Introduction This chapter aims to set out some ideas and pointers for a further development of a research agenda on the role of law in the militarization of cyber space. Critical international relation and security studies scholars have given attention to the commercial and national security interests underpinning the academic and political framing of cyber war, on the basis that the cyber war discourse contributes to creating greater government and military control over civilian networks, leading to potential infringements of civil liberties (Dunn Cavelty 2008a, 2008b, 2012a, 2012b; Schneier 2010a, 2010b; Brito and Watkins 2011; Deibert and Rohozinski 2011; Lawson 2012a, 2012b). At the same time, critical legal thinking on cyber war remains an underdeveloped and fragmented endeavor (but see Henriksen this volume): international law scholars usually take the existence of cyber war at face value (see Boothby this volume), both with respect to the possibility that cyber attacks may cross threshold for armed attacks set out in the law of armed conflict and thus be labelled “cyber war” (though not war), and the appropriateness of applying this legal framework to the field of cyber security. While slowly changing, the geographic bias in cyber war scholarship looms large (but Ebert and Maurer 2013). The writing on the legal regulation of cyber war continues to focus mostly on US military responses or the interpretation and application of the norms of the Laws of War in the USA national security context. Hence, the task for legal scholars is twofold: to respond critically to the US centric discourse on the role of law in the militarization of cyber space, but also to develop “local” or “regional” scholarly perspectives on the constitutive role of law with respect to cyber security. In the aftermath of the NSA mass surveillance revelations-and the exposure of a “Nine Eyes” inner circle (Denmark, Norway, France and Netherlands supplementing the “Five Eyes” consisting of the USA, Australia, Canada, New Zealand and the UK) engaging in a “focused cooperation” for intelligence exchange, including metadata (Moltke and Gjerding 2013), it seems pertinent for legal scholars outside the USA to provide a closer scrutiny of the role played by law and legal arguments in the process this chapter labels “the militarization of cyber space.” To that end, this chapter aims to lay out a research agenda that both offers a theoretically and chronologically
informed critical inventory of the role of law in the militarization of cyber space and proposes a set of substantive lines of inquiry. Following the cyber attacks on Estonia in 2007, the task of providing an adequate international legal framework for cyber attacks has moved rapidly up the international political agenda, culminating with the publication of the Tallinn Manual on the International Law Applicable to Cyber Warfare in 2013 and the inclusion of cyber attacks under NATO Article 5. The chapter tries to show how law has operated in competing cyber war discourses over time; how cyber war as a concept has developed within the specific conversations of international law; and the symbolic and political role now allocated to law in grappling with the indeterminacy that is so pervasive when it comes to gauging the nature of insecurity. The main argument is that legal arguments have functioned-and functionas a “workhorse” for the proponents of a cyber-insecurity-as-war. The chapter argues that the framing of cyber war as a topic for the law of armed conflict (broadly defined) and national security law to some degree is prognostic; it becomes about offering regulation of military solutions, and delineating the legal boundaries of the specific strategies, tactics, and objectives by which these solutions may be achieved. The general point put forward is that neither the emphasis on the law of armed conflict or the initiatives and doctrinal lenses through which it is interpreted are inevitable. Seeing cyber attacks through the lens of international law and international treaty making processes produces a particular kind of legitimate knowledge, and constructs a specific global social reality. The push to define cyber security in military terms, using metaphors of “war” and talking about cyber space as a “battle domain” engenders a particular set of implications with respect to the nature of cyber attacks, the motivations of the attacker, the potential political ramifications of the attack and the appropriate means, including law, to prevent, defend and repeal such attacks. While exercises of legal line drawing are important and useful, they are also strategic and political. To contribute to a substantive agenda of resistance with both global and local purchase, this chapter offers a three-pronged mapping of the evolving legal discussions that could challenge the disciplines emphasis on “war” in the cybersecurity context. The first concerns the so-called comprehensive legal approach to cyber security, the second relates to technology exports that fuels contemporary violent “grass-roots cyber wars” (where real people die as a consequence of surveillance by governments and armed actors) and the third pertains to the nascent cyber-peace agenda. The chapter proceeds as follows: The first part lays out three background narratives on cyber insecurity in the critical political science literature broadly defined. The chapter looks at the role of cyber industrial-military complex and its lead entrepreneurs, and the so-called “China syndrome” in the framing of cyber war. Attention is then turned to the changing political conceptualizations of cyber security as it has shifted from crime to terror and espionage; to the internationalization of a cyber war concept; and finally toward the internationalization of cyber
security. The second part discusses and critiques the evolving understandings of cyber war within international law, now firmly entrenched as a project of Northern international law through the Tallinn Manual. The third part outlines the counter narratives presented above. A brief conclusion follows.