Economics

  • Americas
    Taking on Corruption in Latin America
    2015 is shaping up to be the anti-corruption year for Latin America. After resigning last week in the face of a growing corruption scandal, Guatemalan President Pérez Molina now faces trial and potentially jail. Investigations into government corruption have disrupted politics as usual in Brazil, Chile, and Mexico, while scandals continue to unfold in Argentina and Panama. The Dickens quote "it was the best of times, it was the worst of times” is perhaps too dramatic, but differences in how the cases are playing out across the region are quite striking. In Brazil and Guatemala, wide-ranging investigations have led to prosecutions and convictions of many of the nations’ most connected political and economic elites. In contrast, in Mexico, President Peña Nieto, the first lady, and the finance minister were recently cleared of conflict of interest allegations, and in Chile, President Bachelet’s son, Sebastián Dávalos, has so far evaded criminal charges in an influence-peddling scheme. The divergent outcomes are due in part to the differing nature of the alleged crimes. In Brazil and Guatemala, officials are charged with embezzling public funds. Through the use of wiretaps, email monitoring, and financial forensics, Brazilian prosecutors traced the flows of hundreds of millions of dollars that private companies overcharged the state-led energy company Petrobras for construction and service work, and then distributed among themselves and into political party coffers. And the Guatemalan president and the vice president are accused of running a customs fraud operation, pocketing tens of millions of dollars in import duties. The Chilean and Mexican cases on the other hand are about profiting from political access. In Chile, Caval, a company half-owned by Bachelet’s daughter-in-law, received a $10 million loan from Andronico Luksic through his Bank of Chile the day after Bachelet was reelected president. Her daughter-in-law and son then used the money to flip real estate, using insider information to buy land that was expected to quickly soar in value when the local government reclassified it for commercial development—reaping $5 million in profit. In Mexico, the president, first lady, and finance minister purchased homes from Grupo Higa, a construction conglomerate awarded hundreds of millions of dollars in public works contracts. The alleged links in both cases between favorable financial terms and political favors—and wrongdoing—are more difficult to prove than the embezzlement schemes. The divergent outcomes also reflect the importance of independent and tenacious prosecutors. Brazilian attorney general Rodrigo Janot and his team have gone after dozens of high profile suspects, including Eduardo Cunha, head of Brazil’s lower house of Congress; construction magnate Marcelo Odebrecht; and former President Lula da Silva, despite pushback from many economic and political leaders (President Rousseff has repeatedly supported the investigations). The enterprising Guatemalan attorney general Thelma Aldana has found a sophisticated and willing partner in the UN-backed and independent International Commission against Impunity in Guatemala (CICIG), using its ten years of experience building corruption cases to take on the nation’s highest ranking officials. This hasn’t been the case with Chile’s and Mexico’s more halting and limited prosecutorial investigations. In Chile, prosecutors have been slow in advancing the case against the Bachelet family, hindered by Dávalos ordering his computer erased before leaving the presidential offices at La Moneda. No whistleblowers have come forward; his former coworkers maintain their silence. In Mexico, the federal comptroller, an office created by and reporting to the president, led the investigation and limited its scope from the beginning. The comptroller cleared the president, the first lady, and the finance minister after determining that the property transactions pre-dated the administration and contract terms weren’t changed once they took office. In finance minister Videgaray’s case, the comptroller further decided that the intent to purchase (which occurred before he assumed his current office) mattered more than the signing and notarizing of documents. The investigation revealed the actual closing occurred months later and the cashing of the check didn’t happen until a few days before the Wall Street Journal broke the story. As Latin American nations work to break out of the middle-income trap, and struggle to grow in the face of global economic headwinds, the ability to take on corruption will increasingly matter. Corruption favors connections over quality, stifles entrepreneurship, and scares away foreign direct investment. This seems to be a lesson two of Latin America’s most open economies have yet to learn.
    by Shannon K. O'Neil September 10, 2015 Development Channel
  • Cuba
    Prospects for the Cuban Internet After the Normalization of U.S.-Cuba Relations
    The agreement to restore diplomatic relations and liberalize trade and travel between the United States and Cuba will have far-reaching implications for Cuba. The transformative potential of moving from Cold War-era hostility towards cooperation is particularly apparent for Cuba’s relationship with the Internet. The opening of relations will increase access Cubans have to the Internet and digital technologies, such as smartphones. However, what increased access should mean for Cuba is contested and will be a bellwether issue for how thawing relations change Cuban governance, commerce, and culture. Will Internet freedom ring from Havana to Santiago de Cuba, or will its communist leaders ensure that Cuba’s expanding cyberspace serves the revolution? Cuba, the Internet, and Normalizing U.S.-Cuba Relations As the Internet became globally important, Cuba has consistently ranked as one of the worst countries for Internet access and freedom. Cuba did not follow the example of other authoritarian countries, such as China and Russia, which significantly increased Internet access and maintained government control over Internet use. The Cuban government has made efforts to increase Internet access and usage, but, even so, the International Telecommunication Union (ITU) estimates only around 25 percent of the population accesses limited, expensive, and strictly controlled Internet services. Other estimates state that only 5 percent of Cubans have direct access to the global Internet. In Freedom House’s 2014 “Freedom on the Net” rankings, Cuba was the world’s fourth worst country, barely better than only China, Syria, and Iran. This track record made the Internet an issue in the hostility between the United States and communist-led Cuba. Cuba blamed the U.S. embargo for its Internet problems, supported Chinese and Russian efforts in ITU negotiations to weaken U.S. influence on Internet governance, and backed Latin American countries that offered Edward Snowden asylum. As it did with radio and television, the United States attempted to use Internet-enabled technologies to provide Cubans access to uncensored information. In April 2014, the press disclosed a covert U.S. program to create a “Cuban Twitter,” called ZunZuneo, designed to help undermine Cuba’s government. As part of the deal to open relations, the United States agreed to loosen trade restrictions on exports of telecommunications equipment and services, believing this decision would increase Cuban Internet access and freedoms. Cuba undertook to increase access, and, in June 2015, announced plans to create thirty five public WiFi hotspots around the country and reduce the costs of going online. Cuba Cyber Libre? Although increasing Internet access is on the U.S.-Cuba agenda, what purposes it serves remain contentious. One perspective sees U.S. support for increased access as important in freeing Cubans from communist rule. In May 2015, House and Senate bills for a Cuba Digital and Telecommunications Advancement Act (Cuba DATA Act) were tabled to facilitate U.S. exports. In announcing the Senate version, Senator Jeff Flake (R-AZ) stated that “this bill paves the way for the Cuban people to have more freedom by having the Cuban economy enter the digital age.” U.S. critics of the normalization of relations do not believe it will lead to greater freedom for Cubans in cyberspace. One critique blasted the Cuba DATA Act because it would strengthen the Cuban government’s telecommunications monopoly, which “works with the secret police . . . tapping phone lines, monitoring conversations, censoring the Internet and persecuting Cubans discovered with homemade satellite dishes.” Disagreements about whether U.S. engagement with Cuba will foster Internet freedom mirror the larger debate pitting those who want to keep Cuba under political and economic pressure and those who believe this strategy has failed. Che-berspace? By agreeing to normalize relations with the United States, Cuba’s leaders have not given up on communism and the revolution led by Fidel Castro and Che Guevara. Despite decades of U.S. enmity and the devastating collapse of Soviet support in the early 1990s, the communist party has maintained its grip on power. No doubt Cuba’s leaders believe they can re-engage with the United States without losing control. Cuba has friends, including China, from which it can learn how to increase Internet access without embracing Internet freedom. Indeed, just before the Cuba DATA Act was tabled, news stories reported Cuba was talking with China’s Huawei about investing in Cuba’s new digital economy. Cubanet? A third perspective emphasizes that ordinary Cubans should determine the future of their Internet. Tech-savvy Cubans have been finding ways to circumvent censorship, creating a digital culture at the grass roots. Just as these Cubans do not want more government repression, they might not want Internet freedom and digital commerce as determined by the United States or dictated by the U.S.-Cuba rivalry. Two Cuban experts warn that, as Cuba begins a new phase in its relationship with the Internet, “it will be important to keep in mind what Cubans want and need—and not what we think they do.”
    September 10, 2015 Net Politics
  • Global
    The World Next Week: September 10, 2015
    Podcast
    U.S. Congress debates the Iran deal; the EU holds an emergency summit on the migrant crisis and the U.S. Federal Reserve meets to discuss interest rates. 
    Podcast with James M. Lindsay and Robert McMahon September 10, 2015 The World Next Week
  • Asia
    Women Around the World: This Week
    Welcome to “Women Around the World: This Week,” a series that highlights noteworthy news related to women and U.S. foreign policy. This week’s post, from September 2 to September 8, was compiled by Valerie Wirtschafter and Ariella Rotenberg. Restrictions permanently lifted on women in Army Ranger School Last month, Captain Kristen Griest and 1st Lieutenant Shaye Haver became the first women to graduate from Army Ranger School. They began Ranger School as part of a one-time, trial class of 19 women and 381 men. Following their success, the Army announced last week that it would move to open Ranger School to women permanently. The Army’s decision to open the doors to Ranger School comes at a time when military leaders are debating how and to what extent they will integrate women into certain combat positions that remain closed to female soldiers. By January 1, 2016, the secretary of defense will decide if all positions will open to women or provide justification for seeking an exemption. Japanese government passes bill to promote the role of women in the workplace The Japanese government recently passed legislation requiring any company with more than 300 employees to set numerical targets for the employment and promotion of women. Those same companies will be required to disclose their targets and progress publicly. As part of Prime Minister Shinzo Abe’s promotion of “womenomics,” the law aims to address significant gender disparities in the workplace, including in management positions. There are no specific numerical requirements written into the law itself, but companies are asked to determine their own targets. Some experts say the lack of concrete targets softens the impact of the new law, while others argue that allowing companies to set their own goals will be more effective. The government has incentivized the success of the program by offering preferential bids for government contracts to companies that achieve their goals. The law will go into effect on April 1, 2016. Twentieth anniversary of the landmark United Nations Fourth World Conference on Women Last week marked the twentieth anniversary of the United Nations (UN) Fourth World Conference on Women in Beijing, where then-U.S. First Lady Hillary Rodham Clinton famously proclaimed that “women’s rights are human rights,” and one hundred and eighty-nine nations adopted the Beijing Declaration and Platform for Action. Two decades later, the world has seen significant progress in removing barriers to gender equality, but serious gaps still remain. To commemorate this anniversary, the Chinese government—despite its recent actions against women’s rights activists in China—plans to co-host a UN summit on gender equality and women’s empowerment with UN Secretary General Ban Ki-Moon in New York City. In the lead up to this event, high profile figures in the U.S. government, including U.S. Ambassador to the UN Samantha Power, are  drawing attention to women around the world who are held unjustly as political prisoners through the “FreeThe20 Campaign.”
    by Guest Blogger for Women Around the World September 9, 2015 Women Around the World
  • Economics
    Closing the Gender Credit Gap
    On Labor Day, the governments of the United States and Canada recognize and celebrate the achievements and contributions of workers—female and male alike. And women’s economic contributions in these countries are well-documented: the increase in women in the U.S. labor force over the past several decades, for example, has led to more than $3.5 trillion in economic growth. Yet despite clear evidence that women’s economic participation is an important—and largely underutilized—driver of economic growth, in many countries women continue to face barriers that undermine their economic potential, including limited access to credit, savings accounts, loans, and other financial services. Access to finance is often cited as the greatest constraint for all small and medium enterprises (SMEs) in low-and middle-income countries. Studies show, however, that this challenge is far more acute for women-owned businesses. Eight to ten million SMEs now boast at least one female owner, but according to the World Bank, approximately 1.3 billion women still live “largely outside the formal financial system.” The International Finance Corporation (IFC) estimates that at present an approximately $300 billion credit gap exists for female-owned SMEs. In a time of economic turmoil that has shaken markets from China to Greece, ensuring that women can fulfill their economic potential is more important than ever. In a twenty-first century global economy, it is no longer tenable to leave the growth potential of half the world’s population untapped. The economic benefits afforded by promoting women’s access to finance are clear. As Goldman Sachs noted in a report released in 2014, Giving Credit Where it is Due, closing the gender credit gap could increase per capita growth rates by more than 110 bp—and per capita income by twelve percent on average—over the next fifteen years. In Brazil and Vietnam, the two countries with the largest gender credit gaps in the world, per capita income could increase by as much as twenty-eight percent. The report also cites another advantage of closing the gender credit gap: “[A]s female labor participation rates rise, countries can reap the benefit of a ‘double dividend’ as women are more likely than men to use their earnings and increased bargaining power to buy goods and services that improve the family’s welfare.” In light of this data, Goldman Sachs and the IFC collaborated to launch the Women Entrepreneurs Opportunity Facility (WEOF) in 2014. The Facility aims to help one hundred thousand women entrepreneurs in emerging markets access capital and other financial services in order to grow their businesses. At the Facility’s launch, Goldman Sachs and the IFC committed a combined $150 million to the WEOF out of a targeted total of $600 million. Encouragingly, the United States government has also thrown its weight behind this approach. During his trip to Africa earlier this summer, President Barack Obama announced that the Overseas Private Investment Corporation (OPIC)—the United States government’s development finance institution—would commit $100 million to the WEOF to help finance new projects that will promote women’s economic participation and support economic growth abroad. While the steps taken by Goldman Sachs, the IFC, and now OPIC are encouraging, the gender credit gap worldwide remains far too high. Economic policymakers focused on driving economic growth need to elevate this issue on the global agenda and encourage more investment and innovation in order to close the gender credit gap for good.
    by Rachel B. Vogelstein September 7, 2015 Women Around the World
  • Gender
    “Uberization” and “New” Economy Pose Old Dilemmas
    From New York City Mayor Bill de Blasio to presidential candidates—policy makers and analysts have been talking about the “uberization” of the economy as if it were a new phenomenon. Uber, TaskRabbit, Instacart, AirBnB, and RelayRides are just a few of the companies that make up what is increasingly being called the “sharing economy” (or, relatedly, the “gig economy”), in which technology facilitates and monetizes the sharing of particular tasks (“gigs”), services, and goods. This emerging sector has become popular and controversial, with critics and proponents debating the trade-offs between the regulation of the formal economy, on the one hand, and the flexibility and innovation of these emerging sectors within the informal, less regulated economy, on the other. While New York City Mayor de Blasio tried (unsuccessfully) to reign in Uber’s expansion in the Big Apple this summer, the sharing economy has drawn comments more broadly from both democratic and republican presidential contenders. As a pioneer in what has been touted as a “new” economy, Uber itself has become iconic, as it has entered more than 60 markets (ranging from San Francisco to Berlin to Tokyo). According to Reuters in 2014, leaked financials indicated that the company was generating $200 million a year in revenue beyond what it pays to drivers. Meanwhile, Uber is in court fighting against drivers who want to be classified as “employees” – rather than contractors – and who want greater benefits that go along with being considered a regularly employee. Democratic presidential candidate Hillary Clinton recently criticized Uber for not giving workers benefits, commenting: “Many Americans are making extra money renting out a spare room, designing a website ... even driving their own car. This on-demand or so called ‘gig’ economy is creating exciting opportunities and unleashing innovation, but it’s also raising hard questions about workplace protections and what a good job will look like in the future.” Republican presidential candidate Jeb Bush, on the other hand, made a point of hailing an Uber in San Francisco this summer to demonstrate his support for the ride-sharing firm and the on-demand economy, in which app-driven services are seen as an example of unfettered market activity that is free of the intrusive, cumbersome hand of government regulation. The sharing economy began to grow in popularity during the financial crisis—a time when people were looking for new ways to both save and make money. Obtaining goods and services via the sharing economy has become cheaper and easier than traditional options. It has allowed renters and sellers to monetize sharing activities, like renting out a room, sharing a car ride, or selling personal shopping services, and created opportunities for people to supplement their income or stitch together a full-time income through part-time work. Yet, this emerging economy is essentially rooted in the informal sector and lacks government oversight and labor protections found in the formal economy. What is missed in the broader debate is that the conundrums posed by these trade-offs are not new. In fact, these dilemmas demonstrate what has been an old quandary experienced disproportionately by women. Around the world, women have long been a dominant force in the informal economy, and the sharing activities that are a part of the informal sector. Women run day care out of their homes, provide cleaning services to neighbors, and car pool to soccer and other after-school events. From nannies to domestic workers to soccer moms, women in the informal sector hold a range of paid and unpaid “jobs.” These jobs, like those in the growing sharing economy, are often unregulated and leave workers vulnerable. Women are easily exploited and can be as quickly fired as they are hired, lack formal work contracts, and do not have access to employee protections like health insurance. They are also often paid well below a livable wage–some are not even paid at all. What is new is that with new communication technologies and social media, entrepreneurs in the sharing and gig sectors can reach more customers – and more rapidly – than ever before, with a simple swipe of a smart phone. In the “new” sharing and gig economies, which are dominated by Silicon Valley start-ups, companies have resisted providing workers with many of the protections found in the formal economy including health insurance, retirement benefits, or a guaranteed wage. What lessons can we learn from the experiences of women around the world? Women working in the “informal economy” provide services and goods at a lower cost. This means that making a livable wage depends on how many jobs they can complete or how many clients they receive. Income and availability of work is less predictable, even as work schedules are more flexible. The risk is that clients and jobs can disappear quickly, leaving workers unemployed with none of the protections or stability of the formal economy. The informal economy – and the women who work in this sector – is an important but neglected part of the global economy. Economic activity from the informal sector is not included in common economic indicators like gross domestic product (GDP). The United Nation’s proposed post-2015 sustainable development goals #8 calls for a number of “practical and measurable targets” concerning labor protections as a way of achieving its aim to “promote sustained, inclusive, and sustainable economic growth, full, and productive employment and decent work for all.” As the debate over the “uberization” of the economy continues in New York City and nationally in the U.S. presidential race, policy makers might look to the global debate – and the long experience of women in the informal sector – to determine how all workers can benefit from basic, humane labor protections, while consumers can continue to enjoy the advantages of greater cost-sharing, flexibility, and innovation which the informal, sharing, and gig economies provide.
    by Catherine Powell September 3, 2015 Women Around the World
  • China
    Gauging the Fallout From the Chinese Market Shock
    Beyond China’s market upheaval is a country struggling with how to relax state control over the economy amid a slowdown that has global implications, writes CFR’s Robert Kahn.
    with Robert Kahn and James McBride September 1, 2015
  • Americas
    This Week in Markets and Democracy: Tackling Corruption in Guatemala, Snap Elections, and AGOA’s Challenges
    CFR’s Civil Society, Markets, and Democracy (CSMD) Program highlights noteworthy events and articles each Friday in “This Week in Markets and Democracy.”  International Anticorruption Efforts Seem to be Working in Guatemala A far-reaching battle against government corruption is unfolding in Guatemala. Prosecutors have uncovered a widespread customs bribery ring through the use of wiretaps, email interceptions, close monitoring of individuals, and financial analyses. They accuse government officials of siphoning off tens of millions of dollars in import duties. Evidence suggests that the fraud’s biggest beneficiaries have been Vice President Roxana Baldetti (who resigned and is awaiting trial), and President Otto Pérez Molina, who so far is resisting demands for his resignation. Whether now or later, it is quite likely both will face jail time—a first for this nation and all of Latin America. These investigations should hearten international anticorruption fighters, showing that international efforts can make a difference even in places with weak institutions and long legacies of graft and impunity. Leading the charge is the International Commission against Impunity in Guatemala, or CICIG. Founded in 2006, CICIG is a UN-funded independent prosecutor’s office (the United States has contributed some $25 million since its formation) dedicated to strengthening Guatemala’s judicial and security institutions. In this latest and most ambitious case, CICIG’s head, Colombian-born prosecutor Iván Velásquez Gómez, has worked closely alongside the Guatemalan public prosecutor’s office, bolstering their investigations into government corruption. CICIG’s success has led to calls by citizens of El Salvador and Honduras for their own version of the organization. How Democratic Are Snap Elections in Turkey and Greece? In the past week, both the Greek and Turkish governments have called snap elections. With ruling Syriza party ranks split over heavy austerity measures, Greek Prime Minister Alexis Tsipras resigned and called for new elections September 20th. In Turkey, where the neighboring Syrian war and Kurdish insurgency threaten stability, President Recep Tayyip Erdogan called parliamentary elections for November, and designated his hand-picked successor, Ahmet Davutoglu, as interim Prime Minister to oversee the vote. Scholars tout the benefits of this parliamentary electoral mechanism, enabling leaders to avoid gridlock or a lame duck administration (both perils of presidential electoral regimes). Yet politicians use these elections strategically—dictating the schedule to maintain their political advantage at times in ways that do little to further democratic inclusion or legitimacy. In Greece, Tsipras looks to shuffle his coalition, abandoning the anti-austerity platform that brought him to power last February. The quick turnaround leaves little time for other parties to form a government or rally around voter opposition voiced in a July referendum. Meanwhile, Erdogan is betting that early elections will bolster his power after the Justice and Development Party (AKP) lost its parliamentary majority in June and Davutoglu failed to form a coalition. (Opponents charge the move was an attempt to thwart them from forming their own alliance). In both places the leaders are following the democratic rules, yet invite debate over their democratic legitimacy. While shoring up support through early voting may be preferable to an imminent “no” vote, leaders can also manipulate snap elections to extend power in times of political and economic crisis. AGOA’s Challenges Rooted in Structural Weakness U.S. and African officials met this week in Gabon to flesh out what Congress’s ten-year extension of the African Growth and Opportunity Act (AGOA) can mean. Since AGOA began in 2000, duty-free market access for thirty-nine sub-Saharan African countries has boosted U.S.-bound exports fourfold to over $26 billion. Yet to truly increase African global competitiveness, a renewed AGOA pact will need to grapple with the economies’ structural challenges. Commodities dominate African trade—oil comprises nearly 90 percent of AGOA exports. The trade deal won’t move Brent crude prices. Another source of exports, agriculture, has yet to modernize—the majority of sub-Saharan African jobs remain in low-productivity farm work. And the United States is reluctant to provide market access—the newly-authorized AGOA provides more technical assistance for agriculture but does little to eliminate tariffs and quotas for African sugar and cotton producers. The U.S. and African officials could and should focus on helping get goods to market. Sporadic electricity, bad roads, silted ports, and general transportation costs are up to ten times higher in sub-Saharan Africa than in Asian economies, eliminating the upside of large and affordable labor forces. For example, slow logistics and customs procedures keep Ethiopia’s growing coffee and flower industries from reaching their full potential. Though total U.S.–Africa trade increased during AGOA’s first fifteen years, the $26 billion represents just a small fraction of U.S. imports. And the vast majority of non-oil imports came from South Africa. Unless agriculture, infrastructure, and structural barriers are tackled, AGOA won’t make a significant difference for Africa’s companies, workers, and broader economies.
    by Shannon K. O'Neil August 28, 2015 Development Channel
  • Digital Policy
    Do Local Laws Belong In a Global Cloud? Q&A with Brad Smith of Microsoft (Part Two)
    This is the second part of my Q&A with Microsoft Executive Vice President and General Counsel Brad Smith over the company’s legal battle with the U.S. Department of Justice over e-mails stored in Ireland. The case raises important questions with respect to the privacy of digital communications and the future of cloud computing. For those who missed it, part one can be found here. Question: According to the U.S. government in its filings, Microsoft has not objected to handing over data stored on foreign servers to federal investigators serving warrants pursuant to the Stored Communications Act (SCA) and Electronic Communications Privacy Act (ECPA) in the past. What makes this case different? Answer: What led to this case is a rise in the storage of content around the world. A few years ago, we started building data centers in many countries because keeping people’s content close to them helps ensure they can access it quickly and smoothly. So it’s fairly recent that the concept of a U.S. warrant for content in a datacenter abroad—like the one in this case—was even conceivable. Looking beyond the technological change, we think it’s important that we be transparent about government requests we receive and how we respond to them. We produce a global report here and, through a separate lawsuit we filed against the U.S. government, we’re now able to report specifically on U.S. national security orders and publish those here. Q: Microsoft has argued that it cannot turn over user e-mails to the government because the user owns those e-mails. Yet a long series of court precedents going back more than forty years say that even custodians of a third party’s records-both physical and electronic-must hand those records over to federal investigators serving a valid warrant. Why isn’t this true here? A: This is a critical question and hits at the heart of the legal case. The warrant in our case isn’t for business records such as a record of banking transactions, a hotel bill, or a list of phone numbers that were called. Rather it’s for the content of personal communications, in this case e-mails. The courts have long recognized the distinction between business records and the content of personal communications. And not surprisingly, they have held that the contents of personal communications are entitled to a higher level of legal protection. In our case the U.S. government is arguing that a customer’s e-mail becomes a cloud operator’s business records and hence the government can obtain it more easily. This is fundamentally at odds with traditional respect for privacy and limitations on government powers. For over two centuries the courts have held that the contents of a letter don’t become a business record of the U.S. Postal Service when they’re sent through the mail. They remain personal communications that are entitled to a higher level of legal protection. If our longstanding privacy rights are going to remain intact in the 21st century, we need this legal approach to make the transition effectively from traditional mail to modern e-mail. Q: According to the U.S. government’s brief, Microsoft has not produced any evidence that Microsoft would violate Irish or EU law by complying with the U.S. warrant in this case. Further, the U.S. government argues that Irish law contains similar powers for the Irish government to compel the production of records located outside Ireland by a company subject to Irish jurisdiction. How does Microsoft answer these arguments? A: In fact, multiple EU officials have raised the prospect that compliance with the warrant would violate EU law. They haven’t yet announced a final position, and we think it’s worth hearing them out. And it’s also important to acknowledge the point made in a declaration from the former Attorney General of Ireland who was involved in negotiating the MLAT with the United States. His declaration says this type of situation is exactly why they negotiated the MLAT. Ultimately, however, the question here is not about Irish or European law but about U.S. law. This is a law enacted by Congress. There is no reason to believe that Congress intended it to apply outside the United States. If law enforcement wants authority to apply search warrants outside of our own borders, it should go to Congress to seek that approval. We in fact have proposed to Congress what we believe would be a sensible approach that would give law enforcement this unilateral authority when e-mails belong to an American citizen or resident. But it would require the use and strengthening of international legal processes when e-mails belong to someone else. This is the type of approach that we believe American citizens could accept when the shoe is on the other foot, so to speak. It would strike the right balance between privacy and public safety. No doubt there are opportunities to make improvements to the legislation that is being considered.  But that will happen only if everyone starts to work on a legislative approach. And after almost two years of litigation, I think it’s fair to say that everyone will come to the table only if we win this case.
    by Adam Segal August 27, 2015 Net Politics
  • Global
    The World Next Week: August 27, 2015
    Podcast
    The global financial system takes stock after upheaval; the tenth anniversary of Hurricane Katrina is marked and Beijing hosts a parade marking the end of World War II. 
    Podcast with James M. Lindsay and Robert McMahon August 27, 2015 The World Next Week
  • Wars and Conflict
    Countering Violent Extremism: Falling Between the Cracks of Development and Security
    Emerging Voices features contributions from scholars and practitioners highlighting new research, thinking, and approaches to development challenges. This article is from Dr. Khalid Koser, executive director of the Global Community Engagement and Resilience Fund (GCERF) and Amy E. Cunningham, an advisor with GCERF. Here they discuss how a global policy shift to tackle violent extremism is exposing tensions between the development and security sectors. Led by the United States and partner governments, ‘countering violent extremism’ (CVE) is a new policy paradigm that aims to address structural and social conditions enabling recruitment and radicalization to violent extremism. Unlike counterterrorism approaches that rely on broad security legislation or heavily-militarized responses, CVE focuses on prevention by trying to alleviate underlying causes of injustice—endemic poverty, ethnic and religious tensions, and political marginalization—with the goal of building more conflict-resilient communities. CVE prioritizes a role for civil society, as these organizations are often viewed by communities as more credible than local governments or law enforcement. They are also better positioned to identify local-level drivers of violent extremism, and more suited to work with neglected groups through education, interfaith dialogues, and arts and sports activities. Ultimately, civil society empowers communities to better deflect extremist agendas. Yet because CVE combines development and security concerns, it exposes a wide gap between national and international agencies expected to implement the policy—development agencies and NGOs fall on one side, and military, police, and intelligence agencies on the other. In large part, this divide is an unintended consequence of the ‘Global War on Terror,’ which at times distorted development principles such as ‘Do No Harm’ (by diminishing credible CVE efforts through over-securitization); misappropriated development tools—including vaccination campaigns—for security ends; and blurred roles and responsibilities in delivering humanitarian aid. As the two sides now combine efforts to counter violent extremism, they struggle to overcome a legacy of mistrust. The divide also stems from cynicism from some in the security sector about CVE’s effectiveness, compounded by growing pressures on domestic security budgets. The result is an unwillingness to devote serious resources to CVE. Even where there is acceptance, there is impatience. Prevention-focused CVE efforts don’t deliver immediate results. Development agencies are equally hesitant about the strategy’s merits. Skeptics dismiss CVE over concern that it does not prioritize the most vulnerable populations, and many question the argument that poverty leads to violent extremism, citing a lack of substantive research. Others express concern that CVE does not address poverty enough, treating poverty alleviation as a welcome side effect instead of an end goal. Visiting Bangladesh, Mali, Nigeria, and other nations as executive director and advisor of the Global Community Engagement and Resilience Fund (GCERF), we have seen firsthand how the uneasy relationship between security and development can hinder CVE efforts’ effectiveness. First, communities most at risk of radicalization are often overlooked. Security interventions tend to focus on populations and regions where violence is already rife; development interventions target the poorest. But at-risk communities such as refugees, transit migrants, and internally displaced persons may not fall into either category. Second, a CVE policy agenda has not yet translated into integrated programming or better coordination on the ground, creating an opportunity for security and development disagreements. Among other priorities, CVE efforts that provide positive economic and social alternatives for at-risk youth—in the form of education, vocational training, or arts and culture programs—are still addressed through intermittent, ad hoc projects, or subsumed in ongoing international development efforts. Third, proving CVE works is challenging for both sides. Standard development monitoring and evaluation efforts are difficult in insecure environments. For security agencies, it is hard to demonstrate that more training or deeper community engagement measurably reduce violent extremist threats. Without a real effort to fill the existing data gap, the CVE approach will remain unproven, ensuring that development and security communities remain in silos. As a step toward solving the development-security rift, a dedicated organization to lead CVE efforts on the global stage is needed. An internationally-brokered institution or multilateral body dedicated to CVE research, implementation, monitoring, and evaluation would go a long way in improving information sharing and eliminating redundancies, and could help to overcome mistrust and skepticism towards the overall CVE approach. Global leaders should consider this recommendation when they convene for high-level CVE meetings at the United Nations General Assembly in September. While ongoing CVE summitry and dialogue are important, effective on-the-ground actions still lag. CVE’s framework will only succeed if a more creative and integrated alliance between security and development sectors is forged.
    by Guest Blogger for Shannon K. O'Neil August 26, 2015 Development Channel
  • Digital Policy
    Do Local Laws Belong In a Global Cloud? Q&A with Brad Smith of Microsoft (Part One)
    In December 2013, the U.S. Department of Justice (DOJ) served Microsoft with a warrant requiring the company to hand over the e-mails of a Microsoft customer suspected of drug trafficking. Microsoft refused to turn over the e-mails on the basis that they are stored in servers at a data center in Ireland and that the warrant did not apply to overseas data. Instead, Microsoft argued the DOJ should work with Irish authorities to obtain access to the data. In July 2014, a U.S. district court ordered Microsoft to turn over the e-mails, but Microsoft appealed to the Second Circuit Court of Appeals, which will hear arguments on September 9. In light of the significance of this case for U.S. consumers and businesses, and the impact that its outcome could have on the privacy of digital communications, Brad Smith, executive vice president and general counsel for Microsoft, took the time to answer some questions regarding the case and what its outcome might mean. We’ve split our interview with Brad into two posts, with today’s post looking at the policy side of things. Legal issues related to the case will be featured in a post tomorrow. Question: It’s obvious why foreign citizens have a stake in the outcome of this case: the privacy of their data is in question. Why should a U.S. citizen, whose data is stored only on servers located in the United States, care? Answer: At the broadest level, this issue is about the future of technology. We need to ensure that people can trust the technology on their desks and in their pockets. And this trust will only come if the laws are clear. There are other immediate reasons too, and perhaps the most powerful is public safety and national security. If the U.S. government is permitted to serve warrants on tech companies in the United States and obtain people’s e-mails in any country, it will open the floodgate for other countries to serve warrants on tech companies for the private communications of American citizens that are stored in the United States in a data center owned by a foreign company. Imagine the immediate implications for journalists, advocacy organizations, or government officials here. Q: If you win this litigation, it could be argued that the United States will have less authority than other states to pursue national security and law enforcement investigations across borders. Does greater privacy protection necessarily equal fewer powers for national security investigations?  A: We need to balance both privacy and national security, and we believe that can be achieved. In the first instance, we believe that the U.S. government should use effectively the international legal tools that exist today. When the French government confronted the horrendous attack on Charlie Hebdo, it routed a request through the U.S. government, and Microsoft provided the e-mail content within forty-five minutes—legally. There exists a good treaty between the U.S and Irish governments that could be used to access the e-mail that is located in Ireland and is the subject of this case. All of the testimony in the lawsuit in fact indicates that this provides an effective mechanism for law enforcement purposes. But there are additional alternatives as well. For example, if law enforcement needs more tools than Congress has provided, then we should all turn to Congress to change the law. That in fact is what Microsoft has done by advocating for the LEADS Act in Congress. This would give U.S. law enforcement the ability to obtain e-mail content located outside the United States unilaterally when the content belongs to a U.S. citizen or resident. But it would require the U.S. government to go through international mechanisms when the e-mail belongs to a foreigner who is outside the United States. We think that’s a sensible way to draw a line that will assist law enforcement and also respect international borders. Finally, there’s a clear need and opportunity to create new international legal rules and processes.  We’ve been making concrete suggestions in this area, too. Ultimately there are clear areas for improvement, but they will come only if everyone focuses on advancing them. And that starts with winning our case and putting all of us on a path that will focus on the changes that are needed. Q:What if you lose the litigation? What are the technological and legal consequences for Microsoft and others? A: As we’ve made clear since we filed this case, we’ll certainly do our best to take it all the way to the Supreme Court if that’s what is needed. The case raises important questions about the future of the Internet, privacy, respect for borders, and public safety. When we took on this case, we did so not only with an eye on our own needs, but a much broader set of interests. That is reflected in what I think is an extraordinary set of amicus briefs filed in support of our position, coming from twenty-eight technology and media companies, twenty-three trade associations and advocacy groups, thirty-five leading computer scientists, and the Government of Ireland itself. That captures a bit of what is at stake here. Q: When the laws governing access to electronic communications were passed in 1986, it was inconceivable that an individual might want to (or even have the capacity to) store large amounts of data on a remote server. Do you think Congress should modernize the law to avoid disputes such as these in the future? A: In the first instance, we think Congress’ intent was clear and this warrant was meant to be domestic like other warrants. There’s simply no indication that Congress intended to give the Executive Branch the legal authority to reach unilaterally into other countries. This scenario wasn’t even discussed. But looking beyond that, you’re absolutely right, there’s no way Congress could have known about cloud computing in 1986. The LEADS Act is one example of legislation that would carry Congress’ original intent into the Internet age by updating the law. Q: What about other governments?  Are you seeing EU or other sovereign governments putting forward solutions that could resolve these types of conflicts between sovereign nations? A: It’s already public that the United States and EU are discussing these issues, and there’s a foundation in place for the two to forge new trans-Atlantic legal rules that will better enable law enforcement, with appropriate safeguards, to obtain information needed for lawful investigations across borders. I also think there’s work many governments can do to modernize Mutual Legal Assistance Treaties, or MLATs, including by standardizing the terms and moving to electronic systems to process them.
    by Adam Segal August 26, 2015 Net Politics
  • China
    What’s Missing in the China Story?
    Over the past month, there has been a lot of “China drama.” The volatility in the Chinese stock market, the yuan devaluation, and now the Tianjin warehouse explosion have all raised China chatter to a new level of anxiety. Some of the anxiety is understandable. These events have real consequences—above all for the Chinese people. At the urging of the Chinese government, tens of millions of Chinese moved to stake their fortunes not on real estate but on the stock market—the most unfortunate used their real estate as leverage to invest in the market and are now desperate for some good news. The Tianjin warehouse explosion has thus far left 121 Chinese dead, more than seven hundred injured, and over fifty still missing. Globally, the yuan devaluation has triggered a rate rethink by central bankers in Europe and the United States, and the stock market slide has contributed to steep drops in Asian and U.S. markets. Events such as these in any country would garner international attention. In the case of China, however, the noise around such events is amplified by the absence of three mitigating factors: Transparency. A lack of transparency in China compounds the challenge of understanding what is going on. What, for example, is behind China’s devaluation of the yuan? Is it part of Beijing’s bid to push forward on its economic reforms by making the currency more responsive to the market? Is it an effort to persuade the International Monetary Fund that the yuan should become part of its basket of currencies before Beijing has to wait another five years for its currency to be considered? Is it an effort to prop up China’s ever-declining export numbers? Or is it a confluence of all three? Context. While the human toll inflicted by the Tianjin warehouse explosion was devastating, no one should be surprised by the disaster itself or the political aftermath. The pattern of Chinese behavior—including the corrupt environmental impact assessment system that allowed for the placement of the factory so close to people’s residences, the lack of knowledge of what precisely the warehouse stored, the generosity of the Chinese people trying to help those affected, and the attention paid by the Chinese government to assigning blame and shutting down information transmission and popular commentary via the Internet—is one that repeats itself frequently. Perspective. Drama surrounding China is also heightened by the tendency of outside observers to lose a bit of perspective. The media, as well as China analysts—and those who play them on TV— are rewarded for bold statements and predictions. I looked back at what people were saying about the Chinese stock market at the end of 2014 and early 2015 when the market was surging. At that time, unsurprisingly, there was a lot of triumphalism punctuated by a few dark warnings. The Economist, for example, produced a piece, “Super-bull on the rampage,” that focused 95 percent of its attention on all the excitement the stock market was generating, with only five percent at the end mentioning some of the potential weaknesses underpinning the rise in the market. Kudos to Gwynn Guilford at Quartz, however, who pretty much called it all back in 2014, seeking out commentators who underscored the dangers in the stock market’s reliance on leverage, shadow finance, and government public relations. Dramatic events will always prompt breathless speculation and commentary, but real understanding should begin by paying attention to real experts. In the case of the Chinese economy, reading studies by China economists and analysts—for example Nick Lardy, Barry Naughton, Patrick Chovanec, Dan Rosen, Fraser Howie, George Magnus, Michael Pettis, and Victor Shih—would be a good place to start. They represent a wide range of views and, if brought together for a discussion, would be hard-pressed to arrive at a consensus; but anyone taking the time to read or listen to a constellation of them will inevitably become smarter about the Chinese economy. The other much needed commodity is humility.  One of my favorite discussions of the Chinese currency devaluation is David Dollar’s interview in the Nikkei Asian Review. He argues that the devaluation is a “move toward a more market-oriented system but not a blatant effort to push up exports.” But, he then continues on to say, “If I’m wrong….”  This ability to acknowledge what we don’t know with regard to China is at least as valuable as sharing what we do know—and certainly worth more than pontificating about that which we only think we know.
    by Elizabeth C. Economy August 25, 2015 Asia Unbound
  • Infrastructure
    Katrina at 10: Reflections on a Human-Made Disaster
    The following is a guest post by Stephen E. Flynn, Professor of Political Science, Director of the Center for Resilience Studies, and Co-Director of the George J. Kostas Research Institute at Northeastern University. He can be reached at [email protected] The flooding of New Orleans during Hurricane Katrina was a human-made disaster, not a natural one. The flood-protection system for the city had been poorly designed and maintained. It also turned out that a series of waterway engineering decisions to try to contain the flow of the Mississippi River and to facilitate river navigation to and from the Gulf of Mexico, were badly out of sync with the region’s ecosystem. In short, it was a failure of critical infrastructure at multiple levels that nearly doomed one of America’s major cities. Ten years later, what happened to New Orleans should serve as a forceful reminder of the costly consequences of hubris, denial, and neglect. Sadly, though, this attitude continues to characterize the relationship Americans have with their built and natural environments. New Orleans’s primary line of defense against the sea and the Mississippi River has long been a levee and flood-wall system. Unfortunately, that system saw little investment in the half century prior to Hurricane Katrina. The city is like a fishbowl, with the water on the outside and a half a million homes on the inside. New Orleans has been sinking at a rate of three feet per century, so that it lies at an average of six feet below sea level, with some neighborhoods as low as eleven feet below. Without the levees and flood walls, much of the city would be a shallow lake. When Hurricane Katrina made landfall it had hooked east, sparing the city its worst winds. But the waters from the storm found a ready path to assault the “Big Easy,” thanks to the construction of a 76-mile canal that was completed by the U.S. Army Corps of Engineers in 1968. The Mississippi River Gulf Outlet (MRGO), known locally as “Mr. Go”, was built to shorten the time and distance required for oceangoing vessels to transit from the Gulf of Mexico to the New Orleans waterfront. During Katrina this cement-sided waterway provided a ready path to funnel the storm surge originating from the Gulf of Mexico for a direct hit on New Orleans. As the hurricane came onshore, the water steamrolled down the MRGO on a collision course with the Industrial Canal, causing an 800-foot breach. Many of the communities to the east of New Orleans were victims of the overtopping of the MRGO. More than 80 percent of the city was flooded and nearly 250,000 residents were forced to flee; today the population is still nearly 100,000 below its pre-Katrina level. Given its clear vulnerability to flooding, the haphazard management of New Orleans’ storm protection system prior to Hurricane Katrina is mystifying. Invading floodwaters not only put lives at risk, they created a toxic cauldron of debris that contaminated and scarred the urban landscape. Yet throughout the 1990s, federal funds that might have been used to repair and strengthen the city’s levees and flood walls and protect the pumping stations were bled off for other projects, such as widening the MRGO. In 2004, the Army Corps of Engineers asked for $22.5 million for storm protection projects for New Orleans. The Bush administration cut that budget request to $3.9 million and then dropped it to $3.0 million in 2005. Sadly, the sense of denial and neglect of critical infrastructure that led to the near-drowning of New Orleans in 2005 continues to endanger many U.S. cities today. Miami, Norfolk, New York, and Boston all face the twin risks of rising sea-levels associated with climate change along with the likelihood of more frequent and intense hurricanes. Seattle sits astride the Cascadia subduction zone that belongs to the Pacific Rim’s seismically active “Ring of Fire,” and Los Angeles lies along the San Andreas Fault. In America’s heartland, cities such as St. Louis and Memphis could be devastated by an earthquake along the New Madrid Fault Line. Across the nation, Americans have been taking for granted the critical infrastructure built with the sweat, ingenuity, and resources of earlier generations. Not only are we not upgrading it to keep pace with modern needs, Congress and state legislatures have been squandering this legacy by failing to adequately fund basic repairs and maintenance for roads, bridges, ports, wastewater and drinking water systems, dams, and levees, and the electrical grid and pipeline distribution systems. Even for “blue sky” days, our ongoing neglect of that infrastructure is a national disgrace. But as New Orleanians can attest, it translates into reckless endangerment when disasters strike. For too long Americans have been pretending that disasters are rare and unknowable. Additionally, we have been resistant to making sensible investments in mitigation measures before storms occur, such as placing flood barriers around electrical substations or moving emergency generators out of basements to higher floors. Insanely, in the aftermath of disasters we have a national bad-habit of returning to “business as usual” by often allowing reconstruction in areas that will almost certainly be flooded again. Hurricane Katrina, along with Hurricane Sandy in 2012, are reminders that the gravest source of danger for Americans derives not from acts of God or acts of terror but from our own negligence. The ongoing risk associated with disasters is far more knowable than we often assume and the means for mitigating their consequences are well within the reach of the most-advanced and wealthiest country in the world. What has been in too short supply is the political will and leadership that will ensure our communities, metropolitan regions, and nation can better withstand, nimbly respond, recover, and adapt to the inevitable disasters heading our way. There are few more important imperatives that the next president will need to advance than bolstering national resilience.
    by Guest Blogger for Edward Alden August 24, 2015 Renewing America
  • Cybersecurity
    Developing a Proportionate Response to a Cyber Incident
    Introduction As offensive cyber activity becomes more prevalent, policymakers will be challenged to develop proportionate responses to disruptive or destructive attacks. Already, there has been significant pressure to "do something" in light of the allegedly state-sponsored attacks on Sony Pictures Entertainment and the Sands Casino. But finding a timely, proportionate, legal, and discriminatory response is complicated by the difficulty in assessing the damage to national interests and the frequent use of proxies. Perpetrators have plausible deniability, frustrating efforts to assign responsibility. Past experience suggests that most policy responses have been ad hoc. In determining the appropriate response to a state-sponsored cyber incident, policymakers will need to consider three variables: the intelligence community's confidence in its attribution of responsibility, the impact of the incident, and the levers of national power at a state's disposal. While these variables will help guide responses to a disruptive or destructive cyberattack, policymakers will also need to take two steps before an incident occurs. First, policymakers will need to work with the private sector to determine the effect of an incident on their operations. Second, governments need to develop a menu of preplanned response options and assess the potential impact of any response on political, economic, intelligence, and military interests. Background: Cyber Incidents and Uncertainty Even as the number of highly disruptive and destructive cyberattacks grows, governments remain unprepared to respond adequately. In other national security areas, policy responses to state-sponsored activity are well established. For example, a country can expel diplomats in response to a spying scandal, issue a demarche if a country considers its sovereignty to have been violated, and use force in response to an armed attack. Clear and established policy responses such as these do not yet exist for cyberattacks for two reasons. First, assessing the damage caused by a cyber incident is difficult. It can take weeks, if not months, for computer forensic experts to accurately and conclusively ascertain the extent of the damage done to an organization's computer networks. For example, it took roughly two weeks for Saudi authorities to understand the extent of the damage of the Shamoon incident, which erased data on thirty thousand of Saudi Aramco's computers. Although this may be quick by computer forensics standards, a military can conduct a damage assessment from a non-cyber incident in as little as a few hours. Second, attributing cyber incidents to their sponsor remains a significant challenge. Masking the true origins of a cyber incident is easy—states often use proxies or compromised computers in other jurisdictions to hide their tracks. For example, a group calling itself the Cyber Caliphate claimed responsibility for taking French television station TV5 Monde off the air with a cyberattack in April 2015, and used the television station's social media accounts to post content in support of the self-proclaimed Islamic State. Two months later French media reported that Russian state-sponsored actors, not pro–Islamic State groups, were likely behind the incident. Even when attribution is possible, it is not guaranteed that domestic or foreign audiences will believe the claim unless officials reveal potentially classified methods used to determine the identity of the perpetrator, damaging intelligence assets. Under pressure, responses are likely to be made quickly with incomplete evidence and attract a high degree of public skepticism. This creates clear risks for policymakers. Quick damage assessments could lead to an overestimation of the impact of an incident, causing a state to respond disproportionately. Misattributing an incident could cause a response to be directed at the wrong target, creating a diplomatic crisis. Developing a Proportionate Response Policymakers should consider three variables before developing a response. First, they should understand the level of confidence that their intelligence agencies have in attributing the incident. Although there have been great strides in intelligence agencies' ability to attribute malicious activity, digital forensics is not perfect. The degree of attributional certainty will have a direct impact on the action taken. For example, if the level of attribution is low, policymakers will be limited in their choice of response even if the severity of the attack is high. They may choose a less valuable retaliatory target to limit the odds of escalation and international criticism. There may also be instances where there is so little evidence for the source of the attack that the victim may choose not to respond. Second, policymakers should assess the cyber incident's effects on physical infrastructure, society, the economy, and national interests. Questions include: What was the physical damage caused by the affected systems, and was there any impact to critical infrastructure? What type of essential services are affected? Has the incident caused a significant loss of confidence in the economy? What was the incident's impact on national security and the country's reputation? Third, policymakers should consider the range of diplomatic, economic, and military responses at their disposal, from a quiet diplomatic rebuke to a military strike. Responses need not be limited to cyberspace—nothing bars a state from using other channels, though each carries its own risks. Cyber responses can be taken in addition to diplomatic, economic, and military activity. However, they would most often be delivered covertly and could be difficult to develop quickly unless a government had prepared capability against a specific target, likely involving prior cyber espionage, an unparalleled understanding of a target's vulnerabilities, and a custom exploit kit at its disposal. As an example, Stuxnet reportedly took years to develop and deploy. An overt cyber response can be unappealing as states may lose the ability to launch similar responses against other targets. Although states may outsource their responses to a proxy, doing so could limit their control over the response and lead to escalatory activity. Therefore, policymakers are likely to concentrate on other levers of power, alongside whatever they may do covertly. Recommendations Given the likely pressure governments will feel to respond to significant cyberattacks, policymakers need to develop a response framework before a disruptive or destructive cyber incident occurs. Although each response will be case specific, a framework will enable policymakers to quickly consider their options. Figure 1 represents a possible framework that policymakers can build on. Combining incident impact, policy options, and proportionality, it outlines the different levers of state power that can be applied in response to escalating levels of cyber incident. It plots the effects of a cyber incident, with website defacement at one end of the scale and loss of life at the opposite end. This is plotted against the level of response, ranging from media statements to military responses. Across the response spectrum there will be inherent political and legal risks associated with each decision, and risks increase as the level of the response increases. The proposed responses are applicable to state-sponsored activity. For disruptive or destructive activity caused by individuals, criminal networks, or others without state backing, law enforcement responses are more appropriate. Figure 1. Policy Responses to Escalating State-Sponsored Cyber Incidents As with other areas of international relations, proportionality emerges through state practice—the expulsion of diplomats in response to a mild violation of sovereignty is perceived as proportionate only because states have been doing it for decades. When one country levies economic sanctions, the sanctioned country often responds in kind—Russia responded to U.S. sanctions over its annexation of Crimea with sanctions of its own. This same logic applies to cyberspace. While there may be pressure to respond disproportionally to deter future attacks, international law requires that states only take forcible measures that are necessary and proportionate to successfully repel or defeat a disruptive or destructive cyberattack, limiting the "scale, scope, duration and intensity" of any action a victim state may take. Furthermore, responding proportionally may make it easier to build the international coalitions necessary to isolate and punish the attacker as well as limit the likelihood of escalation. If a country is the victim of a state-sponsored website defacement, a public denouncement is likely the most appropriate response. Moving up the scale, any activity that begins to manipulate or destroy data would potentially require diplomatic action, such as a demarche in low-impact cases or the expulsion of diplomats if the incident affects the victim's economy. Once the economy is adversely affected, a range of economic responses can be used in coordination with diplomatic pressure, from freezing individuals' financial transactions within the sponsoring state to levying international sanctions. Should an incident cause physical damage, a policymaker could consider a military option as an appropriate and proportional response, from military posturing to an attack, depending on the incident's severity. All of these options can be complemented with cyber or covert action, which will also need to be proportionate to the damage caused by the incident. Each state can begin developing its own policy response framework by first working with the private sector, particularly in critical infrastructure. Critical infrastructure is a priority for attackers, making it important for infrastructure operators to be involved in the development of a response framework. They are in a good position to advise government on incidents that would affect their operations and how severe an incident would need to be before a response is required. Second, policymakers should clearly understand the costs associated with each response in the framework. Each response will have an impact on a country's diplomatic relations, reputation, and military and intelligence operations. These effects need to be understood before a response is chosen. Assessing options will require input from relevant government agencies, as well as critical infrastructure operators, whose operations could be affected by a response. Cyber incidents provide governments with a highly complex set of decisions to make, from understanding the severity of the incident to assessing appropriate responses to take, while continually evaluating the risks involved in taking certain courses of action. The framework, while deliberately simplified, provides a rudimentary model for framing the potential responses to a state-sponsored incident before one occurs. This should give policymakers a starting point from which to make their own assessments on courses of action to take during a time of crisis.
    Report by Tobias Feakin August 20, 2015 Digital and Cyberspace Policy Program