Asaf Lubin is an Associate Professor at Indiana University Maurer School of Law. His scholarship explores the nexus of law, technology, and international security. He spoke with SSRN about the international law of espionage, the fate of digital rights amid armed conflict, and the rise of unchecked cyber-vigilantism in an era dominated by big tech.
Q: Your work examines issues at the intersection of law, technology, and international security. How has the rapid evolution of technology influenced the direction of your research and other works?
A: What first drew me to the intersection of technology and national security law was a desire to investigate unknowns: the unacknowledged surveillance program, the redacted intelligence memo, the court-sanctioned gag order, and the closed-door hearing on the Hill. I came to the field to understand how secrecy shapes law, and how law, in turn, manages secrecy. I quickly realized that few academics chase these shadows. Fewer still examine the technical architectures that sustain them.
This is where I locate my academic voice: at the intersection of law, technology, and sovereign power. I study how legal institutions, both domestic and international, grapple with the evolving contours of the national security state, where intelligence agencies, military commands, and their corporate collaborators operate in expanding zones of legal ambiguity. These actors routinely oscillate between legal categories: war and peace, public and private, civilian and combatant, domestic and foreign, territorial and extraterritorial.
The legal, policy, and institutional design challenges this oscillation produces are not new; they have echoed across centuries. Still technology, as a medium through which statecraft is exercised, compounds these questions. Nowhere is that transformation more apparent than in the evolving lifespan of secrecy itself. Where states once presumed a durable control over classified knowledge, today’s information ecosystem has radically shortened the half-life of silence. I first grasped the magnitude of this shift as a student at Yale Law School, when a senior attorney from the NSA’s Office of General Counsel gave a lunch hour talk. With disarming candor, he told us: “We used to assume our secrets had a five-year shelf life. Now? It’s half that—and shrinking still.” Freedom of Information Act (FOIA) requests, offensive hacking, accidental leaking, investigative reporting, and whistleblowing have all eroded the traditional architecture of secrecy, and with it, certain presumptive foundations on which national security law once stood. Just think of the saga with the Yemen strike Signal chat. For researchers, this increased transparency is a good thing. It has meant greater access to information—opening new space for theory-building grounded in visible practice.
But transparency and access to information are surely not the only axis of transformation. As technology evolves, we see tectonic shifts in scale—faster speeds, broader reach, greater volumes of data—that complicate capacity limitations that are presumed by our existing laws. Other transformations alter the nature of legal problems altogether. Think for example of artificial intelligence. In my research, I’ve been drawn to the myriad ways in which legal authority is both encoded and displaced when predictive algorithms and autonomous surveillance systems are embedded into the infrastructures of law enforcement, military power, and foreign diplomacy. These systems do more than execute commands. They hardcode legal interpretation and application into software design and user interface in ways that can constrain human judgment, control, and ultimately accountability.
Q: Your upcoming book “The International Law of Intelligence: The World of Spycraft and the Law of Nations” examines the modern legal framework that governs peacetime intelligence operations and challenges the approach of international legal scholarship, suggesting a new legal framework for dealing with these issues. Talk a little bit about how this book has developed.
A: When I was eighteen, I became an intelligence analyst, a position I held for over five years. From the outset, I was struck by what my training did not cover. I don’t recall a single sustained discussion of the ethics of the profession, let alone the law that undergirds our work. Unlike my high school friends who went to combat units and received at least some formal instruction on the law of armed conflict, we were given no framework for considering the limits of our work: what it means to surveil someone and to intrude upon their private life as a matter of institutionalized practice. I recall a particular conversation with one of my commanders early in my training. “Spying is about lying, cheating, and deceiving,” he told me. “It is simply antithetical to ethics.” That blunt statement stayed with me. It became the seed for my doctoral research at Yale Law School and now this book. I have devoted a significant part of the last decade attempting to challenge the assumption that some government lawyers and officers have that foreign intelligence collection lies beyond the reach of either legality or morality.
Today, if I were to survey most international lawyers, certainly in the United States, I expect to hear one of two familiar responses as to the legality of peacetime cross-border espionage. The first camp, much like my commander, will consider espionage as extralegal, neither permitted nor prohibited, simply existing outside the edges of law. The second camp, perhaps the larger camp, will simply work to apply general principles of international law to espionage. That was the position advocated by an influential group of international experts in what is now known as the Tallinn Manual on the International Law Applicable to Cyber Operations. In other words, this camp has suggested that intelligence gathering is not regulated by any customary or treaty-based special rules but is rather governed by foundational legal principles that control all areas of state practice. With this logic in mind, many scholars in this camp have determined that nonconsensual peacetime interstate espionage is typically unlawful since it violates the sovereignty of the target state.
Both camps, the extralegalist camp and the generalist camp, I would argue, are overly simplistic. They ignore the uniquely profound, historically rooted, and nuanced function that intelligence plays in the maintenance of public world order. After all, the availability of accurate intelligence to decisionmakers reduces sovereign uncertainty, offering the prospect not merely of more rational state action, but of averting the fear-fueled security spiral into violence. In that sense, intelligence can, and often does, serve a stabilizing function for the legal order. Peacetime intelligence collection is also a prerequisite for the operationalization of core foundational frameworks within international law from the law of self-defense and countermeasures to non-proliferation treaties and sanctions regimes.
Now, recognizing that intelligence can serve this important function is not the same as always declaring it inherently lawful and ethical. Quite the opposite. If intelligence officers possess what I called “The Liberty to Spy”—the deliberately provocative title of my 2020 article in the Harvard International Law Journal—this liberty is narrow, conditional, and rigorously constrained. What is absent from the legal discourse is a pragmatic understanding of how customary international law and general principles help set the outer bounds of intelligence activity, shaping it into a self-contained specialized regime, the lex specialis of the international law of intelligence.
So, for example, launching intelligence operations untethered from necessity or efficacy, or conducting ones that disproportionately harm third parties, is not merely unwise but unlawful. The book’s central contribution is in articulating those specific legal constraints, trying to define what a reasonable intelligence agency would do, to avoid negligent harm and reckless endangerment. To do so, the book draws on a body of scholarship that is often ignored by international lawyers who are more drawn to treaties and doctrine than philosophy and ethics. Yet, intelligence studies scholars, including historians, ethicists, and former practitioners, have developed a rather robust body of works that looks to determine the permissibility or impermissibility of espionage in particular circumstances. Drawing more of our legal reasoning by analogy to this work, we might be able to import into international law a more honest reckoning with how intelligence is embedded within and constrained by our legal order.
Q: What do you think are the most important takeaways from this book that you want people to understand – not just about the current state of international law and intelligence but also regarding goals for the future?
A: To study such an edge case as the international law of intelligence is to probe the deeper architecture of international law itself: its sources, its epistemology, and its modes of reasoning. Traditional doctrine assumes that custom can only grow in soil enriched by open practice and bathed in the vibrant sunlight of opinio juris. In the shadows, we are told, custom withers. But that is far from the truth. Entire categories of legal flora and ecosystemic orders flourish in shaded terrain, if we only attune ourselves to see it. It is perhaps less a garden than a mycelial, fungi-like network of dense interconnected primary and secondary rules, operating beneath the surface, shaping state behavior from below.
Perceiving this subterranean legal order requires sensitivity to the stratigraphy of secrecy itself. After all, not all secrets are alike. Shallow secrets are broadly recognized, sometimes even universally so, even if the precise details of the underlying conduct remain contested or officially unacknowledged. Deep secrets, by contrast, are not merely unconfirmed but wholly unknown, shielded from public scrutiny in their entirety. Prevailing doctrine flattens this spectrum, treating all forms of secrecy as equally fatal to the formation of custom. This conflation overlooks the quiet development of navigational norms and operational codes—the tacit handshakes, subtle gestures, and occasional doubletalk that define a domain long governed by gentleman’s agreements. The book puts a spotlight on this world and, through it, offers a new lens on what Sir Daniel Bethlehem once called “the secret life of international law.”
Q: The chapter you wrote for the second edition of the “Research Handbook on Human Rights and Humanitarian Law” entitled “The Rights to Privacy and Data Protection Under International Humanitarian Law and Human Rights Law” is your most highly downloaded work on SSRN and was posted back in 2020 (prior to the subsequent release as a book chapter in 2022). In this, you discuss the rights to privacy and data protection in regulating wartime military operations and the areas in which the laws have significant gaps. In the years since this was posted and later published, has there been progress made to better regulate privacy and data protection in the scope of International Humanitarian Law (IHL)?
A: When I first wrote The Rights to Privacy and Data Protection under International Humanitarian Law and Human Rights Law, there was little doctrinal and theoretical engagement with the intersection of digital rights and armed conflict. At the time, breaches of informational privacy and data protection were often dismissed as peripheral. They were seen as technical concerns that paled in comparison to the more visible atrocities of war. Yet I argued then, as I do now, that these rights are not ancillary. They are sentinel norms. Their violation often marks the beginning of broader patterns of abuse and escalating civilian harm.
The urgency of this work has only intensified. Today’s conflicts are not only kinetic but deeply datafied. In Ukraine, in Gaza, and in other theaters of war, we are witnessing the deployment of artificial intelligence, biometric surveillance, and algorithmic targeting as routine instruments of war. These technologies have become force multipliers of violence, expanding both its reach and modalities. The harms they produce are no longer confined to the physical. Data exploitation, digital profiling, and the erosion of autonomy through opaque systems of algorithmic control represent new frontiers of civilian vulnerability. We are beginning to finally see recognition of that at international fora. The July 9, 2025 Grand Chamber decision of the European Court of Human Rights in Ukraine and the Netherlands v. Russia affirmed for the first time that unregulated mass digital surveillance in war and occupation violates the right to privacy. It is a foundational first step, though the exact parameters set by the Court are still modest.
Since the publication of that initial book chapter, the field has expanded with remarkable speed. In 2022, I co-edited “The Rights to Privacy and Data Protection in Times of Armed Conflict” the first book-length treatment of these issues, published by NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE). The volume convened a wide range of leading scholars and practitioners to map the legal and ethical challenges posed by the digitalization of contemporary warfare and to propose pathways for stronger protections. More recently, in Data Injustice in Global Justice (forthcoming, 59(1) UC Davis Law Review, 2025), co-authored with Cherry Tang, we turn to a different set of actors. The article examines the datafication of conflict and humanitarian crises advanced not by states and militaries, but by international courts and organizations. We critique the unrestrained data practices of these bodies and call for a fiduciary model of governance that treats the digital information collected from vulnerable populations as a trust held for their benefit, rather than as a resource to be mined for institutional expediency.
Q: One of your recent papers on SSRN “Tech Oligarchs and Corporate Vigilantism,” co-written with João Marinotti, forthcoming in the Michigan State Law Review, discusses the largely unchecked power held by leaders of large technology companies and the need for developing more comprehensive private law standards that can apply to different contexts within the digital and cyber spaces. Talk a little bit about what could be considered a “corporate vigilante” in this context.
A: This project was a deeply rewarding collaboration with João Marinotti, who—full disclosure—is both my co-author and my husband. Our paper draws on João’s earlier work, The Private Law of Self-Help, 58(2) UC Davis Law Review 769 (2024). In that piece, he examined the outer bounds of lawful self-help in a new way, one that can be applied to novel and unprecedented situations and cases. That paper argues that the concept of self-help is itself a civil mechanism constrained by the architecture of private law. Our paper takes those foundational and theoretical insights and tests their limits against policies and realities derived from the digital and cyber context.
In law, the principle of self-help allows private parties to act to protect their rights, but always within narrow limits and subject to later review by courts. What we see with Big Tech is different. Companies now design platforms and code that let them enforce their own rules—locking users out of accounts, bricking devices, or cutting off services—often automatically and without any judicial oversight. That is what we call corporate cyber vigilantism. It reflects a shift from permissible self-help to unilateral rule-making, where private code replaces public law. In the paper, we identify four recurring forms of this phenomenon—irreparable, careless, abusive, and sovereignty-substituting vigilantism—and argue that it represents a fundamental break from the traditional model of civil recourse, in which the legal system, not private actors, remains the final arbiter of rights.
Q: What existing principles in the legal system could be best applied to the unchecked power of big tech companies?
A: The legal guardrails already exist. Principles like necessity, proportionality, and the right to judicial recourse have long defined the boundaries of lawful self-help. Take the classic torts case of Katko v. Briney, where the court held that a landowner could not use an automated spring gun to defend an empty shed. The court reasoned that the harm was irreparable and far out of proportion. The same logic applies when tech companies deploy digital tools that can instantly repossess a car, brick a critic’s smartphone, lock a researcher out of cloud-stored files, or even suspend internet service across a whole region. Our claim is not that the law needs to reinvent itself, but rather that private law, especially tort doctrine, already provides the means to distinguish legitimate corporate discretion from unlawful vigilantism. Courts should use those tools to reassert the boundary between innovation and abuse.
Q: What do you think SSRN contributes to the world of modern research and scholarship?
A: I’ve always seen SSRN as more than just a repository. It’s a living forum for scholarly exchange. Posting early on SSRN isn’t just about staking intellectual territory, it’s about inviting dialogue when the work is still developing before publication. In fast-moving domains like cybersecurity, digital rights, and national security, the traditional publication timeline simply can’t keep pace. SSRN allows for ideas to circulate quickly when it’s most urgent to do so, so that they can have the greatest potential to inform, provoke, and shape emerging debates.
Some of my most generative conversations have begun with an SSRN post. I’ve had colleagues—both longstanding and new—reach out with feedback, questions, and insights that have directly improved my work. That early visibility has also led to invitations to write blog posts, appear on podcasts, and participate in conferences I wouldn’t otherwise have known about. For scholars who see their writing as part of a broader intellectual and public discourse, SSRN is an indispensable platform. Same is also applicable in the context of teaching and mentoring of students, who often turn to SSRN to find groundbreaking work to advance their research.
But what makes SSRN truly indispensable is its radical commitment to open access. It levels the playing field, for so many, by offering a platform where scholars and practitioners, regardless of institutional affiliation or geography, can engage with work as it emerges. As editor of the SSRN Law & Society: Private Law – Torts eJournal, I’ve had the privilege of curating a space where ideas on tort law travel freely and dialogue unfolds without the usual barriers of gatekeeping-by-subscription.
More About Asaf Lubin
Dr. Asaf Lubin is an Associate Professor at Indiana University Maurer School of Law and an Affiliated Faculty at the Hamilton Lugar School of Global and International Studies. He additionally serves as a Faculty Associate at the Berkman Klein Center for Internet and Society at Harvard University and as an Affiliated Fellow at Yale Law School’s Information Society Project. His scholarship explores the nexus of law, technology, and international security, informed by his earlier service as an intelligence analyst and his fellowship at a leading nonprofit dedicated to safeguarding privacy in the digital age. Dr. Lubin is the author of two forthcoming books: The International Law of Intelligence: The World of Spycraft and the Law of Nations (Oxford University Press, 2026) and Teaching Cybersecurity Law and Policy (Edward Elgar, 2026). He also co-edited the anthology The Rights to Privacy and Data Protection in Armed Conflict (NATO CCDCOE, 2022) and published an open educational resource, Torts: Cases Problems and Policy Choices (Indiana University Publishing, 2025). Previously, Dr. Lubin taught at Columbia Law School and Yale College.
You can see more work by Asaf Lubin on his SSRN Author page here