
UVA law professor Paul Stephan, an expert in international dispute resolution and comparative law, argues big data is “a potential target in an armed conflict.”
Q. Can you describe big data for our readers?
A. Big data is what we call enormous sets of data stored and organized so that it can be searched and otherwise used by computer programs. For example, anyone who uses social media contributes to the social media owner’s dataset by interacting with the service; it is the record of these interactions, the data, that allows the media owner to give away its services for “free,” with no direct charge.
Q. In your recent essay, you argue that big data is a resource and therefore a potential target in an armed conflict. Why is that?
A. Big data has at least two economically valuable features. It can be “mined,” or searched, to learn about trends and developments that may not be apparent through other means of observation. Think of internet searches on flu symptoms as an early warning mechanism for an epidemic.
Also, it can be used for the development of artificial intelligence, which is manufactured by “training,” or running in a directed fashion, algorithms on data sets. The bigger the data set, the better the training and therefore the better the artificial intelligence.
China and the United States are probably the world leaders in the exploitation of big data for both commercial and public interests, with Europe far behind. Also, many important social systems, like finance, public safety and transport systems, rely on big data to operate.
The more valuable the resource, the more tempting to target it by taking it down in the course of an international dispute.
Q. Traditionally, attacks on data or data infrastructure have been met with similar cyber retaliations. What level of intrusion would give rise to the justification of an armed response?
A. The traditional view has been that attacks with direct consequences in the material world justify an armed response, which is sometimes called a kinetic response. Think of taking down airplanes, causing car crashes, or producing infrastructure failures that lead to immediate death and destruction. Most people believe that a state legitimately can invoke its right to self-defense to respond to such actions with armed force.
Q. It sounds like data generally had not been treated as an “object” that can be harmed in an attack in the same way a military ship or outpost might be. Is that changing?
A. The experts who studied these questions on behalf of the North Atlantic Treaty Organization reached that conclusion, but there were dissents then and a few governments have issued statements indicating they might be open to an easier standard. The United Kingdom, for example, has suggested that an attack on its financial system, even without direct physical destruction of people or property, might justify an armed response, if the economic damage is great enough.
Q. Is law regarding armed conflict keeping pace with rapid technology accelerations? Or are technological advances, including artificial intelligence, happening too fast for the law to keep pace?
A. I would restate the question by arguing that traditional forms of lawmaking, such as treaties and statements by international organizations, can’t keep up. States try to fill the gap with their actions and explanations for their actions. This can generate more noise than signal, but attentive behavior by states with the power and capacity to make these choices can point in the direction of some observable standards. Without at least some clarity, there can’t be law, I think.