Balloons and the "domain awareness gap"
The ancient technology is still great at spying and maybe psyops, too
Balloons are an ancient technology thought relegated to monitoring the weather, wedding and tourist events. Balloons we thought were replaced by drones with their sophisticated maneuvering and ability to dispatch its targets with high precision. But this week, balloons have come back into the spotlight of national defense and war with news of a balloon owned and operated by China carrying equipment the size of three buses that traversed the United States from Alaska to South Carolina without being intercepted. The proverbial “trial balloon” was floated by China and if we wanted to look incompetent and hide our methods of detection, we did an excellent job.
Unfortunately, this was made worse by the federal government choosing not to disclose the incursion and the decision not to shoot down the balloon. When some civilians spotted the balloon in the Montana sky, it forced the federal government to admit the situation. So the information that we are seeing in the news media may or may not be accurate, but we at least know the balloon had surveillance equipment and data collection capability and was likely transmitting data back to China from the balloon.
The legal analysis of the China balloon incident did not consider the new interpretation for cybersecurity threats in the context of national security. This may be the most important analysis of all, and the true activity of the balloon in collecting data could be punishable by domestic law in every state it passed through.
Sovereignty and Jurisdiction
International law in space law, cybersecurity law and environmental law, as well as domestic law is needed to analyze the China Balloon Incident. Fortunately, I teach courses in all three of these areas and have taught a course called Intelligence Law, which is also useful here.
Here is the general rules for sovereignty and jurisdiction in the air domain, the space domain, the sea domain which others have discussed widely in the media. Satellites that fly above the Karman line or above roughly 62 miles in altitude, are not subject to the jurisdiction of the nation below, but stay in the jurisdiction of the launching state (the Outer Space Treaty). Below the Karman line (approximately) which is determined to be just below the altitude at which aircraft can function, anything in flight is subject to territorial jurisdiction when over the nation (International Customary Law) or within about 12 nautical miles from its shore over the sea (Law of the Sea). Passage through the territorial sea, renders the passage non-innocent.[1] However, among the 193 nations that are signatories to the ICAO (International Civil Aviation Organization), these nations keep their jurisdiction on their aircraft even when in fight over another nation. Flying outside the boundaries of the 12 nautical miles offshore, jurisdiction is governed by international law. There are exceptions and nuances here, including who is a signatory to each of these treaties, but these are the general rules.
So why the “domain awareness gap”? Typically NORAD monitors for incoming aircraft and missiles, but a slow moving balloon at very high altitudes seems to elude existing sensory systems, or so they say. Our domain awareness gap seems to be left to civilians going about their day on the ground in Montana, in this case.
Threat and Self Defense
This China Balloon Incident has been analyzed in terms of traditional laws of war as to its physical presence in the airspace of the United States. But because the U.S. has admitted that there was no threat of force, the U.S. has no defense for its disproportionate kinetic attack on the balloon. The threat was no longer imminent once it left and was over the ocean moving away from shore. Even with the U.S. doctrine of “anticipatory self-defense”, the stated policy of the Bush ’43 Administration, the balloon had left the continental U.S. and had undoubtedly transmitted in real time the data it likely collected and was arguably no longer a threat. Although controversial, the experts on writing the Tallinn Manual decided that “anticipatory self-defense can be used where a cyberattack is imminent” but some of the experts held the view that anticipatory self-defense was illegal.[2]
Waiting until the balloon was no longer a threat by waiting until it was over the ocean, just within our territorial jurisdiction meant it was lacking in “immediacy”, which is one of the critical factors in determining whether an action is self defense or retaliatory. Waiting until there was no “immediacy” tended to make the U.S. appear to be making a retaliatory attack which is illegal in international law.[3]
By the time the second object/balloon was detected in Alaska at the end of the week, the response was more conforming with international law when
John Kirby, a national security spokesperson for the White House, said the Defense Department was tracking a “high-altitude object” over Alaska at 40,000 feet that posed “a reasonable threat to the safety of civilian flight. The object was shot down within the last hour at President Biden’s direction, Kirby said, and landed in U.S. waters.[4]
Perhaps they finally invited the lawyers to the strategy meeting, and decided it was reasonable to identify the new object/balloon as an immediate threat to safety to warrant a quick action in self-defense. It appears the President ordered it be shot down within what appeared to be very shortly after its discovery. This is a model of how to respond to such a threat. My thanks to the legal staff, which bears the marks of good advice.
The Cyberspace Domain
The military is highly experienced with the land, sea and air domains, and now with the new Space Force we have begun to cover the space domain; but we have much less experience with the cyberspace domain and notably no Cyberspace Force.
After the cyberattack on Estonia by Russia, under the framework of the United Nations and with the support of NATO, formal expert discussions were held to understand what existing international law would apply to these cyberattacks by one nation against another. The experts in the fields of international law and laws of war set out to interpret these laws in the context of the new threat of cyberwar. The result was the production of non-binding guidance on interpretation of international law as it applies to cyberwar, called the Tallinn Manual in 2013,[5] named after the capital of Estonia. It served as guidance until it was updated with a new version in 2017 producing Tallinn Manual 2.0.[6]
Since it appears the real purpose and function of the China Balloon was for a cyberespionage, cyberhacking (and potentially cyberattacking), we should look to this guidance in international law to assess the illegality, if any, in the domain of cyberspace.
The Tallinn Manual 2.0 confirms international law and the right of a sovereign state to control what happens within its borders. In this case, the balloon was well within the national air space so traversing U.S. airspace[7] was subject to the need to obtain permission.
Conducting surveillance and collecting data
Peacetime espionage is not illegal in international law, and so conducting it within the U.S. is not illegal, at least under international law.[8] So while it is not illegal under international law, it is illegal under domestic law (state criminal law) where there is unauthorized access to a computer or data base, for example. Further, cyber espionage and cyber exploitation operations lack the coercive element which would be “intervention” as opposed to “interference”.[9]
Most of the cyberattacks against the United States or private sector (like the Sony Pictures, cyberattack) resulted in criminal prosecutions against individuals and not an international law resolution. To proceed under international law in the International Court of Justice or other international tribunal for cyberattacks, there must be the capability to show attribution to the nation responsible for the attack. So far, in attacks by China and Russia, the evidence has been thin for demonstrating attribution.
Was the Balloon platform conducting damaging operations?
So far, all of the known actions of the Balloon and its payload were non-damaging, but what if there were any number of strategic cyberattacks through direct cyberhacking that damaged or deleted data? What if China was connecting to the many devices made in China and used in the U.S. known to have backdoors for later data leaking to China? This is another good demonstration of why the U.S. prohibition on certain electronics associated with national security should not be purchased from China manufacturers. Once cyberhacking causes damage, certain actions in self defense become legal.
Quantico’s Role
Should the FBI technical center at Quantico discover that the Balloon and its payload conducted any cyber operations that caused or potentially caused damage to our cyber infrastructure or data, then the analysis changes to a much for serious consequence for the attacking nation.
If there were cyberattacks that intervened with data or services that are necessary for the exercise of “inherently governmental functions”,[10] then the actions taken by the U.S. to destroy the Balloon and payload were legal under international law as long as the argument could be made it was an ongoing threat or the attacks continued as the Balloon floated out to sea.
Was the balloon just a test and a bit of psyops?
“Psyops” is short for psychological operations, is the use of psychological warfare against your adversary. Floating a balloon slowly to taunt us as the U.S. refused to shoot it down, could have been a psychological objective, since it can apparently be easily seen and observed by civilians on the ground. However, under international law, propaganda alone is not a violation of sovereignty. The propaganda would have to be calculated to incite civil violence to constitute an interference of government functions under international law.[11] Further, because psyops by definition does not constitute a threat of force, a kinetic response (physical harm like a bomb) is not legal.
China’s response:
Beijing has publicly protested the action, with the vice minister of foreign affairs on Feb. 6 charging that the US had used “indiscriminate use of force against the civilian airship seriously violated the spirit of international law and international practice.”[12]
One last reminder to China is that their claim of civilian ownership of the Balloon does not matter in international law under the Tallinn Manual 2.0 interpretation if the private organization was carrying out a governmental function on behalf of China, which all businesses do in China.
[1] Tallinn Manual 2.0, Rule 4 (para. 29), see also Rule 48.
[2] Tallinn Manual 2.0, Rule 73 (para. 2).
[3] Immediacy distinguishes an act of self-defense from mere retaliation. It refers to the period following the execution of an armed attack within which the Victim State may reasonably respond in self-defense. (Tallinn Manual 2.0, Rule 73, para. 12).
[4] https://thehill.com/policy/defense/3852988-us-shoots-down-another-high-altitude-object-over-alaskan-airspace/
[5] https://www.cambridge.org/core/books/tallinn-manual-on-the-international-law-applicable-to-cyber-warfare/50C5BFF166A7FED75B4EA643AC677DAE
[6] https://www.cambridge.org/core/books/tallinn-manual-20-on-the-international-law-applicable-to-cyber-operations/E4FFD83EA790D7C4C3C28FC9CA2FB6C9
[7] State controls its territory and access to its “superjacent national airspace” (See Law of the Sea Convention, Art. 2) subject to its consent or another justification in international law (Rule 11, para. 6) (Tallinn Manual 2.0).
[8] International law does not address peacetime espionage, and so that will have no legal significance with respect to sovereignty (Tallinn Manual, Rule 32, 19, para. 27).
[9] Tallinn Manual 2.0, Rule 76 (para. 7).
[10] Tallinn Manual 2.0, Rule 76 (para. 7). The object must be devoted solely to a government function (para. 2) and any interference with the object would violate sovereign immunity Rule 5 (para. 3).
[11] Propaganda designed to incite civil violence may violate the prohibition against intervention (Tallinn Manual 2.0, Rule 66).
[12] https://breakingdefense.com/2023/02/balloons-vs-satellites-popping-some-misconceptions-about-capability-and-legality/
Thanks for explaining the legalities of the recent balloon incidents. Yes, we should have a Cyberspace Force! I never thought of that before, but it makes sense.