Without a legal framework, states will be free to strengthen their technological capabilities and test the response of their adversaries all while knowing that their actions do not break international law.
On 20 January 2017 the world witnessed the inauguration of the 45th President of the United States, Donald Trump, after what may have been one of the most controversial pre-election period of all time. Trump’s election was marred by a DNC hacking scandal that threatened the very legitimacy of its outcome. The final declassified intelligence report by the US Intelligence Community on Russia’s role in the elections claimed that their goals were “to undermine public faith in the US democratic process, denigrate Secretary [Hillary] Clinton, and harm her electability and potential presidency” using cyber technology and media propaganda. It ruled out that Russia had interfered in vote tallies, and did not reveal any specific technical data – meaning that it would unlikely be accepted by pro-Trump sceptics. Election meddling is not a new phenomenon, but the latest American election proved that cyber space has created an arena for far more advanced interference in democratic processes than ever before, without an international legal framework to protect it.
The covert nature of international election meddling means that it is a difficult phenomenon to thoroughly analyse or understand. Academics have attempted to investigate the impact of foreign electoral intervention, but the handful of studies available paint an empirically weak picture overall. Some media around the globe, nevertheless, leapt at the opportunity to point out the US’s hypocrisy for their suggestion that Putin’s involvement in their democratic process was something new. Many of these journalists cited the same academic paper, a 2016 study by political scientist Dov Levin, which stated that the US and the USSR/Russia together intervened no less than 117 times in foreign elections between 1946 and 2000, or “one out of every nine competitive, national-level executive election. Such a discovery thrilled many states that like to take the moral high ground above the two notorious enemies. And of course let’s not forget the famous 1996 article of TIME Magazine (Yanks to the Rescue) celebrating US involvement in the campaign of Boris Yeltsin – in a “secret story of how four U.S. advisers used polls, focus groups, negative ads and all the other techniques of American campaigning to help him win”.
The election meddling by Russia did little more than damage Hillary’s reputation, but the issue here is the release of unclassified data. This unprecedented cyber attack has exposed to the world the defenselessness of even the most powerful country with the most sophisticated security resources available when it comes to the threat of technology, and sends a worrying signal about the level of classified data that could be revealed in the future, or indeed other technological capabilities that Russia could be hiding. Added to this is the risk that the attack could set a precedent for further destabilising activities in the digital space by other nation states or non-state actors. Worryingly, the amount of money or resources required for hacktivists, terrorist groups or criminal networks is far below those needed to engage in conventional warfare. And, unlike arms trades, there is nothing in place to control or manage export regimes of digital tools, nor an adequate international legal framework to protect cyber space.
America was caught off guard and faced the dilemma of how to adequately react to such interference from outside forces. Obama’s report failed to prove that Russia breached international law, demonstrating that countries could potentially engage in a range of minor destructive actions that would not warrant a conventional response. America has reacted to the interference with diplomatic sanctions, but while sanctions send a strong political message, they lack the deterrent effect of military rebuttal or indeed criminal prosecution. What’s more, Obama’s diplomatic expulsions lacked impact when they occurred mere weeks before Trump’s administration took over and would possess the authority to reverse them.
When foreign intervention in democratic elections has been happening for a hundred years, it could be seen as unfruitful to try and respond now with new international rules. As shown by Levin’s study, states will act covertly, and on the occasion that they do boast about their actions, it will usually be with support from other hugely powerful states for having ‘saved’ democracy. However with rapidly evolving technology, cyber criminality has the potential to undermine democratic processes for years to come and pose major security risks. Without a legal framework, states will be free to strengthen their technological capabilities and test the response of their adversaries all while knowing that their actions do not break international law. Western powers should take the lead in protecting cyber space by reinforcing their own national security. Some are on their way to doing this: The USA and 15 EU member states have incorporated a military element into their cyber strategies, with France and the UK leading the European cyber arms race through major investment in web defense. It is not enough however for a few of the world’s more powerful states to individually bolster their mechanisms – as shown by the November hack on the European Commission. In an era of globalization, multilateral organizations must accept their vulnerability and cooperate collectively to invest in cyber defense and create new instruments of international law referring to the manipulation of digital networks and prescribing viable punitive measures for non-compliance. A multilateral agreement protecting what is currently a vulnerable legal vacuum is the best solution to prevent cyberspace disintegrating into a chaotic battleground of state and non-state actors.1 comment