Schmitt Assesses the Intersection of International Law and Autonomous Cyber Capabilities
Mar 12, 2021 | Cybersecurity
Michael N. Schmitt, Professor of Public International Law at Reading Law School (UK), the Francis Lieber Distinguished Scholar at the Lieber Institute of the United States Military Academy at West Point and Visiting Professor at the University of Texas Law School, recently published an article in the International Law Studies journal. His article, “Autonomous Cyber Capabilities and the International Law of Sovereignty and Intervention,” assesses the “intersection of autonomous cyber capabilities and the two primary rules of international law.” Professor Schmitt begins by introducing the concept of “wrongful acts” in international law, which are acts that are both attributable to a nation and acts which constitute a breach of international law. He then explains the concept of autonomy in cyber operations, noting that these operations are characterized by the absence of real-time human direction. He also distinguishes between defensive and offensive autonomous cyber operations, and further divides these categories into the buckets of active and passive.
Schmitt then dedicates a section to the two aforementioned primary rules of international law: sovereignty and non-intervention. In the section on sovereignty, Schmitt begins by noting that sovereignty as a rule of international law that is applicable to cyber operations is “well-founded in treaty law, State practice, and opinion juris.” He then explains some of the potential challenges applying this rule to autonomous operations, most prominently, territoriality. In the section on non-intervention, Schmitt begins by noting that this rule is less controversial in the field of cyber context of international law than sovereignty, highlighting the important distinction between influence and coercion. Schmitt also includes a section on intent and mistake of fact which illustrates the complexity of ascertaining if a state that used autonomous cyber capabilities had malicious intent or knew the degree to which the technology could breach international law. Schmitt then walks his readers through the circumstances precluding wrongfulness, namely: countermeasures, necessity, and self-defense. He concludes by expressing confidence in the normative infrastructure of international law and its ability to address the challenges presented by autonomous cyber operations. Read the full article here.