First talk at #enigma2021 is coming up in just a moment: @scottjshapiro speaking about "IS CYBER WAR LEGAL: A FOUR HUNDRED YEAR RETROSPECTIVE".

Don't worry, it's a 20-minute talk, not 400 years. 😅

usenix.org/conference/eni…
Imagine you log into Twitter one morning and see that the Pentagon's network was taken down, chlorine gas is being released, NYC stock exchange is taken down, and then the electric grid is taken down... by Iran by cyber-attacks in retaliation for sanctions.

Would this be legal?
It would be illegal for Iran to bomb is. Chemical warfare is illegal.

Did the outlawing of kinetic war outlaw cyber-law or not, thought?
Survey of the right to war:

"Old order": 1625-1928

Starts with Grotius: it's a legit tool of statecraft, not just to resist invasion. It's fine for any conflict: to collect debts, protect freedom of the seas, punish crimes, disputes about lines of descent and more
In effect, war was legal and like going to court: if you have a disagreement you can go fight about it.

Legal right of conquest: if a state could use war to right wrongs, then they could keep what they conquered, otherwise what was the point?
For example, the US conquered a whole chunk of Mexico "because" Mexico owed them $4 million.

That was considered just fine, as odd as that seems now.
No economic sanctions allowed. If states are allowed to go to war to do things like collect on debts, that system isn't compatible with economic sanctions.
For example, when France and England went to war, the US had to figure out (a la Hamilton cabinet battle #2) whether economic sanctions would be like declaring war.
This all changed in 1928: Kellogg-Briand pact outlaws war

No more going to war for anything other than repelling attacks and invasion. No more using war to resolve disputes.
This outlawing of war is in the UN charter, in article 2(4): All members shall refrain from use of force
Outlawing war dramatically changed it. It affected how all the other legal rights were treated.
Conquest example: when Japan invaded Manchuria, basically no one would recognize it because in the new world order there was no legal right of conquest.
Economic sanctions: used to be illegal, but now a main way to handle disputes between states.
How about cyber war? Is it more like kinetic war (which is illegal) or like economic sanctions (which is legal).
Well, why is kinetic war illegal:
1. It's really violent
2. It's the active harming of one state by another
Economic sanctions are legal because:
1. It's not violent
2. It's passive harming: just refusing to cooperate
So we can put these together like this:
How do cyber attacks fit in? Well, we can see that they're so hard to categorize because they don't fit in any one cell of the matrix.
Some cyber attacks are violent and active like kinetic war, like blowing up power plants.

How about setting up a giant firewall and blocking internet traffic from Iran? This is a passive refusal to cooperate, like economic sanctions.
But cyber attacks fit in all four boxes.

Some cyber attacks are active, some passive. Some are non-violent, some violent.
Dangit my browser crashed; I lost some in here.

So the boxes which are active/violent and passive/non-violent we know what to do with. What about the other boxes?
@scottjshapiro proposes making "cyber clubs" to enforce the rules in those other boxes, e.g. slowing down or reducing or cutting off access to folks who don't follow the rules (e.g. about letting other people use your networks for Nefarious Purposes).
Also thanks to Prof Oona Hathaway, coauthor on the book The Internationalists.
Q: How does espionage fit into this framework, especially as a route in for spying gives you the ability to mess with things? [paraphrased]

A: Cyber things is so fascinating because it can be crime, espionage, or acts of war. Legality is based on the purpose of the act.
Q: Should corporate espionage be considered an act of war? There's not usually just a loss of data or tools, but a massive loss of money, which hurts the economy, which is necessary for a country?

A: Look back at US/China agreement: US took the position that it was illegal.
[cont] Whether you think economic espionage is illegal depends on your economic system. If your industries are built up in a way that they're tied into the state, then there isn't going to be so much of a difference.

With the Trump trade war it got mixed up again
If states cannot figure out how to deal with it, then different clubs should be formed. Very against hacking back by companies. Hacking back is the kind of behaviour is the kind of behaviour that the world decided not to engage in.
Q: What if the actor in a cyber-war can't be identified?

A: Attribution is a key question. I think the real problem is that states don't want to admit they know who do what.

[My note: THIS IS VERY HARD. REALLY.]
Q: Is attribution something clubs could provide their members?

A: One of the great victories of law was the ozone layer, effectively a club for CFC supply/manufacturing to see if states are cheating.

[end of talk]

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Lea Kissner

Lea Kissner Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @LeaKissner

1 Feb
Last talk at #enigma2021 for today by Pardis Emami-Naeini on "PRIVACY AND SECURITY NUTRITION LABELS TO INFORM IOT CONSUMERS"

usenix.org/conference/eni…
Toilets are getting smarter (and more invasive) Image
People keep buying smart devices, but they're worried about them. Which makes sense because they keep getting hacked! Image
Read 18 tweets
1 Feb
Kicking off our Humans Making Decisions session with @patrickgage speaking about how "PRIVACY, MEASURABLY, ISN'T DEAD"

usenix.org/conference/eni…
[ Personal note: this study was literally the MOST EXPENSIVE THING in my opex budget. For years. I'm so excited you all can see it now. ]

... on with the talk
I hear all the time that privacy is dead. But you know it's not. Every time you tell someone a secret, write something in a journal, have a thought inside of your own mind you're having a moment of privacy as trust or secrecy or freedom.
Read 24 tweets
1 Feb
Last up in Privacy Tech for #enigma2021, @xchatty speaking about "IMPLEMENTING DIFFERENTIAL PRIVACY FOR THE 2020 CENSUS"

usenix.org/conference/eni…
Differential privacy was invented in 2006. Seems like a long time but it's not a long time since a fundamental scientific invention. It took longer than that between the invention of public key cryptography and even the first version of SSL. Image
But even in 2020, we still can't meet user expectations.
* Data users expect consistent data releases
* Some people call synthetic data "fake data" like
"fake news"
* It's not clear what "quality assurance" and "data exploration" means in a DP framework Image
Read 17 tweets
1 Feb
Next up in Privacy Technology at #enigma2021, Kelly Huang from @ethyca speaking about "GONE, BUT NOT "FORGOTTEN"—TECHNICAL & PRACTICAL CHALLENGES IN OPERATIONALIZING MODERN PRIVACY RIGHTS"

usenix.org/conference/eni…
Just imagine there's a global pandemic forcing everyone to stay home and buy their stuff over the internet. And you've been working on your sanitization-on-demand startup. You've got more users than you can count! ... literally, because your data's all over.
Now you're a multi-national international country with privacy issues because your information is all over the place.

Now a user writes to request you delete their data. Where is it? How do you do that? Who's responsible for privacy in your business.
Read 17 tweets
1 Feb
We're kicking off the Privacy Tech session at #enigma2021 with Mitch Negus speaking about "NO DATA, NO PROBLEM—GIVING NUCLEAR INSPECTORS BETTER TOOLS WITHOUT REVEALING STATE SECRETS"

usenix.org/conference/eni…
A nuclear catastrophe hasn't occurred... yet. So we need to stay vigilant. Nuclear inspectors go in according to treaties to check what's going on and check compliance with treaty rules.
But as sophisticated analytics become more common, states will only want to share the minimum amount of information necessary under the treaty.

But perhaps we can use MPC -- secure multi-party computation
Read 20 tweets
1 Feb
Next up at #enigma2021, Sanghyun Hong will be speaking about "A SOUND MIND IN A VULNERABLE BODY: PRACTICAL HARDWARE ATTACKS ON DEEP LEARNING"

(Hint: speaker is on the market)

usenix.org/conference/eni…
In recent years ML models have worked from research labs to production, which makes ML security important. Adversarial ML research studies how to mess with ML
For example by messing with the training data (c.f. Tay which became super-racist super-fast) or by foiling ML models by changing inputs in ways humans can't see.
Read 19 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!