In this policy brief, Dennis Broeders, Sergei Boeke and Ilina Georgieva explore the role of intelligence agencies in cyberspace and the (im)possibilities of oversight and regulation of those agencies.
This policy brief covers the behaviour of intelligence agencies in cyberspace and possible normative constraints on that behaviour. Most known cyber operations by intelligence agencies are so called ‘below-the-threshold’ operations, and some stretch beyond what is commonly understood to be ‘foreign intelligence gathering’ to include covert action and influence campaigns. The digital domain facilitates new possibilities for classic intelligence tasks, but also entails new risks and (un)intended consequences such as threats to civilian use of the internet and grey zones of accountability. Importantly, the operations of intelligence services in cyberspace can have a negative impact on international peace and stability. In terms of regulation, intelligence agencies are the proverbial elephants in the room when states discuss the applicability of International Humanitarian Law (IHL) to the online world. The military-dominated legal framework does not fit well with actual state practice in cyberspace. States are reluctant to discuss the specific operations of their intelligence agencies. This trend is unlikely to halt.
In order to explore the role of foreign intelligence agencies in cyberspace and the (im)possibilities of oversight and regulation thereof, we convened 15 experts in a workshop in The Hague in April 2019. The experts were all from Europe and North America and about half of the participants were (former) members of foreign intelligence agencies, both civilian and military. The other participants were academic experts and members of intelligence oversight bodies. The workshop was held under the Chatham House rule. This brief incorporates findings from the workshop, and is based in the broader research agenda of The Hague Program for Cyber Norms.