Drawing on the familiar and effective maritime principle of an SOS distress call, Professor Hollis argues in his paper, An e-SOS for Cyberspace, that an analogous system should be established to respond to cyber distresses. Traditionally, an SOS call required ships in the area “to ‘proceed with all speed’ to provide whatever assistance” they could. Hollis argues that “international law needs a new norm for cyber-security: a duty to assist, or DTA.” This duty to assist (DTA) would be much like an SOS in maritime law, in that it would “marshal[] sufficient resources to avoid or at least mitigate . . . harm as much as possible.” Under Hollis’ proposal, individuals, businesses, organizations, and/or states should have a similar ability (and a similar corresponding duty) to seek and provide aid to the victims of cyber attacks. If the DTA is effective, Hollis argues that it will not only help avoid or mitigate cyber harms but that it will also act as a deterrent by making attackers “think twice about whether it is worth the effort to attack at all.” Hollis is careful to make clear that he does not “expect any resulting duty to remediate all threats nor to operate in all contexts,” but he lays out a framework, inviting the international community to accept the apparent need and to craft a solution that will provide the assistance required.
Recognizing that Hollis’ project here is not to propose a complete solution but merely a framework upon which to build, I will focus my comments on four points in Hollis’ paper: proximity, frequency, technology protection, and the continuing problem of attribution. While these four points are fundamental to Hollis’ proposal, I believe that they also present some difficulties.