Tuesday, November 18, 2014

In September 2014, President Barack Obama ordered air strikes to be carried out against Syria. The goal of the air strikes was to weaken the militant group known as the Islamic State of Iraq and Syria (ISIS). The news article, “Islamic State Crisis: What force does international law allow?” by Marc Weller discusses the international legal ramifications of the air strikes that the United States launched against Syria. Before launching the strikes, President Obama did not seek the approval of the United Nations Security Council or the US Congress. The congressional approval is another complicated topic in its own right; however, this article is concerned with the international law behind the attack.

The situation that is currently unfolding in Syria and the Middle East is a complicated matter. In order to understand the situation, it is easiest to start with a basic hypothetical situation to create a simple picture. The variable that are currently active in the Middle East will then be introduced to portray a better picture of what is occurring in Syria.

Consider first the scenario where the US gains intelligence that IS has several major bases in Syria. The US, believing that ISIS poses a significant threat, decides to attack ISIS in Syria. There is no known imminent threat on the United States from ISIS, but there is a potential for a future threat. This type of attack would be a blatant violation of international law and the United Nations Charter. Article 51 of the Charter states that states may only use force for self-defense if an armed attack occurs or if the attack is approved by the UN Security Council. The attack in this situation is a violation of the national sovereignty of Syria. It is important to note due to the crimes of ISIS, such an attack may still be seen as legitimate, even if it is not legal.

The situation is made further complicated by the fact that ISIS is a non-state actor. The United Nations, in wake of the September 11 attacks, have recognized that non-state actors are capable of armed attacks, in the sense of Article 51. Thus, if non-state actors have shown the capability to launch armed attacks, they are also viable targets from a state. ISIS is such a non-state actor currently imposing themselves upon the lands in Syria that border Iraq and parts of Jordan. It is the job of the Syrian government to resolve such matters internally. Unfortunately, it would appear that Syria is unable to handle the situation. Unchecked, ISIS has threatened the border between Syria and Iraq. Iraq, under imminent threat of attack, now has full legal justification under international law to attack ISIS.

At this point, Iraq decided to call on the United States for help in protecting its territory from ISIS. It can then be argued that the US is able to attack Syria because it is assisting in the collective self-defense of Iraq, to use the words from Article 51 of the United Nations Charter. Iraq had written a letter expressly asking for the aid of the United States in protecting its borders. As such, it can be said that the United States was able to launch the attacks in Syria. Additionally, the US invoked its own right of self-defense when the Khorasan group was brought up. Khorasan is a group that is affiliated with Al-Qaeda and is also based in Syria. The US claims that Khorasan does present an imminent threat, unlike ISIS, and was also targeted during the air strikes.

Another argument can be made that the US strikes were legal due to the crimes against humanity that were committed by ISIS on Syrian soil. Syria has an obligation to protect its people from such crimes committed on its own territory. However, as mentioned previously, Syria has been unable to resolve the situation on its own. As a result, it is possible that international intervention can be taken to stop said crimes against humanity. While there have been other cases of forcible humanitarian action, they have all had the legal cover of a United Nations mandate, which this attack does not.

The legality of the United States air strikes in Syria is questionable on two areas of law. The first being the ability of the president to launch attacks without approval from Congress. The second is the international law concerning the bombings in Syria. The international law relevant to the situation is difficult and is made more so by extenuating circumstances. Iraq’s call for aid and the inability of Syria to resolve the ISIS situation in their own borders contributes to the argument that the United States does have justification for the air strikes.

Reference article:

Monday, November 10, 2014

Drone Strikes in Pakistan: Ten Years and Counting

According to the research conducted by the Bureau of Investigative Journalism, only 12% of the victims of US drone strikes in Pakistan have been militants.  The Bureau has been compiling data for over a year on those killed in CIA strikes for their project “Naming the Dead.”  The project focuses on identifying the deceased dating back to when the attacks began and mapping their connections to determine whether ties to terrorist acts and/or groups exist.  The Bureau’s sources include “both Pakistani government records leaked to the Bureau, and hundreds of open source reports in English, Pashtun and Urdu.”

Since the strikes began in June of 2004, 2,379 people have been reported dead from the 400 attacks.  As of October of this year, only 704 victims have been identified and 295 of these “were reported to be members of some kind of armed group.”  Within this subset, almost 30% were not linked to any specific group.  Only 84 of those identified as militants could be connected to Al Qaeda.  This amounts to less than 4% of the total victims.  In addition, the Bureau’s report alleges that there was an inadequate amount of detail used to quantify those listed as militants.

The US government claims that confirmed terrorists of the “highest level” are the only targets for the drone strikes.  While this may be the intended idea, it is evident that these attacks are conducted before sufficient evidence is collected.  The lack of information on the victims shows a lack in consideration as well.  Without said careful consideration, the killings are considered extrajudicial, and therefore are unlawful.

These drone strikes can also be seen as a violation of one of the basic principles of warfare: prohibiting unnecessary harm.  Although the strikes keep US soldiers out of direct harm, they cause unnecessary damage in Pakistan by killing potentially innocent civilians.  In regards to general law for a commander issuing an attack, if it is known that civilians will be harmed, the attack is not to be conducted.  Civilian casualties are only lawfully accepted when the harm done to the civilian(s) is proportional to military necessity.  Incidental drone strikes are not possible; the technology allows for ample information to be collected on each potential terrorist.  The fault in not having sufficient evidence lies with those controlling the drones, not with the drones themselves.

In conclusion, it is not to say that the drone strikes are not at all beneficial.  The US soldiers can conduct matters of war in a safe environment without the risks that derive from flying a plane, and numerous confirmed terrorists have been successfully terminated; however, although the Bureau has only identified so many of the victims thus far, their findings demonstrate a critical lack of transparency about certain affairs conducted by the US Government.


When U.S. Drones Strike Back

Iran successfully test piloted a replica of a U.S. fallen drone, the RQ-170 Sentinel, this week. This news comes as a surprise to the United States because they were quoted claiming that the unmanned drone had been “protected as to prevent the removal of valuable data.” The successful test flight only means that more drones will come and on a larger scale. Iran says that they are working on “replicating the technology on a wider scale.” The U.S drone was captured three years ago after it was seen in Iranian air space, before which it was conducting surveillance in Afghanistan. Iran had previously claimed to seize several drones before this instance, but this is the first instance where something has actually come from it.
The controversy that stems from this article is that Iran now possesses the capabilities of drones, and at the fault of the United States. This creates several international issues for not only neighboring countries, but also the United States. The U.S.’s own technology fell into the wrong hands and will now most likely be used against other nations. This creates even more sovereignty issues, which the U.S. has been accompanied to as of late. This is not the first time that U.S.’s technology/weapons has been used against the United States and other nations worldwide. Ever since the atomic bomb and nuclear weapons other nations have been trying to catch the U.S. and drones are looking like a familiar situation. It creates problems in terms of international law because someone has to take the blame for these issues. The accountability issue has been raised several times when it comes to drones and will continue to be raised until something is done about them. Internationally they intrude on state sovereignty, injure or kill civilians without even an apology or acknowledgement, and just creates civil panic in lands that drones operate. If Iran controls drones in our airspace, it will open the United State’s eyes as to what it's like to have their sovereignty ignored.
Although the drone that was replicated was only a surveillance drone, it does not bode well because the Iranians could always militarize them. Since they had claimed to capture several other drones, one of which could already be militarized, and then it is only a matter of time until they can reverse engineer the technology. This will only further our surveillance on Iran and its neighbors to see what drones they will create and where they will occupy them. By giving them the technology unwillingly it creates tensions between our two governments as we try to peacefully work together so that both nations can have drones.
The U.S. could also face legal repercussions internationally because it was in fact their drone that was replicated and thus places the blame on them as to why Iran now owns a drone. The military technology that was gained from the drone could also help to create other advanced weaponry, depending on how much there is to be gained from the drone itself. The U.S. is already under the crosshairs for their use of drones, and the fact that we have now helped another nation get their hands on drones will not go over well. The U.S. needs to work quickly with the Iranian government to ensure that if the drones will be used, which they undoubtedly will, that they are used peacefully and are not militarized.
This undoubtedly will only further the question of the legality of drone strikes and the use of drones as surveillance. It will come a point where it begs the question whether or not they can be used peacefully and for the greater good. The U.S. has skirted its way across the issue by saying that they are only used against terrorists and perpetrators of 9/11. Once other nations, like Iran, start to manufacture drones it is only a matter of time until they are seen in U.S. air space. We cannot question the sovereignty of drones because we ourselves send them into other nations without their knowledge. Since the U.S. will continue to survey other nations and conduct drone strikes, they cannot question other nations when they start to do the same. You cannot hold someone accountable for using drones, if you at first are not accountable for doing the same action.

Saturday, November 1, 2014

Cyber-espionage: Sandworm and Taidoor

Recently, NATO officials, the Ukrainian government, EU governments, and others have received emails with compromised attachments containing spyware and other malicious code. Cyber-threat intelligence group iSight called this attack Sandworm. Similar emails with malware and spyware have been discovered in Taiwan. In both these cases, malicious code that exploits weaknesses in the Windows operating system and in Microsoft Office was found in Office documents, mainly PowerPoint, by iSight, or by McAfee and Google researchers. The code uses a “zero-day vulnerability” and takes advantage of the Object Linking and Embedding mechanisms in Office files, which allow, for example, Excel graphs to be shown in PowerPoint. Rather than embed a graph, however, the hackers embedded code that spied on the recipients. A similar case in August called Epic Turla, also from Russia, included malware that searched the recipient’s computer for phrases relating to sensitive documents. If the phrases were present, more code could be remotely enabled that would do more thorough searches and report what it found to its creator. This case used compromised websites rather than email attachments.

In the case of Sandworm, the documents used were written in Russian and were usually interesting to the target, such as falsified lists of pro-Russian Ukrainian separatists. In Taiwan, very similar Chinese code was discovered. The malware used in Taiwan is called Taidoor, and has been previously linked to Chinese cyber-espionage. Due to the nature of the compromised documents and the code, the researchers believe they are linked to or controlled by the Russian and Chinese governments, respectively, rather than originating from civilian black-hat hackers. However, there is currently no way to know for sure. Without proven government involvement, the international community can take no effective action against the attackers.

Even if government involvement was proven in either case, there is still not much the international community can really do. Although spyware sent from a government to foreign officials might be a violation of international law and could be considered a violation of state sovereignty, it cannot be classified as a cyber-attack and therefore is not an act of war or controlled by the law of war.

As we read in Sanger, an example of something that could be considered a cyber-attack is the Stuxnet virus. Stuxnet, like Sandworm, exploited four “zero-day vulnerabilities.” Unlike Sandworm, however, Stuxnet was introduced by USB drives and was used initially to disrupt and damage Iranian nuclear facilities by affecting data and computer networks and then destroying nuclear centrifuges. Sandworm and the similar Chinese threat were spyware; they only reported data and did not alter data or disrupt or take control of the computer.

In class, we defined a cyber-attack as something that has force similar to an armed attack or that undermines the function of the network. Since Stuxnet caused the destruction of nuclear facilities, it is clear that it was a cyber-attack. Sandworm and the Chinese code are obviously some kind of intrusive and malicious program, but they do not have the ability to cripple systems like Stuxnet, so they cannot be called a cyber-attack. In Hathaway et.al. (2012), their recommended definition of a cyber-attack states that the program must “undermine the function” of a system. This is typically done by adding or modifying information and is not done by just observing the computer or network. Programs that simply observe, as Sandworm does, are considered cyber-espionage instead. Since cyber-espionage does not have any force similar to an armed attack or undermine the function of the network, it cannot be considered an act of war. Therefore, it is not governed by the law of war, and Article 51 of the UN Charter governing self-defense does not apply.

Even without this definition, it makes sense to classify Sandworm as espionage; it only looked at data on the infected computers and did not contain the ability to destroy documents, take over the computers, or spread more malicious code over a network. As sensitive as the information might have been that was retrieved or observed by the programs, Sandworm is not a cyber-attack. Those affected by the virus could take diplomatic measures against the suspected hackers, but there is a good chance they will not be effective, because of lack of proof, government denials, the risk of further worsening relations, or the threat of further attacks or intrusions. There is nothing effective the affected parties can do but tighten their own internet security policies and wait for Microsoft to release a patch to the operating system or to Office.

Hathaway et. al., California Law Review: http://www.californialawreview.org/assets/pdfs/100-4/02-Hathaway.pdf