On Jan. 1, 2009, when an Indian oil tanker found itself under attack by machine gun fire from pirates off the coast of Somalia, the ship’s captain sent out an SOS via wireless radio. A nearby Malaysian frigate heard the call and immediately responded, sending a helicopter to the scene. On its arrival, the pirates fled and the tanker’s crew escaped unharmed. It’s a story that has been repeated countless times, in large part because international law requires anyone receiving an SOS signal to “proceed with all possible speed” to render assistance. Today, similar legal duties abound — what we might call “duties to assist” — whether in response to a pilot’s mayday call, distress signals or emergency numbers.
As yet, however, there is no “duty to assist” in cyberspace. That needs to change. Concerns about new kinds of pirates and a new form of attack — the “cyberattack” — currently fill our newspapers and preoccupy policymakers. When hackers marshaled a million computers to block access to Estonian computer networks in 2007, they took down emergency phone lines and froze online services for the government, banks, universities and hospitals.
