4 September 2014

Cyberwarfare ethics, or how Facebook could accidentally make its engineers into targets



Without clear rules for cyberwarfare, technology workers could find themselves fair game in enemy attacks and counterattacks. If they participate in military cyberoperations—intentionally or not—employees at Facebook, Google, Apple, Microsoft, Yahoo!, Sprint, AT&T, Vodaphone, and many other companies may find themselves considered “civilians directly participating in hostilities” and therefore legitimate targets of war, according to the legal definitions of the Geneva Conventions and their Additional Protocols.

It may all seem a minor issue of semantics, but definitions matter a lot. Depending on how you think the old laws of war fit with the new realities of cyberconflict, it may be legally possible that enemy rockets could one day rain down on the Googleplex, or even Mark Zuckerberg’s private home, because Gmail or Facebook servers were used in a cyberattack.

Intelligence agencies worldwide have already infiltrated popular technologies to spy on users, and the line between defense and industry has become increasingly blurred. In fact, the Pentagon announced its recent airstrikes in Iraq in a tweet. (A fuller version was posted on the Facebook page of the Department of Defense.) So it’s not absurd to think that governments could make even greater use of the same technologies and online services that everyday people use, but for a wide range of military purposes—not just for public relations. And once something is used for military purposes, where does it stop? When does it become a military target?

​Cyberwar experts in Geneva. These were some of the many new puzzles discussed in a two-day expert workshop recently hosted at the International Committee of the Red Cross (ICRC) headquarters in Geneva, Switzerland. The gathering was organized by researchers from California Polytechnic State University (San Luis Obispo), Naval Postgraduate School, Western Michigan University, and the Centre for Applied Philosophy and Public Ethics (Australia). It explored the ethics of cyberwarfare and grappled with how cyberattacks could be responsibly conducted, given existing laws of war and ethical norms.

Workshop participants included about 30 philosophers, political scientists, technologists, activists, policy wonks, military officers, and other experts. They came from China, Australia, Finland, Norway, Israel, the United Kingdom, the United States, and other nations. To promote honest discussion and the sharing of information, the meeting was held under the “Chatham House Rule”—meaning that no statement or position could be attributed to a particular person.

In our meeting, we wanted to know: Is there something actually new going on in cyberwar that is different from the traditional wars fought purely in the physical realm? If not, then how can society apply existing ethical discussions about war to cyberwar? If there is something new, then how should we respond to that in law and ethics?

But the answers aren’t easy. Cyberwar is both new and old, and that poses unique challenges to ethics and law.

Can cyberattacks trigger war? The Charter of the United Nations allows for war when one nation threatens another with the use of force or armed attack. “Force” is usually meant to be physical influence, as opposed to, say, economic policy; “armed” likewise usually means physical weapons such as bullets and biological weapons—but not inert things such as radio signals and insults. Given this understanding, could sending packets of code across borders ever amount to the kind of aggression that could trigger war?
Dr. Patrick Lin is an IEET fellow, as well as an assistant philosophy professor at California Polytechnic State University, San Luis Obispo, and director of its Ethics + Emerging Sciences Group. He was previously an ethics fellow at the US Naval Academy and a post-doctoral associate at Dartmouth College.

No comments: