Soldiers on the Home Front

By Martin Walls

soldiers on the home front(Re-published from SU Magazine, May 2016) In 1807, former Vice President Aaron Burr was arrested in Mississippi Territory by troops mobilized by President Thomas Jefferson. Burr was accused of leading a conspiracy to annex part of Louisiana Territory, attack Spanish-held land, and create his own fiefdom. Burr was acquitted of treason, and his conspiracy would have been just another strange episode in the life of this outlaw statesman, had it not led to 1807 legislation that expanded the president’s ability to “call forth…such part of the land or naval forces of the United States, as shall be judged necessary” to suppress insurrection or enforce the laws. That act has proven durable. Along with the 1878 Posse Comitatus Act—which restricts a president’s ability to use the military to enforce laws—the early 19th-century legislation continues to define how and when federal troops can be deployed on home soil.

“The types of military over-reach we fear today aren’t the same as those in the 19th century, but the degree of caution is.”

“The Insurrection Act has survived because it’s both an authorization for the president to use the military at home and a set of conditions under which they can be used. It’s a core protection against military over-reach,” says College of Law Interim Dean William C. Banks, co-author with Vermont Law School professor Stephen Dycus of Soldiers on the Home Front: The Domestic Role of the American Military (Harvard University Press, 2016). “The types of military over-reach we fear today aren’t the same as those in the 19th century, but the degree of caution is. We no longer worry that the military will willy-nilly enter a city and start enforcing federal laws. Today, we fear intelligence-gathering and other technological powers that might intrude into our lives.”

Although the republic’s founders were concerned a strong army could undermine democracy, Banks describes citizens’ subsequent attitude toward the domestic use of troops as one of “cautious embrace.” After all, America’s powerful military is uniquely able to save lives and restore order in situations that overwhelm civilian institutions. Yet the military also has been used to break strikes, quell riots, and spy on and imprison American citizens during wartime. “There’s appreciation for what the military can do,” Banks explains, “as well as an equal amount of anxiety that excesses are possible, most likely at the direction of civilian leaders.”

The book’s fascinating anecdotes illustrate many military successes, failures, and near disasters on the home front. One notable success was during the Arkansas and Mississippi school desegregation crises. “Those situations were incredibly tense, but the troops handled them with great professionalism and skill,” Banks says. However, Banks explains that during the 1992 Los Angeles Riots—when President George H.W. Bush sent in federal troops—military involvement only confused matters. In this case, the Army general in charge refused to let his soldiers assist in enforcing the law, believing incorrectly that he would be violating legislative restrictions on military involvement in law enforcement.

Nevertheless, Banks and Dycus contemplate that the U.S. military’s domestic functions will expand in the 21st century, especially if large-scale catastrophes stretch disaster planning, federal agencies, and state personnel to their limits. Since 9/11—an unpredictable “black swan” event that required military assistance—laws and directives have changed rapidly as domestic threats from terror attacks, extreme weather, and pandemics mount.

It’s time, say the authors, to clarify the military’s homeland security role, in order to establish clear lines of authority, safeguard civil liberties, and protect democratic institutions and traditions. “We’d like to see more detail about what the military should do under varying circumstances,” Banks says. “That doesn’t mean we need new laws so much as we need military orders that are transparent and widely understood. The challenge for the military, after all, is to coordinate well with others inside and outside government, whether it’s commanders working with civilian agencies or active duty soldiers working with state members of the National Guard.”  

Foreign Volunteers or Foreign Fighters? The Emerging Legal Framework Governing Foreign Fighters

By Daphné Richemond-Barak & Victoria Barber

(Re-published from Opinio Juris, May 5, 2016) The emerging legal framework governing foreign fighters, whose importance is set to grow, epitomizes assumptions we’ve made about the good, the bad, and the ugly in Syria. While the international community condemns the recruitment of “foreign fighters” by ISIS, it condones the recruitment of “foreign volunteers” by the Kurds.

“The discrepancy between the treatment of the ‘good’ auxiliaries combating ISIS and that of the ‘bad’ ones ISIS recruits sets a dangerous precedent.”

That the international community has come together to condemn the recruitment of foreign “fighters” joining the Islamic State in Iraq and Syria (ISIS) is unsurprising: Since the late 1960s, it has repeatedly opposed the involvement of foreign individuals in conflicts to which their state of nationality is not a party. After decades of condemnation by the United Nations General Assembly and Security Council, an entire (albeit-ineffective) regime outlawing mercenaries emerged, primarily to stop Westerners from fighting in African conflicts. It sent a clear signal as to the illegitimacy of participating in someone else’s war.

Though it could have built on this well-established framework, which is grounded in state sovereignty, the UN chose a more restrictive and case-specific approach. It addressed exclusively the case of foreign fighters travelling to aid ISIS and other designated foreign terrorist organizations (FTOs) operating in Syria, such as Jabhat al-Nusra. It purposefully did not mention mercenaries, which are covered by the broader anti-mercenary regime. Nor did it address the case of individuals who leave their home countries to join other groups fighting in Syria – or, for that matter, to fight alongside the Syrian government and its allies.

Quite the contrary: Western states have generally taken a permissive stance vis-à-vis individuals who join the ranks of the People’s Defense Units (YPG), the Kurdish militia in Syria. For more than two years, foreigners from Australia, Canada, the United States, the UK, and other countries have joined the ranks of the YPG as “volunteers” who are, more often than not, warmly and publicly received upon their return home. The UK maintains that there is a distinction between joining ISIS and joining the Kurds, pointing out that British law is designed to allow for different interpretations based on the nature of the conflict. Similarly, the Dutch government states that, while joining the YPG is not a crime in and of itself, foreign fighters can still be charged for crimes they committed in service of that membership, such as murder. Israel, too, declined to prosecute, or even reprimand, a Canadian-Israeli woman who traveled to Syria to fight as a volunteer with the YPG. This tacit acceptance of “foreign volunteers” also benefits a smaller number of Westerners travelling to Syria and Iraq to fight alongside Christian militias like the Dwekh Nawsha in Iraq.

The discrepancy between the treatment of the “good” auxiliaries combating ISIS and that of the “bad” ones ISIS recruits sets a dangerous precedent: Why classify the YPG as an acceptable group to join, but ISIS, Hezbollah or al-Nusra as an unacceptable one?

The nature of the group plays a role. The Kurds are viewed as defending their ethnic heartland in Syria against a barbaric movement known for wanton murder and enslavement. They are longstanding inhabitants of the region, and have a vaguely defined moral claim to the Syrian northeast, though not, if we go by most of the international community, a claim to sovereignty. The Kurdish Regional Government is slightly further along the continuum, with an effectively autonomous region and its own quasi-army, the Peshmerga, fighting to defend its homeland, ethnic kin, and other minorities.

But as beleaguered as the Kurdish community in Syria and Iraq is, the logic of extending blanket legitimacy to Kurdish militia, while categorically denying it to others, is difficult to sustain at the level of international policy. Hamas and Hezbollah, like the Kurdish PKK, effectively govern territory and have evolved into organized and recognized bodies. Yet foreign participation in one of these groups is unlikely to be regarded as acceptable …

To read the whole article, click here.

Dr. Daphné Richemond-Barak is an Assistant Professor at the Lauder School of Government, Diplomacy, and Strategy at IDC Herzliya, and a Senior Researcher at INSCT partner organization the International Institute for Counter-Terrorism (ICT). Victoria Barber is a master’s candidate at the Fletcher School of Law and Diplomacy.

Here’s Why Jakarta Doesn’t Push Back When China Barges into Indonesian Waters

By Evan A. Laksmana

(Re-published from The Washington Post Monkey Cage, April 28, 2016) A China Coast Guard vessel rammed a Chinese fishing boat free in March after Indonesian authorities had seized it for illegal fishing off the Natuna Islands, Indonesia’s northernmost territory in the South China Sea. The Indonesian patrol let the Chinese ships go, as has been the case in similar incidents.

“I argue that Indonesia under Jokowi is under-balancing against China.”

Peaceful management of the area is in Indonesia’s strategic interests, even though the country is not part of the disputed South China Sea claims involving Vietnam, Malaysia, the Philippines, Brunei and China. But China’s claim to roughly 90 percent of the area overlaps with the Natunas’ Exclusive Economic Zones (EEZs). And Indonesian President Joko Widodo — better known as Jokowi — has prioritized the development of marine resources and the protection of the country’s maritime borders since assuming office in 2014.

Is Jokowi about to stand up to Chinese encroachment into Indonesia’s coastal waters?

But Indonesia is not pushing back against China. Here’s what neo-classical realist international relations theory suggests about why this is happening: States should forcefully react, either through alliances or military buildup, to protect long-term security interests — known as balancing — against threatening states. Yet domestic politics often hinders them from doing so.

I argue that Indonesia under Jokowi is under-balancing against China. Under-balancing happens when a threatened state fails to correctly perceive the threat posed by another state, or simply does not react appropriately to it.

That Indonesia has not forcefully responded, militarily or diplomatically, to China’s increasing presence on its doorstep reflects assessments of three main parameters:

1) Is China really a threat to Indonesia?

First, it’s not clear whether China — as the dominant power in Indonesia’s regional environment — poses an obvious threat. Many within Indonesia’s foreign policy elite believed Beijing’s private assurances in the 1990s that there is no dispute over who owns the Natunas. Jokowi’s foreign minister, in fact, reiterated this point after the March incident.

China’s forays into Indonesian maritime space, without publicly disputing the country’s ownership of the Natunas, seems consistent with a “salami slicing” tactic: the slow accumulation of small actions, none of which prompts a deep rift or call to arms but which add up over time to a major strategic change. In the South China Sea, this means slowly poking holes at maritime governance space, then taking control of smaller reefs and islands, and eventually consolidating claims through bilateral negotiations.

Beijing’s extensive regional economic engagement — from providing development assistance to promoting free-trade agreements — seems to send a different message, however. China also participates in the multilateral process to formulate a legally binding Code of Conduct for the South China Sea with the Association of Southeast Asian Nations (ASEAN).

So neo-classical realists would say Beijing’s behavior sends unclear signals, and states have a hard time figuring out what these signals mean. The less clarity there is over threats, the more likely a state’s foreign policy elites will pursue different solutions to a problem based on their particular interests. That’s what happened after the March incident with the China Coast Guard. The ministers of defense, foreign affairs and fisheries responded in contradictory ways as Jokowi’s advisers and diplomats disagreed on what the real problem with China is. The military was unsure of the right response.

2) Indonesia’s foreign policy priorities aren’t clear, either.

Even if China presented an obvious threat to Indonesia or its regional environment, Jokowi’s fractured foreign policy elite would hinder balancing efforts.

As neo-classical realists argue, elite consensus and cohesion are often necessary for balancing behavior to occur. Both of these preconditions have been missing in Jokowi’s approach to the South China Sea and China.

Jokowi, as the chief foreign policy executive, has not seemed terribly interested in foreign affairs. Analysts note he seems to be less tuned in to ASEAN, traditionally considered the country’s foreign policy cornerstone. And public rhetoric over maritime security notwithstanding, Jokowi has been preoccupied with domestic economic agendas and aligning competing party interests …

To read the complete blog article, click here.

Recipient of an Andrew Berlin Family National Security Research Fund grant, Evan A. Laksmana is a doctoral candidate at the SU Maxwell School. He is also a researcher at the Centre for Strategic and International Studies in Jakarta, Indonesia. His dissertation examines the diffusion of Western war-fighting doctrine to the Indo-Pacific region.

Time to Revive the 2004 Bush-Congress Letter to Israel

By Miriam Elman

(Re-published from Providence, April 21, 2016) Shortly after his inauguration, President Barack Obama abandoned a series of pledges that his predecessor had made to Israel. They included the promise that the U.S. would support a number of Israeli positions in future negotiations with the Palestinians, including a) Israel would not be compelled to cede its claims to all of the territory captured from Jordan in the 1967 Six Day War; b) millions of Palestinian Arabs would not be resettled in Israel; and, c) Israel must be recognized as the state of the Jewish people.

“The Bush-Congress letter to Israel was incredibly valuable since it helped Sharon win domestic public approval for his Gaza disengagement plan.”

These commitments were delivered by former President George W. Bush to the late Israeli Prime Minister Ariel Sharon in the form of a two-page letter at a White House press conference on April 14, 2004.  Several months later, Congress would add its support to the letter’s terms by lopsided margins—95-3 in the Senate and 407-9 in the House of Representatives.

A letter from a U.S. President to an Israeli Prime Minister might not seem like a big deal. Yet, it’s what enabled PM Sharon to undertake risks for peace—the removal of every Israeli citizen, settlement, and military base in Gaza, and the removal of four small settlements in the West Bank.

In fact, the Bush-Congress letter to Israel was incredibly valuable since it helped Sharon win domestic public approval for his Gaza disengagement plan. Of course, Sharon may have taken this unprecedented move even in the absence of the White House’s support. But the letter made it an easier sell.

While the letter was viewed by the Arabs as signaling a major break in U.S. policy, the reality is that previous U.S. administrations had also accepted that there would be no return to the 1949 borders because Israel would keep some of the settlements. Basically, the 2004 Bush-Congress letter just “set forth publicly” something that had already been widely acknowledged by the U.S. government: to ensure Israel’s security with defensible borders, the 1967 lines weren’t a useful starting point for negotiations.

Indeed, it was President Obama who shifted the goal posts by refusing to view the Bush-Congress letter to Israel as binding on U.S. policy and by claiming that negotiations should start on the 1967 lines.

President Obama’s cavalier decision to reject the Bush-Congress letter soured relations between the U.S. and its most important ally in the Middle East during the early days of the Obama presidency. From the Israeli perspective, it was a betrayal …

To read the full article, click here.

Obama: The Conflict Resolution President?

By Louis Kriesberg

(Re-published from Foreign Policy in Focus, April 18, 2016) In the eighth year of Barack Obama’s presidency the struggle over assessing the correctness of his foreign policy is understandably under way. Unfortunately, too often the struggle is waged in extreme, ill-founded terms. Many Republican leaders and pundits accuse Obama of being naïve, weak, indecisive, and even at times of pursuing non-American interests and goals. Obama himself, in his unflappable manner, ignores the wildest charges and tries to explain the rationale for the foreign policy choices that he makes. His team defends and explains the grounds for choosing the least bad option in difficult circumstances. They agree on the importance of not doing “stupid stuff.”

“Obama has tried to minimize US resort to violence, while narrowing the targets and drawing upon multilateral support.”

It is, however, worthwhile to seek an understanding of the foreign policy doctrine or style that Obama generally has used. Some observers, like Andrew Bacevich, think he remains essentially within the Washington foreign policy consensus in dealing with the Middle East. Yet Obama characterizes himself differently, as reported by Jeffrey Goldberg. In “The Obama Doctrine,” published in The Atlantic, Obama has expressed some distance from that consensus, which he views as overly militarized. And yet he wants to characterize himself as a realist. That is probably a politically useful guise.

In fact, Obama has been quite eclectic and pragmatic in his policy making. More significantly, he has often drawn from the evolving conflict resolution approaches. More specifically, his conduct often has been congruent with a constructive conflict approach that synthesizes the research and experience of work in the conflict resolution and peace studies fields.

Obama has tried to minimize US resort to violence, while narrowing the targets and drawing upon multilateral support. In addition, he has used diplomacy to restructure conflicts and has taken into account how adversaries view a conflict so as to maximize the effectiveness of non-coercive inducements. His administration has recognized that diplomacy takes many formal and informal channels at multiple levels. Each effective engagement helps build a basis for future engagements in future conflicts. These understandings are central to a constructive conflict approach, derived from empirically grounded knowledge about ways to reduce destructive conflicts. Indeed, Obama has had notable foreign policy successes by acting in accord with a constructive conflict approach. Furthermore, some seeming failures might well have been averted, not by more militancy, but by more prompt and consistent use of constructive conflict strategies …

To read the whole blog entry, click here.

Podcast: Syrian Accountability Project & “Looking Through the Window Darkly”

Hello and welcome to the Syracuse University College of Law podcast, where we discuss pressing legal topics with our distinguished faculty and alumni. I am David Crane professor of practice at the College of Law and project leader of the Syrian Accountability Project at the College of Law.

Today, we are going to discuss a recent white paper released by the Syrian Accountability Project that details rape in Syria during 2011-2015. The report, Looking Through the Window Darkly, is the first document of its kind to not only highlight and analyze reported accounts of this horrific gender crime but also to apply international legal standards with an eye toward future transitional justice for the victims.

I’d like to introduce my guests: Peter Levrant, executive director of the Syrian Accountability Project and a third year law student at the College of Law and Molly White, chief registrar for the Syrian Accountability Project and also a third year student at the College of Law. Hello and welcome Peter and Molly …

Apple Encryption Debate: What about iCloud?

By Christopher Folk

(Re-published from Cyberlawblog, March 30, 2016) Walt Mossberg’s article about the Apple encryption debate (in The Verge) highlights the fact that Apple has the ability to decrypt the bulk of data that is uploaded via iCloud backups. Furthermore, according to Mossberg, Apple has unencrypted and provided iCloud backup data to the FBI and other law enforcement agencies on numerous occasions—once a valid warrant has been issued. Mossberg indicates that Apple views iCloud data differently from the iPhone for a variety of reasons:

“Sorry to disappoint, but for most of us, Big Brother is more akin to Rhett Butler than George Orwell. When it comes to our information, the government says, ‘Frankly, my dear, I don’t give a damn.'”
  • Apple claims that the security policies for the phone relate to a physical object that can, therefore, be lost or misappropriated and consequently the physical device requires heightened security protocols.
  • Apple indicates that the iCloud requires strong security; however, Apple retains the ability to access and restore backups to user devices since this is a feature that users desire. Additionally, Apple states that sensitive data such as network passwords and Apple keychains (that hold passwords) is not decrypted from iCloud backups.
  • Apple’s position is similar to other providers—such as Google (Gmail and Google Drive, Docs, and Calendar) and Dropbox—and these cloud services indicate that they also comply with valid, lawful orders for decrypting and providing data to law enforcement.

Mossberg raises some interesting questions concerning exactly what Apple was doing when it launched its media blitz decrying the government’s efforts to compel Apple to bypass some iOS security features that would allow the FBI to launch a brute-force attack on an iPhone 5c.  If Apple’s primary motivations were about data privacy and protection for its customers, then why does it retain the ability to decrypt iPhone backups in the cloud? Did Apple choose this battle merely to highlight what it deems to be a larger privacy issue, or does Apple truly believe that data on an iPhone is more sensitive than data from an iPhone backed up to iCloud?

Before proceeding, I should say that on a personal level—irrespective of the position I may have extolled in previous blog posts—I think that data privacy and encryption, in particular, are valuable tools that should be available to citizens within the digital realm. Specifically, I am not in favor of encryption backdoors, master keys, or “clipper-style” chips that would allow government intrusion into electronic communications. I use encryption at the volume and file-level, and I believe that just because the government has a search warrant giving them the right to access information, it doesn’t mean that they necessarily have (or should have) the ability to access encrypted information.

That being said, it seems a bit disingenuous to argue that modifying the iOS code to remove the timing delay between successive passcode unlock attempts, and to bypass the auto-delete functionality so the government could launch a brute-force attack against an iPhone, somehow places user data in greater jeopardy than putting a bow around a decrypted iCloud backup and delivering it to the government. Frankly, it seems shocking that more users aren’t distraught by Apple’s past and, I assume, future compliance with requests for decryption of iCloud backups.

A number of arguments have been raised with respect to why these Apple vs. FBI issues are so important and far-reaching.  Here are some points that appeared in recent comments to a previous post:

  1. There may be valid reasons for the government to request access to an iPhone, but how is that threshold discerned?
  2. The actual number of phones that could be affected number in the millions with presumably any model 5c or earlier able to be brute-force attacked had Apple developed a new iOS code.
  3. Initial compliance will lead to later compliance, and companies such as Apple will be compelled to comply, especially in countries such as China.
  4. Once Apple writes the software the government could reverse-engineer it, and they will be able to use it to unlock other phones.
  5. The FBI and US Department of Justice (DOJ) have both suffered cyber breaches, so if they have the iOS software it is likely to attract hackers, and they will effect a breach and abscond with the iOS code.

With respect to the first point, an order to compel is—and will continue to be—a matter for the judiciary. Once an application has been made and issued by the court, it becomes a lawful mandate and, yes, Apple or any other entity is required to comply.  There is no distinction between encrypted, unencrypted data, levels of encryption, bit shifting, or steganography—this kind of writ is simply a lawful order that gives law enforcement the ability to get X from Y.  Additionally, many search warrants have ex ante restrictions that limit law enforcement’s processes, procedures, and/or timelines within which they can execute a search. Thus, there are already mechanisms in place to ensure that law enforcement has valid reasons to request access to data.

The second point, while valid, still overlooks the fact that the iOS changes being touted would be purpose-built to load on this specific iPhone, not just the specific model, but, in fact, the specific device associated with a unique device identifier.

The third point is little more than a slippery slope argument. The mere fact that a company is forced to comply with a lawful order does not render any future arguments against a DOJ request to be moot. These inquiries are very fact-specific and as such one would anticipate that courts are going to make the requisite searching inquiries before compelling any action under the All Writs Act.  Additionally, under the All Writs Act, the following conditions must be examined [1]:

  • Is Apple either a party to the underlying case, or if a non-party, are they in a position to either thwart or effect the implementation of the court order? Here, Apple does not own the phone; however, it did manufacture the device.  Furthermore, Apple owns the proprietary design elements to include hardware and software and is, therefore, a party.  Even if one were to argue that Apple’s non-possessory interest in the specific device was at issue, the fact that Apple does own the iOS running on the device, and it is a combination of the iOS and the underlying hardware that is preventing the DOJ’s brute-force attack without modifications by Apple, then they are a non-party to whom it would be appropriate to direct the writ.
  • Does Apple have a substantial interest in not assisting the government? The stated interest appears to be Apple’s strong beliefs in privacy rights and, at face value, that does seem to be compelling. However, when taken in the context of Apple’s position on iCloud backup files, which it readily decrypts when provided lawful mandates, the argument weakens. The fact that Apple views device security differently than the security of files backed up to the iCloud lends credence to the theory that Apple’s desire to “seem” focused on security and privacy really isn’t the case in their day-to-day operations. The fact that Apple does decrypt customer data indicates that the idea of doing so is not patently offensive, nor does it violate the company’s actual beliefs or policies—irrespective of which beliefs Apple chooses to assert with the media.
  • Is the order burdensome? If this code change requires two weeks of coding by a team of developers, then certainly there is the opportunity cost associated with this. This team of developers could have spent two weeks working on any number of issues or building the greatest iOS the world has ever seen. However, since the government is willing to compensate for the time devoted to this endeavor, one can also argue that while the time and potential products in the software development life cycle (SDLC) may be impacted, this is a burden which can be shifted through the allocation of government funds to offset the time and expense. In reality, this is probably Apple’s strongest point, yet it also seems to be the one they are putting the least amount of focus on. If you think of the SDLC in terms of the butterfly effect, where the flapping of the butterfly wings at Time N causes the breeze that causes the ripple that cascades to Time N+n into a hurricane, then you get a sense of the argument Apple might make. If you assume that iOS runs on a six-month SDLC, and it takes two weeks of core development resources to assist the government, then the entire lifecycle shifts. Now software is out of sync with hardware, and the new release slated to be rolled out in two more development cycles suddenly gets pushed back. This could extend time-to-market, allowing someone else to gain a competitive advantage, and suddenly you can demonstrate the enormity of the potential burden of shifting development resources to an outside project while in the midst of the SDLC.
  • Is there a way for the government to obtain what it needs without Apple’s assistance? Well, up until Sunday this answer seemed pretty straightforward.  According to Apple, their iPhone was secure, and according to the DOJ, they could not bypass the lock code security.  Of course, once an outside party was able to bypass this and unlock the iPhone, this task was not dependent upon Apple’s acquiescence.

The fourth point is somewhat counterintuitive.  Here it is being asserted that once Apple modifies the iOS to change the timeout value and bypass the auto delete, then when the government gets the device back, they can reverse-engineer the iOS and use it to brute-force other iPhones. The problem is, if the government could reverse-engineer this “special” iOS, then why can’t they reverse-engineer the proposed iOS?  Does changing a timeout value and circumventing a block of code that performs the auto delete somehow make the code easier to reverse engineer?  Apple may be overstating the resources it would take to build this new code, but either way, if the government can reverse engineer any iOS then all bets are off and they can hire some hackers to make some modifications and let it run amok to access iPhones everywhere (with valid court orders, of course!)  Unless there is some reason that the altered iOS is going to be inherently insecure, or if the update will only work with raw source code, the propensity of the government to reverse engineer the new code is no greater than their ability to do the same with the current iOS versions.

Finally, the fifth point—that the FBI and DOJ could be a target for hackers once they have this new iOS—is also rebuttable.  As I write this, presumably iOS is sitting on servers in Cupertino, if it really is that attractive, why isn’t Apple a target for this sole reason?  And while I won’t argue that the government has a handle on cybersecurity, in all fairness can we assume that the FBI and the DOJ already have some sensitive data on their servers that hackers the world over would love to get access to, so aren’t they already targets as well?  Some of this issue comes back to Apple’s assertion that iCloud and iPhones aren’t really the same. Here, if either the FBI—or any other three-letter agency—was able to get this iOS, reverse engineer it, and have it waiting and ready for use, they would still need the physical phone to make this work.  So too would any hacker because having the ability to brute-force a phone to get it to unlock without erasing data is somewhat predicated on actually having a physical phone to perform this action on. 

Is it scary that the government could access our phone data and our encrypted communications? Yes, of course, because that raises a number of concerns with respect to privacy as well as potential freedom of speech issues.  However, if you consider the technological movement towards an Internet of Things, and the sheer volume of hackable devices and data, is government intrusion into our phones really a looming concern?  Perhaps, this concern over phone privacy is a Millennial Generation issue in which people think that their pet pictures or their social media status updates are somehow of interest to a federal government that wants nothing more to break encrypted communications to find out how many cats they say they have versus how many they actually have!

However, in the real world—and I have spent some time with Big Data firms—one realizes that trying to amass myriad bits of information and then taking the time to decrypt it and then sort through it (even if automated, based on keyword) is an enormous undertaking. Mass decryption would be both technically infeasible and an inordinate drain on government resources.  Sorry to disappoint, but for most of us, Big Brother is more akin to Rhett Butler than George Orwell. When it comes to our information, the government says, “Frankly, my dear, I don’t give a damn.”

———

[1] United States v. N.Y. Tel. Co., 434 U.S. 159, 174 (1977).

http://blog.cybersecuritylaw.us/2016/03/30/apple-encryption-debate-what-about-icloud/

Christopher W. Folk is a second year student at SU College of Law, a former US Marine, a software engineer, and Town Justice for the Town of Waterloo, NY.

ISIS & Genocide: State Dept. Has Made the Right Call, But It Shouldn’t Have Taken This Long

By Miriam Elman

(Re-published from Legal Insurrection (“State Dept: ISIS Committing Genocide”), March 17, 2016) At a 9:00 a.m. press conference [on March 17, 2016], Secretary of State John Kerry announced that the Islamic State’s actions perpetrated against ethnic and religious minorities, including Christians, are “genocidal” and constitute crimes against humanity.

“In his statement this morning, Kerry makes a point of noting that classifying ‘Daesh’s’ actions as amounting to genocide doesn’t place any ‘legal obligation’ on the United States to act.”

In the brief (10 minute) statement, Kerry refers throughout to the Islamic State (ISIS) as Daesh, its Arabic acronym. He details many of the “despicable” horrors that ISIS has perpetrated against the civilians under its control, claiming that “Daesh is genocidal by self-acclimation, by ideology and by practice”. In labeling ISIS’s motivations as genocidal and its actions as constituting genocide, the State Department met a congressionally-mandated March 17 deadline for making this classification. This past Monday, in a rare example of bipartisanship, the U.S. House of Representatives unanimously (393 to 0) passed a non-binding resolution condemning the Islamic State’s atrocities as genocide.

Kerry’s announcement comes as a surprise.

In recent weeks the Obama administration had insisted that further evaluation was necessary. And at a press conference as late as yesterday, Mark Toner, a State Department spokesperson, stated that Kerry was not yet ready to make the determination of whether ISIS’s actions had met the legal standard of genocide, and would need more time to review the available evidence and ponder the “legal ramifications” of this designation.

Toner confirmed that the State Department would not be meeting the deadline set by Congress, and also said that waiting to make the determination would be “worth it”. So everyone following this issue (see for example here and here) was pretty much certain that Kerry would let the deadline lapse. As for me, I was hedging my bets. It wouldn’t be the first flip-flop of this administration. So I wrote in a post yesterday that: “While some were hopeful that Kerry would concur with the House, it’s looking increasingly likely that he’ll be dragging out the official determination, and will let the deadline pass tomorrow without any action.”

Kerry—unexpectedly—has done the right thing, although it should never have taken this long.

As I noted in yesterday’s post, the designation can’t come too soon for the Middle East’s suffering Christians. Officially classifying the Islamic State’s atrocities as an unfolding genocide would certainly help to bring about a global response to this crisis. Speaking up for the Middle East’s beleaguered and brutalized minority population would invoke a ‘responsibility to protect’ and, as has been noted, “there are a series of actions that [would] immediately come into play to stop [the genocide].” But in his statement this morning, Kerry makes a point of noting that classifying “Daesh’s” actions as amounting to genocide doesn’t place any “legal obligation” on the United States to act …

To read the full blog, click here.

Islamic Contributions to International Humanitarian Law

By Corri Zoli

(Re-published from AJIL Unbound, March 17, 2016) This short essay focuses on the involvement of Muslim-majority state leadership in the pre-World War II development of international humanitarian law (IHL), including their appeals to Islamic norms.[1]  This historical snapshot reveals how national leaders joined debates during conferences leading up to the revised 1949 Geneva Conventions, the heart of modern IHL. Such accounts complicate our assumptions about the cultural and national composition of public international law as “Western,” and shed light on global hierarchies involving modern Arab and Muslim states and their investment in such norms. The essay argues by example that, ultimately, in Third World Approaches to International Law (TWAIL)[2] more emphasis is needed on history, traditions of governance, and states’ distinctive responses to macrostructural pressures—rather than on static notions of identity, resistant narratives, and presumed shared ideologies. TWAIL seeks alternatives to international law’s presumed oppressive role in Western-non-Western power dynamics, and new ideas and opportunities for a “third-world” legal scholarship beyond current global underdevelopment dynamics.[3]  Yet too rarely have scholars probed deeply into the history of third-world[4] participation and leadership in developing international law norms, particularly at the state level or from the semi-periphery.[5]  In fact, non-Western leaders have played a role in the pre-World War II period of lawmaking and have used existing cultural and legal traditions to do so. Accounting for this history makes for a more accurate, inclusive, and culturally-grounded approach to the law made by and for states. More pointedly, it reaffirms that cornerstone premise of sovereignty—in all of its diverse national expressions—an idea challenged today by global political-economic forces.[6]

“[T]oo rarely have scholars probed deeply into the history of third-world participation and leadership in developing international law norms.”

In comparative international law, legal history, and Islamic studies, it is fairly well established that Islamic norms historically governing use of force are broadly compatible with principles of the international law of war. BeyondQuranic verses, the classic example is Abu Bakr’s instructions to Arab armies invading Syria on the eve of the Riddawars (632/3 CE) in which the prophet Muhammad’s first successor sought to defeat and reintegrate rebellious Arab tribes into the newly-formed Islamic empire or caliphate.[7]  In laying out some of the first humanitarian norms—prohibitions against “treachery,” pillage, the killing of children, women, the elderly—Abu Bakr helped legitimize a young politico-religious community in its own early relations of rule, and defined lasting standards for conduct in warfare.[8]  Many scholars see an early Islamic footprint in the very idea of international law, its emphasis on treaties, and IHL.[9]

If the compatibility thesis is well-known,[10] less explored are Islamic contributions to the shared history of public international law, modern Muslim leadership in IHL,[11] and the too-rarely-treated role of Muslim states in the early Geneva and Hague diplomatic conferences. In fact, when we think of the 1949 Geneva conference, convened to update existing Hague and Geneva law, rarely do attendees from Afghanistan, Egypt, Iran, Lebanon, Pakistan, Syria, Turkey, and Albania spring to mind. Not only did delegates from these Muslim-majority states take part in deliberations, they signed the resulting agreements known as the revised Geneva Conventions of Aug. 12, 1949, including the unprecedented Fourth Convention covering civilians in war.[12]

It is worth noticing several features of this contribution. Firstly, and empirically, one sees an increase over time (see below) in Muslim state conference participation, a trend that continues until the 1960s, after which many states—partly through the Organization of Islamic Cooperation—begin to develop culturally-specific interpretations of international law with complex motives and results.

Secondly, an emphasis is placed on “humanity” as a collective project by Conference participants in keeping with the IHL framework. Less noted, though important—in light of TWAIL critiques of empire—is how often such humanitarian priorities emerge from an expressly imperial framework and its philosophy of largesse, notably by Persian and Turkish representatives (both coming from empires).

Two examples bundle these points: Note the following declaration by General Mirza Khan, the first delegate of Persia to the 1899 Hague Peace Conference:

The Russian Government having done Persia the honor of inviting it . . . and His Imperial Majesty the Shah, my august sovereign, having deigned to choose me to undertake this honorable mission. . . . All these marks of interest impose upon me the duty of adding also on my side . . . support of the great cause which is that of all humanity and with which we have here to deal.[13]

To refute critics who detect arrogance in the Emperor of Russia’s initiative, Khan relays this story:

“Permit me, gentlemen, to cite to you a proof of [Emperor Nicholas II’s] . . . elevated sentiments. In the first year after my appointment . . . [for] Persia at the Russian Court, I was accompanying on my horse the Emperor who was going from the Winter Palace to the Field of Mars . . . to be crowned. As I was somewhat ill that day, I fainted and slipped from my horse. The Emperor, seeing this, stopped his brilliant cortege and did not continue . . . until I had been put in a carriage. . . . Several times [he] sent his aides-de-camp to learn of my condition. Our celebrated poet Saadi has . . . describe[ed] pride: ‘Its glance is like that of a king who causes his army to pass before him.’ The young Emperor, an autocrat of 26 years of age, who, for the first time, after his accession to the throne, was passing in review a brilliant army of 30,000 men, did not, in that moment of legitimate pride, forget an accident . . . to a stranger. . . . He who acts thus can not be selfish, and . . . the initiative that he has taken for this Conference, can only proceed from a . . . noble heart. Gentlemen, let us fulfil our duty before the civilized world, and not discourage Their Majesties.” [14][15]

To read the full article, click here


[1] See James Cockayne, Islam and International Humanitarian Law, 84 Int’l Rev. Red Cross 597 (2002); Mohamed Badar, Ius in Bello under Islamic International Law, 13 Int’l Crim L. Rev. 593 (2013); Ahmed Mohsen Al-Dawoody, The Islamic Law of War (2011).

[2] James Thuo Gathii, TWAIL: A Brief History of its Origins, its Decentralized Network and a Tentative Bibliography, 3 Trade, L. & Dev. 26 (2011); Karin Mickelson, Taking Stock of TWAIL Histories, 10 Int’l Community L. Rev. 355 (2008).

[3] Mutua writes: “The regime of international law is illegitimate. It is a predatory system that legitimizes, reproduces and sustains the plunder and subordination of the Third World by the West . . . Historically, the Third World has generally viewed international law as a regime and discourse of domination and subordination, not resistance and liberation. This broad dialectic of opposition to international law is defined and referred to here as Third World Approaches to International Law (TWAIL).” See Makau Mutua, What Is TWAIL?, 94 Proc. Ann. Mtg. ASIL 31 (2000); Madhav Khosla, TWAIL Discourse: The Emergence of a New Phase, 9 Int’l Community L. Rev. 291 (2007) (arguing for three phases of concerns: colonialist, hegemonic uses of international law by powerful nations; international legal institutions embedded in North-South politics of globalization; and extreme post-9/11 violations of norms).

[4] For social scientific debate of “Third World,” see Carl E. Pletsch, The Three Worlds, or the Division of Social Scientific Labor, circa 1950–1975, 23 Comp. Stud. Soc. & Hist. 565 (1981); Vicky Randall, Using and Abusing the Concept of the Third World, 25 Third World Q. 41 (2004).

[5] But see, Muhammad Munir, Islamic International Law, 20 Hamdard Islamicus 37 (2012); Antony Anghie,Imperialism, Sovereignty & the Making of International Law (2005); Surya Prakash Sinya, Legal Polycentricity & International Law (1996); Arnulf Becker Lorca, Mestizo International Law (2014).

[6] See UN Charter art. 2(1), “The Organization is based on the principle of the sovereign equality of all its Members.”

[7] See Fred M. Donner, Muhammad & the Believers (2010); and Fred M. Donner, Early Islamic Conquests (1986). For Quranic verses echoing related norms, see Yusuf Ali, The Holy Qur’an 47.4; 2.205; 48.25 (1934)—but see id. at 59.5 and 47.4.

[8] Abu Bakr’s instructions include: “Oh army, stop and I will order you [to do] ten things; learn them from me by heart. You shall not engage in treachery; you shall not act unfaithfully; you shall not engage in deception; you shall not indulge in mutilation; you shall kill neither a young child nor an old man nor a woman; you shall not fell palm trees.”See The History of al-Tabari Vol.10: The Conquest of Arabia (Fred M. Donner trans., 1983); Rudolph Peters, Islam & Colonialism 23 (1979) (noting other schools using the Prophet and Quran i.e. 59.5 permitted these acts, justified them, and refuted Abu Bakr’s prohibitions, as the “deeds of the companions can never abrogate deeds of the Prophet”).

[9] For non-Western contributions in Africa studies, see Emmanuel G. Bello, Shared Legal Concepts between African Customary Norms & International Conventions on Humanitarian Law, 23 Mil. L. & L. War Rev. 285 (1984). But see, Modirzadeh on incompatibilities in Islam and IHRL, Naz K. Modirzadeh Taking Islamic Law Seriously: INGOs and the Battle for Muslim Hearts & Minds, 19 Harv. Hum. Rts. J. 191 (2006).

[10] Mohammad Hashim Kamali, Principles of Islamic Jurisprudence (2005). See Cockayne, supra note 1,;Al-Dawoody, supra note 1.

[11] See Emilia Justyna Powell, Islamic Law States and Peaceful Resolution of Territorial Disputes, 69 Int’l Org. 777 (2015).

[12] For Conference sources cited, see James Brown Scott, The Proceedings of the Hague Peace Conferences, 1899(1920) [hereinafter Scott 1920]; A. Pearce Higgins, The Hague Peace Conferences Concerning the Laws & Usages of War (1909); James Brown Scott, The Geneva Convention of 1906 for the Amelioration of the Condition of the Wounded in Armies in the. Field (1916) [hereinafter Scott 1916]; 1-3 Final Record of the Diplomatic Conference, Geneva, Apr. 1-12 Aug. 1949 (1968).

[13] Scott 1920, supra note 12, at 305 (Hague, June 23, 1899).

[14] Id. at 306 (Hague, Jun. 23).

[15] The work of Saadi Shirazi (d. 1291) adorns the UN entrance. See Saadi Shirazi, Rose Garden, The Manners of Kings (1258): “All human beings are members of one frame; Since all, at first, from the same essence came. When time afflicts a limb with pain; The other limbs at rest cannot remain. If thou feel not for other’s misery, A human being is no name for thee.”

What is “Reasonable” in Terms of Client Data Protection?

By Christopher Folk

(Re-published from Crossroads Blog, March 15, 2016)  In spite of some recent high-level data breaches, a recent article that appeared in Legal Tech News seems to indicate that law firms and lawyers are still not doing nearly enough in terms of client data protection. This article indicates that the FBI first warned law firms back in 2009—and then repeated the warning in 2013—stating in no uncertain terms that “[w]e have hundreds of law firms that we see increasingly being targeted by hackers.”

As if the FBI warnings weren’t enough, the American Bar Association (ABA) decided to add some comments to its Model Rules of Professional Conduct to advise lawyers what their ethical duties are with respect to cybersecurity.  Specifically, ABA model rules 1.1, 1.6, and 5.3 address technology and the lawyer’s duty therein (specifically, you can find this language within the comments to the aforementioned rules). The article, however, indicates that law firms are still not doing enough, and as a result they may be exposing their client’s data and exposing themselves to legal liability.  Consequently, Peter J. Toren suggests in his Legal Tech News article that law firms address three specific areas: (1) email security; (2) personal devices; and (3) unsecure Wi-Fi.

Commentary

If Toren’s assertion that law firms are not doing enough to take reasonable steps to safeguard client data, then the three items that he lists amount to no more than a drop in the proverbial bucket, and they would in my opinion fall far short of the standard of reasonableness articulated within the official comments to ABA model rules 1.1, 1.6, and 5.3, as well as ethics opinions that have been drafted by various state bars.

I would argue that first and foremost a law firm needs to conduct an assessment of the threats against it—and, more importantly, its vulnerabilities—in order to understand the current state of the firm’s cybersecurity.  Once that audit is complete, a firm will be better able to articulate a plan for identifying the most pressing vulnerabilities and a process by which the vulnerabilities can be mitigated.

If one simply looks at cybersecurity as a border security exercise—in which one just has to “build a wall” of some kind—then one will fail to grasp the fact that the primary concern must be in securing data and preventing unauthorized data access, data breaches, data modification, and data exfiltration.  To that end, looking at email security and implementing password aging and complexity guidelines, along with multi-factor authentication, is probably going to end up on the list of cybersecurity tasks. But these policies should be a step a firm gets to, rather than where it actually starts the process. Similarly, with respect to personal devices and network access, a holistic approach in which a firm treats data as the “crown jewels” and then creates processes and procedures to safeguard these jewels is going to result in a more comprehensive and effective cybersecurity strategy than simply changing the firm’s WiFi password (a simple wall) or restricting the use of personal devices.

I have made these points in mixed company before, and the rhetoric I often hear is that the ultimate step is to get to encryption, but in the interim we are going to do X and Y.  However, in the context of a law firm, once you understand that data encryption is a must-have, then I believe failing to protect that data falls below the threshold of “reasonableness.”  There are a number of services and options that law firms (or even the sole practitioner) can employ; however, my view is that if a firm has clear-text, unencrypted client data sitting on workstations, in servers, in the cloud, or anywhere within its purview, then any inability to encrypt that data using even a rudimentary bit-shifting algorithm is unethical.

So come on law firms, your clients are spending significant time and resources securing their data. When, either as a result of litigation or perhaps in preparation for such, their data ends up at your law firm, and if your cybersecurity efforts are weak or non-existent, your clients are going to hold your firm responsible in the event of a breach or unauthorized access.  Law firms need to stop looking at cybersecurity as a non-billable cost center and realize that a mistake in this arena could spell disaster for the firm (for instance, just take a look at the effect a data breach had on Puckett & Faraj).

http://blog.cybersecuritylaw.us/2016/03/15/safeguarding-clients-information/

Christopher W. Folk is a second year student at SU College of Law, a former US Marine, a software engineer, and Town Justice for the Town of Waterloo, NY.