There is a paucity of literature dealing with these issues as well as the ethical and human rights implications of IW on national security. Treatments of IW outside the orthodox IHL framework are nearly non-existent. This is strange since both IHL and IHRL are aimed at protecting the integrity of the human person, but take different approaches towards that end. IHL norms operate within the spatial and temporal constraint of an international armed conflict occurring between two or more states. The body of law assumes that harm will occur, and seeks only to limit the extent of harm.14 In contrast, IHRL norms traditionally operate in peacetime during law enforcement investigations in which investigation is individual, and liability is criminal. Reciprocity in the IHRL context, then, is far less important, whereas IHRL norms are continuous, meaning that the state is accountable through transparent processes. As a result of this confusion and overlap, it is currently unclear what legal rights a state has as a victim of a cyber attack. Even if Estonia could conclusively prove that it was Russia behind the March 2007 attack, could it respond with force, or its own cyber attack? These questions underscore the tension between classifying cyber attacks as merely criminal, or a matter of national security.
The transnational nature of IW suggests that while international legal norms found in the contemporary U.N. Charter law are helpful, the existing treaty framework is insufficient for reaching acceptable solutions to this security dilemma.15 As a result, two options exist – create a new treaty system from whole cloth, or adapt current treaty regimes. This paper will advocate that the best way to ensure a
14 The Hague and Geneva Conventions rely on this system of immediate reciprocity between states.
15 Christopher C. Joyner & Catherine Lotrionte, Information Warfare as International Coercion: Elements of a Legal Framework, 12 Nov. 5 EJIL 835, 865 (2001) (arguing that clearer rules are needed for what self defense responses are permissible to cyber attacks and how international institutions might facilitate the attainment of these objectives.).