Botnet Mitigation and International Law
Grant Gerard *
Advances in technology have outpaced development of laws governing cyberspace, leading, at times, to a wild-west law enforcement regime. And in a world of Botnets—massive armies of unknowingly conscripted systems directed by anonymized ‘botmasters’— domestic criminal law is no longer a sufficient response to cyberthreats.
States now act against a backdrop of international animus over what many nations see as surveillance over- reach by the United States and Five Eyes partners who enjoy an overbroad grant of executive discretion, capture data indiscriminately, and operate in relative secrecy.
This Note outlines the various technologies employed by outlaw and government actors. It describes how these technologies confound territorial limitations on enforcement jurisdiction in international law. It dis- cusses advances in botnet-disruption methods by private and government actors and how nations wishing to constrain powerful western intelligence agencies have reached to pre-cyber human rights and privacy law as a response to perceived surveillance over- reach. This Note describes technical elements of re- cent U.S. Department of Defense anti-botnet efforts and how they may or may not implicate surveillance law. It explains that rather than vague legal barriers, nations need laws authorizing good-faith enforcement by cyber-capable states and procedural norms that guide development of technological solutions that operate consistently with universal values. Finally, it outlines promising sources of international law developing around this issue and advocates for development of a mutually recognized state duty to disrupt cybercriminals and expanded cooperation between nations in botnet disruption.
* J.D. Candidate, Columbia Law School, 2020. I would like to thank Professor Waxman for his guidance in this process and the Journal staffers for their hard work and input. I would also like to thank my family for their constant support, as well as Jeb and Jolene.