Information Operations under International Law.

• Author: van Benthem, Tsvetelina

TABLE OF CONTENTS I. INTRODUCTION 1218 II. WHAT ARE INFORMATION OPERATIONS AND WHY ARE THEY OF CONCERN? 1226 III. How DOES INTERNATIONAL LAW APPLY TO IOS? 1230 A. International Human Rights Law: Negative and Positive Obligations 1232 1. Negative Human Rights Obligations 1233 2. Positive Human Rights Obligations 1239 B. The Principle of Non-intervention 1255 1. The Starting Point 1256 2. The Elements 1257 C. Sovereignty 1262 D. Due Diligence Standards: The Corfu Channel and the No-Harm Principles 1264 IV. DOES INTERNATIONAL LAW NEED CLARIFICATION OR DEVELOPMENT WITH RESPECT TO IOs? 1268 A. Application Problems 1268 B. Orientation Problems 1271 C. Too Complex of a "Regime Complex"? 1274 D. The Absence of Effective Enforcement for Internationally Wrongful IOs 1276 V. Do WE NEED AN INTERNATIONAL LAW FOR INFORMATION OPERATIONS (ILIO)? 1280 VI. CONCLUSION 1284 I. INTRODUCTION

Information operations and activities (IOs) have become increasingly prominent and pervasive tools of power in today's digital age. (1) Spread through digital platforms, today's IOs can shape perceptions and influence interactions; they can inform and misinform; and they can bring together or isolate their target audiences. Their full import is on display in the recent--and alarming--examples of operations conducted via information and communications technologies (ICTs) prior to and throughout Russia's aggressive war in Ukraine.

The Russian government has sponsored IOs that seek to sow discord, demoralize the Ukrainian public, shatter Western alliances, and spread false information regarding the policies of the Ukrainian government and the conduct of the war. (2) Their contents range from unfounded claims of genocide against ethnic Russians by Ukrainian forces in the Donbas region, (3) to false allegations that Ukraine is controlled by "Nazis," (4) and claims that atrocities committed by Russian forces in Ukrainian towns were staged. (5) Russia's campaigns have disseminated such information via both traditional and digital media, garnering the support of Russian policy makers, soldiers, and citizens for the war. (6) Despite evidence that these influence operations, when pursued with patience and persistence, are "well positioned" to exploit existing polarizations, (7) their success among Ukrainian and Western audiences has so far been limited. This is likely due to the swift measures taken by the Ukrainian government and its allies to control social media narratives, expose atrocities, and build stories of their own modern-day heroes. (8) Ukrainians have launched their own information campaigns in turn to pierce the Kremlin's information curtain and reach the Russian population. Some of these have generated controversies--for example, calls for the death of--or otherwise hateful rhetoric targeting--Russian soldiers, leaders and even civilians on social media platforms; (9) online dissemination of videos depicting Russian POWs by both government and private accounts; (10) and the release of personal information of dead Russian soldiers. (11) The Russian invasion of Ukraine has made it abundantly clear how a war for dominant narratives can be as fierce and critical as the one fought on the ground.

States are not, however, the only actors tempted to unleash the power of modern IOs. Terrorist groups have been quick to take advantage of the digital environment as well. For more than two decades, states and scholars have waxed anxiously about the catastrophic prospects of "cyberterrorism" in the form of large-scale, one-off violent operations. (12) Fortunately, fears of terrorist groups' capacities to use online means to crash planes, derail trains, or poison water supplies have not yet come to fruition. (13) That said, transnational terrorist networks have repeatedly employed social media and online communication tools to incite violence, distribute propaganda, recruit, and finance their activities. (14) Labeled "the use of the internet to facilitate (but not perpetrate) terrorism," (15) these acts can clearly be classified within the spectrum of modern IOs as well.

The diversity and effects of IOs may be most pronounced in wars and terrorist threats. But information campaigns can be initiated or facilitated by a much broader range of individuals, groups, corporations, and states for various ends--benign and malign--under disparate guises. The "infodemic" around COVID-19 vaccines dramatically impacted vaccine uptake amidst claims of microchips and risks of disease or death. (16) Such claims, like those on the inefficacy of masks or incentivizing the consumption of certain "miraculous" cures, risked significant harm to the life and health of individuals. (17) False claims may have equally significant (and harmful) outcomes in other areas--from manipulating electorates during democratic processes in order to favor particular positions or deny their actual outcome, (18) to altering perceptions of climate change or technological developments. (19) At its most severe, extremist content--and the appeal of broadcasting it online--has incentivized violence from Christchurch to Pittsburgh in what has become an all-too-common feature of modern life. (20)

As part of this symposium issue on the law of cyberterrorism, our Article explores international law's regulation of IOs including, but not limited to, those with terrorist origins. In doing so, we make three claims. First, international law currently regulates many IOs via prohibitions, permissions, and requirements. The principles of non-intervention and sovereignty conjoin with the obligation to respect human rights to constrain states from pursuing certain IOs themselves both at home and abroad. At the same time, duties to protect human rights and different rules featuring due diligence standards require states to take positive steps to respond to IOs emanating from their territory and jurisdiction. In other contexts (e.g., restrictions on freedom to receive and impart information), international law permits states to regulate IOs, but only subject to satisfying various conditions. We are now witnessing, moreover, a significant increase in state, intergovernmental, academic, and corporate initiatives to clarify how existing rules of international law apply to ICTs. (21) It is clear that the extant rules, with the benefit of cyber-specific interpretations, offer a comprehensive regulatory framework to address extremist content online as well as information campaigns that threaten things like public health or electoral processes.

Second, viewing the harm typically associated with terrorist activity through the lens of generally applicable international law rules and standards is necessary for very pragmatic reasons. To the extent international law regulates terrorist activity specifically, it has done so through piece-meal regulation of specific violent terrorist acts (22) (e.g., terrorist bombings (23) and seizures of aircrafts (24)), methods (e.g., the use of plastic explosives (25) and nuclear material (26)), and financing. (27) Terrorism as a concept has, however, proven subjective, elusive, and divisive; it has effectively escaped a legally binding definition. (28) Elements such as the intention or purpose to compel become easily politicized, leaving negotiations at a dead end. As such, conventional and customary international law have no general definition of terrorism that we can apply in relevant online contexts, whether for delimiting internationally wrongful acts of states or invoking international or domestic crimes. (29) This, in turn, causes definitional difficulties when it comes to acts of cyberterrorism--that is, "the deliberate exploitation of computer networks as a means to launch a [terrorist] attack" (30)--or acts facilitative thereof, such as online terrorist propaganda or recruitment. (31) Only a few non-binding documents, most notably the Christchurch Call to Action to Eliminate Terrorist and Violent Extremist Content Online, have addressed the contours of online terrorist threats. (32)

Given the extant regulation of terrorism (and its focus on kinetic acts and methods), we posit that, at least in the short term, the existing, general international legal framework applicable to IOs and other cyber activities will be a better vehicle for addressing the current online threat landscape occupied by transnational and domestic terror groups. Talking about conduct proscribed under generally applicable international law allows the international community to constrain harmful behavior while avoiding political stalemates surrounding use of the "terrorism" label or language.

Third, just because international law has extensive rules that address IOs does not mean that they are sufficient. These rules are, at best, only partially effective. In their current form, international rules on IOs face no less than four discrete challenges in the ICT environment: (i) application, (ii) orientation, (iii) complexity, and (iv) enforcement. Like all law, international law's application depends on facts. But, when it comes to IOs, the facts are often hard to ascertain. In particular, the widespread nature of such operations makes them difficult to identify in the first place. Once identified, attributing responsibility, whether technically or legally, presents particular challenges in cyberspace. At the same time, the quintessentially cognitive methods employed by IOs (i.e., to change or reinforce behavior) make it especially difficult to establish a causal link between operations and the harmful outcomes towards which they aim or ultimately lead.

But even if international law could surmount its operational challenges, its orientation around state behavior complicates its ability to regulate the IOs and activities of non-state actors, operations that form the lion-share of this problem set. International law covers some of this behavior via positive obligations, such as states' duties to...