Non-State Cyber Actors in the 12-Day War – The Gray Zone of LOAC, Part II
Editors’ note: In a prior post Professor Gary Corn described recent cyber operations undertaken during conflict between Iran and Israel. He related details of the hacking group, Predatory Sparrow, and mapped possible legal analysis of its status under the law of armed conflict, including susceptibility to lethal targeting operations. In this post, Professor Corn addresses matters relating to potential detention and prosecution of Predatory Sparrow members, and by extension, the uncertainties of how LOAC regulates cyber operations generally and specifically in the case of shadowy, non-state cyber groups.
Predatory Sparrow – Operating in the LOAC Gray Zone of Status (con’t)
Detention
At the outset, it should be acknowledged that the likelihood of individual Predatory Sparrow members falling into the hands of the enemy is likely low. But it is not zero. What then, does LOAC have to say about the basis and standards for detaining them if captured (again, presumably by Iranian forces)?
As I set out in Part I, the publicly available evidence tends to rule out the possibility that Predatory Sparrow is a qualifying militia or volunteer corps “belonging to” Israel (GC III, art. 4(a)(2)), whose members would presumptively qualify for prisoner of war status and the privilege of combatant immunity if captured. As I discussed more fully here, for purposes of detention this leaves essentially two options, including to categorize members of Predatory Sparrow as either: civilians (likely participating directly in the hostilities (DPH)); or unprivileged belligerent members of a non-State organized armed group (OAG).
As neither Iran nor Israel is a party to Additional Protocol I, neither is bound by the treaty-based argument, whatever its merits, that if captured members of Predatory Sparrow do not qualify as combatants, per Article 50 they must be treated as civilians entitled to the full scope of substantive and procedural protections on liberty deprivations contained in the Fourth Convention. Iran is a signatory to AP I, “undertak[ing]” efforts “to exhaust the internal procedures to ratify [the protocol] within the domestic legislative authorities.” But I am unaware whether, as a matter of Iran’s interpretation of AP I and its obligations under Article 18 of the Vienna Convention, or as a matter of customary international law, it subscribes to the strict dichotomy between combatants and civilians or instead recognizes the third (and for some, controversial) category of unprivileged belligerents. The answer to this question is legally quite consequential and in the present case, factually murky.
Plumbing the depths of the debate around the LOAC basis for designating non-State OAGs as unprivileged belligerents, with the rights, duties, and liabilities that flow therefrom, is well beyond the scope of this post. Suffice to say that there is at present a lack of consensus that, outside of the context of a non-international armed conflict (NIAC), members of non-State OAGs qualify neither as combatants nor civilians benefiting from the protections of the Third or Fourth Conventions, respectively. For some, in an international armed conflict (IAC), civilians retain their civilian status, subject to forfeiture of protection from attack and possibly to internment even if they do so as members of an OAG not part of or assimilated to the armed forces of a party to the conflict. (see International Committee of the Red Cross (ICRC), Interpretive Guidance on the Notion of Direct Participation in Hostilities; Tallinn Manual 2.0, rule 91, commentary).
The U.S. position and practice are well known and deeply ensconced since at least 2002: that even in the context of an IAC, members of a non-State OAG are non-civilian belligerents that may be targeted based on their status as such, can be detained for the duration of the conflict as a lawful incident of warfare, are nevertheless obligated to comply with LOAC in the conduct of their hostile actions, and are therefore subject to prosecution for war crimes (see e.g., U.S. Department of Defense (DoD), Law of War Manual, § 5.8.2). Although the position finds support in both law and logic, as noted, it has not achieved broad currency among States. Regardless, whether considered civilians engaged in DPH or members of a non-State OAG, detention may be both warranted and legitimate. The basis and parameters of detention will, however, be significantly different.
A captured member of Predatory Sparrow who is not an Iranian citizen, would be considered a captured civilian and qualify as a protected person as defined in Article 4 of the Fourth Convention. As such, they would be subject to internment only if “the security of the Detaining Power makes it absolutely necessary” (GC IV, art. 42) or for “imperative reasons of security,” if captured in occupied territory, determined in accordance with the Convention’s due process requirements, including periodic reviews (GC IV, arts. 43 & 78). Private individuals who engage in or support hostilities can certainly be interned, but the clandestine, nebulous nature of hacker groups like Predatory Sparrow can make establishing the factual predicate for internment difficult. And once interned, the detaining power would have to abide by the extensive treatment standards set out in the Fourth Convention.
In contrast, designation of a captured member as an unprivileged belligerent would not only allow Iran to hold them without charge for the duration of the conflict, it would also deprive them of the specific protections of both GC III and GC IV. As a matter of treaty law, Iran would be bound only by the minimum humane treatment standards of common Article 3 to the 1949 Geneva Conventions. Again, whether Iran would consider itself legally obliged to adhere, as a matter of customary international law or otherwise (see, e.g., ICRC, Customary International Law Study, rule 99), to more robust protections, such as those set out in Article 75 of AP I, is unclear. Recall that the United States officially acknowledged the customary status of Article 75 only in 2011.
As a side note, the U.S. DoD Law of War Manual risks sowing further confusion by grouping civilians engaging in DPH and members of non-State OAGs under the single heading of unprivileged belligerents (as well as State spies and saboteurs) (U.S. DoD, Law of War Manual, §§ 4.2.3.3, 4.3.4). At one level, there is logic to this approach, as in each case, non-State actors do not benefit from the privilege of combatant immunity and, depending on the facts, the individual at issue may be legally deemed to have forfeited certain LOAC protections that would otherwise pertain. However, as I have touched on in this post and elsewhere, the scope, duration, and nature of the forfeitures are significantly different. The term “unprivileged belligerent” presupposes the individual is a member of an enemy belligerent group. Such members might be privileged or unprivileged, but the foundation for either status characterization is they operate as subordinates to enemy belligerent leadership as part of the enemy OAG.
Accordingly, the better approach, in my opinion, is to categorically distinguish between civilians who engage in DPH—even on a continuous basis—who are subject to adverse consequences as a result of that conduct, and unprivileged belligerents, who are subject to the consequences resulting from that status of being belligerent operatives of OAGs, the approach my co-authors and I adopt in the forthcoming third edition of The Law of Armed Conflict: An Operational Approach.
For States that also adhere to the U.S. approach (and presumably for any State engaged in NIAC), a secondary, but practically difficult challenge, is how to determine membership in an OAG itself. Once again, this question is marked by divergence more than convergence of State views, both as to the criteria for determining armed organization, for assessing individual membership, as well as the applicability of these concepts and criteria in the cyber context.
Although referenced in Additional Protocol II, the term “organized armed group” is not defined in any LOAC treaty. The question of organization has been considered primarily through the lens of the so-called Tadić standard for determining the existence of a NIAC, i.e., protracted armed violence between government forces and OAGs, or between two or more OAGs. In subsequent cases, international criminal tribunals have held that while some level of organization is required (Limaj et al., para. 89), non-State groups need not display a level of organization similar or equal to regular armed forces to qualify (Musema, para. 257).
The cases have also suggested a series of factors to be considered such as: the existence of a command structure and disciplinary rules and mechanisms within the group; the group’s ability to define a unified military strategy and use military tactics; and the group’s ability to plan, coordinate and carry out military operations, including troop movements and logistics, to name a few (Haradinaj et al., para. 60). Of course, these factors were developed in the context of international criminal law (ICL) for purposes of determining individual criminal responsibility of members of non-State OAGs for war crimes, as opposed to status determinations for purposes of assessing LOAC rights, duties, and obligations. And for obvious reasons, these and the other factors the tribunals have articulated map more directly to traditional, physical vice virtual scenarios.
According to the Tallinn Manual contributors, a cyber group is organized simply “if it is under an established command structure and can conduct sustained military operations” (rule 83, comment 11). But they also discuss the case-by-case nature of the determination and the difficulties of establishing “virtual” organization where individuals often act collectively online but not necessarily in coordinated operations under a discernable leadership structure able to implement and enforce LOAC on individuals “with whom there is no physical contact;” this last point dividing the contributors as to whether virtual groups could ever qualify as OAGs (rule 83, comments 13-15).
Based on the limited public record, there seems little question that Predatory Sparrow is capable of and has in fact engaged in very sophisticated, coordinated operations over several years and has demonstrated a very disciplined and unified messaging strategy to support its operations. These attributes suggest more than a minimal degree of organization and coordination of its actions. Some describe it as “a professional and tightly regulated team of state-sponsored military hackers, who may even be obliged to carry out risk assessments before they launch an operation.” But little is publicly known about its internal composition, membership numbers, or leadership structure, placing definitive assertions about its LOAC status beyond reach.
Of course, the group must also be “armed,” which, according to the Tallinn Manual 2.0 is the case so long as the group has the capacity to conduct cyber attacks per the AP I, Article 49 definition. Whether Predatory Sparrow’s recent operations amounted to in bello attacks aside (more below), the level of sophistication of those operations, along with past physically destructive operations attributed to and claimed by it (referenced in Part I to this post), would all indicate that it indeed has the requisite capability and capacity.
Assuming Predatory Sparrow qualifies as a non-State OAG, as with the targeting question, determining that an individual can be subject to “law of war detention” requires wading into yet another LOAC gray zone, that of how to establish OAG membership. Here, international law, at least treaty law, has even less to say than it does about organization. The question raises the long running debate pitting the ICRC’s continuous combat function (CCF) approach, first set down in its Interpretive Guidance on the Notion of Direct Participation in Hostilities, against what might be described as the “armed forces analogy” approach reflected in the U.S. DoD Law of War Manual’s multi-factorial, formal, and functional membership approach (§ 5.7.3).
I’ll avoid the merits and contours of the debate (see e.g., here and here for that discussion) and note only that the extensive body of detainee litigation in the United States, and decades of targeting and rules of engagement practice, have demonstrated the intense factual and legal difficulties inherent in subjecting non-State actors to both targeting and indefinite LOAC detention.
Regarding Predatory Sparrow, the absence of public allegations against or information connecting any individual to the entity renders specific analysis impossible. In addition to the challenges States normally face in proving membership, they will also have to contend with the difficulties present in the routine investigation of cyber-crimes, where connecting actual humans to keyboards prove very elusive.
Prosecution – For What?
Whether captured and held as civilians who directly participated in hostilities or as unprivileged belligerents, members of Predatory Sparrow would not be entitled to immunity from criminal prosecution, including for war crimes violations. That is, subject to fair trial and, inter alia, the principle of legality, an opposing State may prosecute and sanction individuals under its domestic law for mere participation in the hostilities, and with respect to cyber operations, for violations of that State’s applicable cybercrime laws.
On the other hand, in terms of war crimes, stricto sensu, LOAC does not prohibit mere participation of private actors. It does, however, require that those who do participate “observe the same duties as lawful combatants during their conduct of hostilities.” (DoD, Law of War Manual, § 4.19.2). That is, when directly participating in hostilities, either as civilians or unprivileged belligerents, private actors are subject to LOAC’s conduct-of-hostilities provisions just as combatants are. If they breach those rules, they can be held accountable, even criminally, where the breach amounts to a war crime.
At this point, questions about whether cyber operations are subject to LOAC have been largely put to bed. Nearly every State that has weighed in publicly has affirmed this view (see here), along with the European Union, the African Union, and, after some foot dragging, the UN GGE. That cyber tools and operations are means and methods of warfare, the misuse of which can amount to war crimes is also uncontroversial, albeit untested (Tallinn Manual 2.0, rule 84; The Council of Advisers’ Report on the Application of the Rome Statute of the International Criminal Court to Cyberwarfare). For example, the Office of the Prosecutor of the International Criminal Court is actively investigating “cyber-enabled” violations of the Rome Statute in the context of the Russia-Ukraine conflict, and has released for public comment its Draft Policy on Cyber-Enabled Crimes under the Rome Statute, according to which a “cyber-enabled act that satisfies the conduct elements of offences defined in article 8(2) of the Statute may be charged as a war crime as long as the act ‘took place in the context of and was associated with’ an armed conflict, whether international or non-international.”
International criminal law and LOAC are related but distinct disciplines with the particularities and substantive and procedural challenges of the former too numerous to address here. However, when it comes to cyber, both bodies of law suffer from some of the same baseline uncertainties of how extant law applies to actual uses of cyber capabilities in armed conflict. While these uncertainties cut across various provisions of both LOAC and ICL, the operations attributed to Predatory Sparrow illustrate some of the primary unresolved questions around the core LOAC (and by extension, ICL) rules regulating attacks.
LOAC Analysis of the Specific Operations
Recall that, according to reporting, Predatory Sparrow targeted Bank Sepah, Iran’s oldest and largest bank, causing branch closures and widespread service outages with customers unable to access accounts, withdraw cash, or use bank cards for some undetermined amount of time. Gas stations that rely on the Bank’s payment processing infrastructure were also reportedly impacted. It also targeted Iran’s largest cryptocurrency exchange, Nobitex, draining around $90 million, transferring the funds to various vanity addresses with some variation of “F–kIRGCterrorists,” and posting the exchange’s entire source code, infrastructure documentation, and internal privacy research and development on social media, providing a “detailed blueprint” of its operations and “a forensic map of an exchange designed to operate in defiance of sanctions, surveillance, and regulatory oversight.” By transferring the funds to wallets without private keys, Predatory Sparrow “effectively burned the funds.”
Bank Sepah and Nobitex are presumptively civilian entities that certainly service civilian customers, although according to Predatory Sparrow and other sources both are connected to or at least support Iranian Ministry of Defense and IRGC operations and activities. This immediately surfaces the question of whether either could qualify as a military objective and, in the case of Nobitex, whether the crypto funds themselves could be targeted under the controversial war-sustaining-capabilities theory of military objective or otherwise (see e.g., U.S. DoD, Law of War Manual, § 5.17.2.3; and here). However, notwithstanding the cyber twist here, those are non-cyber-specific factual and legal questions that, given the nature of Predatory Sparrow’s operations and the effects they generated, may be unnecessary to even reach.
The determination of whether something is a military objective or a civilian object is at the core of the LOAC rules regulating attacks as a method of warfare, where such “acts of violence” (AP I, art. 49) may only be directed at the former. Conversely, directing attacks against civilians, the civilian population, or civilian objects is prohibited (AP I, arts. 51 and 52(1)) and can constitute a war crime. In fact, a substantial number of the conduct of hostilities-based war crimes included in the Rome Statute are predicated on the actus reus involving an attack.
As the OTP’s draft policy notes,
Several war crimes relating to the conduct of hostilities require the existence of an ‘attack.’ These include: articles 8(2)(b)(i) and 8(2)(e)(i) (intentionally directing attacks against the civilian population as such or against individual civilians); article 8(2)(b)(ii) (intentionally directing attacks in IAC against civilian objects); article 8(2)(b)(iv) (intentionally launching an attack in IAC knowing that it will cause incidental harm to civilians or widespread, long-term and severe damage to the natural environment that is clearly excessive in relation to the concrete and direct overall military advantage anticipated); articles 8(2)(b)(iii) and 8(2)(e)(iii) (intentionally directing attacks against humanitarian assistance or peacekeeping missions); and articles 8(2)(b)(ix) and 8(2)(e)(iv) (intentionally directing attacks against other specially protected objects such as buildings dedicated to religion, education, art, science or charitable purposes, historic monuments, and hospitals).
According to the U.S. DoD Law of War Manual, cyber operations that fall below the attack threshold “generally would not need to be directed at military objectives, and may be directed at civilians or civilian objects” so long as they are “militarily necessary.” (§ 16.5.2). Whether considered through the limiting lens of military necessity or that of constant care (AP I, art. 57(1)), there is no question that non-attack cyber operations are far less regulated under LOAC and thus much more difficult to establish as war crimes (see Bobenrieth & Watts).
Thus, when it comes to mapping LOAC targeting law to the cyber domain, Predatory Sparrow’s operations against Iran’s financial infrastructure squarely raise two of the most debated substantive issues on the table: whether non-physically destructive or harmful cyber operations can amount to attacks; and whether digital data, by their nature, can ever be made the object of attack. Professor Michael Schmitt does an excellent job laying down the contours of these debates here, and I will not rehash them in depth. What is significant, as he points out, is that “we are seeing the unfortunate crystallization of competing camps over each” issue.
The Meaning of Attack (in the Cyber Domain?)
Consistent with the traditional understanding of the AP I, Article 49 definition of attack as involving violent consequences (Tallinn Manual 2.0, rule 92, commentary), there is consensus, at least among scholars and those States that have opined on the issue, around the proposition that cyber operations that are “reasonably expected to cause injury or death to persons or damage or destruction to objects” qualify as attacks (Tallinn Manual 2.0, rule 92). Where the effects generated from a cyber operation are intangible, such as disrupting or degrading the functionality of a targeted computer system, especially temporarily, consensus immediately breaks down.
A number of States (interestingly, Israel among them) reject the notion that anything less than direct physical damage or indirect damage, injury, or death qualifies, whereas others, like France, take a much broader view of the attack definition as encompassing cyber operations “where the targeted equipment or systems no longer provide the service for which they were implemented, whether temporarily or permanently, reversibly or not.” The ICC OTP judiciously (at least in draft) defers on the question, noting that it is only “when losses of functionality do not cause, or are incapable of causing, [physical] harms that the qualification question arises. The Office does not, at this time, need to take a position on this matter.”
The juxtaposition of these competing views admittedly oversimplifies the issue, as the complexity and nuances of cyber operations and the growing societal dependence on all things digital opens the possibility of subtle virtual manipulations that can lead indirectly and intentionally to cognizable physical harms. But it is clear that the law is unsettled, and as one author notes, “the number of States that either disavow—or at least qualify—the position that intangible effects alone can constitute an attack indicates there is currently no rule of customary international law that cyber operations constitute attacks under [LOAC] if they produce only intangible or de minimis effects.” And to the extent States are opining that they do, it is a secondarily open question whether they confine those views to the cyber domain, and if so, what the implications of such qualified expressions of opinio juris mean.
It is precisely this LOAC gray zone that Predatory Sparrow exploited. Not only is there no indication that physical harms flowed from either of the operations, it appears that in both cases, the operations targeted the financial data resident on the targeted systems and not the functionality of the systems themselves (although ATM and on-line and in-branch services were disrupted), likely with the use of wiper malware in the Bank Sepah case, raising the second hotly contested issue of whether data are an object within the meaning of LOAC.
Data as an Object Debate
The debate over the legal status, at least with respect to the LOAC prohibition on attacking civilian objects, emerged from the position taken by the majority of the contributors to both Tallinn Manuals that digital data are intangible and therefore fall outside the plain meaning of “object” as that term is used in article 52(1) of AP I and customary international law (Tallinn Manual 2.0, rule 100, comment 6). As such, the destruction of data by wiping or other techniques does not qualify per se as an attack. Some of the contributors disagreed, noting the implication of the majority’s interpretation that “even the deletion of essential civilian datasets such as social security data, tax records, and bank accounts would potentially escape the regulatory reach of the law of armed conflict.” (rule 100, comment 7 (emphasis added)).
As with the debate over the definition of attack, States are similarly divided on this issue, and as Professor Schmitt points out, their views tend to break along the same lines with “those States taking a restrictive view of attacks tend[ing] to do the same vis-à-vis treatment of data as an object.” And again, the ICC OTP is adopting a wait-and-see approach, regarding the matter as not one “on which the Office presently regards it as necessary to take a position.”
It is important to note that even for States taking the more formalistic view of the data question, there tends to be agreement that when an operation deletes or alters data in a way that is reasonably expected to cause physical damage to objects or persons, it may nonetheless qualify as an attack subject to LOAC targeting rules and that operations against data may breach other LOAC rules “which are not dependent on the concept of objects, such as the obligation to respect and protect medical units.”
But neither of Predatory Sparrow’s operations against the Iranian financial infrastructure implicates these caveats, again placing them, or at least one of them, squarely at the center of this unresolved debate. The operation against Nobitex did not wipe or destroy data. It moved and exposed it in a way that effectively burned it.
Destruction or Seizure of Property
As an interesting and under-explored aside, in its draft policy, the ICC OTP separately identifies an alternate theory of potential criminal liability for wiping or destruction of data that could potentially sidestep the data-as-an-object debate. It notes that Articles 8(2)(b)(xiii) and 8(2)(e)(xii) of the Rome Statute prohibit destroying or seizing the enemy’s (or adversary’s) property unless such destruction or seizure be imperatively demanded by the necessities of war, and states the OTP’s view that digital assets, including data, might “qualify as ‘property’” that can be destroyed or seized by cyber means “within the meaning these rules.” These war crimes provisions are the ICL analog to the LOAC rules, such as Hague IV, art. 23(g), that regulate the seizure and destruction of property that falls within the custody and control of an adverse party.
What I have elsewhere described as the LOAC of takings is a convoluted set of rules at best. Applying them in the cyber context will be no less complicated. That effort begins with a novel and baseline question of whether, and under what circumstances, gaining unauthorized access to a device or network amounts to the type of custody and control over property so as to subject its destruction not to the targeting rules, but to the myriad rules governing the legality of property deprivations “realized against civilian objects ‘within the power’ of a Party to a conflict—that is, over which the belligerent exercises physical dominion, control, or restraint.” More on the question of destruction, perhaps, in a future post.
Conclusion
Military legal advisers supporting targeting cells, both kinetic and non, have their work cut out. Technology-driven civilianization of the battlespace is here to stay, a fact that armed forces will need to plan for and carefully manage operationally. It is a trend rife with risks to civilians and civilian infrastructure, driving laudable initiatives like the ICRC’s eight rules for civilian hackers and four obligations for States.
How effectively these efforts will moderate, let alone reign in private cyber warriors is far from certain. This disconcerting trend of privatization of warfare is also exposing in real time various LOAC gray zones, the practical difficulties of mapping existing law to the cyber domain, and hence the growing pressure on States to reduce, if not close, these gaps and seams.
***
Gary Corn is the Director of the Technology, Law & Security Program and Adjunct Professor of Cyber and National Security Law at the American University Washington College of Law.
The views expressed are those of the author, and do not necessarily reflect the views or official position of the United States Military Academy, Department of the Army, Department of Defense or its components.
Articles of War is a forum for professionals to share opinions and cultivate ideas. Articles of War does not screen articles to fit a particular editorial agenda, nor endorse or advocate material that is published.
Photo credit: Wesley Tingey via Unsplash
