The Nerfherder, by Rob Domanski

The following is my book review of Binary Bullets: The Ethics of Cyberwarfare. This review is scheduled to be published in the forthcoming issue of Perspectives on Politics.

In a volume of rich ambition and tackling an important area of rapidly growing geopolitical significance, Allhoff, Henschke, Strawser, and their contributors have overwhelmingly succeeded in presenting a current and comprehensive analysis of the ethics of cyberwarfare and introduced numerous theoretical and conceptual models for analysis that will guide the field for years to come.

Allhoff, Henschke, and Strawser begin by raising the definitional problem that often plagues studies of cyberwarfare – to what extent is cyberwarfare even warfare at all? The editors immediately address this by defining cyberwar as “an act of violence conducted by, or targeted at, information communication technologies intended to compel our opponent to fulfill our will” (p. 3). Throughout the volume, to its credit, the problem of definition is acknowledged repeatedly, although the editors do an excellent job of making sure that we do not get lost in it.

The first section takes a norms-based approach and constructs its ethical basis more on what’s already occurring in cases of cyberwarfare and in the realm of international law than how ethics normatively ought to be going forward. George R. Lucas Jr. argues convincingly that a soft-law approach (“best practices”) is more likely to be accepted than formal legislation because norms emerge from practice rather than through stipulative laws and regulations that are imposed externally. Especially at the international level where cyberwarfare is carried out by nation-states, the limitations of international law seem particularly pronounced in the borderless cyber realm, and thus there is not much practical alternative. In contrast to this soft-law approach, however, Michael N. Schmitt and Liis Vihul examine international legal norms arguing that new treaties or customary law norms to govern cyberconflicts will find a range of opposition, thus evolving existing international law is “the more likely near-term prospect” (p. 52). Randall R. Dipert then segues nicely into the next section by arguing that just-war theory should apply if the effects of cyberwarfare do rise to the level of harm produced in traditional warfare. Perhaps Dipert’s most interesting idea is his reexamination of what constitutes “arms”. If weaponized malware like Stuxnet is based on algorithms, and algorithms are really just ideas, then can we really consider ideas to be, literally, weapons, perhaps even to be bought and traded as military commodities, since they can demonstrably be used for harm?

Interestingly, while the Tallinn Manual is harshly critiqued by multiple authors here and called “a spectacular failure”, those who are bold enough to explicitly propose ethical guidelines for cyberwarfare tend not to veer far from Tallinn’s principles – namely, that cyberattacks shouldn’t be directed against civilians, should only be directed at military targets in a way that minimizes collateral damage, the principle of equivalent harm, etc.

The second section takes a just-war approach. Can just war theory accommodate developments in cyberwarfare, or do these new ways of fighting render its application obsolete? David Whetham draws the analogy to soldiers spreading out over an enemy’s territory to plunder and destroy everything in their path, though is careful to state that cyberwar is not real war at all. Ryan Jenkins follows by arguing that cyberwar can be Ideal War where states can direct their force discriminately against military targets, minimizing non-combatant and collateral damage, and proportionally. Brian Orend then presents a thoughtful and important discussion on the ethical considerations informing “what justice and law should require of good-faith actors in the aftermath of cyberwar” (p. 116). He raises critical issues that often go overlooked, and to his credit, offers a constructive way forward.

The third section explores the ethos of cyberwarfare. Perhaps the most intriguing chapter in the volume is Matthew Beard’s The Code of the Cyberwarrior. He draws a comparison to less formal military codes of honor – “the warrior code” – akin to “what it is to be a Marine”. Cyberwarriors require a self-policing and similar code to help cultivate morally good conduct and develop a normative identity. Beard’s arguments stand out for focusing more on individual ethics of the cyberwarrior, rather than those of the nation-state, and correspondingly for ethics being enforced through peer-based social pressures rather than international law or other legal norms. The reader is left wanting to know more about the cultural anthropology of the cyberwarrior, and about that of hackers and hacktivists for that matter, but Beard maintains the distinction between these different types of cyberoperatives.

This focus on the individuals involved in cyberwarfare is coupled nicely with the chapters by David Danks and Joseph H. Danks who call for “bringing humans back in the loop” (p. 178) in formulating our ethical understanding in such a highly technical field, as well as that by Daphna Canetti, Michael L. Gross, and Israel Waismel-Manor whose analysis suggests the very real psychological harm that cyberwarfare can cause among its participants. These contributions serve as valuable reminders that, in all matters of cyberspace, it is still real people who are involved – carrying out the operations and feeling their effects.

Finally, the volume closes with a look at cyberespionage, the role of deception, and privacy. Heather M. Roff is the first to question whether cyberoperations geared towards deception of the enemy fall on the side of “permissible ruses” or are impermissible acts of perfidy, eroding the levels of trust between enemies that would undermine peace negotiations and contribute to greater international instability. Seumas Miller then presents a new term - “covert political cyberaction” – that addresses acts that are not quite cyberwar and not quite cybercrime, but rather are the “dirty” actions that tend to be harmful and unlawful but pursued to achieve a greater good. Michael Skerker adds the case of cyberespionage and, specifically, the ethics involved in government-sponsored data collection. He argues that the collection of metadata through automated keyword searches and data mining techniques poses a legitimate threat to “the autonomy of inhabitants of liberal states” (p. 251), and proposes a moral standard to determine when such “coercive state actions” are justified.

Many of the authors cite the same few examples – Estonia 2007, Israel-Syria 2007, Russia-Georgia 2008, Stuxnet, etc.) – and these all focus on nation-state behavior which, understandably, is part of how cyberwarfare is commonly defined. But what of rogue actors, cyberterrorists, hacktivists, etc. Would the recent case of Russian operatives hacking into the Democratic National Committee’s email system to publicly reveal private political communications in the weeks leading up to an election be considered cyberwarfare? If so, how applicable are the prescribed ethical principles in the absence (or redefinition) of “civilian targets” or “collateral damage”? If not, is that an indication that conceiving of cyberwarfare in strictly military terms between nation-state actors is too limiting and thereby less relevant?

Binary Bullets is a thorough and comprehensive presentation of many of the ethical challenges raised by the prospect of cyberwarfare and should be read by anyone not only interested in ethical philosophy but also in international law, military strategy, and the politics of technology. The volume’s breadth of content and perspectives is sure to greatly expand one’s understanding of both evolving ethical considerations in technological spaces and of cyberwarfare itself.