Tuesday, March 26, 2013

Is The Tallinn Manual On The International Law Applicable To International Cyber Warfare Attacks And Defence?

In this Guest Column, Praveen Dalal, managing partner of ICT law firm Perry4Law and leading techno legal expert of Asia, has shared his views as to why the Tallinn Manual on the international cyber warfare is not applicable and binding in the sphere of international cyber warfare activities.

He has also termed the manual as highly risky and pre mature and recommends for a harmonised international framework for cyber warfare. The question that all countries must ask “Is the Tallinn Manual on The International Law Applicable to International Cyber Warfare Attacks and Defence”? The answer seems to be in negative.

In a Significant and much appreciated effort on the part of NATO Cooperative Cyber Defence Centre of Excellence (NATO CCD COE), a manual titled the Tallinn Manual on the International Law Applicable to Cyber Warfare has been released.

The effort is Significant as it is the first Coordinated and Collaborative effort in the direction of tackling the menaced of Cyber Warfare at the International Level. However, this effort of NATO is also “Highly Risky” and “Pre Mature” as “International Consensus” is not an essential part of this effort.

There is no second opinion that we need International Regulations against Cyber Warfare as Cyber Warfare against India is also a big nuisance. The problem in achieving this “Laudable Objective” is that we have no International Cyber Law Treaty and International Cyber Security Treaty.

Even NATO is aware of these “Limitations” and this is the reason why the Tallinn Manual is not an Official Document, but instead an Expression of Opinions of a Group of Independent Experts acting solely in their Personal Capacity. It does not even represent the views of the Centre, its Sponsoring Nations, or NATO.  It is also not meant to reflect NATO Doctrine.  Nor does it reflect the position of any Organisation or State represented by Observers. 

Obviously, we should consider the Manual as nothing more than personal Opinions of few Individuals and should not base our Acts or Omissions on the basis of this Manual. Before forming our Judgement on the basis of this Manual we must ask few questions. These are:

(1) How NATO or those related to this Manual would "Enforce" it?

(2) Why should it be considered to be "Binding and Enforceable" at the International level?

(3) What if People, Institutions and States "Defy" this Manual?

There are Thousands of such Questions and “Jurisdictional Issues” that need to be answered and resolved before we consider a Manual like this to be even "Considered" much less "Adopted".

In my personal opinion, this Manual is "Premature" and "Undesirable" at this stage when we have no "Universally Acceptable" Cyber Law and Cyber Security Norms. Jumping at the Apex without sorting out the controversial issues existing at the Ground Level is a bad idea and NATO has exactly done so.