In June 2017, the Danish shipping giant Maersk faced a monumental crisis that highlighted both the fragility of modern digital infrastructure and the centrality of information technology to global capitalism: a targeted cyberattack against Ukraine spiraled into a worldwide outage, crippling Maersk’s information technology systems and halting operations in ports across the globe. With 4,000 servers and 45,000 PCs wiped out, the company was unable to process shipping orders until systems were restored, freezing revenue from several of the company’s shipping container lines for weeks. Maersk faced losses of around $300 million, while the total costs of the outage, which similarly affected numerous other companies, amounted to $10 billion.
For international legal scholars, NotPetya became a popular case study of how international law addresses security risks arising in cyberspace. However, the incident also reveals just how reliant the global capitalist economy of today is on digital technologies. As one of the largest shipping companies in the world, Maersk operates almost 15 per cent of global shipping. In this blog post, I show how the incident reveals not only the digital vulnerabilities of the global economy but also how international law operates to safeguard global capitalism.
Birth of International Cyber Law
In recent years, states, particularly in the Global North, have become attentive to the international legal questions arising from the transborder implications of digitalization. In addressing these questions, technological developments are often perceived as unequivocal benefits to societies. U.S. legal advisor Brian J. Egan has expressed an unhinged appreciation of the jeans-wearing elite in Silicon Valley whose technological innovations deliver ‘significant economic, social, and political benefits to individuals and societies around the world.’ Similarly, the U.K. has declared that the ‘use of cyberspace is in the interest of States and the international community as a whole’, and Germany has praised the interconnectedness of networks for fostering closer ties among nations and opening opportunities for cooperation between states and non-state actors alike.
In this celebratory narrative, states fail to question the underlying forces that determine technological development, instead perceiving it as an autonomous process, having a life of its own which proceeds almost naturally along a singular path. Poland has noted how ‘[c]hanges brought about by the dynamic growth of digital technologies … result in countries’ growing dependence on cyberspace’, and Canada has recognized the ‘ongoing nature of technological change’, with ‘rapid technological developments’ magnifying cyber-related challenges. Their views reflect David Noble’s accurate assertion that ‘technology appears to be an external force impinging upon society, as if it were, from outside, determining events to which people must forever adjust’, seemingly independent of social power and purpose.
As the course of technological developments is determined by inexorable market forces, the only option is, paraphrasing Douglas Kellner, to ‘get on the bandwagon, to be wired and connected, and to participate in the joys and benefits of the Digital Technology Revolution.’ States’ role becomes to manage the security risks arising from societal infrastructures’ digital dependence.
The celebratory, determinist technology view is shaping international law’s response to technological changes. The focus comes to be on protection against intrusions into digital systems: Can malware installations trigger a right to self-defense? Does ransomware legitimize countermeasures? When must states exercise due diligence to prevent their digital infrastructures from being deployed to conduct harm to other states?
These questions rest on an unchallenged assumption: that there is a universal interest in protecting the stability of the digital infrastructures underpinning global capitalism. This unfounded assumption persists due to a tendency among international cyber lawyers to disregard the political economy of the information technology landscape.
To understand the role of international law in cyberspace, we must examine the digital architecture and the global political economy that it manifests. As I show in the following, a closer examination reveals that there exists no harmony of interests in Cyberspace. It is a domain of conflict and contestation.
The Political Economy of Information Technology
Information technologies did not emerge in a vacuum, they were born of specific economic circumstances. At the end of the post-World War II economic boom, overcapacity in manufacturing began to cause declining profit rates. Governments’ increasing reliance on public and private borrowing only provided limited stability, while deepening stagnation. Rising debt and persistent overcapacity rendered economies increasingly less responsive to stimulus efforts.
Advances in information technologies offered capitalism a way out of this stagnation. In addition to the rise of technology-driven financial products, the emergence of new markets for digital products, and a new data economy, a key development occurred within the sector of logistics. Information technologies streamlined communication between suppliers, manufacturers, and distributors, and automated the management of warehouses and order fulfillment, reducing errors and lead times. Today, logistics has evolved into a multitrillion-dollar industry with a central role in the global economy.
While improving efficiency, these developments have also promoted the accumulation of capital and power, exacerbating global inequalities. To the global working class, modern logistics has enabled companies to source labor globally, allowing capital to seek out the cheapest labor markets and weakening their collective power. To the Global South, the standardization of, and concentration of the control over global supply chains has caused a continuation of foreign control over national economies despite formal decolonization. As Charmaine Chua reminds us, ‘the freedom with which containerized commodities now crosses our borders and into our streets is a freedom foreclosed from many who are displaced as a result of the logistics economy’s immiserating tendencies’. A transnational capitalist empire now effectively controls global supply chains, intensifying processes of dispossession and exploitation. As such, logistics has exacerbated existing inequalities and produced new forms of precarity.
The basic architecture of the ‘information society’ has been shaped by the interests of free market forces, allowing a small elite to control and profit from critical global infrastructure. In turn, fundamental aspects of life have been brought out of democratic control, exacerbating global inequalities as well as the looming ecological crisis.
‘An Attack on Maersk Strikes Everywhere at Once’
Let’s return to the outage of Maersk in 2017. NotPetya disrupted systems that have been key to the construction of Maersk’s shipping empire: innumerable details in the operation of modern shipping – monitoring routes, managing traffic, and reading ships’ inventory files – are controlled by information technologies. Operating a shipping business at the capacity of Maersk would simply be impossible without advanced digital systems. Currently, the world’s five largest shipping companies control 65 per cent of global shipping, underscoring how modern technology has enabled an unprecedented concentration of control over supply chains. This situation is aptly summarized in Wired journalist Andy Greenberg’s notion that ‘an attack on Maersk strikes everywhere at once.’
To Greenberg, this relationship of dependence suggests that the protection of Maersk is a key societal interest. Mainstream international legal scholars share this view, studying NotPetya as a case-study of the ‘complexity of applying international law to factually ambiguous cyber scenarios,’ raising ‘questions about possible response options of affected states and the international community’. They debate questions like attribution of the attack; violations of sovereignty of the states in which infrastructure was located; or whether the attack amounted to use of force. Moreover, to the extent that existing rules are deemed insufficient to address NotPetya, scholars have argued that ‘much more work remains to be done on the gray zone-like questions’, and that ‘work remains on how to make existing rules … effective in the cyber domain.’
An underlying assumption is that, while the technological landscape is ever-changing, one central aspect of status quo requires protection: The very system of domination that allows companies like Maersk to make fortunes on global supply chains from which no one can escape. As international law seeks to safeguard the stability and reliability of information technology systems, it simultaneously enables the continuation of this system of domination – that is, of global capitalism.
While Andy Greenberg is correct in asserting that an attack on Maersk strikes everywhere at once, he is mistaken in deducing that the protection of Maersk’s empire is a universal societal interest. To most people, the real interest lies in dismantling the very structures that have enabled Maersk to attain such power. Maersk may fear disruptions to the system, but to the majority of the global population, the real threat is the system itself. This triggers the question: Can international cyber law address this deeper threat? I will offer some reflections on that question in the final section of this post.
International Cyber Law’s Emancipatory Potential
The debate over international law’s emancipatory potential is long-standing. Some scholars argue that capitalism’s foundational structures are so deeply embedded in the international legal form that emancipation requires an abolition of this form. Others argue that the content of international law is contestable, and that progressive actors may force states to adopt an interpretation that favors other interests than the interests of capital.
I am more convinced by the former. To illustrate, we can examine what an opportunistic approach – in line with the latter view – might look like in the context of international cyber law.
As states are currently expressing their views on the cyber-specific content of general international law, ‘international cyber law’ is taking form. In this process, an opportunistic strategy might involve progressive movements advocating for states to interpret international law to prohibit technologies being used for transnational corporate control over critical infrastructure to ensure decentralized, democratic control. In theory, international law could then work to challenge the dominance of corporate control over vital aspects of life.
This strategy raises three problems.
First, as international law is structured around an analogy between the sovereign state and the individual property owner, the protection of private property remains central to the very form of international law. This makes international law inherently resistant to interpretations that challenge corporate control systems.
Second, and more critically, material relations precede legal regulations. As such, the eventual balancing of legal arguments does not reflect an inner legal logic, but underlying relations of domination. Without a shift in these material power relations, legal interpretations that challenge the systemic inequalities embedded in global capitalism are unlikely to gain acceptance.
As advocacy targeted at fundamental structural problems is therefore doomed largely ineffective, a third problem arises: By engaging with a legal system that works to preserve status quo rather than refuting it, advocacy strategies may confer legitimacy to its operations and end up counterproductive.
As it stands, by neglecting the profound, conflicting interests in digital space, international law once again reveals its complicity in perpetuating global capitalism. Meaningful change demands nothing less than dismantling global capitalism itself and restructuring the digital landscape from a tool for profit and concentration of power into a tool for just distribution and democratic control. While this remains a long-term goal, recognizing international law’s complicity in sustaining these systems is a crucial first step.
