Science, Technology, and Public Policy

Over the past two decades, the United States has increasingly turned to targeted sanctions and export restrictions, such as those imposed against Iran and North Korea, in order to curb the spread of weapons of mass destruction. One vexing problem, however, is how to contend with jurisdictional hurdles when the violations occur overseas, in countries that are unable or unwilling to assist US enforcement efforts. To solve this problem, US prosecutors are turning to strategies with significant extraterritorial implications—that is, exercising legal authority beyond national borders. One such tool is to use civil legal procedures to seize assets linked to sanctions or export-control violations in jurisdictions that lack cooperative arrangements with US enforcement agencies. While this may be an attractive strategy to bolster enforcement efforts against overseas illicit procurement, using such tools is not without consequence. This article explores the political, legal, and technical implications of enforcing extraterritorial controls against overseas non-state actors by exploring the recent uses of civil-asset forfeiture against Iranian and North Korean procurement networks.

Since the 1979 revolution, Iran has sought to illicitly procure parts for the U.S. origin fighter aircraft sold to the country under the rule of the Shah. The U.S. has taken steps to quash this trade—these efforts have constituted a relatively large proportion of U.S. export control enforcement over the past near-to-four decades. 

This article analyzes the congressional history of so-called "Internet kill switch" bills and two domestic cases of a denial-of-access to local Internet connections.

Encryption's new normal is changing the way in which states assert their sovereignty at home and abroad. Cryptography has gone mainstream. Now more than ever, encryption is used by ordinary citizens, often without their knowledge, and is a subject of national debate.

In this journal article for Survival, Aaron Arnold argues that the success of financial sanctions rests largely on the dominance of the US dollar and the correspondent banking system. Yet emerging trends could undermine Washington’s capacity to employ this tool.

In this issue of International Engagement on Cyber, authors discuss developments, challenges, and improvements to critical infrastructure cybersecurity from legal, policy, and technical perspectives. Cyber V also evaluates cybersecurity in Brazil, suggests improved government and private sector cybersecurity practices, and theorizes military actions in the information age.

On 22 November 2013, the Federal Energy Regulatory Commission approved the latest version of mandatory cybersecurity regulations for the bulk electric system—known as Critical Infrastructure Protection (CIP) Reliability Standards. The CIP standards are relatively unique: they are developed through an unusual model of industry-led regulation that places industry, and not federal regulators, at the center of regulatory design and enforcement. The CIP regulations have received a significant amount of criticism. Critics argue that the regulations are incomplete at best and irreparably flawed at worst. The author examines the lessons we can learn from the CIP standards and poses a provocative question: Are the regulations actually a secret success?