Do we need a Digital Geneva Convention?
At the Geneva summit, President Biden told President Putin that “we need to set basic rules of the road” when it comes to cyberattacks. Microsoft’s chief legal officer has called for the major states to go a step further and agree a “Digital Geneva Convention” that sets out the rules of cyber conflict.
The legal experts we spoke to are sceptical that such a treaty will ever happen. “Strictly speaking, we don’t need a treaty,” said Dias. “You already have rules that apply by default to cyber, it’s only a matter of fleshing them out. And understanding how they apply.”
Dias argues that having lawyers patch together existing law, which has evolved over time, the cyber rules of the road could actually be more clearly established. In fact, this is a process that is already ongoing. In recent years, governments around the world, both Western and non-Western, have released position statements, essentially outlining their view of the “rules” of cyber-conflict. While no one is forging formal agreements, the existence of the statements help other governments understand each other, and how hostile cyber actions may be received.
Similarly, the United Nations has convened a “group of governmental experts” to consult on the legal issues around cyber conflict, while legal academics are already hard at work on a new edition of the Tallinn
Manual, which will go further in defining how existing international law works in the cyber arena. “If you start with a treaty, you may be forgetting the fact that there already is law,” explained Schmitt. “It may actually be a step backwards.”