cybersecurity Archives - College of Law

Link to site home page College of Law

cybersecurity

TU Law professor explores the role of U.S. and international law to mitigate foreign interference in elections

If Russia’s interference in the 2016 United States presidential election was a challenge, in 2020 it is set to become even more brazen and sophisticated in the Kremlin’s attempt to get President Trump re-elected. The University of Tulsa College of Law’s Ido Kilovaty focuses on how U.S. and international law could be used to mitigate the threat of election interference. “While there isn’t a silver bullet solution that could fully address and prevent election interference in the digital era,” Kilovaty observed, “some portions of U.S. and international law may offer some relief.”

Kilovaty is the inaugural Zedalis Family Fund Professor of Law. This professorship was generously created by former TU Law Professor Rex Zedalis in order to promote excellence in instruction and scholarship at the college. Kilovaty currently teaches courses in cybersecurity law and policy, computer crime law, international law and technology law.

Professor Ido Kilovaty teaching in a TU College of Law classroom
Professor Ido Kilovaty

An expert in cybersecurity law, cybercrime and international law and cyberspace, Kilovaty has published extensively in these areas in, for example, Ohio State Law Journal, Berkeley Technology Law Journal, Harvard National Security Journal, UC Irvine Law Review (forthcoming) and Tennessee Law Review (forthcoming). “Ido Kilovaty is one of the most exciting voices in the country on cyberlaw,” said Oona Hathaway, the Gerard C. and Bernice Latrobe Smith Professor of International Law at Yale Law School. “His combination of technical know-how, creative vision and deep understanding of the law allows him to see things that others miss. He is writing up a storm and, in the process, helping to create and shape a new field of cybersecurity law.”

“Non-intervention” in the digital age

At present, Kilovaty is studying how U.S. law could adapt to the increasing volume of availability attacks, such as distributed denial-of-service and ransomware; how private tech companies are setting the agenda for international cybersecurity norms; and the ways human rights law applies to extraterritorial state-sponsored activities. This last topic directly pertains to the threat of Russian interference in U.S. elections.

International law prohibits states from coercively interfering in each other’s domestic affairs, whether social, political or economic. This is often referred to as “non-intervention.” Any election interference that reaches a certain level of magnitude and coercion would, therefore, be in violation of international law. However, Kilovaty’s research has found that the application of this longstanding norm is not as straightforward as it might seem.

graphic illustration of a ballot box protected by key terms in Kilovaty's argument“While cases where one state tells another state ‘Do X, or else’ may offer a clear-cut example of prohibited intervention, the use of political bots, disinformation, and distribution of sensitive documents may not necessarily reach the requisite level of ‘coercion’ required by non-intervention,” he explained. “This really calls us to reconsider what non-intervention ought to mean in the digital era, where acts of interference may be harmful despite the fact that they do not reach the level of coercion required by international law.”

Kilovaty published an article about non-intervention and election interference in 2018 in the Harvard National Security Journal. Since then, however, he has become convinced that the legal answer may come from a different direction.

“Non-intervention is still good law, but it’s not great,” Kilovaty opined. “That is because it misses a substantial portion of state-sponsored acts, such as election interference through cyberspace, which do not fit the centuries-old criteria of the law.”

The human right to cybersecurity

Kilovaty now proposes a different – better – approach: international human rights law, which looks at the specific individual rights that are violated when states interfere in each other’s political processes.

To bolster this contention, Kilovaty has argued for the recognition of a new human right: the human right to cybersecurity. Part of his research program at present entails exploring whether states should be obligated to respect the human rights of individuals outside of their territory. “For example,” he remarked, “is Russia under the obligation to respect the human rights of Americans, and vice versa? The answer, I argue, should be ‘yes.’”

The role of computer crime and cybersecurity law

But the overall legal approach to tackle election interference, Kilovaty believes, cannot be limited to international law. U.S. computer crime law and cybersecurity law also have their respective roles to play in addressing foreign election interference.

On Kilovaty’s account, computer crime law may provide some degree of deterrence, albeit limited. “Special Counsel Robert Mueller’s indictment of 12 Russians involved in the Democratic National Committee hack illustrated the strengths and weaknesses of reliance on the domestic criminal justice system to address foreign election hacking.”

Similarly, Kilovaty believes that cybersecurity law may be used to improve the overall cybersecurity of election infrastructure in a way that decreases the likelihood of successful foreign election interference. “At the end of the day, if hackers can find a vulnerability in a voting machine, they are able to exploit it. If they can’t find vulnerabilities, then interference becomes much more difficult. The role of cybersecurity law is to provide incentives for good security practices and sanction those that are not taking their cybersecurity seriously. On a more individualistic level,” he remarked, “if we are able to secure our own devices, and become more judicious of what we read online, then that would similarly decrease the efficacy of any election interference attempts.”

Overall, Kilovaty contends, there is a lot the law can do to address election interference, but it cannot be a one-size-fits-all solution. Different areas of law, both domestic and international, will have to be adapted in concert with each other to effectively deter, prevent and mitigate election interference in the digital era.

Prepared. Practiced. Proven. These are TU Law’s promises to every student. Apply today to begin your own journey toward a successful legal career.

Cybersecurity law scholar Ido Kilovaty joins TU Law

Cybersecurity scholar Ido Kilovaty joins TU as the Frederic Dorwart Endowed Assistant Professor of Law.

Ido Kilovaty has been appointed to hold the Frederic Dorwart Endowed Assistant Professor of Law position at The University of Tulsa College of Law. He will teach cybersecurity law, internet law and international law.

Kilovaty comes to TU from Yale Law School where he was a Cyber Fellow for the Center for Global Legal Challenges, a Resident Fellow for the Information Society Project, and involved in co-teaching a course titled, “The Law & Technology of Cyber Conflict” offered both to law students and computer science majors.

“I am delighted to be joining The University of Tulsa College of Law,” said Kilovaty. “I am very much looking forward to be working with the outstanding faculty and students at Tulsa.”

Focuses on domestic and global cybersecurity.

Kilovaty studies the connection between technology, law and policy, with a focus on domestic and global cybersecurity. His recently authored “Freedom to Hack” which proposes a solution of ethical hacking for the improvement of smart-device security is forthcoming in the Ohio State Law Journal. He has also written on election interference through cyberspace, “Doxfare: – Politically Motivated Leaks and the Future of the Norm on Non-Intervention in the Era of Weaponized Information” appearing in the Harvard National Security Journal (2018).

Kilovaty’s recent scholarship includes – “NATO, ICRC, and the U.S. –Direct Participation in Hacktivities under International Humanitarian Law” (Duke Law & Technology Review); “World Wide Web of Exploitations—Peacetime Cyber Espionage under International Law” (Columbia Science & Technology Law Review); “Virtual Violence: Disruptive Cyber Operations as ‘Attacks’ under International Humanitarian Law” (Michigan Telecommunications & Technology Law Review). Kilovaty has also published op-eds and essays in the Harvard Law Review Blog, Lawfare, Just Security, WIRED, and TechCrunch.

At Yale Law, Kilovaty developed a project to connect the legal and technical aspects of cybersecurity.

At Yale Law School, Kilovaty developed a cross-disciplinary project on cybersecurity bringing together lawyers, policymakers, and technology experts to engage in constructive discourse on the current state of affairs on cybersecurity law and policy. The project was a collaboration between Yale Law School and Yale University’s Department of Computer Science designed to bridge the gaps between the legal and technical aspects of cybersecurity.

Kilovaty earned his Doctor of Juridical Science (S.J.D.) degree from Georgetown University Law Center, his Master of Laws (LL.M.) from the University of California Berkeley School Of Law, and his Bachelor of Laws LL.B.) from the Hebrew University of Jerusalem.