You are here

cyberlaw

The FCC's Remaining Options in Pursuit of Net Neutrality

The Wall Street Journal reports on the options that the FCC still has to ensure that Internet content is treated equally and neutrally after the D.C. Circuit ruled yesterday the governmental agency's net neutrality-rules overstepped its authority. One option would be to reclassify broadband providers as common carriers because "'the Communications Act doesn’t clearly address broadband providers, which means their regulatory status is a matter of reasonable agency discretion,'" The Journal reports.

Beyond The Terminator- Developing the Law of Cyber Warfare

Submitted by Amaris Elliott-Engel on Thu, 01/02/2014 - 14:08

Last month, I wrote a piece for the Connecticut Law Tribune about the lack of legal doctrine to govern cyber warfare--and what a UConn professor and law student are doing about it:

Forget Terminator-style cyborgs sent back in time on an assassination mission.

Cyber warfare is here, but the form it takes doesn't involve lethal robots. It's things like Stuxnet, a computer "worm" that is believed to have been created in 2010 to attack Iran's nuclear facilities. Or unmanned planes – navigated by software and "pilots" on the ground – dropping bombs.

But while cyber warfare is here, the law of war and the rules of engagement are largely undeveloped regarding cyberwar, according to David Thaw, a University of Connecticut visiting assistant professor of law whose scholarship focuses on cybersecurity regulation and cybercrime.

There is not even clarity in international law about when cyber warfare can be started. For example, Thaw asks, when would an attack on Google constitute an act of war instead of just criminal activity? What level of cyberwarfare is proportionate as a matter of law?

There is a "wide space that the law needs to catch up" on quickly, Thaw said.

The open legal questions have led Thaw and Joel Henry, a cyberspace operations officer of the 103rd Airlift Wing, Connecticut Air National Guard, and a UConn law student in his last semester, to research the law of armed conflict and cyberwarfare. They have presented their research at places like the Pentagon and NATO conferences.

Talking to experts in those forums made them realize that they needed to address not only what happens during a cyber warfare conflict, but about what leads up to the conflict.

Their collaboration started after Henry wrote a paper on cyber warfare for one of Henry's classes, and because Henry has served as a cyberoperations officer with the Connecticut National Guard and the U.S. Air Force for five years. Prior to that, Henry was an Air Force captain and a weapons loader for A-10 fighter jets from 2002 to 2008. Until this semester, Henry was an evening law student working full time as an engineer.

The aim of professor and student is to develop "a set of legal guidelines to help the international community and the individual nation-states" as they draft their own laws and policies about cyber warfare, Thaw said.

Due to the interconnectivity of many systems with the Internet — for example, power grids, water and fuel pipelines and emergency services — cyberwarfare could have unintended consequences. For example, Country A deploys a cyberweapon against Country B, but the weapon affects systems in Country C due to the interconnective nature of technology, Thaw said.

If the military is using a cyberweapon to target an electronic system or a computer system of an adversary, it must be sure that use of that weapon is not going to have unintended consequences for a civilian population, Henry said.

One issue with cyber warfare is the risk of collateral damage if excessive force is used in more densely populated areas, Thaw said. The same is true of conventional warfare, he said. "You don't drop an imprecise high-yield warhead in a major urban center … to take down one building," Thaw said. "You use a precision-guided ordinance" from an aircraft.

The law needs to require that in cyberspace as well, he said.

Henry said his contribution to the paper is in terms of drafting new cyberlaw of armed conflict and how that applies to military operations. The focus has been on judge advocates assigned to military units, Henry said.

Henry said his research has been informed by his personal experience of working with JAGs assigned to one of the Air Force's Air and Space Operations Centers. Their research has shown that, as the law stands currently, "JAGS probably wouldn't be equipped "to lawfully authorize cyber warfare attacks, Henry said. "What would that individual need to know from a legal standpoint to authorize the use of a particular weapon?" Henry asked.

Thaw added: "One of the reasons we have judge advocates in uniform advising commanders who have to make decisions about deploying military assets" is to ensure that military action is lawful and that unlawful harm is not done to civilians, Thaw said.

Another issue with cyber warfare is what happens if remote-controlled aircraft are taken over by unauthorized people. "New questions arise when controlling things remotely," Thaw said.

Another issue with cyber warfare is what happens if remote-controlled aircraft are taken over by unauthorized people. "New questions arise when controlling things remotely," Thaw said.

Thaw and Henry hope to publish their research sometime in the future. For now, they are revising on the basis of their meetings with experts.

Digital Divide Not Just About Internet Access. It's About Privacy Laws Too.

The digital divide isn't just about access to the Internet.

The Guardian reports that most Internet traffic on the cloud comes from the developed world: "an estimated 60% of such cloud traffic came from Europe and North America, followed by the Asia-Pacific region (33%). Latin America, the Middle East and Africa together accounted for only 5%." Similarly, the rule of law to protect privacy is more advanced in the developed world than in the developing world (albeit with the caveat that the National Security Agency is engaged in massive surveillance that undermines that rule of law): as of this year, 101 countries had data privacy laws or bills in place, but only 40 developing economies have such laws or bills, according to The Guardian.

The Guardian also reports: "The Information Economy Report 2013, released on Tuesday by Unctad, the UN trade and development body, warns that the global shift towards cloud computing, which allows users to store and access data remotely, brings a range of legal as well as technological and infrastructure challenges for poor countries."

Texas Supreme Court Considers Outing Anonymous Blogger

The Texas Supreme Court heard oral argument on whether a blogger who has criticized an Ohio-based company should be unmasked by court order, the Associated Press reported. The blogger's attorney argued that Texas courts don't have personal jurisdiction over the blogger, while the company's attorney argues that Texas does have jurisdiction because its CEO owns a home in Houston and the company has its largest Texas office in Houston. During oral argument, Chief Justice Nathan Hecht questioned if Texas should "be concerned that its courts can be used to investigate any cause of action that could be brought anywhere in the United States. Why should Texas courts just be sort of the State Bureau of Investigation?" according to the AP.

Federal Trade Commission Set to Regulate Your Spying Coffee Pot

The Federal Trade Commission is set to regulate connected devices that share consumer data. Or as GigaOm more pithily says it: the Internet of Things. Why does this matter? GigaOm reports: "There are two issues at play here, one being the privacy of consumer data and the other being the security of the networks delivering that data. The privacy issue, however, also contains a security dimension since the devices can share things that affect a person’s safety — such as where they live and whether or not they are home."

Moreover," EPIC, the Electronic Privacy Information Center, argues that the privacy implications of connectivity start with the devices, which could allow a person to be tracked continuously across a variety of networks," GigaOm also reports.

GigaOm's Stacey Higginbotham argues for a middle ground between stifling a new industry and consumer privacy.

Illinois Supreme Court Rejects Sales Tax for Internet Sales

The Illinois Supreme Court has become the first court in the country to find a federal law preempts a state law requiring sales taxes be paid on Internet sales, USA Today reports. The paper also reports: "the court determined that Illinois' 2011 'Main Street Fairness Act' was superseded by the federal law, which prohibits imposing a tax on 'electronic commerce' and obligates collection that's not required of transactions by other means, such as print or television." The issue might be primed for the U.S. Supreme Court as New York upheld its Internet sales tax-law and Amazon is appealing.

Free Speech Issue Triggered By Revenge Porn Law?

California has passed a law to criminalize, as a misdemeanor, posting "identifiable nude pictures of someone else online without permission with the intent to cause emotional distress or humiliation," The Guardian reports. The ACLU opposed the legislation on free-speech grounds.

Can the United Nations Do Anything About Cyber-Surveilliance?

With the United Nations General Assembly in New York this week, one UN event looked at the role the United Nations could have, if any, regarding ensuring privacy on the Internet from governmental spying.

A blogger for Ars Technica who was on the panel and who wrote about the event "pointed out that while anti-democratic countries may want legitimacy, their policies are already well in place. Surveillance capabilities are already being used, with or without the UN’s approval or disapproval, by democratic and anti-democratic governments."

Another interesting point from the panel was a Brazilian representative who "referred to the fact that President Barack Obama had recently defended the global American spying effort: 'I think it's important to recognize you can't have 100 percent security, and also 100 percent privacy, and also zero inconvenience. We're going to have to make some choices as a society.'" 

The Brazilian official said in light of the revelations of American spying on the Brazilian president and a major Brazilian energy company '“Brazil has 100 percent inconvenience, 0 percent security, and 0 percent privacy.”' 

Not Such A Safe Harbor For ISPs Under Communications Decency Act From Defamation?

John Dean has this analysis of the Jones V. Dirty World Entertainment case heading to the Sixth Circuit, a case which could change the parameters of the law on the safe harbors provided in the Communications Decency Act to Internet Service Providers from defamatory on-line material.

CDA Section 230 protects Internet intermediaries fr0m liability for information provided by other information content providers. According to the trial court opinion, a Cincinatti Bengals cheerleader complained about sexual postings about her, includiing that she had slept with multiple team members and that she had a sexually transmitted disease, on thedirty.com. But the site refused to take them down. Web site editor Hooman Karamian, also known as Nik Richie, not only selected what postings to put up but also commented on the postings. The trial judge, according to the opinion concluded, thedirty.com and its editor were not entitled to the CDA safe harbor because the editor '“specifically encourage development of what is offensive about the content”' of the web site.

You can read the opinion on appeal here: http://www.dmlp.org/sites/citmedialaw.org/files/2012-01-10-SummaryJudgme...

 

Pages

Subscribe to RSS - cyberlaw