Hostname: page-component-78c5997874-ndw9j Total loading time: 0 Render date: 2024-11-16T04:21:14.580Z Has data issue: false hasContentIssue false
  • English
  • Français

Lex Lata comes with a Date; or, What Follows from Referring to the “Tallinn Rules”

Part of: Dan Efrony & Yuval Shany, a Rule Book on the Shelf? Tallinn Manual 2.0 on Cyberoperations and Subsequent State Practice

Published online by Cambridge University Press:  04 March 2019

Lianne J.M. Boer
Lianne J.M. Boer*
Affiliation:
Assistant Professor of Transnational Legal Studies at the Faculty of Law, Vrije Universiteit Amsterdam; Research Fellow at the Centre for the Politics of Transnational Law.
Rights & Permissions [Opens in a new window]

Extract

At first sight, the question that Dan Efrony and Yuval Shany ask in their article, A Rule Book on the Shelf?, makes sense. If a group of lawyers writes a legal manual for state legal advisors, the logical follow-up question would indeed be, do they use it? Do these “black-letter rules,” as the Manual itself terms them, actually “provid[e] international law advice” to states operating in cyberspace? Given the Manual's own claim that its “effort [is] to examine how extant legal norms apply” to cyber warfare, one may indeed wonder whether states have used the Manual as intended—as a manual.

Type
Essay
Information
AJIL Unbound , Volume 113 , 2019 , pp. 76 - 80
Creative Commons
Creative Common License - CCCreative Common License - BY
This is an Open Access article, distributed under the terms of the Creative Commons Attribution licence (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted re-use, distribution, and reproduction in any medium, provided the original work is properly cited.
Copyright
Copyright © 2019 by The American Society of International Law and Lianne J.M. Boer

Our goal is to say, “what is the law, right now”? It was June 2012, that was the date. In June 2012, “what is the law today?” Footnote 1

At first sight, the question that Dan Efrony and Yuval Shany ask in their article, A Rule Book on the Shelf?, makes sense. If a group of lawyers writes a legal manual for state legal advisors, the logical follow-up question would indeed be, do they use it? Do these “black-letter rules,”Footnote 2 as the Manual itself terms them, actually “provid[e] international law advice”Footnote 3 to states operating in cyberspace? Given the Manual's own claim that its “effort [is] to examine how extant legal norms apply” to cyber warfare,Footnote 4 one may indeed wonder whether states have used the Manual as intended—as a manual.

However, to ask whether states have “accepted,” “follow,” “reject,” or “maintain a ‘wait and see’ approach toward the Tallinn Rules”Footnote 5 does suppose that these are, in fact, rules. Though the authors remain notably quiet on what they think the status of the Tallinn Manual is, exactly, the repeated reference to the “Tallinn Rules,” the word “Rule Book” in the article's title, and even the capitalization of the word itself—“Rules”Footnote 6—all suggest that the authors consider the Manual to be at the very least “a normative point of reference.”Footnote 7 I don't question the correctness of that assumption. The point of this essay is not to assess whether the Manual “got the law right,” or to point out that the experts are “really” doing lex ferenda rather than lex lata.Footnote 8 I do argue, however, that the authors’ quiet acquiescence to what the Manual itself says it is becomes problematic when one considers the dictates of the Manual as a form. What I mean to say is that the Manual must claim, for reasons I will go into below, that it restates lex lata. This dictate of the form not only provokes the kind of research question that Efrony and Shany ask, but it also goes a very long way in predetermining their answers.

In order to show why this is the case, I will first ask what is implied in the Manual as a form for international legal writing. The second part of the essay then discusses the way Efrony and Shany themselves refer to the Manual. Their failure to question the Manual's form is problematic the moment we realize what follows from the claims the Tallinn Manual makes about what it is (for). This also means that the answer to their research question seems in some ways inevitable. In conclusion, perhaps we could even say that, however paradoxical it may seem, the demands of the Manual as a form preordain its own desuetude.

The Form of the Tallinn Manual

First, there is something to be said about the manual as a form. As Wouter Werner points out, an international law manual is not quite the same as a manual one would use when buying a new dishwasher or microwave.Footnote 9 In the first place, international law manuals such as the Tallinn Manual (but also, for example, the San Remo and Harvard Manuals) themselves are the product—which is also how the Tallinn Manuals’ director refers to them.Footnote 10 Whereas “[c]onsumer product manuals contain instructions on how to use something else,” the “product” in the case of the Tallinn Manual is the Manual itself.Footnote 11 Secondly, the rules listed in international law manuals are not simply “instructions” for “proper use.”Footnote 12 Instead, the claim is that these are “normative requirements” on the behavior of states when they engage in “armed conflicts at sea,” “air and missile warfare,” or, in the case of the Tallinn Manuals, cyber operations.Footnote 13

So the word “manual” as it features in the title of these international law manuals may be a misnomer compared to its normal linguistic use, but it is safe to say that the Tallinn Manual's drafters do intend it to be consulted by a very specific audience. The Manual itself says it is intended for “users,”Footnote 14 which it identifies as, for example, state legal advisors.Footnote 15 Importantly, this choice determines the scope of the law it deals with. Note how Michael Schmitt, the Manual's director, describes the Manual as “a restatement of the law. It does not make law. There is no effort to progressively develop the law.”Footnote 16 Elsewhere, he similarly states how the group of experts was “slave to lex [lata]” and how the experts “wanted to maintain fidelity to the law as we believe states would interpret it on that date.”Footnote 17 The date referred to in the presentation from which this quote is taken is June 2012.Footnote 18 A similar thing happens in the Introduction to the second Manual, published in 2017: there, the experts write how “[t]his Manual is meant to be a reflection of the law as it existed at the point of the Manual's adoption … in June 2016.”Footnote 19 In short, lex lata comes with a date.

There is a very good reason for this. Based on the form adopted by the Tallinn Manual, this strong emphasis on lex lata makes sense. The experts have to lay claim to applying “the law as it is”Footnote 20 to ensure the Manual is useful for its “customers.”Footnote 21 If you are a state legal advisor who must draft a memorandum for your secretary of state, lex ferenda doesn't get you anywhere: what you want to know is what the current state of the law is.Footnote 22 (Interestingly, the claim that the legal obligations outlined in the Manual basically reflect what states are already subject to also helps to understate the novelty of the attempt: in this way the experts can claim that the black-letter rules are really nothing new, that these are simply the rules that states were already bound by.Footnote 23) In other words, the need to give lex lata has everything to do with the manual as a “legal” form. Form dictates substance.Footnote 24

The Notion of a “Rule Book”

From the above it follows that Efrony and Shany's reference to the Tallinn Manual as a “Rule Book” is not that strange. They simply go along with what the Tallinn Manual claims that it is, referring to it as a “comprehensive regulatory scheme,” an “attempt … to adapt existing law to new circumstances” and “to extend the law by way of interpretation and analogy.”Footnote 25 They cannot frame their own inquiry in terms of “compliance”—that would elevate the Manual to a primary source, which is impossible given Article 38(1) of the Statute of the ICJ. Yet the verbs they use to describe states’ responses to the Manual only just fall short of this: they scrutinize whether states “follow” and “accept” (or not) the Tallinn Rules, “and whether their reactions [are] compatible with” what is outlined in the Manual.Footnote 26 Their elaborate case studies are designed to test “whether [states] have referred to their legal rights and obligations under international law, as reflected in the Tallinn Rules”Footnote 27; they want to “[explore] whether lex lata as identified by the international group of experts coincides with the ways in which states actually conduct themselves.”Footnote 28 A similar ambivalence is reflected in the choice of case studies. Excluded from its scope are cyber operations that took place before 2013, the date of publication of the first Tallinn Manual. At first sight this makes sense, as their question is to what extent states “follow” the Manual. Yet, if we adopt the Manual's logic that it simply restates customary law, and that there is “no effort to progressively develop the law,” there is no reason why cyber operations executed before 2013 should be excluded from the cases analyzed.Footnote 29 What states “follow,” if we go along with the Manual's autonarrative, is not the Manual, but existing law predating the Manual.Footnote 30

Based on these case studies, the authors conclude that there is a “gap”Footnote 31 between the rules given by the Manual and states’ legal responses to cyberattacks. The authors state that “the Tallinn Rules, which attempted to flesh out an existing regulatory framework, have been challenged as unfit to fully address the risks of cyberoperations, oblivious to important state interests, and non-reflective of the views held by all states.”Footnote 32

Yet on closer scrutiny we may wonder whether the questions asked by Efrony and Shany, as well as their conclusions, weren't somewhat inevitable from the outset. The premise of the Manual—that it states the law as it is—prompts questions such as whether states think so, too,Footnote 33 and whether in their actual behavior, purportedly measured by means of these case studies, they “invoke” or “rely on”Footnote 34 the Tallinn Manual. All this is due to the “manual” as a form. Moreover, to connect the substance of the law so firmly to a specific date almost necessitates taking into account the possibility of change. In another presentation on the first Tallinn Manual, its director says the following:

I will tell you, that I am a firm believer that this body of law will evolve, it will evolve quickly through state practice, because some of the Rules that we came up with that we say are the law, we believe they're the law, states are not going to be willing to accept … Armed attack is a good example. I am absolutely convinced that if the United States were to suffer a massive cyberattack that caused no damage or injury but massively disrupted our way of life, we would consider that an armed attack. I'm absolutely convinced.Footnote 35

The fact that lex lata comes with a date means that any deviance between state behavior and the Tallinn Manual can be countered by the experts by either claiming the law has changed (“we were right at the time”), or by referring to the greater legal leeway provided in the commentary to the black-letter rules. Their claims can only be fundamentally undermined the moment states start to say existing international law doesn't apply to cyberspace. But this also highlights the risk involved in framing one's efforts so very firmly as lex lata. From the claim to lex lata it also follows—as Efrony and Shany's article shows—that any “gap” between the “Tallinn Rules” and how states “legally” operate in cyberspace will raise questions such as whether the Tallinn group “got the law right”;Footnote 36 whether states are willing to allow for regulation of their cyberspace activities in the first place; whether cyberspace is simply too complex or “virtual” to be regulated; or whether the Manual is falling into disuse.Footnote 37 These are precisely the issues raised by Efrony and Shany; the questions they ask in their piece are exactly what may be expected following the Manual's claims to lex lata which, in turn, follow from the form chosen.

Conclusion

To ask whether the Tallinn Manual is doomed to desuetude skips the more fundamental question of how we came to speak of a “Rule Book” in the first place. We could instead go back to the beginning and ask how academic scrutiny of the Manual's use by states may result from adopting, without question, the way it is positioned by its drafters. The answer to the title of Efrony and Shany's article—A Rule Book on the Shelf?—may be largely dictated by the choice for a “manual” as a form. In other words, we may wonder whether a “Rule Book” such as the Tallinn Manual—precisely because of its form—may not run the risk of, indeed, lying on the shelf.

References

1 Duke University School of Law, LENS Conference 2013 | Michael N. Schmitt, The Law of Cyberwar: The Tallinn Manual, YouTube, 1.06:46 (Mar. 1, 2013) [hereinafter Lens 2013].

2 Michael N. Schmitt, The Tallinn Manual on the International Law Applicable to Cyber Warfare, Watson Institute for International Studies, Brown University, 21.07 (2013) [hereinafter Brown 2013].

3 Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations 2 (Michael N. Schmitt ed., 2017) [hereinafter Tallinn Manual 2.0].

4 Id. at 1; see also Tallinn Manual on the International Law Applicable to Cyber Warfare 5 (Michael N. Schmitt ed., 2013) [hereinafter Tallinn Manual].

5 Dan Efrony & Yuval Shany, A Rule Book on the Shelf? Tallinn Manual 2.0 on Cyberoperations and Subsequent State Practice, 112 AJIL 583, 596, 639 (2018).

6 On the use of capitals in the introduction of the m/Manual, see Roos van Keulen, Introducing a Critical Stylistic Analysis: How Linguistic Features Contributed to the Tallinn Manual's Power Position 34–35 (Vrije Universiteit Amsterdam, 2018).

7 Efrony & Shany, supra note 5, at 585.

8 A point of critique mentioned by Efrony and Shany, id. at 589.

9 Wouter G. Werner, Scripting the Future in Tallinn 2.0, in Law-Making and Legitimacy in International Humanitarian Law, draft at 16–20 (Heike Krieger ed., forthcoming 2019) (on file with the author). Parts of the following text are taken from Lianne J.M. Boer, International Law as We Know It: Cyberwar Discourse and the Construction of Knowledge in International Legal Scholarship chapter 5 (Dissertation, Vrije Universiteit Amsterdam, 2017).

10 Tallinn Manual, supra note 4, at 9, 11.

11 Werner, supra note 9, at 16–17.

12 Werner, supra note 9, at 16–18.

13 See the 1994 San Remo Manual, the 2009 Harvard Manual and the 2013 and 2017 Tallinn Manuals respectively. On “normative requirements” see Werner, supra note 9, at 19.

14 Tallinn Manual, supra note 4, at 6, 7.

15 HLS Program on International Law and Armed Conflict, Michael N. Schmitt: Pilac Lecture on Cyber Operations and IHL: Fault Lines and Vectors, 53.07 (Apr. 3, 2015) [hereinafter Pilac 2015].

16 US Naval War College, Cycon 2012 | Michael Schmitt: Tallinn Manual Part I, 3.12 (June 5–8, 2012) [hereinafter Cycon 2012, Part I]. On restatements, see infra note 28.

17 Pilac 2015, supra note 15, at 55.26, 52.52. In the presentation from which this quote is taken, Schmitt misspeaks at 55.26 and says the experts were “slave[s] to lex ferenda,” but it is obvious from the context, as well as from other presentations and sources on the Tallinn Manual, that this is the opposite of what he intended to say. I have therefore changed it in the body text.

18 Lens 2013, supra note 1, at 1.06:46. Note how the introduction to the first Tallinn Manual states the drafting process finished in July 2012. See Tallinn Manual, supra note 4, at 10; Michael N. Schmitt, The Notion of “Objects” During Cyber Operations: A Riposte in Defence of Interpretive and Applicative Precision, 48 Israel L. Rev. 81, 82 (2015).

19 Tallinn Manual 2.0, supra note 3, at 2–3.

20 Tallinn Manual, supra note 4, at 5–6; Brown 2013, supra note 2, at 1.18:04. Efrony and Shany also refer to the debate about whether the Tallinn Manual in fact manages this distinction. See supra note 8. See also Nicholas Tsagourias, The Tallinn Manual on the International Law Applicable to Cyber Warfare: A Commentary on Chapter II – the Use of Force, 15 Y.B. Int'l Humanitarian L. 19, 40 (2012); Kenneth Watkin, The Cyber Road Ahead: Merging Lanes and Legal Challenges, 89 Int'l L. Stud. 472, 494–495 (2013); Michael J. Adams, A Warning About Tallinn 2.0 … Whatever It Says, Lawfare (Jan. 4, 2017); Lianne J.M. Boer, “Restating the Law ‘as It Is’”: On the Tallinn Manual and the Use of Force in Cyberspace, 5 Amsterdam L.F. 4 (2013). On the (im)possibility of this distinction in general, see Wouter G. Werner, International Law: Between Legalism and Securitization, in Security: Dialogue across Disciplines 196, 196 n.1 (Philippe Bourbeau ed., 2015). See generally Martti Koskenniemi, From Apology to Utopia: The Structure of International Legal Argument 470–71 (2005) (pointing this impossibility out in the context of customary law).

21 Cycon 2012, Part I, supra note 16, at 11.37.

22 Ingo Venzke, How Interpretation Makes International Law: On Semantic Change and Normative Twists 17 (2012); Werner, supra note 9, at 7, 8.

23 See also Werner, supra note 9, at 8; Oliver Kessler & Wouter Werner, Expertise, Uncertainty, and International Law: A Study of the Tallinn Manual on Cyberwarfare, 26 Leiden J. Int'l L. 793, 805 (2013); Wouter Werner & Lianne Boer, ‘It Could Probably Just as Well Be Otherwise’: Imageries of Cyberwar, in Risk and the Regulation of Uncertainty in International Law 39 (Mónika Ambrus et al. eds., 2017). On this “interventionist legal thought,” and “law-stretching instead of law-making,” see Jean d'Aspremont, Cyber Operations and International Law: An Interventionist Legal Thought, 21 J. Conflict & Security L. 575 (2016), especially Section 3.

24 For a different take on the dictate of the form of the manual, see Werner, supra note 9.

25 Efrony & Shany, supra note 5, at 584, 583.

26 Id. at 596, 631, 587.

27 Id. at 597.

28 Id. at 593 (emphases added).

29 This ultimately goes back to what it means to “restate” the law in a new form and the impossibility of not saying something new. See Werner, supra note 9, at 8 (pointing out that the experts “claim that it does not matter who restates the rules; it only matters whether existing rules are correctly reproduced”).

30 Werner, supra note 9, at 8.

31 Efrony & Shany, supra note 5, at 586.

32 Id. at 652.

33 Id. at 648.

34 Id. at 648, 604.

35 Lens 2013, supra note 1, at 1.06:54.

36 Cycon 2012, Part I, supra note 16, at 6.40.

37 As suggested by Efrony & Shany, supra note 5, at 652.