International Law and the Future of Cyberspace: The Obama Administration’s International Strategy for Cyberspace
On May 16, 2011, the Obama Administration released its International Strategy for Cyberspace: Prosperity, Security, and Openness in a Networked World. President Obama stated that the International Strategy represents âthe first time that our Nation has laid out an approach that unifies our engagement with international partners on the full range of cyber issues.â In shaping an approach to maximize the benefits of cyberspace and mitigate the threats to its expanded use, the Obama Administration emphasizes the need for âbuilding the rule of lawâ through international norms and processes. This Insight describes the International Strategy and the role the Obama Administration constructs for international law in its vision of the future of cyberspace.
The International Strategy
Since widespread personal, commercial, and governmental use of the Internet began in the mid-1990s, U.S. administrations have attempted to facilitate use of cyberspace and protect users from malevolent activities. During this period, the Internet became increasingly important to social, economic, and political life around the world, but threats, such as cyber-crime, expanded as well. Concerns mounted about the ineffectiveness of U.S. approaches to protect cyberspace, exemplified by a December 2008 report, which argued that âAmericaâs failure to protect cyberspace is one of the most urgent national security problems facing the new administration.â Upon taking office, the Obama Administration conducted a cyberspace policy review, which concluded that â[t]hreats to cyberspace pose one of the most serious economic and national security challenges of the 21st Century for the United States and our allies.â
Security was not, however, the only concern about the future of cyberspace. The growing rivalry between the United States and China increasingly highlighted distinct attitudes about the meaning of cyberspace and the purpose of the Internet. The Obama Administration set out to establish its normative perspective for cyberspace as a global political space, with Secretary of State Hillary Clintonâs January 2010 speech on âInternet Freedomâ as a centerpiece of this effort. Secretary Clinton stated, âWe stand for a single internet where all of humanity has equal access to knowledge and ideas.â Achieving this goal, she asserted, requires advancing freedom of expression and worship and freedom from fear and want. This âInternet freedomâ agenda gained traction in the wake of the perceived utility of the Internet during the democratic uprisings in North Africa and the Middle East in first half of 2011. In short, the Obama Administration saw opportunities to imprint an ideology on the possibilities technology created for peoples around the world.
Purpose, principles, and policy pathways
In the International Strategy, the Obama Administration attempts to integrate economic, security, and political strands of U.S. policy on cyberspace into an overarching, coherent strategic approach. This approach seeks to advance the social, economic, and political advantages a networked world creates for individuals, communities, and nations while addressing threats that undermine the Internetâs value for communications, commerce, and international cooperation. Guiding this task are âcore commitments to fundamental freedoms, privacy, and the free flow of information.â The International Strategy recognizes the age-old tension between security and liberty in pushing for greater cybersecurity and expanded Internet freedoms, but it argues that, through the ârule of law,â its approach âsupports our national security and advances our common values.â
The International Strategy seeks to ensure that cyber-technologies are open, interoperable, secure, reliable, and stable. Pursuing these objectives globally requires the United States to engage in integrated efforts through diplomacy, defense, and development policies. The International Strategy is a âroadmapâ for U.S. government agencies âto better define and coordinate their role . . . to execute a specific way forward, and to plan for future implementation.â To support such activities, the International Strategy organizes U.S. government endeavors âacross seven interdependent areas of activity, each demanding collaboration within our government, with international partners, and with the private sectorâ (see Table 1).
Table 1. Seven U.S. Government Areas of Activity under the International Strategy
International Law and the International Strategy
The ârule of lawâ in cyberspace
A theme running through the International Strategy is the need for the ârule of lawâ in cyberspace governance domestically and internationally. It defines the rule of law as âa civil order in which fidelity to laws safeguards people and interests; brings stability to global markets; and holds malevolent actors to account internationally[.]â Given the challenges confronting cyberspace, this fidelity to law requires establishing âan environment of expectations, or norms of behaviorâ that builds âa consensus on what constitutes acceptable behavior, and a partnership among those who view the functioning of these [cyber-]systems as essential to the national and collective interest.â
Substantive international legal norms
International law and legal processes play critical roles in the Obama Administrationâs vision of prosperity, security, and openness in a networked world. In terms of substantive law, the International Strategy makes clear that many existing principles of international law operating in times of peace and conflict also apply in cyberspace. These existing international legal rules include respect for the fundamental civil and political rights of freedom of expression and association, privacy, and property; state responsibility to deny criminals safe haven; and the right to use force in individual or collective self-defense in response to armed attacks.
The International Strategy also recognizes that âunique attributes of networked technologyâ mean that (1) more clarity is needed on how existing international legal norms operate in cyberspace; and (2) new norms are required. Emerging cyber-specific norms requiring development and implementation include:
- Global interoperability: ensuring end-to-end operability of an Internet accessible to all;
- Network stability: respecting free flow of information in national networks and avoiding arbitrary interference with internationally connected infrastructure;
- Reliable access: no arbitrary deprivation or disruption of individual access to the Internet and other networked technologies;
- Multi-stakeholder governance: Internet governance must include all appropriate stakeholders and not just governments; and
- Cybersecurity due diligence: state responsibility to protect information infrastructures and to secure national systems from misuse or damage.
International legal processes
In addition to focusing on existing and emerging substantive international norms, the International Strategy emphasizes that achieving the rule of law for cyberspace demands international cooperation, asserting that such cooperation âis a first principle.â This theme is particularly strong in the embrace of strengthened international partnerships that can âbuild consensus around principles of responsible behavior in cyberspace and the actions necessary . . . to build a system of cyberspace stability.â The broad vision of cyberspaceâs future and the diversity of international rules and norms affected will require cooperation in many processes and venues (e.g., economic, law enforcement, military, development, and human rights), supplemented by implementation of the emerging principle of multi-stakeholder governance.
Despite acknowledging the importance of existing international legal rules, the International Strategy never mentions two basic principles affected by its contentârespect for sovereignty and non-intervention in the domestic affairs of other states. The intent to achieve Internet freedom globally by supporting âcivil society actors in achieving reliable, secure, and safe platforms for freedoms of expression and associationâ targets governments that do not, on or off line, respect free speech and democratic politics. The Obama Administrationâs cyber-support for democracy movements suggests that the International Strategy does not tolerate pluralism in cyberspace concerning human rights and domestic forms of governance. To express importance given to diplomacy, defense, and development, the International Strategy adds a fourth âdââdemocracy. This purpose will create concerns for non-democratic countries attached to the principles of sovereignty and non-intervention.
The ideological thrust of the International Strategy raises questions about the emphasis on international cooperation and consensus building. First, important players with power to shape how cyberspace functions, especially China, might take positions that produce consensus on the lowest common denominator, creating agreement only on superficial principles of responsible behavior in cyberspace. Second, the substantive norms in which the Obama Administration anchors the International Strategy, especially those civil and political rights informing the idea of Internet freedom, appear to be non-negotiable from the U.S. perspective. This position undermines the claim that the United States wants to negotiate new norms for cyberspace. To other countries, the U.S. position might appear to be an offer to negotiate how the U.S. vision gets implemented globally, which could produce difficulties in diplomatic processes that have to address cyberspace challenges.
Impact and Implementation
International law and the new geo-cyberpolitics
International law operates within a context shaped by larger political trends and tensions, and this geo-political reality affects the role of international law in cyberspace governance. The International Strategy represents the Obama Administrationâs statement of principles that connects to earlier assertions of U.S. cyber-power, particularly the establishment in 2010 of the U.S. Cyber Commandâa specific military combatant command dedicated to the development and deployment of âfull spectrumâ U.S. military cyber-capabilities. This alignment of U.S. principle and power concerning the future of cyberspace arises strategically from rival cyber concepts and capabilities held foremost by China. The International Strategy sketches U.S. doctrine to guide the country in the intensifying competition over what cyberspace should be and how it should function. In this realm of geo-cyberpolitics, the rival sides will employ international law differently to justify their divergent positions.
The G8 declaration and the Internet
The Obama Administrationâs understanding of the International Strategyâs normative and geo-political importance appeared in the G8 declaration from the summit in Deauville, France, at the end of May 2011. The International Strategy stated that the shaping âcyberspace norms of behavior must begin with clear agreement among like-minded countries.â In keeping with this view, the G8 Declaration on Renewed Commitment to Freedom and Democracy included a section on the Internet echoing the International Strategy, including insistence that the Internetâs use must include ârespect for the rule of law, human rights and fundamental freedoms, [and] the protection of intellectual property rights, which inspire life in every democratic society for the benefit of all citizens.â
U.S. government implementation of the International Strategy
The International Strategy will guide development of more specific U.S. government plans. For example, the Department of Defense is expected to release its formal strategy document in the near future. Given concerns experts have raised about the International Strategyâs lack of detail on how it will be implemented, the agency-specific plans will constitute important benchmarks, including how international law features in specific U.S. government implementation activities.
About the Author:
David P. Fidler, an ASIL member, is the James Louis Calamaras Professor of Law and a Fellow at the Center for Applied Cybersecurity Research at Indiana University.