Sending Out an e-SOS
posted by Dave Hoffman
My colleague Duncan Hollis has a new article up on SSRN, An e-SOS for Cyberspace. In the article, Duncan argues that the “conventional response” to cyberthreats (e.g., hacking, e-espionage, cyberwar, and hacktivistism) isn’t working. Though “cybercrime laws proscribe individuals from engaging in unwanted cyberactivities[, such laws fail because] anonymity is built into the very structure of the Internet. As a result, existing rules on cybercrime and cyberwar do little to deter. They may even create new problems, when attackers and victims assume different rules apply to the same conduct.” Instead of traditional proscriptive approaches, Duncan proposes that “states adopt a duty to assist victims of the most severe cyberthreats. A duty to assist works by giving victims assistance to avoid or mitigate serious harms. At sea, anyone who hears a victim’s SOS must offer whatever assistance they reasonably can. An e-SOS would work in a similar way. It would require assistance for cyberthreat victims without requiring them to know who, if anyone, was threatening them.”
I read e-SOS in draft and found it fascinating, even though I have little intrinsic interest in international law or cybersecurity issues. Duncan does a terrific job of storytelling – did you know that the CIA allegedly tampered with the computer control system of a Soviet gas pipeline in 1982, causing the largest non-nuclear explosion in history? Or that the United States recently rescued North Korean sailors from pirates on receipt of an SOS? The article is full of such nuggets. And I think the proposal is pretty clever, and borderline workable. That’s high praise for a law review article.
Anyway, I advise that you download it before some cyberbully manages to hack SSRN and replace it with a trojan horse. And then come back here, follow me after the jump, and enjoy a classic Police video.