Responding to Election Meddling in the Cyberspace: An International Law Case Study on the Russian Interference in the 2016 Presidential Election

International law is not the most perfect legal regime, and, perhaps to no one’s surprise, it is even less perfect in cyberspace. The United States has been a victim to a series of malicious cyber operations in recent years, and the key question is how to respond to and deter them. This Article offers a detailed survey of the Russian interference in the 2016 presidential election in the context of international law. Adapting the framework created by Tallinn Manual 2.0 , the Article examines the international legal basis of the response measures employed by the United States and other possible alternative responses to the Russian operation. It concludes that none of these responses are both squarely supported by international law and desirable as a matter of national security police. This Article intends to show that international law contains considerable gray areas in the cyber realm that allow sophisticated adversaries like Russia to harm the core interest of the United States without substantial legal repercussions. The Article concludes by suggesting that a deterrence mechanism based on proactive national security policy would be more effective and practical than one based on international law

The Computer Misuse Act 1990: lessons from its past and predictions for its future

The age of the internet has thrown down some real challenges to the Computer Misuse Act 1990. Recently, the Government made changes to this piece of legislation, in an attempt to meet two of those challenges--the proliferation of “ Denial of Service” (DoS) attacks, and the creation and dissemination of “ Hackers' tools” --and to fulfil international commitments on cybercrime. Yet some of these new measures invite criticisms of policy, form and content, and bring doubts about how easy to interpret, and how enforceable, they will be

"Virtual disenfranchisement": cyber election meddling in the grey zones of international law

This Article examines remotely conducted election meddling by cyber means in the context of international law and asks whether such cyber operations qualify as "internationally wrongful acts." An internationally wrongful act requires both a breach of a legal obligation owed by one State to another under international law and attribution of the act to the former. The Article considers three possible breaches related to such meddling-violation of the requirement to respect sovereignty, intervention into the internal affairs of another State, and, when the cyber operations are not attributable to the State from which they were launched, breach of the due diligence obligation that requires States to ensure cyber operations with serious adverse consequences are not mounted from their territory. The Article then examines the various modalities for attributing a cyber operation to a State under international law. Whether cyber meddling in another State's election is unlawful, as well as the severity thereof, determines the range of responses available to the victim State. The Article concludes that the law applicable to remotely conducted meddling in another State's election is unsettled, thereby comprising a normative grey zone ripe for exploitation by States and non-State actors

Cyberterrorism: the story so far

This paper is concerned with the origins and development of the concept of cyberterrorism. It seeks to excavate the story of the concept through an analysis of both popular/media renditions of the term and scholarly attempts to define the borders of same. The contention here is not that cyberterrorism cannot happen or will not happen, but that, contrary to popular perception, it has not happened yet

Digital Architecture as Crime Control

This paper explains how theories of realspace architecture inform the prevention of computer crime. Despite the prevalence of the metaphor, architects in realspace and cyberspace have not talked to one another. There is a dearth of literature about digital architecture and crime altogether, and the realspace architectural literature on crime prevention is often far too soft for many software engineers. This paper will suggest the broad brushstrokes of potential design solutions to cybercrime, and in the course of so doing, will pose severe criticisms of the White House\u27s recent proposals on cybersecurity. The paper begins by introducing four concepts of realspace crime prevention through architecture. Design should: (1) create opportunities for natural surveillance, meaning its visibility and susceptibility to monitoring by residents, neighbors, and bystanders; (2) instill a sense of territoriality so that residents develop proprietary attitudes and outsiders feel deterred from entering a private space; (3) build communities and avoid social isolation; and (4) protect targets of crime. There are digital analogues to each goal. Natural-surveillance principles suggest new virtues of open-source platforms, such as Linux, and territoriality outlines a strong case for moving away from digital anonymity towards psuedonymity. The goal of building communities will similarly expose some new advantages for the original, and now eroding, end-to-end design of the Internet. An understanding of architecture and target prevention will illuminate why firewalls at end points will more effectively guarantee security than will attempts to bundle security into the architecture of the Net. And, in total, these architectural lessons will help us chart an alternative course to the federal government\u27s tepid approach to computer crime. By leaving the bulk of crime prevention to market forces, the government will encourage private barricades to develop - the equivalent of digital gated communities - with terrible consequences for the Net in general and interconnectivity in particular