TLS Highlights

Are DOD’s rules of engagement in cyberspace too limited?

TLS Director Gary Corn was recently quoted in a DefenseScoop article, which cited his 2021 paper on the U.S. cyber policy shift: "In line with the shift to a more proactive cyber strategy ... NSPM-13 enables faster, more agile decision-making better adapted to the strategic threat." The article explores current constraints on DOD's rules of engagement and how policy shifts, like NSPM-13, shape future cyber strategy. Read the full article here and read Corn's full paper here.

Save the Date! September 15 - 16: Navigating Emerging Gaps & Seams

Upwards of 100 States, either directly or through regional organizations, have now weighed in on the important questions of whether and how international law applies to cyber operations.  While some concordance of views is evident, significant areas of discordance have emerged as well.  The relatively unprecedented and growing use of national statements—in the form of official speeches, papers, or contributions to United Nations processes—to express States’ views has also raised questions about their normative function and whether the views offered are creating, intentionally or not, a form of lex specialis of international law tailored to the cyber and information context.  And if not, what normative implications do these emerging positions have for the interpretation and application of international law rules outside of the cyber context? What are the implications of states remaining silent on certain issues, or not issuing positions at all? At the same time, cyber and information conflict has not abated, and the pace, sophistication, and impact of these threats will only increase with the introduction of artificial intelligence and other technological advances.  How international law responds to these developments, especially at a time of heightened instability, should remain at the top of States’ agendas.

The Tech, Law, & Security Program (TLS) is excited to once again host our annual symposium at the American University Washington College of Law on September 15-16, 2025 in partnership with: The Lieber Institute, West Point, The Federmann Cyber Security Research Center, Hebrew University of Jerusalem, The Centre for International Law, National University of Singapore and The NATO Cooperative Cyber Defence Centre of Excellence. A closed-door workshop will follow on September 17, 2025, by invitation only.

The Fourth Annual Symposium on Cyber and International Law—Navigating Emerging Gaps & Seams, will again bring together leading experts from across the globe to address this timely and important topic.

Register here. 

Necessity, Proportionality, and Executive Order 14086.

TLS Senior Project Director Alex Joel provides an in-depth explanation of how EO 14086 addresses the Schrems II concerns regarding necessity and proportionality. The terms “necessary” and “proportionate” have specialized meanings under the jurisprudence of the Court of Justice of the European Union and the European Court of Human Rights. The paper examines in depth how the EO articulates and explains those terms, interpreting them in light of U.S. law and legal traditions. View the report here and the larger Privacy Across Borders Project here. 

Content governance in the shadows: How Telcos & Other Infrastructure companies "Moderate" Online Content.

TLS Senior Fellow Prem M. Trivedi addresses significant policy challenges in online content governance activities by non-application layer internet infrastructure companies. In addition to exploring the nuances of the challenges, the paper makes recommendations for telcos to improve transparency about their practices and for how all non-application layer companies can consider substantive content governance principles. This paper is part of the TLS Addressing Harmful Content Online Project and is supported, in part, by the Anti-Defamation League. View the paper here. 

Data Localization and Government Access to Data Stored abroad: Discussion Paper 2.

The Centre for Information Policy Leadership (CIPL) and Tech, Law & Security Program (TLS) have been collaborating on a project regarding data localization policies. As data localization is increasingly gaining traction, we seek to understand the different dimensions of the impacts and effectiveness of these policies. As part of this collaboration—CIPL published a paper on the “real life” business, societal, and consumer impacts of data localization policies and TLS published the present paper on whether data localization measures are legally effective in achieving one of their main ostensible purposes, i.e., to prevent foreign government access to data. View the paper here. 

Combating Ransomware: One Year On.

This new paper revisits key ideas from the “Combating Ransomware” webinar series in view of ransomware’s evolution over the past year; identifies progress that has been made in the fight against ransomware; and identifies actionable recommendations for the future. These include recommendations designed to strengthen cyber defense, cyber offense, law enforcement efforts, the U.S. cyber incident reporting regime, cryptocurrency efforts, and international efforts. This report was jointly authored by V. Gerald Comizio, Gary Corn (TLS Program Director), William Deckelman (TLS Advisory Board Member), Karl Hopkins (TLS Advisory Board Member), Mark Hughes, Patrick McCarty, Sujit Raman (TLS Senior Fellow), Kurt Sanger, Ari Schwartz, Melanie Teplinsky (TLS Senior Fellow), and Jackson Colling (former TLS Student Fellow). View the report here. 

Protecting Children in the Age of End-to-End Encryption.

Senior Project Director Laura Draper explores how to combat online child sexual exploitation and abuse when end-to-end encryption obscures the government’s access. Conversations about online child sexual exploitation and abuse often devolve into no-win arguments about the merits (or lack thereof) of end-to-end encryption. TLS Senior Project Director Laura Draper sidesteps this debate in the new report, Protecting Children in the Age of End-to-End Encryption, by assuming end-to-end encryption is here to stay, and focusing on how we can collaborate to combat these harms.  View the project and report.