Beware of cyber space….

Hollis on Cyber Threats

Duncan B. Hollis (Temple University – James E. Beasley School of Law) has posted An e-SOS for Cyberspace on SSRN. Here is the abstract:
Individuals, shadowy criminal organizations, and nation states all now have the capacity to devastate modern societies through computer attacks. These new and severe cyberthreats put critical information, infrastructure, and lives at risk. And the threat is growing in scale and intensity with every passing day.

The conventional response to such cyberthreats is self-reliance. When self-reliance comes up short, states have turned to law for a solution. Cybercrime laws proscribe individuals from engaging in unwanted cyberactivities. Other international laws proscribe what states can (and cannot) do in terms of cyberwarfare. Both sets of rules work by attribution, targeting bad actors – whether criminals or states – to deter cyberthreats.

This Article challenges the sufficiency of existing cyber-law and security. Law cannot regulate the authors of cyberthreats because anonymity is built into the very structure of the Internet. As a result, existing rules on cybercrime and cyberwar do little to deter. They may even create new problems, when attackers and victims assume different rules apply to the same conduct.

Instead of regulating bad actors, this Article proposes states adopt a duty to assist victims of the most severe cyberthreats. A duty to assist works by giving victims assistance to avoid or mitigate serious harms. At sea, anyone who hears a victim’s SOS must offer whatever assistance they reasonably can. An e-SOS would work in a similar way. It would require assistance for cyberthreat victims without requiring them to know who, if anyone, was threatening them. An e-SOS system could help avoid harms from existing cyberthreats and deter others. Even when cyberthreats succeed, an e-SOS could make computer systems and networks more resilient to any harm they impose. At the same time, an e-SOS would compliment, rather than compete with, self-reliant measures and the existing legal proscriptions against cyberthreats.
September 11, 2010 | Permalink

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s