Published 18 October 2017
Note May 2018: this paper will be included in the TDM Special Issue on Cybersecurity in International Arbitration prepared by Stephanie Cohen and Mark C. Morril. Interested in contributing? You can find find the call for papers here TDM Call for Papers: Special Issue on Cybersecurity in International Arbitration
International commercial arbitration rests on certain fundamental attributes that cut across the different rule sets and cultural and legal systems in which it operates. There is common ground that any international commercial arbitration regime must encompass integrity and fairness, uphold the legitimate expectations of commercial parties, and respect essential elements of due process such as equal treatment of the parties, a fair opportunity for each party to present its case and neutral adjudicatory proceedings, untainted by illegal conduct.
The system and its integrity depend substantially on the role of the arbitrator. As Professor Rogers has stated: "[T]he authoritative nature of adjudicatory outcomes, as well as their existence within a larger system, imposes on adjudicators an obligation to preserve the integrity and legitimacy of the adjudicatory system in which they operate." Cyberbreaches of the arbitral process, including intrusion into arbitration-related data and transmissions, pose a direct and serious threat to the integrity and legitimacy of the process. This article posits that the arbitrator, as the presiding actor, has an important, front-line duty to avoid intrusion into the process.
The focus here on cyberintrusion into the arbitral process does not imply that international arbitration is uniquely vulnerable to data breaches, but only that international arbitration proceedings are not immune to increasingly pervasive cyberattacks against corporations, law firms, government agencies and officials and other custodians of large electronic data sets of sensitive information. Similarly, our focus on the role and responsibilities of the arbitrator should not obscure that cybersecurity is a shared responsibility and that other actors have independent obligations. Arbitrators are not uniquely vulnerable to data breaches and are not guarantors of cybersecurity. In the highly interdependent landscape of international commercial arbitration, data associated with any arbitration matter will only be as secure as the weakest link. Since data security ultimately depends on the responsible conduct and vigilance of individuals, any individual actor can be that weak link, whatever their practice setting, whatever the infrastructure they rely upon, and whatever role they play in an arbitration.
Footnotes omitted from this introduction.
Previously published as "A Call to Cyberarms: The International Arbitrator's Duty to Avoid Digital Intrusion", in 40 FORDHAM INTERNATIONAL LAW JOURNAL (981) (2017). Copyright © 2017 by the authors.