The Question of International Law as well as Norms, Rules, and Principles in the Field of ICTs in the Context of International Security: Issues and Analyses

Introduction

For over two decades, discussions on ICTs in the context of international security within the United Nations have failed to reach a definitive conclusion, leaving proponents and opponents in a perpetual debate. A major challenge in this ongoing issue revolves around the development of a legally binding document in the field of ICTs in the context of international security.

This paper aims to explore the reasons and doubts raised by supporters of both perspectives while emphasizing the importance of technical considerations over political influences. By focusing on objective technical solutions, a clearer path forward can be identified.

Assumptions

Before delving into the main discussion, three relevant related assumptions should be considered and utilized.

1. Should we consider human life to have both material and non-material dimensions based on this understanding, judging the relative importance of various human issues becomes extremely difficult. This situation applies to the comparison between the importance of the physical world and the ICT world, and based on the existing realities, we cannot, for example, deem physical security more important than security in the field of ICTs. This proposition can also be expressed in another tangible form based on statistics and figures. A simple examination of the United Nations treaty database shows that to prevent and reduce resorting to force or threat to use of force, numerous legally binding resolutions and treaties have been drafted and operationalized internationally. These include, among others, 28 internationally binding treaties specifically addressing disarmament, which prohibit, restrict, or regulate the use of various types of weapons.[2] However, according to most relevant experts, the international system, despite all these disarmament treaties, has not only failed to move towards greater peace and international security, but we currently witness 57 wars taking place around the world, with many types of weapons covered by these treaties being used.[3] Therefore, to ensure and enhance peace and international security, the solution lies in the expansion and development of these treaties to exert greater control over the behavior of states. An empirical look at ICT domain is even more alarming because, despite the absence of a unified definition of ICT attacks or ICTs in the context of international security, the billions of ICT incidents occurring worldwide are distressing.[4] However, within the framework of ICTs, only attacks directed at governments or those affecting the national assets and values of a country should be the basis of our discussion, and actions such as hacking, phishing, and alike are considered ICT incidents rather than attacks. In this regard, there are no definitive statistics available, but the tense political situation among states regarding ICT attacks indicates the turbulent state of this domain. Furthermore, the consequences of some of these attacks are more severe and similar to physical attacks, such as those involving military hardware.
2. ICT operations have the potential to cause physical destruction and human injury. “Apart from causing substantial economic loss, ICT operations can cause physical damage and affect the delivery of essential services to civilians…. The use of ICT operations during armed conflicts is also a reality.”[5] Furthermore, the use of ICT-attacks poses a significant risk in terms of manipulating, disrupting, and potentially destroying nuclear sites. These attacks have the capability to exploit vulnerabilities and undermine the security of nuclear materials and facility operations. In addition, these attacks can compromise the integrity and effectiveness of nuclear command and control systems. The consequences of such actions could be catastrophic, leading to the release of hazardous materials, environmental contamination, and loss of human lives.[6]
3. The stated objective of states in multilateral negotiations for international documents in both physical and non-physical domains is to enhance international peace and security by preventing the resort to force and the threat thereof, respecting the equal sovereignty of states, peacefully resolving international disputes, and refraining from interfering in eachothers' internal affairs. However, the outcomes of these efforts differ from each other. Opposing the development of international law in either of these areas can put the real political will of states to the test.

Reasons for Opponents to the Development of International Law in the Field of ICT security

Per the deliberations, reports, and outcome documents of the OEWG and various GGEs in the field of ICTs in the context of international security, the subjects of international law, as well as norms, rules, and principles regarding ICT security, have been extensively discussed. Some advanced western countries explicitly oppose any development of international law in this area - at least at present - and emphasize that the current international law is sufficient to achieve a secure and stable ICT space. These countries present the following reasons to support their positions:

1. Per the opponents, both jus ad bellum and jus in Bello serve as the common denominators and derive their justifications from ICT activities, rather than solely focusing on ICT attacks - that does not have a globally accepted definition. Furthermore, there are additional concepts, such as due diligence, that only a limited number of states have acknowledged.[7]
2. The United Nations Charter, the associated rules of international customary law and the International Humanitarian Law apply to ICT space. According to these countries, the UN Charter is considered a legally binding document akin to a treaty, along with customary international law and various resolutions issued by relevant international organizations, which are also applicable to ICT space. In this regard, the reports of the GGEs, especially their recommended 11 voluntary norms, are particularly significant. Overall, compliance with these measures, which are voluntary and non-binding, is sufficient to achieve the said goal. According to these countries, the voluntary nature of these regulations is even an advantage for transparency and confidence-building in ICT space.[8]
3. According to these countries, the UN Charter recognizes the right to self-defense for member states in Article 51, and this right, is also applicable in ICT space.
4. Based on the experience and history of negotiating legally binding instruments, the drafting and implementation of such documents take years or even decades. Given the rapidly changing nature of ICT space, there is no guarantee that the formulated provisions will not become obsolete and remain relevant and proportionate to the situation at that time. Therefore, such an endeavor will not be fruitful.
5. These countries argue that proponents of a legally binding instrument are not even committed to existing obligations, and there is no guarantee of adherence to future legally binding documents in ICT space.[9]

Reasons for proponents of international law development in the field of ICT security

On the other hand, a group of other countries – mostly from developing countries along with Russia and China- believe that the current international law is not sufficient to achieve the goal of international peace and security in ICT space. Therefore, the recommended norms by the GGEs should be reviewed, and beyond that, a legally binding instrument should be drafted and implemented as an international treaty or convention to achieve the desired security in this area. In this way,

1. The UN Charter, given its nature, is different from an international treaty, and its internal ratification by the legislative bodies of countries has not been foreseen in treaty law. Although the Charter has provisions that can guide the states' behavior for ICT security purposes, it is not sufficient to fulfill the main objective. At the same time, given the specific legal nature of the information environment, the activities therein can be anonymous, and the application of international law to the use of information and communications technologies (ICTs) should not be automatic and should not be carried out by simple extrapolation. There is a need to substantively discuss the issue of how specific instruments of the existing international law apply to the ICT-sphere, as well as to elaborate a universal approach to this matter under the UN auspices.[10] Moreover, there are serious doubts regarding the notion of legitimate self-defense in ICT space based on Article 51 of the Charter. The explicit text of this provision recognizes self-defense against an "armed attack," but the question is whether a ICT attack constitutes and can be assumed equal to an armed attack. Besides a chaotic implication of factual attribution by states, we know that the tools used in an ICT attack are not conventional military weapons. According to this group of countries, the belief in the applicability of International Humanitarian Law in ICT space, even if it is not directly a legal justification for resorting to force in ICT space, certainly will not prevent such actions. In this regard, an analogy can be drawn between the deployment of police (with legally binding authority) versus the deployment of ambulances and first aid (without legally binding authority) in a tense and crowded stadium. The question is which one can better deter resorting to force: whether people comply with the law due to fear of punishment by the police or, with confidence in accessing first aid, they can resort to force easily and without caution.[11]
2. Should non-binding and voluntary instruments were sufficiently effective for achieving peace and ICT security, we would not witness many ICT disputes among countries. There is no obstacle to voluntarily implementing the relevant regulations, and in fact, their voluntary nature does not lead or push countries to full and effective implementation. Because their implementation is optional, and countries can choose whether or not to enforce them according to their discretion.
3. The codification and development of all international treaties, including those on disarmament and arms control, has been time-consuming. Despite this, we witness a variety of treaties in different security areas. If the United Nations Charter was sufficient for ensuring international peace and security, why have so many treaties emerged in various security fields? Wouldn't it have been enough to rely solely on the Charter and not allocate international resources and energy to the development of diverse treaties?
4. All legal documents in the international system, including the United Nations Charter and disarmament treaties, are subject to noncompliance. Why are these documents developed or being developed, and why should we oppose such an approach in ICT space? The solution lies not in ignoring the problem but in establishing a strong and appropriate compliance mechanism based on lessons learned from previous experiences.
5. One additional argument put forth by advocates of a legally binding instrument pertains to the crucial issue of attribution and its legal dimensions. According to this perspective, the assignment of responsibility for an internationally wrongful act hinges on a state's violation of its international obligations. The International Law Commission (ILC) has his acknowledged this fundamental principle in its work on the responsibility of states. From a legal standpoint within the realm of Information and Communication Technologies (ICTs), the argument maintains that attributing a computer attack to a specific state is contingent upon the existence of an international treaty expressly prohibiting such acts. Additionally, for attribution to take place, the implicated state must be a party to the mentioned treaty. In essence, proponents argue that without the framework of an internationally binding agreement explicitly prohibiting specific actions in the realm of ICTs, the legal foundation for attributing responsibility to a state becomes precarious and, arguably, insufficient. It underscores the importance of establishing a robust legal framework through a binding instrument to address the complexities of attribution in the evolving landscape of ICTs related activities.

Finally, the group emphasizes that the current focus should not be on obstructing the request to develop a legally binding instrument, given that the creation and implementation of such an instrument cannot be accomplished instantaneously on a global level.[12]

Conclusion and Suggestions

Proponents of developing a legally binding instrument on ICTs in the context of international security argue that on ICTs in the context of international security the world is in a legal vacuum and while there are 28 legally binding instruments on disarmament-related issues, there is not even one single ICTs in the context of international security document with a legally binding nature. Such a document would provide a framework for international cooperation, ensuring a consistent approach to ICT threats. They contend that such a document would establish clear guidelines, promote information sharing, and facilitate effective responses to ICT incidents. A legally binding agreement could enhance trust among nations, deter ICT attacks, and foster a more secure digital environment.

Opponents, however, express skepticism regarding the development of a legally binding document. They raise concerns about the potential implications of enforcing such an agreement. Critics argue that ICT space is constantly evolving, making it difficult to create a comprehensive and future-proof document. Additionally, they believe that noncompliance may overshadow technical solutions, leading to an ineffective and impractical framework.

To navigate this complex issue, it is crucial to prioritize technical considerations - in this context, a legal opinion- over political influences. By adopting a technical perspective, policymakers can focus on practical solutions that address the evolving nature of ICT security. Technical experts should be actively involved in shaping policies, ensuring that decisions are based on their expertise rather than political motivations. Emphasizing technical aspects allows for the creation of flexible frameworks capable of adapting to emerging threats and technological advancements.

While after more than two decades of discussions on ICT security within the United Nations, a clear and definitive conclusion has remained elusive and the development of a legally binding document continues to be debated, it is crucial to base conclusions on technical considerations rather than political motivations. In this way, the world will be able to address the ever-evolving nature of ICT threats.

The negotiations of the OEWG and other relevant international forums, including the First Committee of the UN General Assembly, are indicating that some countries have made efforts to present their perspectives and positions in written and verbal forms, however, all these actions share a common aspect. That is, negotiating delegates politically align themselves based on the stance of their respective governments. Within this framework, countries that make decisions based on their own will and consent are not obligated to provide relevant justifications. However, it is expected of governments and delegations to consider the necessary framework and rational, logical, and legal reasons to persuade others in the framework of multilateral diplomacy. Nevertheless, the repeated reiteration of political positions, especially political support among like-minded countries, has led to a continuous deadlock that requires alternative initiatives to overcome.

One can say that considering the legal nature of the discussion, referring to impartial international experts and accepting their arbitration can help break this impasse. They can debate the issues and best options and propose solutions.

In this regard, the matter can be referred to the International Law Commission.

Other viable options to consider include convening a dedicated session of the OEWG on international law and norms specifically to address the issue at hand. This session could convene legal experts from various countries to deliberate on the matter and provide their insights.

Additionally, seeking legal advice from a specialized legal authority, with expertise in the field of ICTs in the context of international security, could prove beneficial in obtaining a comprehensive understanding of the legal aspects involved.

Furthermore, leveraging the expertise of in-house legal counsel, legal scholars, and experts in the field of ICT law could provide valuable perspectives and guidance. Their insights can help shed light on the legal implications and potential solutions, ensuring compliance with international law while promoting ICTs in the context of international security for all.

Another approach is engaging in a peer review process, wherein legal experts from different countries and backgrounds critically evaluate the issue, provide feedback, and offer recommendations. This collaborative effort could help identify gaps or inconsistencies in legal interpretations and foster a well-rounded discussion.

FINALLY, by seeking a legal opinion through these various channels, it is possible to clarify legal issues and explore viable solutions that align with international law. The ultimate goal is to guide member states towards an apolitical technical decision, free from bias, and putting an end to the current impasse. However, one cannot conclude unless by paying attention to the fact that the existing gaps in comprehension must be meticulously addressed and rectified through a formalized and binding agreement. Without such measures, the current state of ambiguity is prone to persist as a mere interpretation devoid of legal efficacy. To ensure clarity and enforceability, it becomes imperative to establish a framework that solidifies and legitimizes the understanding in a legally binding manner.

THE END.

[2] https://treaties.unoda.org/

[3] 2023 Forum on Peace and Development https://www.sipri.org/events/2023/2023-forum-peace-and-development

[4] Cybersecurity Statistics 2023 https://www.getastra.com/blog/security-audit/cyber-security-statistics/

[5] The potential human cost of cyber operations, https://www.icrc.org/en/document/potential-human-cost-cyber-operations and, Researchers identify negative impacts of cyber attacks, https://www.ox.ac.uk/news/2018-10-29-researchers-identify-negative-impacts-cyber-attacks

[6] See: Addressing Cyber-Nuclear Security Threats, https://www.nti.org/about/programs-projects/project/addressing-cyber-nuclear-security-threats/#:~:text=The%20cyber%20threat%20affects%20nuclear,nuclear%20command%20and%20control%20systems

[7] Compendium of voluntary national contributions on the application of international law by participating governmental experts. 2021, https://disarmament.unoda.org/group-of-governmental-experts/

[8] Compendium of voluntary national contributions on the application of international law by participating governmental experts, p. 4, p. 106, p. 136; and When does international human play in the world apply to the use of information and Communications Technologies? https://docs-library.unoda.org/Open-Ended_Working_Group_on_Information_and_Communication_Technologies_-_(2021)/01_When_does_IHL_apply.pdf

[9] For further information, see the deliberations of the intersessional process of the OEWG on the use and security of ICT, 23-26 May 2023 – UN. Similar positions have been raised frequently in other substantive sessions of the OEWG.

[10] Compendium of voluntary national contributions on the application of international law by participating governmental experts, p. 80.

[11] Updated concept of the convention of the United Nations on ensuring International Information Security, https://docs-library.unoda.org/Open-Ended_Working_Group_on_Information_and_Communication_Technologies__(2021)/ENG_Concept_of_UN_Convention__on_International_Information_Security_Proposal_of_the_Russian__Federation_0.pdf; and

Submission of the Islamic Republic of Iran to the first substantive session of the OEWG on the use and security of ICT, https://documents.unoda.org/wp-content/uploads/2021/12/Irans-submission-to-first-substantive-session_13-17-Dec-21.pdf

[12] For further information, see the deliberations of the intersessional process of the OEWG on the use and security of ICT, 23-26 May 2023 – UN. Similar positions have been raised frequently in other substantive sessions of the OEWG.

read more in our Telegram-channel https://t.me/The_International_Affairs