 A really cool title. I thought it was kind of a sexy title anyway. There's been a lot of stuff in the news lately about hackers, hacktivism, cyberterrorism, all that kind of stuff. And I thought, hey, maybe it's pretty important for somebody to look into some of the international aspects of a relationship where a hacker really wants to be a patriot and help their country out. If we're going to go ahead and use information warfare kind of tactics against a foreign nation, maybe we need to have somebody who's best suited to do that. Go ahead and undertake the tasks. Let the hacker who's out there who knows what they're doing, now I'm using the phrase hacker, I'm not going to bother getting the same kind of disclaimer everybody else does, right? Distinguishing between hackers and crackers and white hat. Okay, we'll just skip all that. If there's a citizen hacker out there who can do it, they think they can do a better job than a DOD trained information warrior, why not give them a chance? Well, there might be some problems with that. So I decided I'd better look into it. Here's our, you can't see it real well up there, but our company logo. Yes, I'm with SecureLogix. Our call is to cure the scourge of insecure modems out there with a firewall for telephone lines and an enterprise-wide distributed scanner to find the rogue modems in your enterprise system. Okay, there's my official plug. Let's move on and talk a little bit about some hackers in the news. There have been a lot of them lately that are interesting. Now, this is kind of old, December 98, but it's very critical to the issue that I'm talking about here today. Regions of the underground declare war on China and Iraq. And of course, right after this, we all know what happened, right? The next thing that happened is everybody started jumping on the bandwagon and saying, well, no, that's a bad idea. A bunch of other hacker groups get together and say, no, no, we don't endorse that kind of thing. We have nothing to do with that. And even, I think, the cult of the dead cow came out and said, no, we don't want to start using hackers as a weapon. Once hackers become weapons, then they're going to become targets. We don't want to go there. Let's keep hacking kind of activities in the realm of research, not in the realm of warfare, which I thought was really cool. But it illustrates an interesting position. What if a non-state actor, person acting on behalf of themselves or on behalf of their little group, whether it's a hacker group or some other kind of group, what if they do declare war on some foreign nation? How could we expect a foreign nation to respond? These are some of the issues that I thought needed to be explored. Federal computer week. Are cyber terrorists for real? Well, the gist of this article is probably not. What we've seen so far are a lot of incidents where hackers are doing minimal damage here and there, limited damage to sites, but there's no real concerted kind of terrorism threat because these people aren't acting in a strategic manner to achieve their objectives. Now, that's not to say that that isn't going to happen someday or it couldn't happen someday, but that day isn't here yet. And that sentiment was echoed by Dorothy Denning's testimony in front of, I think it was House of Representatives security panel where she said, look, cyber terrorism doesn't seem to pose an imminent threat. Yet. She also said in the years to come it's going to be an increasing threat. But right now it's not a mature issue. It's something we need to be aware of. And cyber war averted, but what now is an article that came along that kind of outlined this whole leeches of the underground, the claring war in China and Iraq thing and also included some neat comebacks from hacker organizations. Question. Agree with what? Maybe I'll do that next year. It's an important topic that needs to be explored. The cyber terrorism, hacktivism are separate issues. I think the big thing that I want to kind of pound my chest about this year is if there's a citizen hacker out there who wants to hack on behalf of their state, what kind of issues does that raise? And that's really how I kind of tried to narrow things. An issue here. Serbian hackers take their war to the internet. How what they're doing? This was the Black Hand group. They named themselves after that turn of the century group of military officers that tried to make a political coup in the country and ended up having a Serbian crown prince and his common law wife both executed. And this hacker group has now called themselves the Black Hand. And they were out here doing these hacking on websites and things like that because they want to go ahead and position themselves as some kind of revolutionary kind of thing. Well, this is the same kind of issue that we run into when we see somebody like the legions of the underground declaring war on China and Iraq. Now we have, we'll presume, civilians out there going ahead and hacking on behalf of some state ideology. ISPs accuse China of infowar. This article is interesting and I thought it was relevant to us because it articulates something that I saw through in the article pretty quickly. And I'm hoping that every critical thinker out there who reads newspapers understands things the same way and reads things the same way. But in this case we had some ISPs in Canada that had some Falun Gong, the Falun Gong sect websites. And they were hosting these websites and lo and behold they were getting flooded denial of service attacks. They had to take those websites, websites weren't taken down like it or not. They had some problems getting the machines back up. Yes, they were running windows. Finally got the machines running again and they did some backtracking to find out just who did it and who was it that launched these denial of service attacks. And they traced it back one way or another and ended up finding that, hey these are all coming from China. Wow! So then what do the headlines say? The headlines read ISPs accuse China of information warfare. Now wait a minute. Once we find out that these hackers or these signals are originating in China, how do we know who did it? I mean here we have a huge leap of faith saying, oh obviously it's China because they don't like what we're doing with our whole Falun Gong kind of stuff. They've outlawed the religion in China. They've outlawed, I don't even know it's a religion, but they've outlawed this sect in China. So of course they're trying to take down anything related to the Falun Gong. Well man isn't that a huge leap of faith? But you find a lot of times people are taking a knee-jerk reaction saying, oh well signals coming from China, well it must be them. It was traced back to the Beijing Application Institute for Information Technology. Wow! Now I'm not a China expert but sounds a little bit to me like an institute for higher education. The kind of place college students might be. The kind of place that college students who play with the web might be. Kind of interesting to me that internationally now because this kind of stuff pull these articles down off the web, this is like international news now, right? Holy cow! So now we've got finger pointing at China. Cyberterrorism. I don't want to go into cyberterrorism. There's a whole extra level we need to go to to talk about cyberterrorism. But the gist of this article that I wanted to include is just the whole idea that we have an insecure system. And the Cyberterrorism article in Grossman Law.com illustrates, articulates rather, the steps that occurred when hackers broke into some military systems that were unclassified. Some hackers broke into an unclassified system and the military or the DOD said, hey, well that's okay because the system they broke into didn't have any classified information. All it had was some personnel records, things like that. To a casual reader of a newspaper you might say, well that's fine, you know, I didn't get anything classified. Well now wait a minute, says I. What if we've got warfighters out there that are expecting plain loads of bullets to arrive and instead they get beans? What if we have military warfighters sitting somewhere and also Persian Gulf at war or something and lo and behold they're expecting like bills to be paid at home and all that kind of stuff. But because somebody's in the payroll files, all their spouses back home are receiving their paychecks with a big goose egg there, big zero pay. So what's going to happen to them economically? Well, each individual military member is now going to be driven to economic ruin because a hacker has access to payroll files. Holy cow, are these guys going to be thinking about, no, we're fighting the good fight and defending America and patriotic causes overseas. We're warfighters concentrating on our tasks. No, they're going to be thinking about Jennifer who can't get her braces anymore and they're going to be thinking about little Billy who just ended up having to have some kind of surgery and he can't pay for it. I mean they're going to be thinking of house payments, truck repossessions. This is the kind of stuff they're going to be thinking about, not fighting war. Okay, well this was unfortunately a cyber terrorism article, but it illustrates the kind of vulnerabilities that a hacker could easily get into in a foreign nation. Mexican hackers declare cyber war. I want to include this because in this particular case, hackers got together, Mexican hackers, anti-government. Just basic anti-government kind of guys. There's probably a little anti-government in everybody, but these guys hacked a bunch of websites and stuck up zapatista slogans. Leave us a pod out of that kind of stuff. Well, they weren't zapatistas, but were they? Just anti-government types. Now what if the government said, hey, these are zapatistas, obviously. Look, they've hacked our websites, putting up their political ideology on our government websites and they take action against all the vivasapada crowd? Holy cow, do we have mistaken identity kind of stuff going on? It seems like there's a lot of that when we're dealing with the worldwide web. Demand attacks, I'm going to skip that. The big question is for us, what authority do citizen hackers have? What's their status as a combatant? How are they treated if they're captured by an enemy force? What if they violate their own nation's laws or the laws of another nation? And the big question. I'm a hacker. How can I play? First, we need to find context. And the way to do that is to define information warfare, to talk a little bit about what the current joint doctrine is, and to talk about electronic network information operations. Information warfare, what does that mean? Well, information warfare, this comes out of the cornerstone's document, which is his current kind of DOD thought, is any action to deny or exploit... Actually, this is Air Force only, I think. It's to deny, exploit, corrupt or destroy the enemy's information and its functions, protecting ourselves against those actions and exploiting our own military information functions. So what are we talking about with information warfare? The definition's pretty broad. Five years ago, could you find such a clear definition? No. Oh, geez, Dave, how do you know that? Well, because I was writing on this subject five years ago and I couldn't find anybody who talked to me unclassified about it. If I wanted unclassified information, I had so many doors slammed in my face, it wasn't funny. Just for something silly, like trying to find decent definitions. I remember walking around the halls of the Pentagon asking, what are we doing offensively in information warfare? That's a bad question to ask. Joint Publication 313. This is joint applies to all the services. Oh, back up a little bit. The definition of information warfare is a little different for each service. That's the Air Force. The Army and Navy sometimes includes, like, Intel, PsyOps and that kind of stuff. Joint Publication 313, however, applies to everybody, the Joint Doctrine for Information Operations. What's significant about this publication and why it's important to know about it is because this kind of lets loose the floodgates on information warfare. Basically, it says we are going to engage in information operations across the spectrum of conflict. So we're going to go anywhere from there's no war happening to full-blown war. These are the environments that we are going to practice information operations in. Now, that includes the military Moot-W concept, military operations other than war kind of stuff. Now, that should make somebody think from it. Information warfare, but we're not at war. Well, no, we're calling them information operations. Okay? Our focus today needs to be on just one narrow aspect of information operations. And that's electronic network information operations. Because different people define information warfare and information operations differently, it's nice to have some kind of a way to narrow the focus. And that's what I'm going to do. I'm talking about information operations against other folks networks. That's what we're concerned about. Exploitation of information or denying information, corrupting information, or replacing that information with information of our own that they may treat as valid. We know electronic network information operations will occur. There's no doubt about that. It was before DEF CON last year that Clinton authorized the CIA to go ahead after a Milosovic bank accounts that were in Switzerland and some other places around the world. And the whole idea here is we want to go ahead and bring them down. We're sick of this whole conflict. We need to take some kind of action. And this made newspapers all over the place. You can find the newspapers and stuff on the web. It's kind of old news now, but I understand in the Meet the Fed panel last year, I didn't make it to the last year of DEF CON, but I understand one of the questions for the feds was, hey, look, what are we trying to do with this information operations in foreign countries to get Milosovic? You've got a bunch of military members out there doing it. They don't know what they're doing. We're in a position to do exactly that. We know what we're doing. We're self-trained, self-taught. We understand these systems, and we don't think your warfighters do. Why can't we go ahead and take them on ourselves? And I understand that's probably not an accurate paraphrase of the question that last year's Meet the Feds, but it illustrates one interesting concept, and that is there seems to be a school of thought out there that says we need to find the right person to do the job, and the right person is the person with the right skills and the right abilities. And the second thing that's important about this is electronic network information operations are going to occur, because now we have joint publication 313 that's going out to all the military forces saying we're going to engage in information operations across the spectrum of conflict. And oh, by the way, we're also going to hack into other nations' computer systems in order to mess with Milosovic's bank accounts. Holy cow! I mean, does that shock you? It shocks my socks off for crying out loud, but that's amazing that we're going to go into, we're going to electronically penetrate the sovereignty of other nations in order to mess with assets that belong to an individual in yet another nation. It really kind of clouds things a little bit. We know information operations will occur, so who should do it? Hackers, that's too heavy on my hand to hook the sound up here. Hackers comes with a big round of applause. The government? That comes with a gunshot in honor of Orlando. Or both. What's not really sure? Where do we find the answers? We find the answers in a few different places, so we need to talk a brief history lesson first, I guess. The long-arm conflict is the first place we need to look for answers. In the days when there were no rules on war, total war was all that was out there. The concept of a just war was all that mattered. I'm in the right, I'm fighting a fight, and I'm fighting a just war, so it doesn't matter what I do with these people that I vanquish, because they're less than dirt. I'm the one who's just right. Well, at some point somebody got the idea, hey, why are we killing the women and children and slaughtering the animals? Why don't we kind of like take them slaves and steal the cattle? Okay, so we start having some rules of conduct in combat that arise over custom. And over time these customs became codified, written down, and at some point people started getting into this phyfdom regime, right? Where we start having folks that are now living off the riches of the land and they have peasants doing their work for them, so they don't really have to work much anymore, and they can start thinking about things like humanity and what's good for people and all this kind of stuff. So along comes a code of conduct, chivalry. And once that comes along, time evolves through the civil war. We have the Libra Code, the first real law of armed conflict and treatment of sick and wounded and all that kind of stuff. The Red Cross comes along, and the modern law of armed conflict evolves. And that's where we're at today. The current law of armed conflict basically comes from two different conventions, the Hague and the Geneva. The Hague convention deals with all kinds of offensive weapons. We're not going to use gas, that kind of stuff, no barbed bayonets, no exploding bullets, less than 20 millimeters in diameter, and no bullets that can't be detected by x-rays, that kind of stuff. Geneva convention deals with sick and wounded. It's how we treat prisoners, how we treat wounded folks in the battlefield, all that kind of stuff. And there have been a gazillion protocols or amendments or changes to each of these, subsequent treaties, if you will. The principles of law of armed conflict, military necessity. Military necessity is important because there are two different ways to look at it. One, it's namby-pamby, group hug, let's sing kumbaya. On the other hand, it's one shot, one kill kind of thing. We have limited resources, let's use them against the enemy, instead of using them against civilians and civilian population and private assets and all that kind of stuff. Humanity is that thing that we started talking about back when we lived in castles and had peons doing a workforce out in the fields and the fiefdoms. We want to be kind and reduce the savagery and brutality and war. Chivalry, it's kind of a code of conduct sort of thing. We want to treat enemy soldiers as though they're some kind of brother in arms kind of thing. We want to be nice to them, that's how we expect to be treated too. And proportionality. Interestingly enough, proportionality is a rule that says it's okay to kill civilians. The proportionality rule needs a big caveat though and that is it's okay to have incidental losses as long as the military objective outweighs the incidental loss or damage that could occur to the civilian population. And it's proportionality arguments that are used to justify things like, an inflammatory example might be Nagasaki, Hiroshima kind of stuff. By dropping a bomb, killing a whole bunch of civilians, look at all the other civilians that we saved, look at all the additional lives that we saved, look at all the additional damage that we averted, da-da-da-da-da. And that's a big argument. I think the argument over the A-bomb is still going on today, but that's the concept anyway. Who is a combatant? This is important because combatants are treated differently than other people in times of war. If you are a combatant and you kill somebody, an enemy soldier, you take out air traffic control causing their aircraft to crash and killing them. There are some interesting concepts that deal with how we treat these people as prisoners of war. We're going to go ahead and keep them until the conflict ends. We're going to go ahead and retain them in prisoner of war camps. We're not going to try them as murderers and execute them or whatever. So it'd be nice to be a combatant if you're engaged in combat. Regular armed force is easy. If you remember in military, yeah, you're a combatant. There are regular out there too, guerrilla fighters. As long as they meet this definition of carrying arms openly, wearing some instinctive insignia of some kind, having a command structure and following the Laws of Armed Conflict, then they're treated as guerrilla fighters, irregulars, if you will. And they're given afforded all the privileges that a combatant will receive under the Laws of Armed Conflict. Levy and Mass is kind of an interesting concept too. This deals with an uprising of the people. Levy and an uprising of the people to defend their borders from attack, whatever. They're given combatant status during that short period of time wherein the uprising has occurred. After that time, if they're still running around shooting enemy soldiers, they're no longer combatants. Sorry. How do you define how long that time is? Don't know. That's going to be a subjective call. And spies. Spies are combatants? No, they're not. Not in any way, shape, or form. Spies are usually caught and tried under the Law of the Capitol Nation. That's a bad thing. Noncombatants include civilians accompanying the armed force. What I'm talking about here are folks who are driving bulldozers for a Navy construction battalion or something like that. Civilians who are working in a chow hall, civilians who are working in payroll, things like that, but they're accompanying the armed force. And noncombatant military folks who might be chaplains, doctors, they're treated differently than a lot of other folks because they're not actually prisoners of war. They're just retained to minister to the physical and spiritual needs of other prisoners of war who are also interred. I've often wondered what would happen if on day one of a war you caught a jeep that had an enemy chaplain and an enemy doctor in it. Would you have to let them go? I've often wondered about that. I think the answer is yes, because there are no other prisoners of war that they need to minister to physically or spiritually. But anyway, that's for a different day. Civilians, if you're a civilian, you're noncombatant. If you go out and kill somebody as a civilian, oh, well, there's a war on. Yeah, but you're still guilty of murder. So you're going to be tried and punished under the Law of the Land where you committed this act. And last is the order to combat the wounded, the sick, the pilot jumping out of his parachute from a wounded aircraft. He's treated as a noncombatant until he does something stupid like engaging combat. If a pilot jumps out of a plane that's been damaged by any aircraft fire and lands and plants both feet on the ground, you call him a noncombatant, right? He's in this order to combat category. But if he does something stupid like pulls out his little pistol and starts shooting at you, then you call him a bullet sponge. He's no longer protected as a noncombatant. Why do we want to comply with the Law of Armed Conflict? Whoops. Here we go. Why comply with the Laws of Armed Conflict? Because violations have repercussions, pure and simple. If you're a military member, you try it under the Uniform Code of Military Justice. If you're not, then you try it under whatever the domestic law may be. International military tribunals like Nuremberg, you commit war crimes, you can be held responsible for them after the time of conflict has ended. Retortion, reprisal, there is a fine legal distinction we don't need to go into. In a nutshell, retortion is a law of armed conflict legal but mighty unfriendly act like old Gaddafi, Libya, bombing down there. Whereas reprisal is, we're going to go ahead and violate the law of armed conflict because you did first. You use a gas weapon, we'll use a gas weapon, that kind of logic. And these are all repercussions of violations. And Court of International Opinion, this is important because how we're perceived by other countries is going to depend on the person who's engaging in activity ostensibly on behalf of the United States. In reciprocity is another important thing we need to think about. If some other country out there is at odds with us, at war with us, an unfriendly relationship, we're going to want to go ahead and engage in some kind of discourse to eventually end the conflict, right? We'd like, if our people are captured, we'd like to be treated as prisoners of war. If your people are captured, we'll do the same thing. Why? Because it's a reciprocal kind of thing, sort of a back-scratching kind of a deal. If we don't do this, however, if we don't engage in this reciprocity kind of a relationship, then we're going to be up the creek because nobody's going to start paying attention to the laws of armed conflict. The savagery and brutality of the world will keep increasing until it's nothing more than the old just wars concept of the Vikings. Self-interest is another important one. Like it or not, we are a pretty important nation in the world and we're kind of a big dog and everybody falls in line a lot of times with what the United States is doing. We've led the way in a lot of ways in international treaties and international relationships and the law of armed conflict development and how nations enter into conflict and how they exit conflict. The United States has long been a prime motivating force in ensuring and overseeing how these things happen. We've been a leader and anything we do that will jeopardize that position is really a dangerous thing for us to do not only today but into the future. Law of armed conflict violations are pretty serious things that we just can't afford to do. All right, hackers aren't combatants. Big deal. They can't catch me. So why not hack for my country anyway? Well, here's one big reason and that's the United Nations. Man, I didn't expect that. Okay, some of you guys might think that the UN is nothing more than some kind of whacked out new world order that's got black helicopters flying around your house and you get tinfoil wrapped around your head and all that kind of stuff. But the United Nations is never really there just to ensure that we all engage in discourse instead of violence, negotiations instead of war. They just seek peace and security for everyone. The UN Charter gives us some interesting information that sheds light on the role of a citizen hacker. The first thing is peace over justice. One thing that motivates a lot of people is they look at foreign country and see horrible things going on. Human rights abuses, all kinds of horrible things. And when the UN Charter came to be and this is the same charter we're using today, I'm not talking old law here. Oh, I'm a lawyer. Did I mention that? I don't think I did. But anyway, that's kind of my interest in the relationship of the hacker to the international law is that's kind of the glue that made the connection there. But peace over justice is a concept that appears in the United Nations Charter and it appears there after a lot of wrangling. I researched back through some of the legislative history, if you will, some of the debates and some of the negotiations and discussions that occurred before they even wrote Article 1. And it was clear that the United Nations decided we don't care about justice in your own little lousy nation. What we care about is peace internationally. If you want to go ahead and be cruel to your own people, we don't care. We, the United Nations, we just don't want you to take your little dispute out of your own borders. So go ahead and be mean to your people if you want. Just don't let it spill over your border to another nation. So they affirmatively said in the wording of Article 1, hey, we care about peace more than justice. Solving equality, Article 2, every nation, no matter how big or small, has certain borders. You are sovereign within those borders. Nobody's going to come strolling across those borders without violating the UN Charter. Solving equality, no matter how big or small your nation is, it's your nation. And Security Council power is interesting too. The UN Security Council has the power to do a lot of things. The Security Council is composed of 15 members, there are five members that are permanent parties. Anytime the UN Security Council wants to do anything, it needs a majority, let's see, is it a majority? No, it's actually nine, I think, out of the 15 parties have to concur in the action. But the important thing is, two-thirds, okay, thanks, the important thing for us is we have to concur as a permanent party. So it's kind of veto power on part of those initial five nations. Of course we're one of those. So if we scratch our head for a minute and think, oh, so we can do anything we want and if somebody tries to take action against us, the UN Security Council is going to go ahead and take action against the United States, we'll just veto it, right? That's kind of dangerous thinking. Picture this, 14 members in the UN Security Council all say we must take sanctions against the United States because they waged a war of aggression against Canada. Okay, well, short war I guess, but and then the United States says no, we're going to veto that action, you can't take sanctions against us, nana nana boo boo. That doesn't get us too far. I remember that Court of International opinion we talked about, you know, just how people are thinking about us. It'd be a real bad idea, I think, for us to give up the leadership position that we currently hold in the United Nations over something like that. But the UN Security Council has broad powers and Article 41 is probably the most interesting section to me of the UN Charter because it articulates, this is, hey look, the UN Security Council can take action in all these different ways. They can use force, they can send in peacekeepers, yadda yadda yadda, but they can also use means other than force to further UN Security Council goals. And then they go on to say, ah, and this includes and it lists off this and this and this and this and this and this and that, is that? They list off a whole bunch of things and included in the list of things we find disruption or interruption of communications. Interesting, hmm, says I, computer, internet, I mean this is just nothing more than communications, right? So have they gone ahead in the UN Charter and actually defined information warfare as it relates to networks, electronic network information operations? Have they defined that out of the definition of armed force? Have they defined that out of the definition of armed conflict? Can they now turn around and say, oh no, computers of weapon because, well no, you told us that disrupting communications is not a use of armed force. Hmm, interesting little twist, obviously they weren't imagining the internet when they came up with Article 41. But it lends some credence to the whole idea that these guys, lends some credence to the whole idea that these guys in the UN Security Council really don't have much oversight. Can they do pretty much what they want to do? Well, yeah, they can unfortunately. I'll get into that in just a second. Article 51 is a self-defense clause or the self-defense section of the UN Charter which says, hey, if you're faced with another nation's aggression and they're facing you with armed force, you may respond in kind. That's pretty simple, right? But it's not so simple when you start thinking about a nation who's responding with computer interruptions, communications interruptions. It's no longer armed force because Article 41 told us it wasn't. Wait, do we see kind of like that kind of thing? It does not compute, and I go to loop. And we got some terminology chaos too coming out of UN Charter. We've got these different terms that are used throughout the Charter to describe different things. Act of war, act of aggression, use of force, arm attack, and then they don't define any of them for crying out loud. So does that help us? Well, there is one thing that's defined well enough and that is breach of the peace. If the UN Security Council determines that there is a breach of the peace, then they can go ahead and take action. It's kind of two determinations. First of all, we determine is there a breach of peace or not? Um, yep, okay, there is a breach of the peace. Now we can take action. What do we do take for action? They look at the entire panoply from no action to military intervention, and they can consider anything in there that's appropriate. How incredibly subjective is that? Now when you think about armed conflict, you think about all out total war, and then you come down here, this is an armed force, this is some kind of, well, this is aggression, but it's not, okay, well this is an act of aggression, but it's not really to, well, all they need is a breach of the peace. Talk about lowest common denominator. All the UN Security Council has to do is say, yeah, this is a breach of the peace. And oh, by the way, we're going to take action against you, United States is what we're going to do. Which leaves us in a position then of deciding whether or not we veto what seems to be a consensus among other nations. And what if we do? If we go ahead and they want to take some kind of action against us in the United Nations because of some kind of information disruption they have determined is a breach of the peace, we veto that action, then what's going to happen? Well, a couple of things that could happen. In my photo-imagination, I see a couple. First of all, we might have a break up in the United Nations because now we suddenly have a permanent party that isn't playing by the rules in the United States. And if we're not playing by the rules, then maybe the UN is outmoded. Another thing that could happen, I suppose, is a bunch of bilateral multinational treaties going on out there to kind of take sides, if you will. People dividing up the line to say, okay, you guys are on the America side and we're all on the side of truth, justice, peace, freedom. Trying to keep those evil off of tyrannical despotic Americans from engaging in the breach of the peace with wanton recklessness. And that wouldn't be good either because then we have the UN standing as an international organ designed to further world peace and all that kind of stuff, but they're essentially hamstrong and extra multinational agreements end up taking its place. That's a bad thing. We already talked about the UN Security Council, a little about that. So if a citizen hacker isn't the patriot, is he some kind of war criminal? Well, the answer there can be found in some of these definitions. Crimes against peace, if you're waging a war of aggression, of course, that's not really very peaceful, I guess. War crimes, war crimes would be things in the nature of using gas on civilians and gassing Afghanis and all that kind of stuff. Crimes against humanity would be atrocities, genocide, things of that nature. And oh, here, let's back up. There's one I didn't put on the side, shame on me. There's another war crime out there, which is probably the most relevant one. Shame on me for not putting it in the slide. And that is, it is a war crime to be a member of an organization that the International Military Tribunal has deemed criminal. Wow. What if the International Military Tribunal were to say, okay, legions of the underground, we hereby declare you a criminal organization by this International Military Tribunal? Holy cow! If any of the members of legions of the underground happen to get captured by that nation, on a trip someday. Yeah, here's my entrance visa. Oh, really? Here are my handcuffs, chakunk. Now what happens? There are trials of a war criminal? Holy cow! I mean, talk about repercussions, but the definitions can be that easy to make. My recommendation here, the cynical lawyer's pragmatic approach, is result-oriented. How does somebody determine what they can and can't do? The answer is I think we need to look at the consequences of our actions, and then we need to consider all of the potential kind of unintended consequences of our action. We need to look at results. How will an enemy nation respond if we go ahead and start racking their industrial hydroelectric power, control of their dams? We start taking down electrical systems that also happens to include the electrical grid where many of their city's hospitals are located. So now we have life support systems that aren't redundantly backed up like they are in the United States, and we have it good in that way with medical care. What if we start having people actually dying in foreign countries? Plains going down, mid-air collisions at airports, stuff like that. Once a country starts seeing themselves in a position where they have no kidding, loss of life, damage, they have all these these cool images that they can show of bodies wrecked and strewn and bloody and everything else that they can show the world, how are we in the United States going to then stand up and say, well, okay, first of all that was a hacker group that wasn't the United States. Oh yeah, right, we traced those, yeah, well these signals traced back to the United States, and that's where the hacking originated. Well, okay, well if you don't believe that it wasn't an act of the United States and an act of some hacker group who did it without authorization, then you need to believe that it was an accident or it was, where are we going to go with this? What kind of arguments can we come up with? I don't know. It's tough when you end up putting the country in a position where the country has to try to find a way to keep another nation from taking action. Take a look at what we did with non-state actors in the Sudan. How did we respond to that? We have a terrorist group who's training in the Sudan. We take issue with that. So what do we do? We sent tomahawks in there, right? That's what I read in the news. We sent tomahawks across the border of a sovereign third party nation to hit a hacker group that we had a problem with, or hacker group, terrorist group, that we had a problem with in the Sudan. Now that's kind of interesting. Now think for a minute, if there's a hacker group somewhere in say, oh Miami, and this hacker group is doing all kinds of anti-Castro kind of stuff, and Castro says, hey wait a minute, there's a non-state actor up there, a group of civilians, hackers, and they're in the third party nation that's got its own sovereign borders, and I'm going to take action just like America did in the Sudan. I'm going to go ahead and send some Cuban cruise missiles in Miami. How do you think the United States would respond if they start seeing little blips coming toward us? Oh, that's not a good thing. It's not a good thing. So we need to start looking at repercussions, and once a country out there can look at our actions and can't decide, is it government action, civilian action? We don't know, and I'll tell you what we do know we've got a bunch of pictures of dead people laying and hanging out of airplanes and all that kind of stuff. So when they take action, what are they going to say it is? They're going to say it's self-defense in Article 51, right, and say, hey these guys attacked us with force, even though it was only computer kind of stuff, we have people dying over here. That's force, so we're going to respond in Article 51 and self-defense with force, and then we've suddenly escalated this thing from a little electron battle that seems like fun into something where buttons are getting pushed, things are getting launched, and people are buying. And things can escalate pretty quickly. Question? That sounds like you're not going to look at our government action. Oh, I'm wounded. What do you think is something you're doing in your government action? Okay, go ahead. Can you consider a man? Yeah, if we're put in a position where we have an opportunity to extradite, and if we've got somebody we can identify, then do you think the United States would take the heat, or would they go ahead and extradite? I mean, logically, they'd go ahead and extradite. I mean, that's the way to ensure international world peace comply with the UN objectives and all that kind of stuff. So that makes sense to extradite, unless you're the guy who's getting extradited and you might not like it much. But looking at how they respond is pretty important. I think we just talked about these things. Oh, could you go to the UN Security Council and please make a plea for relief? Yeah, you probably could. But once again, we're the big dog on the Security Council. And we have the opportunity to veto any UN Security Council action. So maybe that's not an appropriate place to go. Potential UN action against us? Sanctions? Things of that nature? Could those occur? Yeah, they could. If somehow this is perceived as an act of the United States, either the United States condoned it or after the fact the United States ratified it, we're going to be in trouble because then the United States could suffer some repercussions of an individual hacker or hacker group's actions. And the Court of International Opinion is another issue we need to look out for. I hear we have a situation where we have been world leaders in a lot of ways, economically, militarily, all that kind of stuff. We need to keep that position in order to make sure that we can best protect our national interests and our national assets and our national security. We can't afford to slip out of that position. So we need to always pay attention to what we look like in the Court of International Opinion because if we're convicted in that court, it's a conviction by press, right? I mean that's a tough thing for us to deal with. And criminal responsibility for the hacker. We talked about extradition just a minute ago. Criminal responsibility for the hacker could be under domestic law, could be under foreign law. Who knows, it would depend on the facts and circumstances of that individual case. Back to our big questions. I'm trying to hurry along here because we're, everybody's running behind here today. What authority do hackers have to engage in warfare or information operations on behalf of their state? Well, I actually have none. What's their status as a combatant? None. You're a civilian. If you're a hacker out there, hacking on behalf of your state, no matter how good your intentions are, no matter how good your skills are, no matter how good your kung fu is, you're still a civilian. How are you treated if you're captured by an enemy nation? Well, you try them to avail a law. That's not a real fun thing to face. I wouldn't think, especially in Turkey. No. Yeah, you need fingers for a keyboard, right? Or if you violate your own nation's law, well, you could face repercussions, conviction under your own nation's laws as well for any that may have been violated. And if you violate another nation's law, you could be extradited to another nation for trial. Okay, so that's all well and good, Dave, but look, I'm a hacker. How can I play? The bottom line, I have to leave war fighting the warriors and hacking on behalf of the state to agents of that state. That's probably not a cool answer, but based on the ramifications in the international community, based on the tenuous nature of international law and international treaties, there's really no other answer. An international lawyer who I have great respect for once told me, you know, Dave, there really isn't any international law. And I see it's some of a guy, and I'm kind of thinking that too. I mean, what we have here in the international community, we have a lot of treaties, we have a lot of laws, we have a lot of agreements we've signed up to, but the bottom line is everything is subjective, everything is negotiable in the international landscape. And that's important to remember because if what's in favor one day may not be the next. It's tough when you're dealing with international policy issues to make the right call if you want to found it in, you know, this law says I can do this, chances are that's a bad plan. If you are engaged in some kind of behavior that's intellectually and internationally acceptable, then it's probably going to be fine. The problem is, so many nations have different rules, different laws, different ideas about what this international internet paradigm should be, that we're not going to get any consistency, we're not going to get any conformity, at least not in the near future. So it's important for us I guess, it's important to hackers to go ahead and kind of behave, leave the war fighting to the folks that can take responsibility for it. If some hackers out there working on behalf of the Department of Defense and they do something wrong, well what are the penalties? Well, we've got the government there as an umbrella, right? If you do something wrong as an individual, do you have anybody pulling for you? Or do you have a government ready to extradite you unless you get tried in a foreign nation? Oh, that might not be a good thing. And that's kind of the bottom line I guess. Since we were running behind and that kind of thing, why don't I go