It's live!: "One Click from Conflict: Some Legal Considerations Related to Technology Companies Providing Digital Services in Situations of Armed Conflict"
Hi everyone. Last week was exciting one for me. With reckless self-promotion, I now get to share with you my new law review article. Here’s the table of contents so you get a sense of what I wrote about.
The article informs digital tech companies of key legal issues they should be aware of when operating in armed conflict situations. The article, which appears in the Chicago Journal of International Law, isn’t directed at one particular type of digital service provider, but it might be particularly relevant for companies that support critical infrastructure, own and operate communications and cloud computing services, provide cyber defense services, and design and produce other cyber tools and capabilities that may be used militarily in situations of armed conflict.  The article also offers a set of recommendations these companies can take to protect civilians from the dangers of war that can arise through their services and business decisions.
The article’s main title, “One Click from Conflict," the same as this Substack, reflects the reality that the digital tech sector—and civilians more generally—are increasingly finding themselves influencing, and being effected by, the cyber dimensions of armed conflict, sometimes in very obvious ways but also sometimes in very subtle ways. In other words, it doesn’t take a lot for someone to influence, or be effected by, armed conflict through digital means; it’s just one click away.
I hope the legal analysis in the article is useful, but even more than that I hope companies use the four-part framework I offer (understand the legal issues, assess the risks, mitigate those risks, inform others of the risks) as a tool to manage the legal and security complexities of armed conflicts. The article also contributes to the increased attention that the business and human rights community is giving to how the private sector should operate in times of armed conflict.
As the ICRC continues to explore this space, we also want to deepen our dialogue with the private tech sector. This made it a particular pleasure (and honor) to have been on a recent panel discussing this issue at the Army Judge Advocate General’s School. In so much as I, as a legal advisor, may have legal considerations to offer digital tech companies that they may not have thought about in great detail, it’s equally true that these companies offer perspectives that the ICRC needs to become more familiar with, such as how they manage risk and what factors are in play when they decide to operated in a situation of armed conflict.
The article is written in my personal capacity, but it’s also fair to say that it reflects a lot of the ICRC’s thinking on these issues, and is part of the ICRC’s broader work to understand the risks that arise when civilians are drawn into digital military operations. The article was significantly strengthened by the feedback I received to previous drafts from many of the ICRC colleagues and others. You know who you are!, and if have any doubts go see the article’s acknowledgements. Thanks also to Just Security and Tech Policy Press for publishing an easy-to-read explainer of the article.
To wrap up this entry, these paragraphs from the article’s conclusion captures many of its key issues:
“The ubiquity of the digital environment is increasingly bringing tech companies into contact with the realities of war. As companies find themselves involved in armed conflicts, and the lives of people living through those conflicts, they will have to decide how to navigate this space. To do this, IHL [international humanitarian law] provides rules of the road that companies will need to be familiar with. IHL offers protections to a company’s civilian employees and properties from attack. But it is also the choices of a company that can influence when those protections may cease and when civilians may be exposed to the crossfire of armed conflict.
This paper focuses on when and how those protections apply and when and how those protections may be lost…The paper also reminds us how that loss of protection may put surrounding civilians and civilian objects at risk of incidental harm that IHL aims to avoid or minimize but may not prohibit.
Finally, this paper recommends to tech companies operating in conflict environments that they should familiarize themselves with IHL; assess the IHL implications of their activities; develop policies aimed at mitigating harm to workers, properties, and surrounding civilians; and inform workers, civilian customers, and other proximate civilians about dangers they might face. These recommendations, which are additional to the obligations that IHL places on parties to armed conflicts, offers a path that can help digital tech companies support the fundamental humanitarian aim of IHL to protect civilians and civilian objects from the dangers of armed conflict.