Wednesday, August 23, 2017

UNGGE and Tallinn 2.0 Revisited

https://amp.theguardian.com/world/2017/aug/23/un-cyberwarfare-negotiations-collapsed-in-june-it-emerges

https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3024405 (Paper from Mike Schmitt and Liis Vihul on this)

So I want to bring us back to social insects and point out that basically everything we know always turns out to be wrong, but in a weird way. For example, I was taught growing up via whatever biology classes and nature shows I watched, that the bees have a queen, and the queen lays all the eggs and the workers do her bidding via chemical cues or whatever because they are so closely related to her.

But what turns out to be true is a thousand times more complex, because workers can also lay eggs, and often choose to as a strategy. And that means that the simple model in my head of how a nest works is all off-kilter - tons of energy in the nest has to be dedicated to maintaining order. That brings us to their paper:

This right here is where Mike Schmitt and Liis Vihul go wrong... 

Ok, so the paper is very much a last stand defense for the Tallinn process and the rest of the work that Mike and crew have put into stretching the Barney costume of normal international law over the mastodon that is the cyber domain. Look, I've met Mike Schmitt and he has an IQ of something like 250, but he's dead wrong on this whole thing and it's getting painfully obvious to the whole community.

The place he goes most awry is in the paragraph highlighted above: He thinks states have territory and that territory extends into cyberspace, which it just doesn't. I get the that the implications of that are complicated and quite scary, but he runs straight off a philosophical cliff when he says that any "physical change" including replacing hard drives is going to trespass sovereignty. The real world has the FBI conducting operations all over the world because we don't know where something is once it hits the Tor network, and frankly we don't care. We are going to ./ and let the courts sort them out.

Everyone reading this blog could build scenario after scenario that challenges his arguments around the applicability of various aspects of international law in cyberspace based on his initial fallacy, but until we gather a group of people around and have some sort of intervention ceremony with him it's going to be impossible for him to internalize it.

I don't think he can read Tallinn 2.0 and notice that his bevy of "Experts" have created a document that reads EXACTLY LIKE THE TALMUD, with everyone agreeing on some things, disagreeing on some other things, and making exactly zero sense the whole time when applied to modern cyber operations. This is the kind of thinking that lets them draw nonsensical derivations about there being some sort of physical-component line you could draw between "violates sovereignty" and "PERFECTLY OK" as if Stuxnet never happened.

The authors also warn of any further operations saying that if they get caught:

"This could lead to further “Westphalianization” of the internet, as well as increased data localization, which runs counter to the long-term U.S. policy objective of the free flow of information." 

I'm pretty sure that's already happened. Did we write this paper in a time machine, perhaps?


No comments:

Post a Comment