On 16 and 17 October 2013 the junior researchers team of the Network for Civil Security Law in Europe (KORSE) at the Alexander von Humboldt Institute for Internet and Society in Berlin (HIIG) participated at the X. KAS Conference on Public International Law on „Law and Security / Cyber Security“ in Bonn. The Conference was dedicated to the problems and tasks that the cyberspace poses for national and international cyber security policy. Together with selected experts from Germany, China, South Korea, Israel, Tanzania, the United States of America and Romania the key challenges for effective legal protection in this area were discussed.
The President of the Bundesamt für Verfassungsschutz (Federal Office for the Protection of the Constitution of Germany (BfV)) Herrn Dr. Hans-Georg Maaßen held the keynote speech. He mainly addressed the scandal about the U.S. National Security Agency (NSA) surveillance. Commenting on the diverging reactions to the incident in Germany and the U.S., Maaßen cited a member of German parliament “who was, above all, surprised by the fact that everyone was so surprised” – or words to that effect. Maaßen attributed the discrepancy between the reactions in Germany and the U.S. primarily to the diverging concept of data protection in those two countries. Regarding improvement of data security and data protection in Germany, Maaßen indicated that, due to Germany’s EU integration, national measures without an accompanying increase in security standards on a European-wide scale (in the Member States and the EU institutions) would not be very effective.
Subsequently, Professor Russell A. Miller from Washington and Lee University School of Law, Virginia, USA and a KORSE-Fellow at the Center for Security and Society in Freiburg, provided a comment on Maaßen’s talk. Miller suggested that the required global coordination and cooperation in cyberlaw should be accomplished by international treaties. However, Miller pointed out that – particularly in the realm of the Internet – non-state actors like telecommunication companies play a very important role. Thus, the classical understanding that only states (and some international organizations) can be subject to international public law does not correspond with the reality in which e.g. Microsoft and Google possess immense resources and control important technologies, information and data. These corporations can be more influential than states. Therefore, Miller suggests that the understanding of public international law has to be adapted to match reality.
The Panels – in particular: Judicial proportionality in the security context
On the following day, three expert panels with the following topics took place:
- Cyber Security Policy in a multi-level system
- Conventional Legal Protection in the age of Cyber Crime and Cyber-Espionage
- The “Fifth-Dimension” of war: Cyber War as a Challenge for Public International Law
In the second panel Miller spoke about the judicial balancing approach between the conflicting interests of liberty and security in the area of counterterrorism.
General criticisms of proportionality
First, Miller noted that both German and US-American court rulings frequently include the weighing of the conflicting interests in their decision process. Thereafter, the judges decide which of the colliding rights will finally prevail. Miller pointed out that the judges’ authority to take these decisions grants judiciary power that had not been provided for in the Constitutions of civil law countries (e.g. continental Europe) and is also viewed critically in common law jurisdictions. Referring to Professor Bernhard Schlink, Miller indicated the danger that the judicial balancing of civil liberties will make those freedoms so malleable that no actual liberties exist.
Specific concerns of proportionality in the security context
Miller sees the balancing of interests particularly critically if it relates to the security context. In the tension between liberty and security in the extreme case of counterterrorism this decision process de facto puts the individual at a disadvantage vis-à-vis the government. On the one hand the government has more comprehensive means to gather information (e.g. by use of intelligence services). Furthermore, the state regularly controls the information that is relevant for the balancing. For, especially in the counterterrorism context it is easy for the state to argue that the respective information is essential to protect the public and – in order to maintain this protection – has to stay secret, i.e. must not be disclosed in court. Due to this “information monopoly” the state can present its argument relating to public security interests a lot better than the citizens. The citizens on the other hand will have great difficulties to present their individual aspects and interests. They have far less efficient means to obtain relevant information.
Beyond that, Miller sees the risk of a „democracy bias for security“. He thinks that elected representatives, who have an interest in being reelected by the people, will always opt for the highest achievable level of security in order not to be responsible for any catastrophe like a terror attack that could constitute a threat to his or her reelection.
Above all, the conference identified numerous problems and raised various issues without being able to provide answers or solutions.
However, remarkably it became clear during the discussion that the international conference participants frequently understand, interpret and approach problems and challenges of cyber security, cybercrime and cyberwar fundamentally differently. This was shown for instance by the diverging views of German/European and the U.S.-American participants on both, the understanding of data protection and the extent of the public authority’s obligation to respect fundamental rights. The German participants largely agreed on two aspects. First, in principle the public authority’s obligation to respect fundamental rights cannot be constrained by national boundaries. Second, everybody, independent of his or her citizenship, has to be covered by the fundamental rights protections (except by the so called “Deutschengrundrechte”, that principally apply only to German citizens). Concerning the differing view in the U.S., Miller explained that the U.S. Constitution is understood as having been created by the American polity solely for the American polity. Therefore, in principle, the State is bound by the provisions of the Constitution only with respect to U.S. citizens or persons with a similar status, which are located on U.S. territory.
Other fundamental differences became evident in Dr. Liu’s contribution, a Chinese expert in cyberlaw from Beijing Normal University Law School. He stated that already the term “cybercrime” is understood very differently in various parts of the world. Dr. Liu therefore spoke for concluding new, not only regional but truly international agreements. He also proposed the establishment of an independent cyberlaw tribunal, that had the power to rule on disputes between states.
The conference has underscored the need for international coordination and cooperation once again. However, this goal seems to be a long way ahead, since there is neither a common understanding of the problem nor a shared vision of the objective.