Patrick Tucker | Defense One | February 8, 2017 | 0 Comments

Did Russia’s Election Meddling Break International Law? Experts Can’t Agree.

Matryoshka with a portrait of Putin and Trump are sold in Moscow in December. dimbar76/Shutterstock.com

U.S. spies say Russia meddled in the U.S. presidential election, but the world’s top minds in cyber warfare aren’t sure if the act constitutes coercion by one state against another. That legal ambiguity is why weaponizing stolen information is such a difficult tactic for the United States to counter.

Even the latest version of NATO’s guide to such questions can’t offer a definitive answer. This week, the alliance’s Cooperative Cyber Defence Centre of Excellence, or CCD COE, released its much anticipated update to the Tallinn Manual, which bills itself as “the most comprehensive analysis of how existing international law applies to cyberspace.”

The manual’s first edition was published two years after Russia’s seminal distributed-denial-of-service attacks on Estonia in 2007. Compiled by 20 experts, it sought to outline the best thinking about what laws apply to states attacking each other over the internet.

Much has changed since then; most importantly, Russia executed a concerted effort to steal and publicize politicians’ email with the aim of influencing the U.S. election. That’s what makes the recent update so important. It provides a roadmap for how states should respond to incidents like that in the future.

In terms of international law, the question is whether by stealing emails and releasing them through Wikileaks and other outlets Russia forced the United States to do something that the latter would not otherwise. That would constitute meddling in the internal affairs of another state by means of “coercion”—  i.e., in a way that prohibits the target from acting freely. It’s an idea that goes back to 1758 but that has taken on new relevance now.

To get a sense of how contentious the issue has become, check out this Jan. 24 discussion of information warfare at Yale Law School. (Introductions start at 8:00.) Right around the 21-minute mark, a small argument breaks out between a young law student and the expert panel over whether Russia coerced a particular election outcome. In reply, West Point’s Aaron Brantly argues that the DNC hack, and subsequent doxxing via Wikileaks, “was not coercion” because it lacked a threat of force.

“We may not like that. It sounds better to say it was coercion. But, in reality, we drank the Kool-Aid ourselves,” Brantly said. “It’s our responsibility as a civil society to process that information.”

Others note that there’s (as yet) no firm evidence that the data theft changed the election’s outcome, so it’s impossible to prove that the meddling caused the United States government or people to do something that they otherwise would not have done.

Bottom line: the degree to which the DNC hack constitutes an act of illegal coercion is a somewhat subjective matter. Even the experts who updated the manual could not come to a consensus.

“The counter view notes that there may have been an impact on the election and the fact that the impact is the result of the hacking differentiates it from mere propaganda or other means of exerting ‘influence’ (as distinct from intervention) by means of information,” said Michael Schmitt, the editor of the manual and a law professor at both the University of Exeter and the Naval War College. “The Russians are masters at playing the ‘gray area’ in the law, as they know that this will make it difficult to claim they are violating international law and justifying responses such as countermeasures.”  

Schmitt explained why that matters. If you could show that Russia’s influence on the election had been coercive then the United States would be legally justified in employing countermeasures that matched the offense, such disrupting the functioning of the Russian government in a way “that would be unlawful but for the fact that they are response to the unlawful activities of the target state and are designed to cause the target state to comply with the law.”

But if the attack was not coercive, then the only real response that the U.S. can employ is something called “retorsion,” or what Schmitt calls unfriendly, but lawful, actions.

“The expulsion of the Russian ‘diplomats and sanctions fall into this category. This is because neither the expulsion of foreign officials nor the imposition of economic sanctions is unlawful,” he said.

At some point, better exit polling and other metrics may allow governments to more effectively trace influence operations to specific effects. You might, for instance, be able to prove beyond reasonable doubt (or at least with high statistical confidence) that a Russian influence campaign did throw the election one way or the other. Until then, drawing a clear link between doxxed information and voter behavior will be next to impossible.

That’s why Russian influence campaigns like the one targeting the DNC will continue.

Comments
JOIN THE DISCUSSION

Thank you for subscribing to newsletters from GovExec.com.
We think these reports might interest you:

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

    Download
  • Cyber Risk Report: Cybercrime Trends from 2016

    In our first half 2016 cyber trends report, SurfWatch Labs threat intelligence analysts noted one key theme – the interconnected nature of cybercrime – and the second half of the year saw organizations continuing to struggle with that reality. The number of potential cyber threats, the pool of already compromised information, and the ease of finding increasingly sophisticated cybercriminal tools continued to snowball throughout the year.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • GBC Issue Brief: The Future of 9-1-1

    A Look Into the Next Generation of Emergency Services

    Download
  • GBC Survey Report: Securing the Perimeters

    A candid survey on cybersecurity in state and local governments

    Download
  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

    Download
  • eBook: State & Local Cybersecurity

    CenturyLink is committed to helping state and local governments meet their cybersecurity challenges. Towards that end, CenturyLink commissioned a study from the Government Business Council that looked at the perceptions, attitudes and experiences of state and local leaders around the cybersecurity issue. The results were surprising in a number of ways. Learn more about their findings and the ways in which state and local governments can combat cybersecurity threats with this eBook.

    Download

When you download a report, your information may be shared with the underwriters of that document.