necessary to maintain international peace and security.” Firing back, of course, may exacerbate the conflict and draw the two nations into war, and this is a worst-case scenario that we would be right to guard against. But does hacking back really create a risk like this? Like the Arctic, cyberspace is a borderland of sorts, too. Cyberspace is an ephemeral, unfamiliar domain that slips between a purely informational world and the physical world. If so, then it’s unclear that a cyberconflict threatens territorial integrity that requires armed defense, because the borders of cyberspace are hard to locate in the first place, even if it has clear physical roots. If cyberspace is something like a contested frontier, then the following legal case is relevant. In the International Court of Justice case of Nicaragua vs. United States of America in 1984, the court’s judgment distinguished an armed attack from a “mere frontier incident” (para. 195). This means that a frontier incident cannot trigger UN Charter’s article 51 to justify a counterattack and escalation. But that does not mean the victim cannot counterattack at all, only that the state can’t invoke its right to self-defense. Personal self-defense could justify a counterattack, even if a state’s sovereignty isn’t at stake. The frontiersmen involved—the settlers, traders, explorers, or military scouts—would understandably want to defend their own lives, as well as deter future attacks, by returning fire at things that shoot at them. Even without appealing to self-defense, it may be enough to observe that frontier incidents are an inherent risk to frontiers. Bad things happen here, and pushing back is one of those unfortunate, but reasonable and natural, responses. It would be better if frontiers were governed by law, but that’s the nature of frontiers. This lines up with the idea that “gray zones” of conflicts can exist: attacks short of war but still aggressive. The rules and borders of the cyber frontier are still unclear, as are its governing authorities. While these are still being sorted out, we may arguably treat cyberattacks as frontier incidents, which are not necessarily escalatory. At least when they don’t harm physical things clearly within a state’s territory—such as causing equipment to fail or even explode—hacking and counter-hacking aren’t as serious as an armed attack or act of war. In a larger discussion, the Ethics + Emerging Sciences Group at Cal Poly just published a new report where we consider other analogies for cyberattacks, such as seeing it as a public health problem, like fighting a virus outbreak. These also suggest that hacking back could be ethically and legally allowed. Until there is clear law that forbids it, and until authorities can reliably defend our systems, hacking back may become the “new normal”, if it becomes more prevalent. It’s simply an assumed risk of living in the cyber frontier. But it’s easy to forget this risk under the comfortable blanket of Facebook likes and cat videos. Settling on new lands has never been easy, and we must never forget where we are.

Allegations the Russian government hacked the Democratic National Committee (DNC), Democratic Congressional Campaign Committee (DCCC), and the Hillary Clinton campaign have generated intense attention, especially concerning the implications of possible Russian efforts to use the fruits of cyber espionage to influence the U.S. election. Although Russia rejects the allegations, these hacks might constitute payback for Clinton and Democrats, who championed direct U.S. cyber support for opponents of authoritarian regimes during the Obama administration. China and Russia have long complained the United States manipulates cyberspace to interfere in their domestic political affairs, and, under this perspective, airing the DNC’s digital dirty laundry through Wikileaks courtesy of Russian intelligence perhaps means turnabout is fair play. One of Clinton’s most well known speeches as Secretary of State was her remarks on internet freedom in January 2010. In this speech, Clinton described how cyberspace supported the “four freedoms” articulated by President Roosevelt in 1941. But she also asserted the emergence of a fifth freedom: “the freedom to connect—the idea that governments should not prevent people from connecting to the internet, to websites, or to each other.” Clinton placed the freedom to connect at the heart of the Obama administration’s conception of internet freedom. In policy terms, Clinton explained, the freedom to connect animated the administration’s efforts “to help individuals silenced by oppressive governments” in over forty countries, provide “new tools that enable citizens to exercise their rights of free expression by circumventing politically motivated censorship,” fund and train local political groups to use the internet effectively and safely, and making it clear to “nations that censor the internet . . . that our government is committed to helping promote internet freedom.” Clinton argued the internet provided the means for digital samizdat to overcome the “new information curtain . . . descending across much of the world” in the same way clandestine leaflets during the Cold War contributed to the fall of the Berlin Wall and Iron Curtain. For China, Russia, and other authoritarian governments, this rhetoric and agenda constituted a U.S. strategy to intervene in their domestic politics through cyber means. Such governments doubled down domestically and internationally on “internet sovereignty,” which has included efforts to increase government control over the internet and over the activities of foreign-supported organizations in cyberspace. As a result, the “internet freedom” versus “internet sovereignty” conflict has become ubiquitous in international cyber politics. The exquisitely timed release of DNC emails by Wikileaks, and the promise by Julian Assange of more DNC disclosures to come, has possibly added a new twist to this overarching conflict. Whether or not Russia is behind the leaks, it is not hard to imagine amusement in the Kremlin over U.S. politicians, especially Hillary Clinton, fretting over a foreign government’s exploitation of cyberspace to influence domestic politics in another country. Isn’t that what Clinton claimed the United States had a right to do in her speech on internet freedom, and what the Democrat-led Obama administration pursued? Is the DNC leak, and the hacking of the DCCC and the Clinton campaign, perhaps a message that other governments can also engage in cyber intervention into the domestic politics of foreign countries? And a message particularly for Clinton, the champion of US cyber meddling in the domestic politics of other nations? Clinton and others associated with the internet freedom agenda would reject any equivalence between U.S. support to help political dissidents circumvent internet censorship and protect their communications from the surveillance of oppressive regimes and efforts by foreign governments to intervene in American democratic politics. But, the internet sovereignty position rejects American perspectives on the relationship between cyberspace, human rights, and the principle of non-intervention in the domestic affairs of other countries. The legal and ideological differences among countries concerning cyberspace expand incentives for adversary states to exercise material power to shape the geopolitical agenda. These speculations, like others offered by experts, frame these hacks and the release of DNC emails in ways that reinforce the increasing political dangers countries face and the lack of global norms regulating cyberspace. The escalating risks and paucity of agreed norms helps explain the growing prominence of coercion, retaliation, and deterrence in cybersecurity policies. Frequent calls for retaliation against Russia, if Russian involvement in the DNC leaks is sufficiently established, highlight these rising dangers, the entrenched disagreements about appropriate state behavior in cyberspace, and the growing desire to address cybersecurity threats through power politics.

Annegret Bendiek is a senior associate at the German Institute for International and Security Affairs (SWP).  It’s cliché to say that we are increasingly dependent on internet-enabled technologies. Nevertheless, Europe is struggling to keep up. Shrinking budgets limit European countries’ ability to invest in building resilience against cyberattacks. The interconnectedness of critical infrastructure, along with the coming internet of things, forces European policy makers to consider the following question: how we protect and create resilient critical infrastructure? Finding an answer to this question is politically fraught. Security experts who adhere to the realist school of international relations theory argue that policymakers must accept the increasing militarization of cyberspace. They argue that states must build up their offensive and defensive cyber capabilities. This view has gained currency in a number of countries, as strategic planners issue national security policies with a cyber component. Likewise, the European Union and NATO have begun corralling their respective members to establish common defensive capabilities. It is also hard to overlook the reemergence of the state in cyberspace as they emphasize their digital sovereignty. More liberal minded scholars warn that the build-up of offensive capabilities only repeats the mistakes of the past. It will foster mistrust, lead to a new arms race and might even lead to the internet’s fragmentation as states assert their sovereignty. A free, open and trustworthy internet is an important global public good, and an offensive build-up puts that at risk. Following up on the approach of work under the auspices of the United Nations and Organization for Security and Cooperation in Europe (OSCE), much of policymakers’ attention has been focused on finding agreement common norms for state behavior in cyberspace with mixed success. Recently U.S. and EU officials have been adapting concepts found in the law of state responsibility, which sets out how and when a state is responsible for a breach of its international obligations, to promote certain cyber norms. For example, policymakers across the Atlantic are promoting the idea of state responsibility—states are responsible for the cyber activity originating from their territory. The UN Group of Governmental Experts on cyber issues picked up and endorsed this idea in its 2015 report, and will likely expand on this notion when its work resumes later this year. As the European Union will update its 2013 cybersecurity strategy, and will extend it to a “strategy for cyberspace” it should make the norm of state responsibility a cornerstone. A number of member states are developing their offensive and defensive capabilities, making an EU-wide strategy essential to ensure that their actions are compatible with norms that support a free, open, and trustworthy internet. The European Union can promote state responsibility in cyberspace in three ways:           EU coordination. Since 2003, EU officials have coordinated their cyber efforts through a Friends of the Presidency Group on Cyber Issues. Having this group agree to a common position on the norm of state responsibility would give the European External Action Service—the European Union’s diplomatic corps—a common message and outreach strategy with which to build support. The External Action Service’s work can be supported by the European Network and Information Security Agency, the authoritative reference for cybersecurity in the European Union.             Transatlantic support. Making states responsible for their cyber activities is only possible if states can attribute offensive cyber incidents. Despite their differences on privacy, espionage, and surveillance, the European Union and the United States need to cooperate to solve the attribution problem. One way they could do this is by supporting an effort to create an independent court of arbitration with the forensic capabilities to identify parties responsible for offensive cyber activities. An independent third party would improve the credibility of attributing an incident to a particular state thereby making it responsible.             Military restraint. Under international law, if a state has had its sovereignty violated, it is entitled to use all necessary and proportionate means to terminate that violation. This would apply in cyberspace, where a targeted state could engage in what has been dubbed “active defense” to end an ongoing cyberattack started by another state. Although taking these types of countermeasures are legal under international law, in practice, responses of this kind easily run the risk of escalation, possible legal breaches, and undermining the tradition of military restraint in foreign and security policy. To avoid this, EU member states should ensure that their respective militaries remain committed to a defensive approach, and promote this posture within NATO, the OSCE and other multilateral security institutions.   The internet is too precious and important to be left to the realists and to those who can only think in the categories of conflict and confrontation. A transatlantic initiative is required to ensure that it remains free, open and trustworthy. Without this, we might wake up one day and see that the cyber world of the twenty-first century looks dangerously similarly to political world of the nineteenth century.

In a Wall Street Journal op-ed this week, Senator Mike Rounds argued the United States urgently needs “a clear and concise definition of when an attack in cyberspace constitutes an act of war.” To produce this definition, Rounds introduced the “Cyber Act of War Act” to remove “dangerous ambiguity” in U.S. policy and better prepare the United States “to respond to cyberattacks and better deter bad actors from attempting an attack on the U.S. in the first place.” Unfortunately for Rounds, his proposal would neither produce the definition he believes is critical nor advance policy from where it presently stands. Although Senator Rounds stresses the need for a clear and concise definition of a cyber act of war, the bill does not mandate the government produce such a definition. The proposed legislation would require the president to “develop a policy for determining when an action carried out in cyberspace constitutes an act of war against the United States.” This obligation is procedural—establish a process for deciding when a cyber incident crosses into warfare. Developing this process would not necessarily produce a clear and concise definition of a cyber act of war. In developing a policy process, the bill instructs the president to consider how “a cyberattack may be equivalent to the effects of an attack using conventional weapons, including with respect to physical destruction or casualties” and “intangible effects of significant scope, intensity, or duration.” Application of these criteria would not produce a clear and concise definition. What the bill proposes is a process that evaluates cyber incidents on a case-by-case basis using relevant considerations. In that sense, the proposed act would do nothing not already being done. The Obama administration has delineated criteria for deciding how to characterize a cyber incident. In keeping with prevailing policy and law, the administration analyzes this issue in terms of the use of force rather than acts of war, but the different terminology is not analytically important. As just one example, the State Department’s Legal Advisor, Harold Koh, noted in 2012 that: Cyber activities that proximately result in death, injury, or significant destruction would likely be viewed as a use of force. In assessing whether an event constituted a use of force in or through cyberspace, we must evaluate factors: including the context of the event, the actor perpetrating the action . . . , the target and location, effects and intent, among other possible issues. Koh also highlighted that “there are other types of cyber actions that do not have a clear kinetic parallel, which raise profound questions about exactly what we mean by ‘force.’” U.S. policy already considers the different effects cyber operations can produce and the challenges such consequences create for determining whether a use of force occurred. Koh further noted that, pre-cyber, states experienced “ambiguities and differences of view” concerning when kinetic activities constituted a use of force or an armed attack—a situation that never provoked Congress to demand clear and concise definitions of these critical terms. Moreover, the Obama administration has addressed numerous incidents, including the North Korean cyberattacks against Sony Pictures Entertainment, and determined they did not constitute acts of war based on the criteria used to make these decisions. The administration has developed a policy process informed by relevant criteria, raising the question why Senator Rounds wants Congress to force the president to develop a process that considers criteria already embedded in policymaking. Senator Rounds’ advocacy for a clear definition also runs headlong into the well-understood reality that determining whether a use of force has occurred involves, and should involve, strategic and political factors that render attempts to produce unambiguous definitions futile. In this context, governments prefer a measure of political discretion. This preference is normatively important especially where kinetic or cyber incidents do not obviously involve the use of force. The exercise of this discretion requires policy processes that evaluate incidents on a case-by-case basis utilizing multiple criteria, including political and strategic factors specific to the incidents and their political contexts. Nor would a definition promote better responses to cyber incidents or deter cyberattacks. The United States already has ample reasons to respond effectively to cybersecurity threats, and a definition will not produce better response strategies or capabilities. In terms of deterrence, setting a low threshold for a cyber act of war would be controversial and invite adversaries to test this “red line.” Setting the threshold high would incentivize operations that push against it, daring the United States to violate its self-imposed definition. Either way, the definition could undermine the credibility of deterrence. In sum, the Cyber Act of War Act is an ill-conceived proposal that deserves to die, quickly, in Congress.

Bertrand de La Chapelle and Paul Fehlinger are the co-founders of the global multistakeholder policy network Internet & Jurisdiction. On the Internet, 17th century principles of Westphalian territoriality clash with 21st century digital realities. As Internet penetration moves beyond three billion users in over 190 countries, a new legal arms race develops in cyberspace that can threaten the future of the global digital economy, human rights, the Internet infrastructure and cybersecurity Most everyday online interactions involve multiple jurisdictions at once, based on the locations of users, servers, Internet companies, or registrars and registries through which domain names were acquired. Contemporary Westphalian tools of cooperation were not designed for a situation where transnational is the new normal, as interactions across borders were historically rare. New challenges regarding the application of jurisdiction to user data, content and domain names need to be addressed with urgency. A universal, multilateral Internet treaty to regulate the full array of cross-border issues ranging from hate speech or defamation over cybercrime to intermediary liability, seems, at best, far away. Meanwhile, traditional modes of interstate legal cooperation struggle to adapt to the current situation. Mutual legal assistance treaties (MLATs) face their limits in terms of scope (only covering specific criminal issues), speed (taking months or years to be processed), asymmetry (imposing the law of the receiving country potentially over the law of other countries) and scalability (requiring potentially several thousands of bilateral treaties to cover all countries). States are nevertheless prompted to act to fight abuses and ensure that the rule of law applies online as it does offline. The uncoordinated enforcement of national laws on the Internet however can have severe and detrimental unintended consequences. The unrestrained application of traditional territoriality criteria on the cross-border Internet can lead to extraterritorial extensions of sovereignty (national decisions impacting Internet users in other jurisdictions), restrictive “digital sovereignty” measures (erecting national borders in cyberspace through means such as data localization) and acute conflicts. A new report by Internet & Jurisdiction, a global policy network that brings together states, companies, operators and civil society, stresses that “[t]he lack of coordination and the inability of the Westphalian international system to provide the necessary cooperation solutions produce a typical “prisoner’s dilemma” situation. That is, every single actor, forced to use the only tools available to it, makes short-term decisions that appear in its immediate interest, although their cumulative effect is at best suboptimal and most likely detrimental to all in the longer term”. Internet governance can be divided into governance “of” the Internet, i.e. its technical layer, and governance “on” the Internet, i.e. its application and usage layer. Regarding governance “of” the Internet, an ecosystem of organizations, including ICANN, the Internet Engineering Task Force or the World Wide Web Consortium ensure the technical interoperability of the Internet, regardless of the location of connected people and networks. Governance “on” the Internet however remains a nascent field. We have not yet developed the legal interoperability mechanisms that a global Internet demands. States, companies or civil society cannot mitigate this jurisdictional dilemma on their own. More transnational cooperation between all actors is needed to address the challenge of managing cross-border online spaces and services if we want to preserve the global Internet for the next generations of Internet users to come. This is why Internet & Jurisdiction facilitates, since 2012, a pioneering global policy process that already engages more than 100 entities from all Internet stakeholder groups around the world. Its objective is to help them develop new legal frameworks and policy standards that are as transnational as the Internet itself and can guarantee due process across borders. The upcoming first Global Internet and Jurisdiction Conference, to be held in November 2016, will provide a milestone opportunity in that regard to review progress. Like climate change or financial regulation, jurisdiction on the Internet is a global challenge that will only become more complicated if left unattended. States, companies and civil society need to step up efforts to avoid the negative consequences of the current legal arms race, preserve the global nature of the Internet and address its misuse. We need innovative cooperation mechanisms that are as transnational as the Internet itself.

Greenpeace’s disclosure of negotiating documents concerning the proposed Transatlantic Trade and Investment Partnership (TTIP) agreement between the United States and the European Union (EU) has renewed controversies about TTIP specifically and trade agreements generally. Although the released documents do not cover all issues under negotiation or include the negotiating text on electronic commerce, the leaks highlight factors that spell trouble for the goal of modernizing international trade law for the digital age. The need to adapt international trade law to support and foster e-commerce has been apparent for some time, and countries began including e-commerce provisions in bilateral and regional trade agreements and working on digital trade issues within the World Trade Organization (WTO). With WTO efforts not making progress, the proposed Trans-Pacific Partnership (TPP) agreement and TTIP offered better opportunities for crafting new international trade law for e-commerce. Indeed, the Obama administration argued TPP’s e-commerce chapter promised to link “some of the world’s most sophisticated Internet economies with rapidly growing developing nations across four continents” through “the most ambitious trade policy ever designed for the Internet and electronic commerce.” In TTIP negotiations, the United States and the EU have tabled proposals on electronic communications/telecommunications services and e-commerce. Greenpeace posted the consolidated negotiating text for electronic communications/telecommunication services, an important area but distinct from e-commerce. The TTIP leak did not include the consolidated text on e-commerce, so it is not possible to compare what the United States and the EU are discussing with the TPP’s e-commerce provisions. At present, only the EU has made its e-commerce proposals public. One document Greenpeace released—an EU note on the “Tactical State of Play of the TTIP Negotiations” from March 2016—described the e-commerce talks as covering “all proposals except for the provisions on data flows and computing facilities,” addressing non-discriminatory treatment of digital products (except audio-visual services), and considering EU proposals on e-trust and e-authentication services and on the prohibition of requirements for prior authorization for online services. The EU note also mentioned negotiations concerning conformity assessment principles for information and communication technology products that use encryption, with the TPP text as the basis of these discussions. On this issue, the EU stressed “the sensitivities of Member States, which are competent in this area and which would not like to see its right to regulate curtailed in a security-related area.” The EU note briefly described ongoing work among the negotiators on other digital trade issues, including e-labeling, e-accessibility, and e-health. In its criticisms of the disclosed documents, Greenpeace did not address e-commerce issues and emphasized its belief that the EU and U.S. positions in the TTIP negotiations threaten the ability of governments to protect health and the environment from corporate interests. However, unlike the TPP negotiations, the TTIP talks have unfolded in the midst of contentious transatlantic digital relations. The European Court of Justice struck down the U.S.-EU Safe Harbor agreement as incompatible with EU privacy rules in 2015. The United States and the EU then concluded the Privacy Shield agreement in February 2016 in a new attempt to calibrate EU privacy protections with EU-U.S. data flows, but privacy experts from EU member states raised serious concerns about Privacy Shield in April 2016. Actions by EU competition law authorities against U.S. technology companies, such as Google, have also agitated transatlantic digital relations. These privacy and competition law problems between the EU and the United States do not constitute insurmountable obstacles to progress in TTIP negotiations on e-commerce issues. But, TTIP negotiations, including on competition law issues, will not resolve these problems, which are more significant politically and economically than differences the United States and the EU have over what TTIP’s e-commerce provisions should include. The TTIP leaks by Greenpeace threaten the contributions TTIP could produce in the area of e-commerce by making TTIP more controversial, especially in Europe, and could undermine the prospects the United States and the EU can complete the agreement before President Obama leaves office. The negotiating texts Greenpeace disclosed suggest the United States and the EU have much work to do on many issues in a period of time that is now worryingly short and saturated with controversies. In addition, with all leading U.S. presidential candidates railing against trade agreements, congressional approval of TPP and a completed TTIP before the Obama administration ends is increasingly unlikely. No matter who it is, the winner of the presidential election will not enter office with the desire or mandate to pursue TPP, TTIP, or other trade agreements. In this context, leadership on developing international trade law to support and expand e-commerce will not come from the United States. Unfortunately, should this come to pass, the world economy will have bigger problems on its hands than missed opportunities on e-commerce.

Coauthored with Theresa Lou, research associate in the International Institutions and Global Governance program at the Council on Foreign Relations. World leaders gather at the United Nations this week (April 19-21) for the UN General Assembly Special Session (UNGASS) on the world drug problem. This is the first such event since 1998, when member states committed themselves to policies aimed at eliminating illegal drugs by 2008. Trillions of taxpayer dollars and many destroyed lives later, that goal remains elusive—and illusory. This year’s UNGASS offers an overdue opportunity to rethink the war on drugs, and to appreciate how much attitudes have changed over the last eighteen years. Simply put, the longstanding global consensus behind prohibition is fracturing. Though there is little appetite to overhaul the three main international treaties—the 1961 UN Single Convention on Narcotic Drugs, the 1971 Expanded Convention, and the 1988 Convention against Drug Trafficking—a growing number of governments are calling for greater national flexibility in interpreting and enforcing these international obligations. The war on drugs has been a costly failure with far-reaching, negative impacts. A short list includes unacceptable violence, political instability, mass incarceration, and human rights violations. Even the UN Office of Drugs and Crime (UNODC) concedes this point: “Global drug control efforts have had a dramatic unintended consequence: a criminal black market of staggering proportions…. The illicit drug business is worth billions of dollars a year, part of which is used to corrupt government officials and poison economies.” As the Global Commission on Narcotic Drugs concluded in its landmark 2011 report, supply-side efforts that focus on eradication, interdiction, and prosecution have had little impact on global markets, even as they provide cartels and gangs with massive resources to destabilize source and transit countries. Rather than insisting on “zero tolerance” and forcing all countries into “the same rigid approach to drug policy—the same laws, and the same tough approach to their enforcement,” the commission concluded, it was time to experiment at the national level. This reformist thesis has garnered adherents in Latin America, which has borne the heaviest brunt of the war on drugs. Murder rates in Honduras, Guatemala, El Salvador, and Colombia are among the world’s highest, while drug-related violence takes 30 lives a day in Mexico. Given these figures, it came as little surprise in 2012 when the presidents of Colombia, Guatemala, and Mexico jointly asked the United Nations to “analyze all available options…with the aim of establishing a new paradigm….” Agreeing that the “one-law-fits-all” strategy was counterproductive, the Organization of American States (OAS) in 2013 endorsed the concept of “differentiated approaches,” arguing that governments should tailor their policies to local contexts and “individual concerns,” and might even experiment with decriminalization and legalization. More generally, the OAS defined drug addiction as a public health issue, calling on authorities to focus on treating rather than imprisoning addicts. In 2014, Uruguay became the first country in the hemisphere to legalize marijuana sales. Canada’s recently elected prime minister, Justin Trudeau, has indicated that his government will follow suit. However, these progressive sentiments are hardly universal within the Western Hemisphere, much less across the broader UN membership. Standing in opposition to the reform-minded coalition of Latin American and Western European countries (including Portugal, which decriminalized all drugs in 2001) is a larger conservative bloc spanning much of Asia, the Middle East, and Africa, as well as Russia, which is dead set against liberalization. This divergence has been attributed to different historical experiences and threat perceptions. In Latin America, for example, aggressive strategies are associated with U.S. imperialism, whereas in East Asia imperial powers are remembered for addicting people to opium. Likewise, Latin Americans associate the global prohibition regime with intense crime and violence, a phenomenon absent from Asia despite similar drug production, trafficking, and consumption levels. As for the United States, its traditional standing as the global champion and enforcer of narcotics prohibition has become more complicated and tenuous. Much of the problem comes from below—that is, from the individual U.S. states. How credibly can U.S. diplomats defend the 1961 Single Convention when Alaska, Colorado, Oregon, Washington, and the District of Columbia, have already legalized marijuana for recreational use? At home, the federal government has adopted an innovative policy of “enforcement discretion,” in effect allowing states to experiment so long as they abide by certain rules. The White House, meanwhile, has subtly shifted the national conversation about drug addiction away from a focus on crime (and resulting incarceration) and toward public health approaches. Abroad, the United States has struggled with how to adapt to this changing landscape. Over the past two years, the Obama administration has tried to make the best of an awkward situation, arguing that the three major counter-narcotics treaties are not a straitjacket, and that countries should make use of the flexibility that they provide. As William Brownfield, assistant secretary of state in the Bureau of International Narcotics and Law Enforcement Affairs, argues, “there is a degree of discretion authorize and permitted by those conventions themselves…” Still, as Brownfield himself noted in an interview, “My use of the word ‘flexibility’ has been a policy Rorschach. People understand it according to what they want it to mean.” For the United States, the notion that the conventions are more flexible than anybody previously thought—while legally dubious—has obvious political utility, promising to mute potential tensions. So will UNGASS bring about any sweeping reforms to global drug policy? Not likely, to judge from the draft outcome document produced at last month’s Vienna meeting of the UN Commission on Narcotic Drugs. Wherever possible, the document pays homage to the existing conventions. By reaffirming their commitment to the objectives of the current prohibitionist regime, member states have all but ensured the debate will be held within the confines of the status quo, while acknowledging that the conventions “allow for sufficient flexibility” for states to design and implement policies according to their needs. Overall, the global appetite for change remains small. Major powers have little interest in reopening the international drug policy debate, and few countries are willing to openly recognize the structural deficiencies of the existing UN treaty framework for drugs. By papering over the current global “dissensus,” UN negotiators may avoid a headache in New York. It’s less clear that this rhetorical sleight of hand will be sustainable over the long turn. If parties to the three conventions continue to move in radically different directions—with some holding the hard line and others moving toward decriminalization or even legalization—a rupture in the global drug regime seems inevitable. The fragile consensus can likely tolerate disagreements over the treatment of cannabis. But fundamental divergences over the legal status of harder drugs like heroin, cocaine, and methamphetamines—and state obligations for interdiction and prosecution of such trafficking—could create enormous frictions, as well as open new criminal opportunities for legal and regulatory arbitrage. Rather than delivering the final word, this year’s UNGASS will be just the opening discussion in an ongoing—and ideally, more honest and realistic—conversation about the challenge of narcotics and the most promising approaches to limiting their damaging impacts. Attitudes toward drugs are evolving in many societies, and UNGASS is proof that these grassroots changes can affect global debates. At the last UNGASS, back in 1998, the assembled governments pledged themselves to the fantastical goal of a “drug free” world. This week’s slogan is for “a society free of drug abuse by 2019.” That is admittedly a subtle tweak. But given the history of the global war on drugs, it surely constitutes progress.

Contrary to misleading headlines, the International Criminal Court (ICC) did not acquit Kenyan Deputy President William Ruto and radio personality Joshua Arap Sang of charges related to violence in the aftermath of the 2007 elections. (Amnesty International cites an estimate that there were 1,200 deaths and 350,000 persons displaced by the violence.) Instead of acquittal, the ICC vacated the charges and discharged the accused, but without prejudice to the prosecutor’s right to reprosecute in the future. In 2015, the ICC prosecutor dropped charges against Ruto’s codefendant, President Uhuru Kenyatta. In both the Kenyatta and Ruto cases there have been credible allegations of witness bribery and intimidation, and the Kenyan government has not cooperated with the ICC. Hence, the ICC justices appear to have concluded that the trials cannot go forward at this time, though they could in the future. Uhuru Kenyatta and the Kenyan government has been a leader of the more general African effort to discredit the ICC. It is hard to see the outcome of the Kenyatta and Ruto cases as anything other than a major setback for the ICC and the effort to hold leaders, including a chief of state, accountable. In a press release, Michelle Kagari, Amnesty International’s deputy regional director of Africa, the Horn and the Great Lakes said, “This decision could be seen as a major setback by thousands of victims who have waited so long for justice. However, this is not the end of the road for the victims. In fact, victims should be able to seek justice for these crimes in the future as the accused have not been acquitted and can be reprosecuted for these charges either by the ICC or domestically.” Nevertheless, the Kenyatta and Ruto cases show the limitations of the ICC when the relevant government refuses to cooperate with it.

The European Union is locked in a perpetual state of crisis management. It has had to head off the collapse of the eurozone, deal with waves of undocumented migrants, and now come to terms with a renewed terrorist threat, underscored by the recent attacks in Brussels. On top of all this, the EU confronts the real possibility of a British exit, or Brexit, which depends on the outcome of a public referendum in the United Kingdom in June. The European idea, which has helped to inspire the continent’s integration since World War II, may be the next casualty. In an article just published by Foreign Affairs, I take a look at the EU’s chaotic response to recent events and argue that when push comes to shove, national sovereignty will trump European solidarity. Read the full article here.

At the end of February, Secretary of Defense Ashton Carter told a House subcommittee that U.S. Cyber Command (CYBERCOM) is conducting offensive operations against the Islamic State. This statement went viral. “Make no mistake,” Peter Singer of New America said, “this is a very big deal.” It signals a shift in the fight against the Islamic State and marks the first time the United States has acknowledged undertaking cyberattacks during armed conflict. CYBERCOM’s campaign makes real what was anticipated—the integration of offensive cyber capabilities in strategies and tactics for waging war. Using cyberattacks against the Islamic State CYBERCOM’s attacks have two targets: the Islamic State’s use of social media and its use of cyber means to engage in command, control, and communications in military operations. In terms of social media, the White House instructed the Department of Defense to use CYBERCOM’s capabilities against the Islamic State after the terrorist attacks in Paris and San Bernardino again highlighted how the Islamic State exploits social media to radicalize and recruit. Government and private-sector efforts to combat these activities, such as the Department of State’s counter-messaging campaigns, were not working—and foreign fighters continued to join the Islamic State. With mobilization of the .gov and .com domains ineffective, the White House ordered CYBERCOM to degrade the Islamic State’s online presence. This move connects with other post-9/11 decisions that elevated the military’s and intelligence community’s roles in counterterrorism when law enforcement and diplomatic efforts proved inadequate. The conclusion that military cyberattacks are needed to address terrorist use of social media is unprecedented and unanticipated—degrading Twitter-enabled terrorism was not on CYBERCOM’s agenda when it was established. The second target involves missions CYBERCOM was built to accomplish—disrupting an adversary’s capabilities during armed conflict. CYBERCOM is attacking the Islamic State’s ability to command its forces in the field, control their tactical movements, and communicate with fighters during military operations. Such disruption is coordinated with air strikes, special forces operations, and ground attacks to isolate and defeat Islamic State forces. CYBERCOM attacks reportedly contributed to the recapture of Shaddadi by Syrian rebels in February. The campaign to re-take Mosul also involves CYBERCOM attacks. These activities mark the first time the United States has integrated offensive attacks by CYBERCOM in fighting an armed conflict. Using cyberspace to wage war Reactions to CYBERCOM’s offensive often emphasized this development is seminal for reasons beyond the conflict with the Islamic State. For starters, it demonstrates that CYBERCOM has transitioned from a predominantly defensive focus to “full spectrum” capabilities, which makes CYBERCOM more potent for military operations. CYBERCOM was designed to have these capabilities, but, with CYBERCOM’s offensive mission now operational, the United States has crossed into uncharted territory in the history of war. Crossing this line means the United States has resolved issues that informed earlier decisions not to use cyberattacks in armed conflict. During the Libyan air campaign in 2011, the Obama administration considered cyberattacks on Libyan air defense systems, but decided against them for various reasons, including legal concerns. The Obama administration now believes the domestic and international legal authority it claims to wage war on the Islamic State permits the cyber offensive. Similarly, the law of armed conflict guides the United States in fighting the Islamic State, meaning the U.S. government believes CYBERCOM’s attacks comply with it. Although the United States has long held the law of armed conflict applies to military cyber operations, CYBERCOM’s attacks represent the first large-scale cyber campaign the United States has vetted and conducted under the laws of war. By generating supportive state practice in an actual conflict, this precedent strengthens the U.S. position that the law of armed conflict applies in cyberspace and makes China’s reluctance to agree with this position harder to sustain. The disclosure also suggests the Obama administration is signalling to foreign actors beyond the Islamic State. This transparency contrasts with its reluctance to acknowledge drone attacks against terrorists. The administration has been more transparent in the cyber context to achieve certain ends, such as developing cyber deterrence. Deterrence requires credible military capabilities and the willingness to use them. Letting the world know about CYBERCOM’s campaign provides evidence of both. CYBERCOM’s attacks confirm what many expected—governments would develop cyber weapons, incorporate them into military power, and use them with other weapons in war. Discussion of cyber elements of "hybrid warfare" pointed in the same direction. This trajectory now accelerates and, among other things, reinforces the need to address weaknesses in public- and private-sector cyber defenses. In reflecting on the CYBERCOM disclosure, Alan Paller of the SANS Institute observed, “No military campaign in the future will be fought without a cyber component.” We knew this moment would arrive and that when it did we would thereafter encounter the digital fog of war.

On February 19, governing African National Congress (ANC) Secretary General Gwede Mantashe addressed a party march for “unity, democracy and non-racialism” in Pretoria. There are press reports of eighty-seven thousand participants. Reportedly, Mantashe’s central message was, “We must defend the revolution and defend every attack on the ANC structures.” He went on to say, “We are a majority, we should be able to take decisions and enforce them.” Unlike the United Kingdom (UK), South Africa is not a parliamentary democracy. In other words, parliament is not sovereign, as is the UK Parliament. Instead, South Africa is a constitutional democracy with some of the most extensive legal protections for minority rights in the world. That is, the powers of the executive and parliament are limited by a written constitution. The South African judiciary may, and does, reject legislation passed by parliament and signed by the president. When that happens, the affected legislation has no force in law. Against a background of very slow post-apartheid social and economic change, some on the left, such as Mantashe, regularly attack the judiciary as a roadblock to achieving true democracy and  meaningful social change. They—alongside others in the ANC—argue that parliament should be supreme in a democracy. However, at present, and for the foreseeable future, there appears to be little popular appetite for moving South Africa away from constitutionalism toward unfettered parliamentary supremacy. Mantashe is a former chairperson of the South African Communist Party. He comes out of the labor movement, and was the secretary general of the National Union of Mineworkers. Mantashe excoriated the judiciary’s decision that the Zuma government neglected its legal obligation to arrest Sudanese President Omar al-Bashir during his 2015 visit to South Africa in response to a warrant issued by the International Criminal Court (ICC).