A New Geneva Convention for the Digital Age is in Order

A New Geneva Convention for the Digital Age is in Order

When Henry Dunant first composed the work that would come to be prompt the original iteration of the Geneva Convention, it arose from what he perceived as a lack of fundamental humanity in warfare. No international agreements had been reached on issues such as how civilians played into the equation of conflicts, if at all. There were no established rules, written or unwritten, regarding whether torture was acceptable and, if so, what forms were beyond the pale. Dunant came to believe, as most of the civilized world would eventually agree, that coordinated relief for the wounded should be implemented by all nations choosing to engage in war, and that some standard rules of war should be implemented.

At the first Geneva Convention, delegates and military medical personnel traveled to Geneva to establish such ground rules for war. This first meeting would ultimately result in the formation of what we know today as the Red Cross. However, as time passed, new technologies and tactics emerged, and the need for an update to the original, limited scope of the Geneva Convention became clear. So, in 1906, the Swiss government arranged yet another conference, this time including an expanded roster of delegates from 35 states.

The result of the second Geneva Convention included agreed-upon protections for wounded and captured soldiers, as well as volunteer and medical personnel. Additionally, the practice of returning captured enemy combatants became a strongly suggested, but not required, addendum to the original agreement.

Yet, once again, the Geneva Convention would require refurbishment as World War I made abundantly clear that new tools of war had once again necessitated rules to protect against the basest instincts of humanity. Even after the Hague Convention of 1907 reaffirmed humane treatment of POWs, prisoners were still being badly mistreated, often going days without sustenance or suitable clothing. Approximately 147 of the 4,120 Americans held prisoner died as prisoners of war. Russia had a particularly actionable issue with this, as the 2.4 million POWs they rounded up – most of whom were from the Austro-Hungarian Empire – became a burden and thousands would ultimately die from hunger, typhus, lack of proper living conditions, and other causes.

So, in 1929 the Geneva Protocol was updated to clarify the provisions agreed to in the Hague Convention, outlining the types of camps prisoners could be held in, the labor they could be forced to perform, the manner in which they were to be evacuated from the combat zone, and how they were to be treated by enemy authorities. It was in 1928 that the oft-cited rule against the use of ‘asphyxiating, poisonous or other gases, and of bacteriological methods of warfare’ was established.

But, predictably, the third meeting of international delegates would not prove timeless.

While Germany had agreed to and signed the Geneva Protocols of 1929, it was not long before the Nazi Reich broke from its parameters. The Convention of 1949, the most frequently referenced and comprehensive of them all, was a direct response to the atrocities committed and uncovered during and in the wake of WWII. Again, as new threats proved within the capability of the most determined, merciless leaders, new rules had to be written. And, the Geneva Protocols remain in place today.

But it’s time for yet another significant update in these Protocols. The digital age has ushered in new forms of warfare not covered in our international agreement on combat-related ground rules. Just as novel threats have been met with the loosest of ethical parameters throughout history, guidelines for the boundaries of digital warfare are in order.

The ability for cyber-belligerents to target individual citizens has virtually erased the boundaries that so often serve as protections for civilians in traditional forms of warfare. While physical attacks on women, children, and innocents are easily recognized and practically universally condemned, virtually-administered attacks on those same people have not yet been considered acts of war, and therefore have been assigned no real or special consequences.

Granted, I’m suggesting that a digital offensive is equivalent to the physical, life-threatening hazards that warranted the first four Geneva Conventions and subsequent protocols. But those protocols are wide-ranging, and cover both life-threatening and non-life threatening behaviors and events. We should not minimize the damage that can be done to one’s livelihood should nefarious foreign actors target and acquire one’s most sensitive personal information, let alone hold that information for ransom or maliciously deploy it into the public domain.

Both American businesses and individuals have fallen victim to the WannaCry ransomware attacks, which have been loosely linked to North Korean hackers. Single computers or entire networks can be hijacked by foreign actors demanding vast sums of money in exchange for a tenuous promise to relinquish their grip on the compromised devices. Banks and lucrative businesses are the prime targets, but we’ve seen that virtually anybody can fall victim. And, though there’s no definitive evidence, some have posited that a cash-strapped nation such as North Korea may be encouraging and perhaps facilitating these attacks on sovereign citizens of no less than 150 foreign nations.

"If validated, this means the latest iteration of WannaCry would in fact be the first nation-state powered ransomware," Dubai-based security researcher Matt Suiche writes. "This would also mean that a foreign hostile nation would have leveraged lost offensive capabilities from [NSA hackers] Equation Group to create global chaos." (NPR)

A link between WannaCry and North Korea doesn’t need to be proven for a new Geneva Protocol to be enacted. Regardless of who is behind the attacks, it should be decided that if a nation is definitively discovered to have held foreign businesses and individuals hostage by illegally hijacking their sensitive networks and information, they should face internationally-agreed upon sanctions.

Though not the same as a missile strike or state-sponsored terror attack, deploying ransomware is an attack nonetheless. And, it’s an attack most often levied against innocents who never signed up for combat, making it precisely the sort of attack that Geneva Protocols would typically protect against.

Just as the Geneva Conventions have been convened to adapt to both nascent and persistent threats which fall outside of our most basic ethics in the past, it’s time for yet another protocol to be written into the books. We’re in the age of digital warfare, so why pretend like we’re still fighting in the trenches?