Scroll Top

TERRITORIAL SOVEREIGNTY IN CYBERSPACE & CYBERESPIONAGE

Today, international law exists in a flux of developing technologies that present challenges hitherto undreamt of. Territorial sovereignty stands to be the fundamental governing rule in the international law landscape and has been recognized to have application in cyberspace too.

TERRITORIAL SOVEREIGNTY IN CYBERSPACE & CYBERESPIONAGE
0
By Jus Corpus Blogs December 15, 2021

Introduction

Today, international law exists in a flux of developing technologies that present challenges hitherto undreamt of. Territorial sovereignty stands to be the fundamental governing rule in the international law landscape and has been recognized to have application in cyberspace too. Its applicability, however, varies in the type of operations in cyberspace and the manner in which it applies.

For the purpose of conciseness, this article’s scope is limited to the application of territorial sovereignty in operations conducted by states on another target state via cyber means. The article shall first discuss territorial sovereignty in cyberspace in general and then proceed to cyber espionage after discussing the existing international laws governing espionage activities between states.

Territorial sovereignty in cyberspace

Existing international norms and principles date back as early as 1648 when sovereignty was recognized as a fundamental object for a state. Actors in the international realm could not have had in mind the rise of Information and Communication Technology and its related development when the norms were created. Then the obvious question is whether these rules have any applicability in sporadic activities over the computer networks and internet. The question, however, has been answered by UN GGE 2013, 2015 and was recognized by states and experts in the field consistently. Long-standing norms and rules governing state conduct including sovereignty continue to apply in cyberspace.

State sovereignty is based on two grounds:

  1. Territoriality
  2. Inherently governmental functions are protected from external interference.

This section shall not discuss rules governing the latter, criminal activities in cyberspace, and states’ jurisdiction governing the internet and its users. A state can violate the sovereignty of another state in cyberspace on either of the grounds. The conduct, however, must be attributable to the state to attract state responsibility. The underlying rationale for the relevance of this rule in cyberspace is simple. Cyberspace, though existing and operating virtually, is not independent of physical infrastructure and legal persons using and operating them. As many experts in the field put it, cyberspace is indeed rooted in some physical existence and hence territorial sovereignty, as a rule, continues to apply in cyberspace.

Experts advocating that territorial sovereignty exists as a principle giving rise to primary rules assert that a violation of territorial sovereignty occurs only when a physical effect manifests on the state’s territory which would be likely if the activity had occurred in physical means. This position is termed as ‘relative sovereignty’.[1] However, when minor intrusions into another state’s territory have been held to be violations of territorial sovereignty even in the absence of any physical effect of harm, there is no plausible reason as to why the same standard cannot apply in cyberspace. Authors like Heller. K. J assert this position of ‘absolute sovereignty because of mutatis mutandis. States like France, Switzerland, Iran, and Venezuela among other Latin American nations have all taken this position in their official position papers and statements.

Mere interferences with the state’s cyberinfrastructure and computer networks might give rise to no or minor physical effects on the functioning of infrastructure and persons that will not rise to the use of force under Article 2 (4) of the UN Charter.[2] In growing threats that might not always be possible to trace back and give rise to little physical effects, taking an approach based on the effects manifested to determine violation is not exhorting. This is of primary concern, especially because such an approach seems to be the prevailing view in related literature and state practice.

Tallinn Manual 2.0, authored by a group of international experts, reflects a similar position. Positive developments in the UN GGE 2013 and 2015 sessions were not followed by consensus as to the “how” of territorial sovereignty among other rules in the 2017 program. With an absence of consistent state practice challenging and contesting violations of territorial sovereignty, and differing opinions put forth by experts and authors, customary international law does not provide any strict rules to cyberspace. Therefore, as a matter of conclusion, the character of territorial sovereignty’s applicability is not undisputed and settled.

To add to the existing lacunae, espionage conducted between states using and targeting cyber means presents new challenges particularly when it is generally opined that there is no violation of territorial sovereignty in absence of a physical effect or harm. To understand how the existing law applies in cyber espionage, it is essential to visit the understanding of state conducted espionage in international law.

International law in espionage activities

The fact that states have engaged in espionage activities for a long to collect military, political and economic strategies from fellow states to have a strategic advantage and make plans warily does not need to be explained in detail. Except for states condemning the other state’s actions, there arose no significant legal dispute regarding espionage activity.[3] Generally, States have exercised their domestic criminal jurisdiction in the event they take cognizance of such activity taking within the state. The contention, however, arises when the activity is conducted extraterritorially because then the states will either have to extradite the person(s) or dispute with the acting state if the conduct is attributable.

Authors taking sides with the illegality of espionage reasons that espionage activities threaten the national security and political integrity of states.[4] Other positions based on similar reasoning are ironic because states conduct espionage activities to protect their national security and state interests. Advocates of espionage’s legality base their reasoning sufficiently on the implied acceptance by states with the ‘policy of silence’. It is to be noted that state silence shall also amount to customary international law by the doctrine of acquiescence. Except for certain specialised regimes and activities like the law in foreign immunity and diplomacy, and outer space, it seems that states have and will continue to conduct espionage accepting the risk of violation of international law.

Territorial Sovereignty in Cyber espionage

Ziolkowski. K puts forward a comprehensive definition for cyber espionage after assessing espionage as defined by several dictionaries and states. She states that “Cyber espionage is the copying of data that is publicly not available, and which is in wireless transmission, saved or temporarily available on IT-systems or computer networks located on the territory or otherwise attributable to the state”. Two aspects require attention at this juncture.

Firstly, by emphasising on copying of data, the presence of any physical harm or effect is completely ruled out in this definition. In general practice too, states often collect and copy data to their servers without leaving a trace of any kind. The prevailing general approach to territorial sovereignty violations in cyberspace requiring physical harm, evidently, does not prohibit cyberespionage. The Tallinn Manual 2.0 experts in Rule 32 have observed that cyberespionage is not prohibited by international law per se. However, if minor intrusions into the state’s cyberspace give rise to international state responsibility under the absolute sovereignty approach, cyber espionage will also violate the territorial sovereignty of states. The means used to obtain access to documents and copies might strike a middle ground to establish a violation of territorial sovereignty. Attacks employing harmful spyware and autonomous malware often result in functional and operational harm. These effects, even to the extent of merely slowing down systems or resulting in irregular function should be taken into consideration.

It is not to say that all intrusions lead to a violation of the rule. States’ military intercepts radio communications as a general military practice. This along with the instance where a state gains access to miscellaneous government files do not lead to a violation. The second aspect comes into relevance at this point. If all intrusions do not amount to violation and if all types of data are covered by regulation of this rule’s applicability, how do we define keystrokes that settle the blurred lines? Perhaps, the answer lies in the type of documents and data forming the subject matter. It is more likely that documents containing confidential information, say, for instance, nuclear codes or industrial codes, amount to a violation of territorial sovereignty. Even in this case, the protection lies in the rule of non-intervention[5] than territorial sovereignty.

Therefore, a commonly agreed norm regulating cyberespionage remains elusive. This is complicated by the fact that espionage in general is itself unprohibited. However, with the scale and degree of effects, cyberspace opens for state conducted espionage, the need for a multilateral treaty among nations and Opinio Juris close to the state practice is higher than ever.

Conclusion

Many questions regarding when it amounts to a violation of territorial sovereignty remain open-ended and unanswered. The answers sought depending on the underlying approach to sovereignty, the existing answers, and the answers that can evolve in the reality of state practice are all exclusive of each other. A single common answer can only be arrived at by an understanding of what the states posit themselves on. Even with sufficient consensus on the law, the question of whether states will invoke a fundamental rule of international law to cyber activities that involve complexities of attribution, fact-finding, and enforcement is on the negative side.

Author(s) Name: Akhil Surya (NALSAR University of Law, Hyderabad)

References:

[1] Harriet Moynihan, The Application of International Law to State Cyberattacks: Sovereignty and Non-intervention’ (Chatham House Research Paper 3, 2020), at 45.

[2] Id.

[3] Id.

[4] Quincy Wright, ‘Espionage and the Doctrine of Non-Intervention in Internal Affairs’ (1962) in Roland J Stanger (ed), Essays on Espionage and International Law at 24.

[5] Supra note 2.

Jus Corpus / About Author
More posts by Jus Corpus

Related Posts

DO DIGITALIZATION & CYBER ATTACKS GO HAND IN HAND?

Numerous innovations (mobile Internet, artificial intelligence, smart home, and so on) have dramatically advanced in recent years

9
10 Apr 2021
COPYRIGHT
COPYRIGHT INFRINGEMENT IN CYBERSPACE

In today’s world, the internet is accessible to all at a negligible cost and is the quickest source of information. The former CEO of Microsoft Bill Gates stated that the world is becoming a global village and its town square is the Internet. With a single click on cyberspace, different sites open up.

3
26 Sep 2021
Cyber Law
GIFTS OF CYBER LAW TO INDIA

Cyberlaw, also known as cybercrime law, is legislation that focuses on the acceptability of the behavioural usage of technology that mainly involves a computer, computer hardware, and software, the internet networks. In such vast diversification, Cyberlaw helps in protecting

6
20 Aug 2021
CYBERCRIMES
CYBERCRIMES: ARE THE LAWS OUTDATED FOR THIS TYPE OF CRIME?

The concept of crime has been prevalent since time immemorial, with the change of society the type of crime has also been changed. In the 20th century when technology was used on world level scale and the crime also have been shifted to technology-based crime also known as cybercrime.

1
24 Aug 2021
PEGASUS SPYWARE
PEGASUS SPYWARE AND HOW DOES IT USE ZERO-CLICK VULNERABILITY

Pegasus is spyware, it infiltrates your phone or any other device, using a vector. The vector is what carries the spyware inside the device it could be WhatsApp, it could be via messaging, it could be via mail.

7
26 Aug 2021
PEGASUS
PEGASUS: A THREAT TO CYBER SECURITY

The era of globalization and digitalization has been marked by a wave of advancements in the field of communication science and technology. Continuous improvements in the specific field have also led to transformation of certain devices to build a bridge to exploit the individual’s personal data.

0
18 Aug 2021
CYBER VOYEURISM
SNEAKING INTO THE CONCEPT OF CYBER VOYEURISM

The advent of technology has had a great impact on the society, but with great power comes great responsibilities and one of the major downsides of these technological advancements is cyber-crimes, which have been on a high in these times. These are basically wrongs that involve computers and network devices. One of the gravest cybercrimes committed in the world that goes unnoticed is Voyeurism.

2
26 Sep 2021
NABBING
INVESTIGATION AND NABBING OF ACCUSED IN CYBERCRIME

The advent of information technology bought along with it several vulnerabilities like cybercrime and cyber-terrorism. Cybercrime is a crime committed in digital or virtual space through a device like a computer or a network of such connections.

4
28 Jul 2021