In 2011, the White House issued the International Strategy for Cyberspace, which noted that “[t]he development of norms for state conduct in cyberspace does not require a reinvention of customary international law, nor does it render existing international norms obsolete. Long-standing international norms guiding state behavior—in times of peace and conflict—also apply in cyberspace.” However, the document cautioned that the “unique attributes of networked technology require additional work to clarify how these norms apply and what additional understandings might be necessary to supplement them.”
On September 18, 2012, State Department Legal Adviser Harold Koh took an important step towards publically elucidating the U.S. positions on how international law applies to cyberspace. At a conference sponsored by United States Cyber Command (USCYBERCOM), Mr. Koh offered brief answers to what he labeled the “fundamental questions” on the issue. He also identified several “unresolved questions” with which the United States would likely be forced to grapple in the future. Since the speech had been fully cleared in the interagency process, it can be viewed as reflecting the U.S. Government’s views on the issues, not just those of Mr. Koh or the State Department.
The timing of the speech was propitious. Less than three weeks earlier, NATO’s Cooperative Cyber Defence Centre of Excellence (CCD COE) had released a draft the long-awaited Tallinn Manual, due for formal publication in early 2013. The Manual is the product of a three-year project sponsored by the Centre in which an “International Group of Experts” examined, inter alia, the very issues cited in the Koh Speech. Participants included distinguished legal academics and practitioners, supported by a team of technical experts. USCYBERCOM, the International Committee of the Red Cross, and NATO each provided an observer who participated actively throughout the project, albeit in a non-voting capacity.
The Tallinn Manual consists of “rules” adopted unanimously by the International Group of Experts that are meant to reflect customary international law, accompanied by “commentary” that delineates their legal basis and highlights any differences of opinion among the Experts as to their interpretation in the cyber context. A select group of peer reviewers offered comments on the various drafts, as did a number of states that were willing to informally and unofficially do so. The author served as Director of the Project.
The relative congruency between the U.S. Government’s views, as reflected in the Koh speech, and those of the International Group of Experts is striking. This confluence of a state’s expression of opinio juris with a work constituting “the teachings of the most highly qualified publicists of the various nations” significantly enhances the persuasiveness of common conclusions. Of course, the limited differences that exist as to particular points of law render the respective positions on those points somewhat less compelling.
This article serves two purposes. First, it functions as a concordance between the positions articulated in the Koh speech and those found in the Tallinn Manual. The comparison is particularly apropos in light of the parallels in their content. Second, drawing on the Tallinn Manual, the article provides analytical granularity as to the legal basis for the positions proffered in the Koh Speech. In doing so, it usefully catalogues the various competing interpretive perspectives. The article is crafted around Mr. Koh’s “Questions and Answers,” which are reordered topically and set forth at the beginning of each section.