Originally published: January 2014
Author’s Note: Excerpt (Foreword only)
Admitting We Do Not Know
Writing this was difficult. In fact, by the time it is read, one single event could render the entire posting meaningless. That is the exact reason why it is was difficult to write and also why it will likely bear little resemblance to a traditional research paper that would focus on jurisprudence. Indeed, the analysis of jurisprudence throughout this posting is, in fact, quite minimal. Yet there is a very specific reason for that.
The departure point for this work was initially “how” to create sound international cyber law; but very early on into the research, the departure point was forced to change. One of the reasons is that there is a fundamental difference between crime and security. Indeed, initiatives that are related to cybercrime, while relatively still in their infancy, have made some small strides. But all the initiatives, from laws, to conventions, to formalized treaties, still miss the critical security element of cyberspace, primarily because these attempts do not take into consideration interests, specifically sovereign ones. The fact of the matter is, we are still generally bound by the Westphalian system of nation-states and any formalization of a laws or treaties will be done as nation-states being signatories.
A significant limitation of this nation-state system though is that it is not designed to integrate with cyberspace, for the principles of the Internet and the nation-state are, in fact, in direct opposition to each other. The state is defined by boundaries, whereas the Internet was designed to be without boundary. The state is designed to limit, whereas the Internet was made to “set free.” With these direct oppositions to each other, the focus of this work had to change, as trying to superimpose fundamentally opposite systems on each other is not only a difficult task, but it is pointless for is presents no viable solution going forward. More specifically, we are trying to solve 21st Century problems with outdated 20th Century (or even earlier) models.
Therefore, the focus of this writing changed to: can sound international cyber law be created? It is a very small change, but it is a profound one, because it changes all assumptions and departure points. For example, the initial departure point of this paper was: what would happen if the general public learned about both the extent, and the capabilities, their governments have in cyberspace? In June 2013, that departure point was completely shattered, courtesy of Edward Snowden. Ultimately, the departure point turned into: “okay, now what?”
But even in light of all the revelations, the departure point was far too reactionary, as is the problem with most analyses on this subject matter. Inasmuch, to be proactive, it required an entirely new re-think of the landscape, meaning that this writing had to lay out, from a non-jurisprudence point of view, why international cyber law can, or cannot, be achieved. That change, effectively made this writing this work akin to hitting a moving target; except the target is doing far more than just moving, it is changing colour, shape, and phases in-and-out of time, à la “The Traveler” from the Star Trek: The Next Generation (insert geek alert here).
The result is that this writing, by its very nature, is dynamic and fluid. Inasmuch, the only way to attempt to capture the most significant challenges we face in cyberspace was:
- To recognize that what is in this posting is merely a snapshot of time; and
- To completely re-think how we approach the problems we are challenged with in cyberspace.
Within the existing literature, there is already an extensive treasure trove of information, analysis, and criticism of cyberspace from the perspective of jurisprudence. In addition, there are those far more qualified than this author to undertake a legal analysis of cyber law, which is why there is very little analysis and critique of the laws and treaties that are actually out there, because that is not the problem. The problem is not how laws are created and how treaties are negotiated. The problem is much deeper than that. The problem is whether laws and treaties can even apply or have use. The problem is defining the landscape. The problem is recognizing that interests are, and will always be, the drivers of any decisions. The problem is accepting that cultural differences will almost always ensure that “something” will be left to interpretation, meaning that nothing will be universal.
The truth is, many of the cyber issues we are facing today, specifically those related to security, are not all too different from the cyber issues that were beginning to take hold 30 years ago. They frustrated law-makers and decision-makers then and they continue to do so today, essentially for the same reason: we still have not figured out what we are dealing with. Yet there is one major difference that we have not yet fully appreciated: the fact that we have effectively run out of time; this is simply because we are operating in a real-time environment. The net-net-net result is that all the models, and all the systems, and all the processes we have so often relied on in the past are essentially meaningless, simply for the reason that they are no longer applicable to our current context.
This is an important point: the fact that these tools are essentially inapplicable does not mean that we should toss them away; in fact, quite the contrary. We should, and must, learn from them, identifying their limitations and recognizing their gaps, because history is our constant teacher, even if we decide not to pay attention to teacher. What we need to accept though is that trying to fit today’s problems into yesterday’s models will not result in a viable solution. In fact, pushing that mode of reasons borders on the insane. Wars are often lost and severely mismanaged because our planning is done for the last war; a more prudent course of action suggest planning for the next war (and in the case of cyberspace, it is best if we simply outright avoid any type of war, because we all lose at the end – these is no silver bullet and the hawks who believe there is are truly delusional).
For all that, the departure point of this posting is simple: is international cyber law possible? It is a simple question, which has a simple answer, but gets to that answer in a horribly complex way. It is complex because it needs to recognize that the context is multi-dimensional with multiple actors. The actors are amorphous, have multiple and varying capabilities, including coinciding, clashing, overlapping, and dysfunctional intents.
To use a metaphor, the context is a chessboard; but the chessboard not only can change size, sometimes becoming smaller, sometimes becoming bigger, but it can add and remove dimensions (or other “boards” or “planes”) to the field. It is multi-dimensional, where the boards weave, cross each other, bend around each other, but all touch each other in one way or another. It is a peculiar chessboard because virtually everybody on the board – regardless of where on the board they are – is effectively a player. The board increasingly becomes more complex, allowing players to have new capabilities, but it also means the board becomes much more fragile.
Furthermore, there is little holding the board together; essentially, it is holding itself together, hoping not to collapse, but in the 21st Century, there is something on this chessboard that does act as the “glue” or the support; and it is not law. Rather, it is the economy. To visualize, imagine this multi-dimensional chessboard, criss-crossing, weaving, bending, with one “support post”, also criss-crossing, weaving, and bending, holding all the boards together. In 2014, that “support post” is particularly fragile and there are those out there that would surely enjoy destroying the “support post” because, given their new abilities in cyberspace, in many ways, they can equalize past disproportionate power. Inasmuch, there are many who are trying to claim part of the “support post” causing it to be pushed, pulled, twisted, chopped at, chipped at, kicked, you name it. The greatest problem that we face though is that once this “support post” is gone, effectively the chessboard falls apart; and it is also worth noting that certain players in the game are capable of “super moves” and too many “super moves” can easily destroy the chessboard as well. The problem with “super moves” is that once a player carries one out, it is virtual certainty that another player with “super move capability” will also show what they can do.
For all the metaphors, what this writing intends to do is walk through a series of different phases, illustrating why the 21st Century is so highly complex, and why our massive level of interdependency has essentially forced us to re-write all the textbooks on how we deal with these issues. On the best of days, this is a monumental task. Even if a solution is found, it may take a generation (generations?) to implement and execute. Yet, as noted, the single greatest challenge we have is that we do not have time, meaning that we have get creative in our solutions.
The first step in this highly complex challenge is actually admitting that what we are doing is not working. If we can get past that, maybe we can come to the admission that we are asking the wrong questions. After that, it would surely be helpful to swallow our pride and accept, in earnest, that we are in uncharted territory. Quite bluntly, anybody who takes a position opposite to that is unfortunately naïve and misinformed. We simply have not had anything in our human history that looks anything like this.
Perhaps pieces of cyberspace look like “things” we recognize in our society and history, but as a whole, we do not have anything that comes close to resembling it. The reason for that is simple: we have so many people “touching” this thing we call cyberspace. Apart from the earth itself, we have never had been so “connected” to anything else, regardless of the fact that our “usage” may be completely benign, such as a toddler playing games online, or potentially malicious, such as the highly sophisticated software engineer that knows how to penetrate through layers and layers of defence mechanisms, inserting a piece of seemingly insignificant software code into the network.
What is critically important to understand is that given our insane levels of interdependency, and the prospect of so many actors working simultaneously, there is a level of asymmetry that is not dangerous; rather, it is potentially catastrophic. This is chaos theory at its finest. Technology has changed our lives significantly, and it a relatively short period of time if we extrapolate over our human history. That being said, technological catastrophe will also change our lives dramatically; just a whole lot faster and with almost certain horrific results. Is this an overstatement? From the viewpoint of the author, no, and hopefully by the end of the posting, the reader will recognize that as well.
Unlike in the past, where we had a level of isolation and protectionism that ensured “our way of life” (whatever that way is), we had the benefit of our “ways of living” not intersecting. Today, we do not enjoy that luxury (or buffer), ultimately meaning that we reap the benefits of our relationships, but we also suffer the consequences of them, whether our relationships, partnerships, and collaborations were intended or not.
Is there a way forward? In the humble opinion of the author, yes, there is. But it will require a level of creativity and trust-building that has rarely been seen in our history (at least in most of our own lifetimes). Law will not solve this problem (if anything, attempts at formalizing cyber law will only slow the process and potentially derail any attempts at a reasonable solution). Maintaining mutual interest will solve this problem (and respectfully, we are a long ways away from achieving the global harmony of the United Federation of Planets). A viable solution will likely result in a scenario were not everybody will have an equal say; and this will be a major point of frustration, potentially shattering all attempts at an agreement.
In fact, a small, yet immensely powerful, minority will have to lead the way. Is it fair? Probably not. Is it the right thing to do? Possibly. Would the world be a better place as a result of their collaboration and leadership? Hopefully. Do the members of the minority get along? Not really. Do they trust each other? Unlikely. Do they even like each other? Depends. Will there be winners and losers? Surely. Can they find common ground? Yes. Will there be opposition? Certainly. Is it dangerous? Undoubtedly. Does the rest of the world need them to come to a solution? Absolutely.