Hollis: Re-Thinking the Boundaries of Law in Cyberspace: A Duty to Hack?

Duncan B. Hollis (Temple Univ. - Law) has posted Re-Thinking the Boundaries of Law in Cyberspace: A Duty to Hack? (in Cyberwar: Law & Ethics for Virtual Conflicts, J. Ohlin et al. eds., forthcoming). Here's the abstract:

Warfare and boundaries have a symbiotic relationship. Whether as its cause or effect, States historically used war to delineate the borders that divided them. Laws and borders have a similar relationship. Sometimes laws are the product of borders as when national boundaries delineate the reach of States’ authorities. But borders may also be the product of law; laws regularly draw lines between permitted and prohibited conduct or bound off required acts from permissible ones. Both logics are on display in debates over international law in cyberspace. Some characterize cyberspace as a unique, self-governing ‘space’ that requires its own borders and the drawing of tailor-made rules therein. For others, cyberspace is merely a technological medium that States can govern via traditional territorial borders with rules drawn ‘by analogy’ from pre-existing legal regimes.

This chapter critiques current formulations drawing law from boundaries and boundaries from law in cyberspace with respect to (a) its governance; (b) the use of force; and (c) international humanitarian law (IHL). In each area, I identify theoretical problems that exist in the absence of any uniform theory for why cyberspace needs boundaries. At the same time, I elaborate functional problems with existing boundary claims – particularly by analogy – in terms of their (i) accuracy, (ii) effectiveness and (iii) completeness. These prevailing difficulties on whether, where, and why borders are needed in cyberspace suggests the time is ripe for re-appraising the landscape.

This chapter seeks to launch such a re-thinking project by proposing a new rule of IHL – a Duty to Hack. The Duty to Hack would require States to use cyber-operations in their military operations whenever they are the least harmful means available for achieving military objectives. Thus, if a State can achieve the same military objective by bombing a factory or using a cyber-operation to take it off-line temporarily, the Duty to Hack requires that State to pursue the latter course. Although novel, I submit the Duty to Hack more accurately and effectively accounts for IHL’s fundamental principles and cyberspace’s unique attributes than existing efforts to foist legal boundaries upon State cyber-operations by analogy. Moreover, adopting the Duty to Hack could constitute a necessary first step to resolving the larger theoretical and functional challenges currently associated with law’s boundaries in cyberspace.