Cyber Security and Illegal Information Operations

Tuesday, December 13, 2011

Joel Harding


I was discussing IO legalities with a number of students a few weeks ago and it occurred to me that sometimes IO can be illegal.

I asked a group of experts ‘what laws apply to IO’?  The answers were absolutely amazing in that very few know which laws apply.  Me too, I’m in that group. 

Let me throw a few out there and I ask, if you know of others, please share? These are some widely disparate concepts within the greater context of information operations.

Terrorists.  By their very nature terrorism is illegal, so you could say that any information operation (notice, no capitalized letters) will be illegal.  That’s not the case, however, by US law.  Under the first amendment they have the same right to free speech

In other countries, however, mostly autocratic countries like Russia, China and Iran, they reserve the right to withdraw any and all means of communication in order to preserve the security of the state.  By restricting communication they stomp on freedom of speech and suppress information.

The Concept of Convention on International Information Security was released in September 2011 by the Shanghai Cooperative Organization, consisting of China, Kazakhstan, Kyrgyzstan, Russia, Tajikistan, and Uzbekistan. This concept was floated to the UN as a possible construct for international cybersecurity. 

These paragraphs are interesting, more for what they don’t say than what they do:

“5) guarantee the free exchange of technology and information, while maintaining respect for the sovereignty of States and their existing political, historical, and cultural specificities.”

“…threat to the information space (threat to information security)” – factors that pose a danger to individuals, society, and the state, and their interests, in the information space.”

“This Convention will not apply in those cases when the actions in question are taken within the information infrastructure of one State, citizen, or corporation under the jurisdiction of that State, and the effects of those actions are only felt by citizens and corporations under the jurisdiction of that State, and no other State has grounds to assert its jurisdiction.”

Put together: “guarantee the free exchange of…  information” “factors that pose a danger to…  state”, “will not apply..  within the information infrastructure of one State…  no other State has grounds to assert its jurisdiction (implying the UN).”

Collectively these conceivably violate the UN ‘basic human right for access to the Internet‘ ( because it still allows a state to turn off the internet when the State declares internal communications may pose a threat to the security of the State. Basically, SCO is stating that the security of the state trumps the basic right to internet security.  While not explicitly stated it is implied by its absence.

For the most part, most governments do not lie. Yes, there are notable exceptions, but if a government is to be perceived as a legitimate source of truthful information, they will tell the truth.  Terrorists, however, have the ‘luxury’ of being able to lie. The problem is of perception, however. 

If a terrorist group consistently lies, the public support will vanish – because if they are always lying, therefore they are never telling the truth. If an audience must constantly question if a message is true or not, after repeated disclosures that most information from a source is a lie, the terrorist group will lose some of the support in their message.

Therefore, a terrorist group will eventually revert to the truth, if they ever strayed from that in the first place. While not illegal it will generally prove counterproductive.

If one looks at the recent uprisings collectively called Arab Spring, these uprisings were not caused by the free flow of information, but it sure would have helped. When Tunisia, Egypt and Libya went into crisis mode to avert a revolution, one of the first things they did was to pull the plug on the internet and cell phone usage.

This denied near real time coordination of events, prevented flash mobs and stopped most information flow.  Word of mouth and messages supplanted high tech solutions and long range planning paid off.

Propaganda. Propaganda, to many, cannot be defined, it just seems to come from a source with whom one disagrees. There has been much written about propaganda, but the basic aim is to change a group’s attitude in your favor.

The word propaganda itself has been negatively associated with Hermann Goering and will probably never lose that stigma. Propaganda is prohibited for use by the US Military in the Defense Authorization Bill, in the context of not being used against US citizens.

I hope to publish a list of US laws pertaining to Information Operations in the near future, laws that keep IO legal. At least, that will be my spin!

Cross-posted from To Inform is to Influence

Possibly Related Articles:
Military terrorism Cyber Security Espionage National Security Information Security Information Operations
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.