Intelligence agencies of the United States and the Department of Homeland Security in particular have accused Russia publicly of internet espionage intended to interfere with the US presidential election. In the wake of this accusation, the Obama administration has assured a retaliatory response designed to protect US interests. But if and when would this take place, and what are the governing international rules of this game?
Such a retaliatory response might await the outcome of the presidential election and the swearing in of the new president.
If Donald Trump is elected, which currently seems unlikely based on current polls, one wonders whether there would be any response at all, given Trump’s rejection of the apparent connection between Russia and recent political hacks on the Democratic National Committee and others.
In the more likely event that Hillary Clinton becomes president, she may be more willing to take action in response to Russian political cyber espionage, especially given that she has called out Russia, and the hacks seemingly were intended to thwart her efforts to become president in the first place.
How does international law figure into all of this?
The United Nations Charter makes plain that international disputes should be negotiated and that all efforts possible should be made to resolve disputes by means other through force. However, the Charter also provides that a country has the right of self-defense in the event of armed attack.
So the first question is whether cyber attacks can be deemed armed attacks. More and more, the internet can be used for beneficial and harmful purposes. The internet, unfortunately, can by a means to inflict physical harm. The Russia political hacks have not caused physical harm. However, as the world moves more and more online, it is quite conceivable that cyber espionage and related hacks and other online activities may be deemed within the ambit of international law set forth in the UN Charter before the internet even existed.
International law generally provides that cognizable self-defense should be proportional to the original attack and it should be limited in time to the extent needed for continued self-defense, but not any longer.
If the current Russian hacks cease to a significant extent after the election, would it be self-defense for the new president to launch cyber attacks against Russia months later after sworn into office? Perhaps not, but one would think that if Russia is engaging in cyber espionage now relating to the presidential election, it probably will continue to do so in other contexts.
In addition to the foregoing, there is the more controversial notion of anticipatory self-defense. This not universally-accepted doctrine suggests that a country might be able to attack another country if it believes that doing so would take out the ability of the other country to cause it harm. This is a stretch from traditional notions of self-defense that truly deal with defense against actual or at least very imminent attacks. Detractors of this doctrine worry about a slippery slope that would allow all sorts of attacks justified by speculative, future concerns of potential threats from other countries.
At some point, the US might rely on the anticipatory self-defense doctrine to justify cyberwar against other countries. That might not create complete goodwill internationally, to the extent such cyberwar is fully exposed. But in the current climate, the US likely can rely upon the traditional concept of self-defense. Why? Because it is becoming rather clear that right now Russia is engaged in hacking directed at the integrity of or political system.