Last modified: Tuesday, October 18, 2011
Obama administration's deliberations on cyberattacks against Libya raise legal questions
FOR IMMEDIATE RELEASE
Oct. 18, 2011
BLOOMINGTON, Ind. -- The Obama administration's consideration and rejection of cyberattacks as part of the military action against Libya constitute another significant revelation about the fast-moving realm of cybersecurity. According to an Indiana University Maurer School of Law cybersecurity expert, deliberations on whether the United States should use cyberattacks against Libyan air defense systems underscore cyberspace's emergence as a military domain but also raise questions about domestic and international law in U.S. cybersecurity thinking.
"The idea that offensive cyberattacks created difficulties under the War Powers Resolution is hard to reconcile with the administration's eventual position that its use of lethal and more damaging conventional weapons did not constitute 'hostilities' triggering the resolution," observed David P. Fidler, the James Louis Calamaras Professor of Law and a fellow at the IU Center for Applied Cybersecurity Research. "Why people in the administration thought that preceding the air campaign with cyberattacks against Libyan air defenses might be a 'game changer' for the War Powers Resolution is not clear."
News media reported this week that the Obama administration considered using cyberattacks to disrupt Libya's air defenses early this year, but rejected the idea in part because of concerns about the Vietnam-era War Powers Resolution.
But launching cyberattacks would not have altered the administration's argument that the military intervention against Libya fell short of hostilities, Fidler said, because such attacks would not have required ground forces or increased the danger of Libyan attacks on U.S. forces, and would have been consistent with the U.S. role of supporting the multilateral effort authorized by the UN Security Council.
"Perhaps, at the time the decision about cyberattacks had to be made, the Obama administration had not settled on its position on the application of the War Powers Resolution to this military intervention," Fidler said. "But, even then, the cyber component would have only preceded conventional military attacks on Libyan armed forces threatening civilians, so why cyber apparently mattered in the War Powers Resolution analysis is murky."
Also not clear, Fidler noted, is whether the Obama administration debated if cyber weapons and attacks fell within "all necessary measures" the Security Council authorized UN members to take to protect civilians in Libya. The Security Council authorization would have provided an international legal basis for using cyber weapons to support humanitarian protection, and their limited and targeted use against Libyan military targets could have satisfied the law of armed conflict.
"The most compelling explanation for the non-use of cyberattacks is that, given the fast-moving crisis in Libya, the cyber option was not quite ready for prime time in such an unexpected, rapidly developing, and high-profile military intervention," Fidler said. "Neither domestic nor international law appear to have posed serious constraints on use of offensive cyber capabilities in the Libyan intervention."
Fidler is available to comment on cybersecurity matters. He can be reached at firstname.lastname@example.org, or at 812-855-6403.