Date : 11/13/2019 2:45:54 PM
From : "Gary Corn"
To : "Cedric Yehuda Sabbah"
Cc : "Peterson, Chantelle MS" , "Jennifer Daskal" , "Hathaway, Oona" , "Young, Tara MRS 1" , "Gaby B" , "Stephanie Pell" , "Doug W"
Subject : Re: Logistics and Planning for CyCon: Wed Nov. 20 [SEC=UNCLASSIFIED]
 All,

Jen and I discussed. I will do a little stage setting, both from the perspective of the way states have been operating through the medium of cyberspace and the types of operations that information technology enables:  against the functionality of computational systems and the broader systems that rely on computers (e.g., SCADA and critical infrastructure attacks); against the availability, integrity, and reliability of information (data) (from espionage, to law enforcement collection, to altering or denying availability of data to those who rely on it for decision making); and against thought processes via dissemination and amplification of propaganda, disinformation, etc.)  Each of those buckets present different legal and policy challenges that we can then take up.  Having been involved in those discussions within gov't, I’ll offer my perspectives as appropriate.

Best,
Gary

On Nov 13, 2019, at 9:31 AM, Cedric Yehuda Sabbah <YehudaC@justice.gov.il> wrote:

Hi all,
I intend to address the subject from a perspective of government policy making. I hope to draw from examples mainly in law enforcement and cybersecurity, to suggest a nuanced approach. Referring to the points below, I can discuss:
·         Ways in which states need access to data across borders to protect their own sovereign interests (law enforcement/national security/cybersecurity)
·         Broader implications for our understanding of / assessment of core sovereign interests, the sovereign-territorial link, and the importance of territoriality in international law?
Best,
Cedric
 
 
From: Peterson, Chantelle MS [mailto:chantelle.peterson@defence.gov.au] 
Sent: Wednesday, November 13, 2019 1:00 PM
To: 'Jennifer Daskal'
Cc: 'Hathaway, Oona'; 'Gary Corn'; Cedric Yehuda Sabbah; Young, Tara MRS 1; 'Gaby B'; 'Stephanie Pell'; 'Doug W'
Subject: Re: Logistics and Planning for CyCon: Wed Nov. 20 [SEC=UNCLASSIFIED]
 

UNCLASSIFIED

Hi Jen,
 
To round out what Oona and Doug are covering, I am happy to touch on:
   Policy questions – at what point should state consent be required?  Consent of whom?
o   Law enforcement access 
o   CT operations
o   Intelligence gathering that involves/requires persistent presence in networks/systems?
If helpful I can also briefly discuss the recent changes in Australia’s espionage and foreign interference laws and the policy approach to foreign influence and interference. I can present my personal views on how these policy settings, while related to Australia’s statement on the application of international law to cyberspace, reflects broader national interest considerations, not just sovereignty as understood through the lens of prohibited intervention.
 
Kind regards,
Chantelle

 

Sent from my iPad


On 12 Nov 2019, at 1:22 am, Doug W <douglas.wilson@gchq.gov.uk> wrote:

Jen –
 
Thanks.
 
I would probably touch on either or both of the following, which I see as inherently overlapping:
?         Ways in which states seeking to manipulate data across borders for geopolitical advantage (election interference, economic espionage, etc.); range of tools/responses
?         Ways in which states need access to data across borders to protect their own sovereign interests (law enforcement/national security/cybersecurity)
 
And I would hope to offer or explain the UK official view on this topic, albeit I could do so v briefly:
?         International law questions – when permissible to reach across borders to access and manipulate data in absence of host state consent?
 
For what it’s worth, my answer to Oona’s fair question would be “all of the above, and then some”.
 
Doug
 
Douglas Wilson
Director Legal Affairs and International Relations
 
 
 
From: Hathaway, Oona <oona.hathaway@yale.edu> 
Sent: 09 November 2019 19:05
To: Jennifer Daskal <jdaskal@wcl.american.edu>; Gary Corn <gcorn@wcl.american.edu>; Cedric Yehuda Sabbah <YehudaC@justice.gov.il>; Doug W <douglas.wilson@gchq.gov.uk>; chantelle.peterson@defence.gov.au
Cc: Young, Tara MRS 1 <tara.young1@defence.gov.au>; Gaby B <gaby46862@gchq.gov.uk>; Stephanie Pell <stephanie@stephaniepell.net>
Subject: Re: Logistics and Planning for CyCon: Wed Nov. 20
 
Thanks for this, Jen.  I think I’m most likely to be able to contribute on the international law questions: “International law questions – when permissible to reach across borders to access and manipulate data in absence of host state consent?”  
 
It might help me to have a sense of what, precisely, we mean here by “manipulate data.”  Destroy data? Preposition malware? Exfiltrate data? Manipulate data so that there are physical effects (e.g. Stuxnet)? Information ops? Election interference? Each of those, as you know very well, raises different legal questions.  If others who are speaking about the first topic were willing to share what they intend to cover, that would help me prepare.
 
Looking forward to seeing you all in a couple of weeks,
Oona
 
 
 Oona A. Hathaway
Gerard C. and Bernice Latrobe Smith Professor of International Law, Yale Law School
Counselor to the Dean
Professor of International and Area Studies, MacMillan Center, Yale University 
Faculty, Jackson Institute for International Affairs, Yale University
Professor, Yale University Department of Political Science
Twitter: @oonahathaway 
Co-author of The Internationalists
 
 
 
 
 
From: Jennifer Daskal <jdaskal@wcl.american.edu>
Date: Saturday, November 9, 2019 at 1:01 PM
To: Jennifer Daskal <jdaskal@wcl.american.edu>, Gary Corn <gcorn@wcl.american.edu>, Cedric Yehuda Sabbah <YehudaC@justice.gov.il>, "douglas.wilson@gchq.gov.uk" <douglas.wilson@gchq.gov.uk>, "Hathaway, Oona" <oona.hathaway@yale.edu>, "chantelle.peterson@defence.gov.au" <chantelle.peterson@defence.gov.au>
Cc: "Young, Tara MRS 1" <tara.young1@defence.gov.au>, "gaby46862@gchq.gov.uk" <gaby46862@gchq.gov.uk>, Stephanie Pell <stephanie@stephaniepell.net>
Subject: Logistics and Planning for CyCon: Wed Nov. 20
 
Cedric, Chantelle, Doug, Gary, Oona – 
 
I am so looking forward to seeing you all in less than two weeks at CyCon.  I am writing with some logistics and planning information.
 
Logistics
Our panel - Data & Sovereignty - is scheduled from 9:00am-10:30am on Wednesday, Nov. 20th in Salon H of the Crystal Gateway Marriott, 1700 Richmond Highway, Arlington, Virginia.
We all need to arrive no later than 8:45am at Salon H to get mic’d up. 
 
 
Run of Show
 
We have 90 minutes and will want to save some time for questions – meaning not enough time for all there is  to discuss!
 
Here’s my proposed run of the show:
 
(1)    Opening Remarks: We will start with short presentations (no more than 5 minutes each) situating your work and perspective and laying out what you see as the key challenges and issues.  It would be helpful if you could each send me a few bullet points by Wed. Nov. 13 of the core issues you intend to address.  That will help me figure out the order for the initial interventions and follow-up questions.
 
(2)    Moderated discussion (approx. 30-40 minutes).  
 
Among the core issues I would like to address are the following:
?         Ways in which states seeking to manipulate data across borders for geopolitical advantage (election interference, economic espionage, etc.); range of tools/responses
?         Ways in which states need access to data across borders to protect their own sovereign interests (law enforcement/national security/cybersecurity)
?         International law questions – when permissible to reach across borders to access and manipulate data in absence of host state consent?
?         Policy questions – at what point should state consent be required?  Consent of whom?
o   Law enforcement access 
o   CT operations
o   Intelligence gathering that involves/requires persistent presence in networks/systems?
?         Broader implications for our understanding of / assessment of core sovereign interests, the sovereign-territorial link, and the importance of territoriality in international law?
 
It would be hugely helpful if you would identify which, if any of these topics, you would be prepared to discuss.  And if and what additional or specific questions you would like me to ask.
 
(3)    Q and A: 15-20 minutes
 
Once I hear from all of you I will revert back next week with a more detailed run of show.
 
I look forward to seeing you all and to the discussion.  Please also let me know if you have any questions or concerns.
 
Best, 
Jen
Jennifer Daskal
Professor & Faculty Director, Tech, Law, Security Program
American University Washington College of Law
Twitter: @jendaskal
 
****************************************************************************

Communications with GCHQ may be monitored and/or recorded for system efficiency and other lawful purposes. Any views or opinions expressed in this e-mail do not necessarily reflect GCHQ policy. This email, and any attachments, is intended for the attention of the addressee(s) only. Its unauthorised use, disclosure, storage or copying is not permitted. If you are not the intended recipient, please notify postmaster@gchq.gov.uk

This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under other UK information legislation. Refer disclosure requests to GCHQ on 01242 221491 ext 30306 (non-secure) or email infoleg@gchq.gov.uk

****************************************************************************
IMPORTANT: This email remains the property of the Department of Defence. Unauthorised communication and dealing with the information in the email may be a serious criminal offence. If you have received this email in error, you are requested to contact the sender and delete the email immediately.