Volume 14 Symposium: International Legal Collective Security Interests

Monday, February 12, 2024

Written by Michael Shepard

On February 12, 2024, the Notre Dame Journal of International & Comparative Law hosted the Volume 14 Symposium on International Legal Collective Security Interests. Tori Hust organized the Symposium with support from the JICL faculty advisors, Professors Diane Desierto and Roger Alford, and journal members.

The day began with a panel discussion on the future of cybersecurity moderated by Professor Desierto and featuring top experts in international and comparative law, including Professor James Kraska (U.S. Naval War College & Harvard Law School), Professor Judith Germano (NYU School of Law), and Professor John Maciejczyk (Notre Dame Law School).

Professor Kraska touched on the international law aspect of the physical infrastructure for cybersecurity. He discussed that nearly all international communications run through submarine communication cables located on the continental shelf and deep seabed. According to Kraska, the 600-plus communication cables currently in place, which span over 1 million kilometers around the globe, allow for the transmission of “every email, every bank transaction, and every Netflix [program] you watch.”

From his perspective, discussions of cyber law, cyber intrusion, and cyber security should begin with the physical security of this underwater structure. While there is a liability regime in place, he commented on the vulnerability of the Internet’s physical infrastructure, as demonstrated by recent cable breaks in the South China Sea and Baltic Sea, which experts suspect are tied to state actors, including China and Russia.

Professor Maciejczyk discussed the dark web carding market, where financial information can be purchased individually or in bulk through Bitcoin. He outlined the difficulties of enforcement and attribution, given that cybercriminals could be based anywhere in the world. In one recent case, he issued over 60 subpoenas to track down the bad actors.

According to Maciejczyk, Mutual Legal Aid Treaties (MLATs) foster international cooperation and sometimes extradition, which can help law enforcement identify and bring to justice cyber criminals based abroad. In addition, he highlighted that the International Convention on Cybercrime, which includes 62 countries among its signatories, has promoted uniform cybercrime statutes to tackle issues like ransomware fraud and child pornography.

Finally, he covered the Cloud Act enacted in January, which allows Australian and US law enforcement to more easily share electronic data to help combat serious crime. Given that access can pose a significant barrier to policing cybercrime, Maciejczyk is encouraged by this development and its ability to improve law enforcement’s capabilities.

Professor Judith Germano discussed how international law carries technological and regulatory risks in addition to the physical and criminal risks that the co-panelists mentioned. Countries often do not align on which criminal and security conduct to prioritize. This issue is further complicated by the varying definitions of privacy that differ by state and even party, as organizations regard privacy interests differently from individuals.

According to Professor Germano, one positive development over the past decade is the dramatic shift to stronger legal and regulatory oversight of cybersecurity. Companies and their executives have assumed greater accountability for cybersecurity risk failures, like not responding to a threat in a timely manner. She emphasized that companies have also prioritized disclosure, which is another key to combatting cybersecurity risk.

She concluded by warning companies to remain vigilant about the increase in regulatory risks that arise as they adopt new technologies for managing or processing customer and client data. Such changes mean companies must bear greater corporate responsibility for the secure handling of sensitive data.

In the afternoon, Professor Sadie Blanchard moderated a fireside chat with the Honorable Charles N. Brower, who discussed his long and illustrious career in international law, spanning private practice and public service. Judge Brower’s talk centered on his involvement in a number of historical developments in international law, which are the subject of his new book, Judging Iran: A Memoir of The Hague, The White House, and Life on the Front Line of International Justice.

The discussion began by focusing on his three-decade-long tenure on the Iran-U.S. Claims Tribunal, where his role included advising Presided Ronald Reagan on the Iran-Contra affair. After Iranian students stormed the U.S. embassy and took 52 Americans hostage, President Jimmy Carter froze all Iranian assets subject to U.S. jurisdiction, both in American banks and abroad. In 1981, the U.S. and Iran ended the hostage crisis by entering into the Algiers Accords and establishing the Tribunal. The Tribunal, which sits in the Hague, consists of nine members, including three American judges, three Iranian judges, and three third country judges.

Judge Brower explained that the initial goal of the Iran-US Claims Tribunal was to get all of the cases against Iran out of court, which took the U.S. Supreme Court’s approval.

He discussed the tenseness of negotiations in the early years. Initially, $1 billion was set aside for the Tribunal to pay Americans but not Iranians, to which Iran objected. Further, more disputes arose when the agreement to release Iranian funds came with a long list of terms and conditions due to the use of syndicated loans and the controversy surrounding the order of repayment. The U.S., which enforced awards in U.S. courts under the New York Convention, was eventually challenged by Iran, who insisted the process was not working for them. 

After working through early contentions, including the Tribunal’s prioritization of Americans’ claims of Iran-expropriated property and unfavorable agreement terms, the Tribunal went on to resolve nearly all private claims. To date, the Tribunal has issued over 600 awards (with $2.5 billion in awards for U.S. claimants and $1 billion in awards for Iranian claimants), helping to settle upwards of 4,700 claims.

Additional highlights from Judge Brower’s talk included a discussion of his role as a judge on the International Court of Justice, which he has served on since 2014. Colombia initially appointed him to represent it in a maritime delimitation dispute brought by Nicaragua. He is currently presiding over two active cases to which he has been appointed by the U.S.

To close out the day, Professor Marko Milanovic (University of Reading School of Law) delivered the Symposium’s keynote address on his ongoing work writing the third edition of the Tallinn Manual, which is intended to offer a framework for applying international law in cyberspace. Professor Milanovic noted the project’s name derives from the NATO Cyber Center of Excellence based in the city of Tallinn, Estonia, which is a frontier for cyber innovation and a main cyberattack target of neighboring Russia. The Tallinn Manual was first published in 2013 with the support of NATO under the leadership of Professor Milanovic’s colleague, Professor Mike Schmidt. The Tallinn Manual’s goal is to tailor a specific set of internal law rules for regulating war to cyber technologies. The initial Tallinn Manual provided a helpful foundation by assembling a long tradition of manuals in the century-old laws of armed conflict and offering commentary. The commentary elaborates on the reasonable positions a state could take in interpreting the rule.

Offering an example, Professor Marko Milanovic spoke about the principle of distinction in international humanitarian law and the law of armed conflict that proscribes belligerents from direct attacks against civilians and civilian objects. However, he explained that the issue of how to define an attack on a civilian object produces major difficulties. While a missile strike might be a clear attack, a cyber operation to shut down an electrical grid or power plant is far less clear.

Professor Milanovic addressed the need for such a manual and how to measure its success and impact in the real world in shaping state views. Unlike academic articles, he said the project’s audience is “states, governments, and other actors that wield greater power and influence.” Therefore, he explained the measures of success will be, “how do actors who wield real power in the system engage with this.” He observed that states theoretically have sovereign equality and wield equal power in the system of international law and custom international law. However, he provides that the reality in the law-making process is very different, given that more powerful states like the U.S. are rule makers rather than rule takers. He detailed various factors that present major difficulties in devising laws of cyberspace that can generate widespread agreement. For instance, in the extremely centralized legal system of the U.S., a lack of clarity may still exist around who gets to decide questions of war and peace. The existence of challenges for a highly developed system of law suggests that problems will be even greater for a system that lacks a centralized legislature or court. This reality highlights the complexity of negotiating a new treaty on applying international law in cyberspace.

Finally, Milanovic discussed interesting developments to expect in the third edition on how cyberattacks are perceived to affect sovereignty. In the second edition, the manual adopted the view that “cyber operations can violate sovereignty when they produce effects that are tantamount to damage and permanent loss of functionality of computer systems on another state’s territory or if they usurp the territorial state’s governmental functions.” However, in the third edition, the manual adds two more positions. The first additional position is one adopted by the UK government, which is that you cannot violate sovereignty in cyberspace, which tends to be the stance of the UK and countries performing a lot of operations in cyberspace. The second additional position is the African Union’s maximalist sovereignty position, where any intrusion into a state’s cyberspace violates their sovereignty regardless of whether any damage results. Ultimately, the third edition promises to be an extremely valuable contribution to the development of international law in cyberspace.