DSI Publications

The article examines the risk of the proliferation of potentially harmful disinformation through 'oral' social media services such as Clubhouse. While false or misleading information may have fewer means to stick and go viral, it is also more difficult to fact-check speakers, which may create new vulnerabilities for the information ecosystem online.

The article examines the first decisions issued by Facebook's newly established Oversight Board that deal with the exacerbating problem of health misinformation. In this context, it is questioned whether the Board's applied standard of 'imminent harm' is suitable for the problem at hand given the viral proliferation of potentially consequential false and misleading information about public health policies amid a pandemic.

The legal implications of digital information warfare in the context of armed conflict have so far received only scarce attention. This paper aims at filling this gap by exposing some of the legal issues arising in relation to mis- and disinformation tactics during armed conflict in order to serve as a starting point for further debate in this respect:

What, if any, limits exist concerning (digital) information operations in armed conflict? Does the humanitarian legal framework adequately capture the humanitarian protection needs that arise from these types of (military) conduct? Where and how to draw the line between effects and side-effects of digitalised information warfare that should remain either within or without the protective ambit of international humanitarian law (IHL)? What are, or what should be, the limits of disinformation campaigns, “fake news”, deep fakes and the systematic manipulation of a given information space in times of armed conflict?

Adversarial military cyber operations carried out during armed conflict can affect the functioning of civilian societies in unprecedented ways, challenging the protected reach of international humanitarian law (IHL). In light of this, the article argues for the recognition of new protection needs to shield critical societal processes from cyber threats in conflict situations. Although experts and states generally agree that cyber operations are subject to IHL, the digital transformation has added novel vulnerabilities that do not easily map onto the law’s traditional rationale of providing baseline protection against the ramifications of kinetic warfare, such as to minimise death, injury, and destruction among the civilian population. Today’s military cyber capabilities have the potential to severely impact essential societal processes across economic, financial, scientific, cultural, and healthcare domains as well as public information spaces. While such consequences may be more diffuse and intangible, in an interconnected world they can affect entire societies and cause systemic disruption on a major scale. Recognising this paradigm shift, the article calls for a more comprehensive understanding of what protection of the civilian population in twenty-first century warfare entails. It submits that certain societal processes and functions must be considered assets so essential as to require legal protection under IHL irrespective of possible physical aspects. In order to meaningfully expand IHL’s traditionally narrow focus on objects, kinetic warfare, and physical destruction, the article intends to initiate a discussion about adding the protection of essential societal processes as a new protection dimension to the law of armed conflict.

Cyberattacks have become part of every company’s daily routine. Every business leader must therefore prepare for a situation in which their company is successfully attacked. Defending against a cyberattack requires many parallel activities – assessing the impact, implementing technical defense measures, collecting evidence, rebuilding reliable IT systems and business processes, and communicating with customers and partners. The article describes five lessons that will help business leaders on Day X to successfully manage a serious and complex cyberattack.

The article explores the question whether contemporary forms of interfering with democratic decision-making processes in other countries, primarily carried out through digital means as part of a larger effort to distort the online information ecosystem, can amount to a violation of standing rules of international law.

Although the question of the targeting of data through adversarial military cyber operations and its implications for the qualification of such conduct under International Humanitarian Law has been on scholars’ and states’ radar for the last few years, there remain a number of misunderstandings as to how to think about the notion of “data.” Based on a number of fictional scenarios, the article clarifies the pertinent terminology and makes some expedient distinctions between various types of data. It then analyzes how existing international humanitarian and international human rights law applies to cyber operations whose effects have an impact on data. The authors argue that given the persisting ambiguities of traditional concepts such as “object” and “attack” under international humanitarian law, the targeting of content data continues to fall into a legal grey zone, which potentially has wide-ranging ramifications both for the rights of individual civilians and the functioning of civilian societies during situations of conflict. At the same time, much legal uncertainty surrounds the application of human rights law to these contexts, and existing data protection frameworks explicitly exclude taking effect in relation to issues of security. Acknowledging these gaps, the article attempts to advance the debate by proposing a paradigm shift: Instead of taking existing rules on armed conflict and applying them to “data,” we should contemplate applying the principles of data protection, data security, and privacy frameworks to military cyber operations in armed conflict.

The Federal Chancellery recently finished its first draft of the revised Foreign Intelligence Service Law (BND-Gesetz) that has become necessary subsequent to the judgment of the Federal Constitutional Court in May of 2020. While the draft bill contains numerous improvements, some crucial provisions pertaining to the treatment of journalists and their trusted sources remain insufficient. The article analyses some of the problems.

Over the past two decades, the progressing digital transformation has brought along a growing number of challenges in the context of security: internet crime, cyberwar and espionage, surveillance and autonomous weapons systems. While increased security measures seem indispensable, they need to be weighed against individual human rights guarantees. This chapter provides an overview of the pertinent questions.