Do Cyberattacks Fall Under the War Powers Act?

by Julian Ku

Just a quick note on the news reports about the internal Obama Administration legal debate over the use of cyberattacks in the Libya conflict. These reports seem to confirm Stewart Baker’s complaint that cyberwar capabilities are being shaped by legal concerns as much as, if not more than, policy goals.  Two small observations:

1) Following David Fidler’s point here, how is the legality of cyberwar attacks a difficult issue in Libya, given that the Administration concluded that drone attacks are not “hostilities” within the meaning of the War Powers Act?  I find it far more likely that the debate internally was not over law, but policy. Is it wise to unveil US cyber attack capabilities in Libya? Would they even work?  At least, I hope this is what the real debate was about.

2) More broadly, what is the deal with all this leaking of legal policy debates? I am curious who is doing the leaking, and whether this is part of a broader strategy of rolling out the Administration’s legal views on difficult issues via leaks?  Can we just have the full memos please?

http://opiniojuris.org/2011/10/18/do-cyberattacks-fall-under-the-war-powers-act/

2 Responses

  1. Jack Goldsmith covered this exceptionally well over at Lawfare today.  I doubt very seriously the decision not to use cyber-attacks had anything to do with law or legal concerns.  It was about not revealing the extent of our capabilities in a situation with such marginal national security (albeit potentially important foreign relations) implications.

  2. Response…
    The category is potentially broad (too broad) and can encompass some kinetic results or uses of cyber-stuff as weapons and, therefore, as “armed” attacks.  But it depends on what is occurring — what cyber-attack, targeting what, how, with what consequences, etc.
    Mere computer hacking for information is not per so an armed attack or war.  Hacking into satellites of some sorts to disable them could be an armed attack or part of war under certain circ.
    So, some cyber “attacks” might logically only fit within an international law or law enforcement paradigm, while others might fit within a law of war and/or self-defense paradigm.

Trackbacks and Pingbacks

  1. There are no trackbacks or pingbacks associated with this post at this time.