A Response to Frédéric Mégret by Philip Alston

by Harvard International Law Journal

[Philip Alston responds to Frédéric Mégret's comments on Alston's recently published article, Hobbling the Monitors: Should U.N. Human Rights Monitors be Accountable?. This post is part of the Second Harvard International Law Journal/Opinio Juris Symposium.]

I am grateful to Frédéric Mégret for his very thoughtful comments on my article. Fred’s own excellent work on the accountability of “International Prosecutors: Accountability and Ethics” (available at ) is one of the few sustained and probing analyses of the difficult topic of the accountability of those playing a crucial role in what might be termed the international justice sector.

At the end of the day, there is not a lot on which we disagree. The great majority of Special Rapporteurs strongly resisted the notion of a formal accountability mechanism beyond the internal and self-administered arrangements that they set up for themselves under the threat of more demanding measures being suggested by governments. It is therefore noteworthy that Fred takes the idea that there should be some mechanism more or less for granted. I think this is correct, but again as he notes, the challenge is to get the correct institutional mix, or to put it another way to include enough checks and balances so as to ensure that neither side can easily manipulate or abuse any procedure that is established. (more…)

A Response to Philip Alston by Frédéric Mégret

by Harvard International Law Journal

[Frédéric Mégret, Assistant Professor of Law at McGill University Faculty of Law and Canada Research Chair in the Law of Human Rights and Legal Pluralism, responds to Philip Alston, Hobbling the Monitors: Should U.N. Human Rights Monitors be Accountable?. This post is part of the Second Harvard International Law Journal/Opinio Juris Symposium.]

Philip Alston’s article on special rapporteurs suggests that there may be some merit on hobbling them a little, just not necessarily in the way that a majority of states at the Human Rights Council seem to want. The great merit of the article is a strong effort to highlight both sides of the debate, including the one most unsympathetic to untrammelled SR independence, by someone who is himself a special rapporteur. Indeed, it is particularly notable that Alston, who was the main target of a (failed) attempt by some states to oust him for claimed violations of the code, still finds more merit in the basic idea of rapporteur accountability than many international human rights activists.

The basic premise of Alston’s article is one that is tempting for anyone who is keen on the international human rights regime, namely that rapporteurs are not as powerless as they are sometimes made to be. This is partly because of the SRs’ considérable autonomy in organizing their work, and partly because of the impact that their activity can have in a widely connected world in which a well-timed press statement can have as much if not more impact than many formal resolutions. To be consistent as a human rights lawyer (of all things), one must then acknowledge that the exercise of power entails certain responsibilities and inevitably a degree of accountability. SRs’ power is one that involves in the best of cases reporting human rights violations in ways that may lead to meaningful remedies and prevention of further violations. But it is also a power that may, for example, disrupt domestic political processes, leave some victims unattended, or entail interpretations of human rights that are contentious.

In this context, the idea of SR accountability is welcome, but the devil is in the details. Alston’s arguments, essentially, is that States have tended to offer the wrong response to a good question. Partly this is because the whole Code of conduct initiative may be little more than a trojan horse to rein in SRs based on a fear that they unduly interfere with sovereignty. However note that this is not such an extravagant idea: one may think that on the whole SRs have behaved in ways that were not incompatible with the understanding of sovereignty as essentially limited by human rights, but clearly the fact that one is dealing in international rights is not a licence to meddle in any domestic matter. SRs could also be victims of a certain human rights hubris and start pronouncing on matters that were clearly beyond their remit. Special rapporteurs are not judges, for example, and it is difficult for them to pass definitive judgment on complex factual matters involving individuals. Perhaps because their normative activity is so bereft of the normal checks that accompany human rights adjudication, their pronouncements may also occasionally take liberties with such notions as the « margin of appreciation » (i.e. : the idea that some of the means to implement rights obligations ar left to states’ discretion, based on cultural and national specificity). (more…)

Hobbling the Monitors: Should U.N. Human Rights Monitors be Accountable? by Philip Alston

by Harvard International Law Journal

[Philip Alston, John Norton Pomeroy Professor of Law at New York University School of Law, describes his recently published article, Hobbling the Monitors: Should U.N. Human Rights Monitors be Accountable?. This post is part of the Second Harvard International Law Journal/Opinio Juris Symposium.]

The critical issue I examine in this Article is whether a group of independent experts, or monitors, explicitly created to hold governments to account in terms of their human rights obligations, can be subjected to a strong accountability regime controlled by those same governments, without destroying the independence that is considered to be the system’s hallmark.

In 2007, a group of powerful governments pushed through a Code of Conduct to regulate the activities of Special Rapporteurs (“SRs”), Independent Experts and others who make up the so-called Special Procedures system created by the Commission on Human Rights and inherited and expanded by the Human Rights Council. It is widely acknowledged that this group of experts, that now includes some 33 thematic mandates (focusing on, for example, disappearances, extrajudicial executions, torture, violence against women, and the rights to education, food, health, etc.), represents the Council’s most effective system for independent human rights monitoring.

In 2010, in the context of major discussions about the future of the Council, the same group of governments proposed the establishment of a Legal Committee to enforce compliance with the Code through sanctions. Other governments, the SRs themselves, and civil society groups have been highly critical of the way the Code has been used so far to stifle the work of the monitors and are strongly opposed to the creation of any compliance mechanism. In many, perhaps too many, respects, the Article draws on my personal experience not just as a SR for a period of six years but as the only SR who has so far been the subject of concerted campaigns by different governments to secure a SR’s dismissal before his term of office had expired.

I begin by noting the powerful pressures which have succeeded over the past decade or so in insisting that almost all international actors should be accountable, and take note of the veritable explosion of accountability mechanisms applicable almost across the board these days in relation to international organizations. I then explore in some detail the potential utility of principal-agent theory as a means by which to understand and characterize the relationship between the SRs and various potential principals, ranging from governments, the Council itself, to those individuals whose rights are being violated. (more…)

A Response to Olivier De Schutter by Katharina Pistor

by Harvard International Law Journal

[Katharina Pistor, Michael I. Sovern Professor of Law at Columbia Law School, responds to Olivier De Schutter, The Green Rush: The Global Race for Farmland and the Rights of Land Users. This post is part of the Second Harvard International Law Journal/Opinio Juris Symposium.]

I would like to thank Opinio Juris for the opportunity to participate in this debate about one of the most pressing issues of our time: the battle for control over increasingly scarce resources, including land, water, and natural resources. The Olivier de Schutter’s “Green Rush” addresses the heightened contest for arable land globally to ensure food safety or biofuel for different peoples. Most of these transactions are transnational in scope; and they tend to pair relatively poor countries on the sell side with affluent investors or countries on the buy side.

The major challenge these transactions pose is the impact they have on the people in the seller countries. There is little doubt that at least in the short term the people in countries on the buy side benefit from these transactions. It is their food security and gasoline supplements that these transactions shall secure. The impact on people in the selling countries is less certain. Some will benefit directly from these transactions as participants, intermediaries, or receivers of kickbacks, and others might find new employment opportunities; yet significant parts of the population will face dislocation, the loss of land as a source of sustenance and cultural identity. In part, these losses might be offset by cheaper food prices and a transition towards modernization. However, the scale of these benefits is highly uncertain. Global food prices have already proven much more volatile than anticipated, and earlier versions of modernization theories were not all that successful. Closer inspection reveals that the benefits for the people on the buy-side may also not be as clear. History offers important lessons for the social and political upheavals that may result from creating landless masses. The combined effect of enclosure and repeal of the poor laws forced landless people into the big cities in early modern England. While widely hailed with hindsight as a critical ingredient for England’s head start in industrialization as landless people provided cheap labor in factories, the actual outcome of social upheavals on such a scale is ultimately a gamble. England may have escaped a revolution, but Russia did not. In its own colonial hinterlands, the British Empire faced a mutiny after introducing land-titling programs in India that resulted in massive evictions of peasants from their lands. More generally, Karl Polanyi attributed the political upheavals of the first part of the 20th century – communism Russia and Fascism in Germany and Italy — to the long-term effects of a process of social transformation that included large-scale dislocations. This conclusion remains disputed, but the proposition that dislocating large numbers of people can be politically explosive is not. (more…)

The Green Rush: The Global Race for Farmland and the Rights of Land Users by Olivier De Schutter

by Harvard International Law Journal

[ Olivier De Schutter, U.N. Special Rapporteur on the right to food and Samuel Rubin Visiting Professor of Law at Columbia Law School, Fall 2011-Spring 2012, describes his recently published article, The Green Rush: The Global Race for Farmland and the Rights of Land Users. This article is part of the Second Harvard International Law Journal/Opinio Juris Symposium.]

We have been witnessing since 2008 a global enclosure movement in which large areas of arable land change hands through deals often negotiated between host governments and foreign investors with little or no participation from the local communities who depend on access to those lands for their livelihoods. This development results from the increased volatility of prices of agricultural commodities on international markets and the merger between the energy and food commodities markets, which in turn explains the sudden surge of interest in the acquisition or lease of farmland in developing countries. Non-governmental organisations have denounced this phenomenon as “land-grabbing”, because of the risks involved for the communities who currently depend on land for their livelihoods, and who are not adequately protected from evictions and may be priced out of this new market for land rights.

Most commentators recognize that these transactions should be more closely scrutinized, particularly since these land deals primarily take place in relatively weakly governed countries, where corruption is frequent. However, some also see opportunities in this development. They see the arrival of investors leasing or buying land as resulting in more investment in agriculture and thus productivity gains ; or they consider that the development of a market for land rights that could benefit current land users, provided their property rights are recognized through titling schemes. This Article questions these views. Based on an analysis of the relationship to property rights of different categories of land users in the rural areas in developing countries, it argues that the poorest farmers will be priced out from these emerging markets for land rights, and that the interests of those depending on the commons will be ignored. The Article suggests that there are other ways to protect security of tenure: anti-eviction laws, tenancy statutes, and policies aimed at ensuring more equitable access to land. Although measures such as these require a disaggregation of property rights and an abandonment of the Western understanding of property as necessarily implying transferability, they may offer more promising solutions to the rural poor. It is by exploring these alternative arrangements by which land users can be protected that we can avoid situations in which, in the absence of adequate support, small-scale farmers will lose their land after having mortgaged it or as a result of distress sales. And it is through such arrangements that the rights of land users that depend on communal lands for their livelihoods—including herders, fishers, and forest-dwellers—can be better taken into account. (more…)

Duncan B. Hollis Responds to Professors Eric Jensen and Jonathan Zittrain

by Duncan Hollis

[This post is part of the Second Harvard International Law Journal/Opinio Juris Symposium.]

First, I want thank both Eric Jensen and Jonathan Zittrain for taking the time to respond to my article.  Both have thought long and hard (not to mention well!) about regulating cyberspace. Eric’s early work assessing computer network attacks under the legal rules on use of force was one of the foundational pieces on which I based my own scholarship.  More recently, I’ve been inspired by Jonathan’s efforts to grapple both theoretically and technically with the challenges of cyberspace.

So, I was very pleased to see in both of their comments that we all three share certain assumptions. Three in particular stood out: 1) cyberthreats are a real problem; 2) we need better responses to this problem, and 3) attribution makes the traditional governmental “proscriptive” response (namely, identifying and punishing wrongdoers) very very difficult.

That said, particularly, with Jonathan, I think we do have some differences in our starting positions.  Jonathan suggests that my worries may be a bit more at the “hawkish end of the spectrum” than his own, which explains his preference for community based mutual aid arrangements (such as his “mirror as you link” concept) in lieu of my international legal duty to assist (DTA).  I take Jonathan’s point on both my hawkishness and my turn towards law over community norms.  My paper readily acknowledges that there is still some dispute over the existence and extent of the cyberthreat, with charges of scaremongering facing off against those, like President Obama, who characterize cyberthreats as “among the most serious economic and national security risks we face as a nation.”  I expect those within the scaremongering camp are likely to perceive my e-SOS idea as a solution in need of a problem (on the other hand, as far as solutions go, I would hope critics would at least acknowledge that mine is more libertarian and less heavy-handed than those who would rewire the Internet to remove anonymity or allow government monitoring of private networks, etc.).

Similarly, my paper does assume that law can and should be part of the response to the cyberproblem.  I am less sanguine than Jonathan who thinks that we can regulate cyberthreats solely through community norms.  To be clear, I think Jonathan’s “mirror as you link” idea is a great one; both normatively desirable and practically possible (in many ways, I think his idea is a fellow traveller with my e-SOS proposition) Still, his proposal seems designed with only one type of cyberthreat–denial of service–in mind, and I’m not sure how it would deal with other types of attacks. I also am not sure how feasible community norms are in an environment that seems to have an increasingly diverse and adversarial set of actors (whether Russian hacktivists, military forces from China and the United States, Israeli teenagers, etc.).  Rather than limiting solutions to informal networks of like-minded groups, I believe law offers a vehicle for obtaining pre-commitments from state actors who might otherwise not be inclined to cooperate (indeed, international law is nothing, if not a vehicle for solving these sorts of cooperation problems).  Finally, I looked to law because my sense is that states themselves have begun to do so.  Although initially resistant to negotiating rules of the road, reports suggest that the United States has now come around to the idea of international negotiations on this topic (joining Russia which has touted the idea for more than a decade), although the substance of those negotiations remains very much up for grabs.  Hence, my paper is not focused so much on the question of whether international law should regulate cyberthreats, but how it should do so.

And my own response to this latter question ends up being, “if not a duty to assist, then what”? Notwithstanding Eric’s point about the need to flesh out the exact parameters of any international legal duty to assist, I’m still persuaded that it remains the best available legal option for dealing with the most severe cyberthreats.  My paper looks at the three other ways law might regulate this threat — (1) regulating the bad actors, (2) regulating the technology, or (3) regulating the victims — and explains how the attribution problem takes the first option off the table while political and economic barriers have so far stymied pursuit of the second and third possibilities.  We are in a situation where one cannot identify, let alone prosecute, the bad actors and where you can’t perfect the technology to block them.  As a result, we are in a situation where the best the law can do is try to provide assistance to mitigate the harm these threats cause, and if it does so successfully, maybe deter future such threats.

Thus, I take Eric’s point that the analogy between threats in cyberspace vs. those at sea is nowhere near perfect.  But I do think the conditions that led to an SOS in the latter context make it a worthy idea for cyberspace.  Like the high seas, we have an environment where no single nation can regulate the problem (the high seas are the quintessential commons), where bad actors cannot be proscribed (how do you prohibit hurricanes?), and where the technology can never be fully secured (as the Titanic so dramatically revealed, no boat is unsinkable).  In any case, the idea of a duty to assist is not limited to the oceans.  As my paper details, there are myriad other contexts in which DTAs exist, proving its utility as a broader legal device. Of course, I don’t believe Eric is per se opposed to these sorts of analogies; he just (rightly I think) seeks to explore how well they might work by flagging problems of proximity, frequency and technology protection.

In terms of proximity, Eric joins Orin Kerr and Dave Hoffman in noting that the physical proximity that motivates the SOS system is absent in cyberspace.  I think my response to them serves just as well here:

Orin (and Dave) separately take issue with my suggestion that the obligation to assist be defined by physical proximity. At sea, anyone who hears the SOS call has a duty to assist, not just those closest to the vessel in distress. But, I take Orin’s point that those who can actually help will usually be those closest to the threat physically (although Coast Guard helicopters, etc. mean that this will not always be true). I also agree with Orin and Dave that regulating who can assist in cyberspace is a harder proposition, since the physical limitations on who can assist are absent. In cyberspace, an e-SOS could theoretically reach anyone, and if the DTA is not limited to specific duty-bearers, everyone would be obligated to respond. Thus, my paper proposes several ways to limit assistance to avoid the costs of imposing the duty too widely. I do suggest that physical proximity may work, by which I mean proximity to the victim’s systems and networks that have encountered losses in confidentiality, availability, integrity or authenticity. I rely on Jack Goldsmith and Tim Wu’s ideas here that the Internet has allowed enough regulability by nation states so that a nation state where victims have suffered (or are suffering) losses could assist them even if it had nothing to do with the threat itself. Thus, a victim could send out an e-SOS that requires the nation state where the losses lie to respond and perhaps others in that jurisdiction as well (e.g., ISPs using networks in that state, major Internet companies who also have terminals or networks resident in that state, etc.).

I don’t think it’s fair, however, to read my paper as wedded to the idea of physical proximity; indeed, I make clear that “geographic or jurisdictional links between the victim and the duty-holder are not the only–nor necessarily the best–ways to identify duty-bearers online.” Instead, I propose using what I call technical proximity to the victim as a way to identify a duty-holder. For example, if a DDoS transits Comcast’s network, Comcast could be required on receipt of an e-SOS to assist in ceasing that traffic. Or, where the victim traces an attack to a nation state, that state would be obligated to assist (even if they were only the last in several stepping stones from the attack’s true source). This would mean, for example, that Russia would have had to block traffic routed through its networks attacking Estonia in 2007, whether or not Russia was responsible for that traffic. I also suggest tiering the DTA, so that there could be a series of first responders, who could call for additional help if the threat proved so drastic as to require spreading the pool of duty-bearers.

Next, Eric suggests that the SOS only works because of how infrequently it is invoked, worrying that its use could not be properly limited in the e-SOS context where there are so many cyberattacks (a worry Jonathan shares with his concern that states will view too many cyberattacks as severe based on the target rather than the effects). I’m not sure that the frequency dilemma is as great as Eric suggests.  Threats at sea are actually quite common, even if most do not require a distress call.  And even distress calls are far from rare. Consider the United States as an example; according to this paper, in 2003, the U.S. Coast Guard received 31,562 distress calls, saving an estimated 5104 lives with 655 lives lost and 481 unaccounted for.

And, to be clear, my proposal is not to deal with every cyberattack or exploit, which I agree number in the millions or maybe even billions, but only those that states would agree are “severe.”  My paper explores the severity of an attack along three dimensions — timing, scale and indirect effects — and contemplates different ways that states might delineate which attacks are severe.  Unlike Jonathan, I’d be inclined to let states themselves define severity, and would have no problem if they did so based on the effects (loss of life, disruption of critical infrastructure) or the targets (hospitals). Similarly, I think there are various ways states can deal with limiting the burdens of assistance from falling on any specific sub-group of actors (like the National Security Agency), whether through the ideas of technical proximity or tiering mentioned above.  Thus, I would argue that there are various ways states can work around proximity and frequency issues, with any such work-arounds ultimately turning on the states’ collective assessment of how severe the threats are and who should bear the costs of assisting.

Finally, Eric worries that technology transfer issues will disincentive assistance from more sophisticated helpers who fear that in helping they’ll be revealing too many of their technical “sources and methods.”  I agree that technology transfer is an issue, although I think it may actually cut both ways; currently, most victims don’t ask for help because they’re worried about having to expose their own operations to the world, and particularly to anyone who assists.  The essence of the e-SOS idea, however, is that it does not require victims to ask for help; they only do so if they feel the costs/benefits warrant making the call.  Just like an Ambassador can allow the embassy to burn to the ground, we should expect some victims will decide there’s too much additional risk in asking for help and continue to suffer in silence.  On the other hand, Google’s call for help in the Aurora incident shows how even the most sophisticated Internet actor may at some point cry “Uncle,” and negotiate terms for aid (which it did in a deal with the National Security Agency).  Similarly, duty-bearers might be allowed to say up front what kind of assistance they can provide and under what conditions they will do so.  Indeed, there are other DTAs in existence (notably in the nuclear context) where states work out in advance what assistance would be available and how it would be provided in the event of a crisis. Something similar could be replicated for the most severe cyberthreats, including conditions to limit any exploitation of the helper’s systems and networks by the victim or vice versa.

In closing, let me reiterate my thanks to Eric and Jonathan for taking the time to think about my idea.  Frankly, I hope they’re not the only ones who do so.  I sincerely believe that if law is going to be devised to regulate future cyberconflicts, a duty to assist, or an e-SOS could (and should) be a significant first principle for mitigating and hopefully deterring the most severe cyberthreats.

Jonathan Zittrain responds to Duncan Hollis

by Harvard International Law Journal

[Jonathan Zittrain, Professor of Law at Harvard Law School and Co-Director of the Berkman Center for Internet & Society, responds to Duncan Hollis, An e-SOS for Cyber-Space. This post is part of the Second Harvard International Law Journal/Opinio Juris Symposium.]

Duncan Hollis’s e-SOS article reinforces several important insights. The first emphasizes that the current state of computer and network security is bad and getting worse, and that traditional responses are insufficient. These responses include the self-help of installing layers of firewalls and anti-virus mechanisms, as well as government intervention through traditional rule and sanction against bad acts. My own thinking around alternative responses and their respective inadequacies is structured around four quadrants.1 Two depend on singular and universal application to work; while two draw their power from competition.

Government action is in the former category. Wrongs are defined, and in the most simple model, the state then acts against wrongdoers. Corporate and individual responses are in the latter category because they are less encompassing and more varied. The hope is that from that mix, new solutions can emerge, as, for example, each anti-virus vendor strives to offer the most complete and rapidly-updated definitions. (more…)

Eric Jensen responds to Duncan Hollis

by Harvard International Law Journal

[Eric Jensen, Visiting Assistant Professor of Law at Fordham University Law School, responds to Duncan Hollis, An e-SOS for Cyber-Space. This post is part of the Second Harvard International Law Journal/Opinio Juris Symposium.]

Drawing on the familiar and effective maritime principle of an SOS distress call, Professor Hollis argues in his paper that an analogous system should be established to respond to cyber distresses. The paper is extremely well researched and written and presents a very innovative idea certainly worth considering, and if not accepting, at least building upon to address the significant need for better responses to cyber threats. To his credit, unlike many commentators in the area, Hollis doesn’t just identify the problems, but proposes a solution that certainly has merit and is based in current international law.

In addition to Hollis’s proposal which I will address below, two of the best aspects of the paper are the factual data compiled as the introduction and the analysis of the attribution problem. Though both sections are designed to be background for Hollis’s main point, they are among the most articulate and complete in the current literature. (more…)

An e-SOS for Cyberspace by Duncan B. Hollis

by Duncan Hollis

[This post is part of the Second Harvard International Law Journal/Opinio Juris Symposium.]

In 2007, I authored two papers — one for a military audience and another for a legal one — arguing that debates over the law’s response to the growing range of cyberthreats would likely track ongoing debates over law’s response to terrorism. In that context, we’ve seen 4 options emerge:

  • First, those who say terrorism is a crime, and only a crime, with any legal response limited to law enforcement mechanisms.
  • Second, those who insist terrorism is war, with the applicable law, if any, derived solely from international humanitarian law.
  • Third, those who try to bridge the two camps by insisting terrorism can be both a crime and an act of war, applying the benefits (and burdens) of both legal regimes.
  • Fourth, and finally, those who argue that terrorism is neither a classic crime nor a classic act of war, and thus requires a new legal response to regulate its threat.

My sense is that the same jockeying among camps — crime, war, both, neither — is beginning to play out in the context of cyberthreats as well.  The initial international legal response, most notably the Council of Europe’s 2001 Cybercrime Convention, rests entirely on a criminal law paradigm. In contrast, the recent emergence of U.S. Cybercommand (USCYBERCOM) and the guidelines reported to apply to it envisions significant cyberthreats in national security terms, more appropriately dealt with through a war model, rather than a criminal one.  Not surprisingly, some states and scholars tacked to Option 3, suggesting that we can employ both crime and war paradigms to deal with these issues.  Indeed, that’s how the Estonian government viewed the 2007 cyberattacks against it, calling them an act of war, but also launching criminal investigations and seeking extradition of those responsible. This third approach appears to be where the United States is heading as well.

I’ve spent the last 4-5 years advocating for Option 4 — the none of the above idea.  To be clear, I’ve never suggested that law doesn’t currently govern cyberthreats, but rather that it does so poorly. Thus, I’ve complained about the difficulties of translating existing rules into cyberspace, the complexity of those rules, and their inadequate scope when it comes to threats that can have either state or non-state origins.  As a result, I’ve advocated for nation states to work out new rules to regulate and mitigate the harm posed by the most severe cyberthreats.

Not surprisingly, the most frequent response to my call for new rules was a question:  what do I think those rules should be?  This paper – An e-SOS for Cyberspace — is my attempt at a response. In it, I offer a first principle — a Duty to Assist — that I believe states could adopt as an appropriate international regulatory response.  As the paper elaborates, a duty to assist is not some magic salve for all cyberthreats, but it could be a way for states to respond to the most severe ones that directly or indirectly take life or disrupt critical infrastructure.  I argue, moreover, that given the way anonymity is built into the very architecture of the Internet, a Duty to Assist may be all that we can expect law to do at this point to deal with these threats.  All of which is a long way of getting to my abstract:

Individuals, shadowy criminal organizations, and nation states all now have the capacity to harm modern societies through computer attacks.  These new and severe cyberthreats put critical information, infrastructure, and lives at risk.  And the threat is growing in scale and intensity with every passing day. The conventional response to such cyberthreats is self-reliance.  When self-reliance comes up short, states have turned to law for a solution.  Cybercrime laws proscribe individuals from engaging in unwanted cyberactivities.  Other international laws proscribe what states can (and cannot) do in terms of cyberwarfare.  Both sets of rules work by attribution, targeting bad actors—whether criminals or states—to deter cyberthreats.

This Article challenges the sufficiency of existing cyber-law and security. Law cannot regulate the authors of cyberthreats because anonymity is built into the very structure of the Internet.  As a result, existing rules on cybercrime and cyberwar do little to deter.  They may even create new problems, when attackers and victims assume different rules apply to the same conduct.

Instead of regulating bad actors, this Article proposes states adopt a duty to assist victims of the most severe cyberthreats.  A duty to assist works by giving victims assistance to avoid or mitigate serious harms.  At sea, anyone who hears a victim’s SOS must offer whatever assistance they reasonably can.  An e-SOS would work in a similar way.  It would require assistance for cyberthreat victims without requiring them to know who, if anyone, was threatening them. An e-SOS system could help avoid harms from existing cyberthreats and deter others.  Even when cyberthreats succeed, an e-SOS could make computer systems and networks more resilient to any harm they impose. At the same time, an e-SOS would complement, rather than compete with, self-reliant measures and existing legal proscriptions against cyberthreats.

I look forward to the comments of Professor Eric Jensen and Professor Jonathan Zittrain and the conversation (I hope) it generates.

Jacob Katz Cogan responds to John H. Knox

by Harvard International Law Journal

[Jacob Katz Cogan, author of The Regulatory Turn in International Law, responds to comments by John H. Knox. This post is part of the Second Harvard International Law Journal/Opinio Juris Symposium.]

I would like to thank John Knox for his very thoughtful and quite generous response to my article The Regulatory Turn in International Law. In a number of ways, the article builds on John’s own scholarship – particularly his excellent Horizontal Human Rights Law, 102 American Journal of International Law 1 (2008). So it is particularly appropriate for us to continue the discussion here today.

John’s response focuses on private duties in the context of human rights, and he argues that “[h]uman rights law has always been concerned about threats to human rights from non-state actors.” Recent developments, then, are “an intensification of a long-standing characteristic.” I don’t disagree. As John notes, and as discussed the article, “treaties requiring states [for example] to regulate individuals and corporations to suppress slavery, labor abuses, and racial and gender discrimination” predated the late 1980s, which is the date I point to as the beginning of the regulatory turn. And he is correct to conclude that “the challenge of distinguishing between duties that undermine human rights and those that promote them is not new.”

(more…)

John H. Knox responds to Jacob Katz Cogan

by Harvard International Law Journal

[John H. Knox, Professor of Law, Wake Forest University, responds to Jacob Katz Cogan, The Regulatory Turn in International Law. This post is part of the Second Harvard International Law Journal/Opinio Juris Symposium.]

In The Regulatory Turn in International Law, Jacob Katz Cogan takes on a big topic:  the increasing regulation of non-state actors by international law.  Because this development is occurring in so many areas of international law, its full extent can be difficult to grasp.  As the article explains, it is not simply an aggregation of many changes in different fields, but a sea-change in the orientation of the entire international legal system.

Even an article that merely identified this “regulatory turn” would be of great importance.  But this article does much more than that.  It provides a historical narrative, it pulls together examples from many different regimes and explains how they constitute common types of regulation, and it analyzes the effects of this development on the international system as a whole.  The result is a seminal work that will influence later scholarship for years to come.

(more…)

The Regulatory Turn in International Law by Jacob Katz Cogan

by Harvard International Law Journal

[Jacob Katz Cogan, an Associate Professor of Law, University of Cincinnati College of Law and a Visiting Associate Professor of Law, Vanderbilt University Law School, Spring 2011, describes his recently published Article, The Regulatory Turn in International Law. This post is part of the Second Harvard International Law Journal/Opinio Juris Symposium.]

In the post-War era, international law became a talisman for the protection of individuals from governmental abuse. Such was the success of this “humanization of international law” that by the 1990s human rights had become “part of . . . international political and legal culture.” This Article argues that there has been an unnoticed contemporary countertrend—the “regulatory turn in international law.” Within the past two decades, states and international organizations have at an unprecedented rate entered into agreements, passed resolutions, enacted laws, and created institutions and networks, formal and informal,that impose and enforce direct and indirect international duties upon individuals or that buttress and facilitate a state’s authorities respecting those under and even beyond its territorial jurisdiction. Whereas the human rights turn protected the individual against excessive governmental control, these parallel processes do just the opposite—they facilitate and enhance the regulatory authorities of government (both national and international) in relation to the individual. (more…)