Foreign Policy Blogs

Keeping Neutral

Keeping Neutral

What will you do when they run across your backyard?

We’re in that lull after the holiday season where gyms are crowded, but the days still feel short and cold (up north at least). Most everyone probably had an experience where two relatives were arguing about the best way to stuff a turkey, or who should have to sit next to Aunt Marge at the dinner table. What did you do? Stay out of it. Neutrality. It can be a wonderful thing.

Neutrality in the most basic terms is defined by the Hague Conventions (V), which allows for neutral nations to maintain relationships with all belligerents, but forbids them from taking sides. The underlying concept is that the territory of a neutral nation cannot be violated. It has therefore been argued that neutrality can be violated when an actor launches a cyber attack that crosses another country’s networks.

This logical, albeit black and white, interpretation poses a number of significant policy challenges. Too many to cover in one blogpost.  One key issue is whether it means that the 2008 attacks against Georgia routed through US servers violated US neutrality.

Apologies for the following gross over-simplifications:

Worst case: Denial of service attacks initially emanating from Russia utilize US computers as bots. US becomes a belligerent in a conflict against Georgia. This would be slightly ridiculous. Fail.

Slightly better case: Countries agree to take responsibility to prevent their networks from being used for malicious purposes.  Not only would civil liberties groups oppose this but it would be hard to enforce on an international scale.

Status quo: It’s hard to attribute cyber attacks to any specific location, group or individual. People are unaware their machines are infected. US Internet Service Providers have little or no liability for problems of which they are unaware. Everyone passes the buck, and the cyber equivalent of the Hamburglar continues to run around our networks stealing hamburgers.

Intervening to trace criminal or illegal activity online is a sensitive issue from a civil liberties perspective. In 1994, Congress enacted the Communications Assistance for Law Enforcement Act (CALEA), requiring telephone firms to make it easy to wiretap the nation’s communication system for law enforcement purposes. This is more easily implemented to intercept phone lines, but becomes extremely complicated when one considers the idea of putting “back doors” into the internet. President Bush enacted the Patriot Act. It was, shall we say, not his most popular move in certain circles.

The internet was designed to be an open and free method of communication and information exchange, and that is one of its greatest virtues. Having responsibility on a national level for actions that traverse US networks is a hard concept to implement. Laws need to be developed to clarify when a country gets dragged into a cyber conflict, and when it can maintain neutrality.

Is there an easy answer? No. But I am really glad that I stayed out of the argument about how to stuff a turkey, and I am pretty sure that on a national level it would be nice not to get unexpectedly dragged into someone else’s conflict.

 

Author

Rachel Greenspan

Rachel Greenspan received a Bachelor's degree in International Relations and French from Tufts University in 2006, and a Master's degree in Law and Diplomacy from the Fletcher School in May 2011. She previously worked in immigration related fields and became interested in cybersecurity when she realized that she was surrounded by engineers in her life (and that she finds technology and policy issues really interesting). Rachel recently served as a Summer Research Assistant at the National Defense University’s Center for Technology and National Security Policy (CTNSP), has attended conferences, and has done independent research on cyber and Internet policy issues.