JOBNAME: Tsagourias PAGE: 1 SESS: 2 OUTPUT: Mon May 18 10:36:31 2015
Index
Aaltola, M 25 ASEAN Convention on Counter Terrorism Acharya, A 451 162 Ackerman, R 446, 447, 448 Asia-Pacific cyber security 446–64 Afghanistan War 276, 324 ASEAN CERT programs 454, 460, 462 African Union Cybersecurity Convention (AU ASEAN Cooperation Plan 455 Convention) 192, 196, 197, 200 ASEAN Defence Ministers Meetings Ago, R 58, 233, 244 (ADMMs) 454, 455 Akande, D 274, 327 ASEAN Economic Community Blueprint Akehurst, M 19, 31–2, 34 453 Albright, D 243, 330 ASEAN Information Infrastructure and Aldrich, R 123, 361 Hanoi Plan of Action 452 Alexander, K 418 ASEAN Political-Security Community 454 Alston, P 337 ASEAN Regional Forum (ARF) 455–8 Ambos, K 118–43, 156 ASEAN Telecommunications and IT Andress, J 229 Ministers (TELMIN), ICT Anonymous group 157, 213 infrastructure and capacity Antolin-Jenkins, V 248, 249 development 452–4, 461 Antonopoulos, C 28, 55–71 ASEAN Telecommunications and IT Aoki, K 76 Ministers (TELMIN), Mactan Cebu Appelbaum, B 324 Declaration 454 Arcaric, M 406 cyber security confidence building measures Areng, L 429, 445 (CBMs) 449 Argomaniz, J 404–5 cyberspace ‘rules of engagement’ measures Arias, A 206 463 Arimatsu, L 121, 149, 228, 307, 326–42, 345, e-ASEAN Framework Agreement 452 368, 398 geopolitical landscape 447–51 Armacost, M 390 government vulnerability concerns 463 armed force and conflict non-State actors involvement 449–50 classification of armed see classification of regional approaches 451–63 cyber warfare, international armed Singapore Declaration 452–3 conflict sovereignty considerations 447–8, 463 cyber attacks as ‘armed attacks’ 263–70, technological capabilities and cyber 272–3, 275, 276, 279–80, 281–2 infrastructure disparities 449–50 cyber attacks and crime of aggression Asia-Pacific cyber security, Asia-Pacific 138–9 Economic Cooperation (APEC) 458–62 cyber operation as see cyber operations as a Action Agenda for New Economy 458–9 use of force, as armed force Cybersecurity Strategy 460–61, 463 determining whether armed force has been e-APEC Strategy 459, 460 applied 122–3 international institution cooperation 462 existence of, cyber attacks as war crimes private sector engagement 461–2 121–6 Security and Prosperity Steering Group international humanitarian law applied to (SPSG) 458, 460, 461–2 cyber warfare 371–4 terrorist attacks, effects of 459 law of armed conflict (LOAC), and law of attribution neutrality 396–9 and anonymity problems, classification of Arquilla, J 212 cyber warfare 333
491 Nicholas Tsagourias and Russell Buchan - 9781782547396 Downloaded from Elgar Online at 09/23/2021 05:45:16PM via free access
Columns Design XML Ltd / Job: Tsagourias-Research_Handbook_International_Law_and_Cyberspace / Division: Index /Pg. Position: 1 / Date: 8/5 JOBNAME: Tsagourias PAGE: 2 SESS: 2 OUTPUT: Mon May 18 10:36:31 2015
492 Research handbook on international law and cyberspace
of attack to one of the parties to the conflict Bowett, D 272 125–6, 129 Brazil 113, 178, 179–80, 184, 473 identification problems 296, 362–4 Brenner, S 191, 196, 200 methods and collateral damage 322 Brierly, J 33 problems and due diligence, law of Brinkel, T 219 neutrality 394–5 Brkan, M 420–21 State responsibility see State responsibility, Broad, W 243, 261 attribution in cyberspace Brölmann, C 21 Austin, G 83, 285, 286, 288, 289, 291 Brown, G 247, 249, 264, 330 Australia 41, 43, 49, 158–9, 446, 448, 449 Brownlie, I 32, 187, 239, 266 Azerbaijan 392 Bruguière, J-M 84, 85 Bryant, R 15 Baker, C 175–7 Buchan, R 56, 65, 104, 112, 119, 149, Baker, S 262 Balmond, L 406 168–89, 224, 225, 236, 241, 282, 317, Bannelier-Christakis, K 128, 130, 161, 228, 330, 398 307, 308, 311, 314, 317, 343–65, 372, Buck, S 27 398 Budapest Convention 149, 162–3, 192–7, Barlow, J 13, 96–7 198–9, 200, 202–5, 412, 414, 418–19 Barnes, S 22 Burnham, G 310 Barrett, E 307, 312 Burton, C 414, 417 Barriga, S 138, 140, 141 Byassee, W 15 Barron-Lopez, L 287 Bartelson, J 17, 18 Caballero-Anthony, A 451 Baruah, D 465, 466, 475, 478, 480 Cammack, C 137, 139 Barzashka, I 330 Carrapico, H 404 Beal, V 55 Cartwright, J 347 Beck, L 128, 129, 135, 136 Cassese, A 121 Beitollahi, H 264 Cathcart, B 375 Belk, R 307 Cavelty, M 437 Bellamy, A 314 Cerf, V 109, 426 Benatar, M 138, 281 CERTs (Computer Emergency Response Bendiek, A 404, 408, 409, 419 Teams) 221–2, 223, 411, 440–41, 454, Bently, L 96 460, 462 Berne Convention, intellectual property rights Cesana, S 164 74, 78, 79, 84 Chadwick, O 388 Besson, S 16 Chesney, R 337 Bethlehem, D 18, 278 Chesterman, S 185, 226 Blair, D 223 China 70, 111, 165, 319, 370, 457, 463, 478 Blake, D 346 and cyber espionage 114, 158, 168, 169, Blakeney, M 74 172, 179, 184, 241, 245–6, 333, 448 Blockmans, S 423, 425 Internet censoring and monitoring 45, Blommestein, M van 212, 223 112–13, 115, 323 Boczek, B 390 US–China cyber security working group Boothby, W 120, 123, 124, 129, 133, 134, 490 135, 232, 242 Chowdhury, N 404 Borgmann-Prebil, Y 417 Christakis, T 268 Borneman, W 381 Christie, D 325 Bossuyt, F 419 civilian population Bothe, M 351, 368 attacks against 128, 154, 160–61, 191, botnets and remote control 309, 313, 315, 319 242–5, 323–4, 372 see also hackers consumer protection, EU cybersecurity law Bouwmeester, H 370 411
Nicholas Tsagourias and Russell Buchan - 9781782547396 Downloaded from Elgar Online at 09/23/2021 05:45:16PM via free access
Columns Design XML Ltd / Job: Tsagourias-Research_Handbook_International_Law_and_Cyberspace / Division: Index /Pg. Position: 2 / Date: 8/5 JOBNAME: Tsagourias PAGE: 3 SESS: 2 OUTPUT: Mon May 18 10:36:31 2015
Index 493
infrastructure damage and indirect killing principle of proportionality 134–6 310 see also civilian population principle of distinction see under principle Computer Emergency Response Teams of distinction, relevance of (CERTs) 221–2, 223, 411, 440–41, 454, principle of proportionality 372–3 460, 462 see also collateral damage Computer Incident Response Capability Clark, R 140, 141 (NCIRC), NATO 429, 433, 444 Clarke, R 188, 224–5, 253, 260, 317 computer systems classification of cyber warfare 326–42 botnets and remote control 309, 313, 315, actor identification problems 326 319 and international humanitarian law 326–7, and computer companies as targets, and 331–2, 335, 336, 339–40 principle of distinction 360–61 classification of cyber warfare, international copyright protection of software see armed conflict 328–35 anonymity and attribution problems 333 cyberspace, intellectual property rights, armed force use 328–32 copyright protection of computer by a State against another State 332–5 software critical infrastructure and essential services, ‘digital divide’ and right to development harm to 330–32 107–8, 109–10 Distributed Denial of Service (DDoS) Distributed Denial of Service (DDoS) 242, attacks 331 249–50, 259–60, 264, 265, 331, 392 hacktivist involvement 334–5 evidence requirements and territorial intensity and duration of violence, relevance location 63–5 of 330, 332 facilities, law of neutrality 397, 399 private sector actors’ involvement 334–5 forgery and fraud 196 and State effective control 330, 334–5 hackers see hackers classification of cyber warfare, identification and attribution 62–3, 69–70 non-international armed conflict 336–41 integrity crimes 191 definition 336, 339–40, 362 interconnectivity between military and extension of weapons treaties to 327 civilian systems 131–3 geographical scope and territorial malware 252–3, 257, 261, 308, 309, 312, boundaries 337 313, 444 intensity of hostilities 340–41 network attacks 118–20, 186–8, 194 and international humanitarian law 339–40 viruses see viruses organized armed group, involvement of WIPO Model Provisions on the Protection 337–40 of Computer Programs 84 ‘virtual group’ involvement 338–40 see also cyber attacks; Internet Clinton, H 109, 184 Connolly, K 52 Clough, J 190, 194, 195 Constantinou, A 266 coercion use 181–3, 249, 250–52, 253 Conti, G 232 Cohen, J 14–15, 22 Cook, K 339 Cohen, M 76 copyright issues 48, 193, 197 Colarik, A 229 protection of computer software see Coleman, G 213, 217 cyberspace, intellectual property rights, collateral damage copyright protection of computer and cyber weapons see ethical challenges of software cyber weapons, collateral damage Corn, G 327 dual use function and collateral effects Cornish, P 227 377–8 Correa, C 74 international humanitarian law applied to Corten, O 237, 243 cyber warfare 373 Costa, J-P 356 principle of distinction see under principle Crawford, J 19, 56 of distinction Cremona, M 405, 422
Nicholas Tsagourias and Russell Buchan - 9781782547396 Downloaded from Elgar Online at 09/23/2021 05:45:16PM via free access
Columns Design XML Ltd / Job: Tsagourias-Research_Handbook_International_Law_and_Cyberspace / Division: Index /Pg. Position: 3 / Date: 8/5 JOBNAME: Tsagourias PAGE: 4 SESS: 2 OUTPUT: Mon May 18 10:36:31 2015
494 Research handbook on international law and cyberspace
crime see cybercrime; international criminal terminology problems 297–8 responsibility cyber deterrence and public international law, Croom, C 230 security of critical infrastructures 287–90 Cubby, B 159 Critical Information Infrastructure (CII) Curran, J 31 288–9 Currie, R 182 military security and nuclear power plants cyber attacks 288–9 as adjunct to traditional means 370–71 peacetime protection of critical as ‘armed attacks’ 263–70, 272–3, 275, 276, infrastructures 289 279–80, 281–2 cyber espionage 212, 219–20, 222, 224–6, definitions 346–7, 348 230, 311, 316–17, 369, 398–9, 408 duration of attack 124–5, 129, 330, 332 cyber espionage and international law 168–89, hackers see hackers 180–88 viruses see viruses see also computer systems; individual accessing and copying of electronic countries; Internet information 171 Cyber Conflict Studies Association (CCSA) coercion and violation of territorial integrity 289, 296 181–3 cyber defence and NATO see NATO and definition 170–74 cyber defence espionage as permissible exception to cyber deterrence, and international non-intervention principle 185 cooperation, need for strengthening 166 Google cyber attack 168, 184 cyber deterrence and public international law international humanitarian law 172 284–304 Mandiant Report 168, 169, 333 consequence based approach 300–301 non-State actors 172–4 and critical infrastructures 302–3 in peacetime 172 cyber attacks in support of military attack principle of non-intervention 180–86 with conventional means 285 prohibition against use of force and cyber weapons’ use 284 argument for inclusion of computer EastWest Institute, A Measure of Restraint systems 186–8 in Cyberspace 288–9 sovereignty over information in cyberspace imminence of attack 301–2 183–4, 186 NATO’s collective defence 291 sovereignty as protection of territorial and nuclear-deterrence see nuclear deterrence political integrity 182, 183 protection via deterrence 290–91 States’ refusal to accept responsibility for retaliation via offensive means 291 espionage when accused 195–6 security against cyber treats 286–90 Tallinn Manual see Tallinn Manual UN Charter on the threat and use of force transboundary espionage 171–2 299–302 UN Charter and prohibition against use of UN General Assembly (UNGA) and force 186–8 protection of critical information US spy plane incident (Gary Powers) 177 infrastructures 288 cyber espionage and international law, as US Presidential Decision Directive on cyber threat to international peace and security capacity 284, 297–8 174–80 cyber deterrence and public international law, confidential information from private cyber deterrent feasibility and technical companies 179 considerations 295–8 espionage inhibits and deters functional nuclear deterrence, differences from 296–7, cooperation claim 177–8 299 espionage as tool that enables functional potential adversaries, identification cooperation argument 175–7 problems 296 human rights violations 179–80 self-defence, both passive and active 297–8, increased knowledge of other States’ 299, 300–302, 304 capabilities argument 174–5
Nicholas Tsagourias and Russell Buchan - 9781782547396 Downloaded from Elgar Online at 09/23/2021 05:45:16PM via free access
Columns Design XML Ltd / Job: Tsagourias-Research_Handbook_International_Law_and_Cyberspace / Division: Index /Pg. Position: 4 / Date: 8/5 JOBNAME: Tsagourias PAGE: 5 SESS: 2 OUTPUT: Mon May 18 10:36:31 2015
Index 495
information storage and speed of access securitization and digital surveillance 178–9 219–20, 222 international agreements, compliance and see also ‘State’ headings verification mechanisms 176–7 cyber operations as a use of force 233–54 national infrastructure information 179 Distributed Denial of Service (DDoS) 242, sovereign equality of States 175, 177–8, 249–50 179–80 HPCR Manual on International Law cyber exploitation and cyber attacks, Applicable to Air and Missile Warfare difference between 240–42 238, 240 cyber network attack (CNA) definition 264 UN General Assembly conditions 234–5 cyber operations 211–32 UN General Assembly’s Declaration on the ‘air gap’ protection 212 Definition of Aggression 237 Budapest Convention (Council of Europe cyber operations as a use of force, as armed Convention on Cybercrime) 149, 162–3, 192, 193–4, 412, 414, 418 force 235–40 common operational means and methods arming and training of armed groups as use 217–18 of force 238 cyber sabotage (cybotage) 212 cyberspace as fifth domain of warfare cyberspace virtual layers 221–2 239–40 diversity in strategic objectives 215–17 effects of the action and direct destructive hackers see hackers effects on property 236–7 military cyber operations 212–13, 214, identified by reference to instruments used 226–32 237 military cyber operations, operationalizing instrument-based approach and use of 230–32 weapons 236 military cyber operations, ‘targeting’ and intention to coerce 236–8 process 232 malware as weapon 238–9, 243, 244–5 national security strategy 215–16 target-based approach, conducted against non-profit organizations and pressure national critical infrastructure (NCI) groups 217 236 operationalizing cyber operations 229–32 weapons definition 238 private enterprises digitally collecting and cyber operations as a use of force, UN providing information 211–12, 222 General Assembly (UNGA) prohibition private enterprises supplying tools to enable of use of force 235–6, 237, 238, 240–53 cyber activities 216, 222 conduct related to cyber attacks and software monitoring 218 malware supply 252–3 State’s critical infrastructure, digital nature cyber attacks causing physical damage to of 216 property, or injury of persons 242–5 cyber operations, State-level cyber paradigms cyber attacks severely disrupting the 218–29 functioning of infrastructures and CERTs (Computer Emergency Response security 245–50 Teams) 221–2, 223, 411, 440–41, 454, cyber exploitation and cyber attacks, 460, 462 difference between 240–42 governance and public-private involvement cyber exploitation as violation of 222, 223 sovereignty 241 intelligence and counter-intelligence 224–6, cyber infrastructure used to launch cyber 230 attack 253 Internet governance and diplomacy 220–21 data deletion as use of force, but without law enforcement 222–4, 230 physical damage 244–5 military operations 226–9 disruptive cyber operation as use of force, military operations, ‘adequate’ legal basis need to establish 248 requirement 228–9 economic targets as economic coercion 249 protection of (critical) infrastructure 221–2 minimum threshold of gravity debate 243–4
Nicholas Tsagourias and Russell Buchan - 9781782547396 Downloaded from Elgar Online at 09/23/2021 05:45:16PM via free access
Columns Design XML Ltd / Job: Tsagourias-Research_Handbook_International_Law_and_Cyberspace / Division: Index /Pg. Position: 5 / Date: 8/5 JOBNAME: Tsagourias PAGE: 6 SESS: 2 OUTPUT: Mon May 18 10:36:31 2015
496 Research handbook on international law and cyberspace
serious disruption of essential services UN Global Counter-Terrorism Strategy 151 without destroying infrastructures 247 US excessive intelligence collection significant disruption of essential services methods, criticism of 167 249–50 see also cyber security violation of the principle of cyber terrorism, cyber attacks and general non-intervention and use of coercion international crime of terrorism 155–62 250–52, 253 civilian population, spreading terror among virus attacks 244–5 160–61 website defacement 252 customary international law crime of cyber security transnational terrorism 155–6, 158 Asia-Pacific see Asia-Pacific cyber security industrial protest as terrorism, problems cyber attacks severely disrupting, UNGA with 159–60 245–50 international humanitarian law and human rights 112–15 principles of distinction and intelligence information 224–6, 230, 259 proportionality 160–61 law, EU see EU cybersecurity law private motivation for attacks 158–9 UN regulation see UN and the regulation of ‘special intent’ element 158 cyber security State-sponsored cyber attacks 158, 161–2, see also cyber deterrence; cyber terrorism 164 cyber terrorism 147–67 cyber terrorism, ‘sectoral’ international comprehensive instrument and regulation anti-terrorism conventions 151–5 need 163–7 attacks against protected persons 154 concept 147–51 cyber ‘weapon’ concept 154 data retention schemes 167 ‘physical attack’ question 153–4 definition, lack of an agreed legal 147–8, violence understood as physical force 154 152 cyber warfare 119–20, 408, 436–7, 438 facilitative acts of terrorism 150–51 classification see classification of cyber and general Internet use by terrorist groups warfare 150 and humanitarian law see international hacking techniques 157, 158 humanitarian law applied to cyber international humanitarian law applied to warfare cyber warfare 369–70 war crimes see international criminal International Telecommunication Union responsibility, cyber attacks as war (ITU), model cyber crime legislation crimes 165 cyber weapons international treaty, lack of 149 concept 154, 284 as new terrorist tactic 148 ethical challenges see ethical challenges of political motive element and organised cyber weapons crime overlap 149–50 international criminal responsibility 139 prohibited harms to protected targets 153–4 treaties, extension of 327 as prohibited intervention 148–9 cybercrime regional and national instruments 149, Cybercrime Convention of the Council of 162–3, 166–7 Europe 118 supervisory control and data acquisition definition 118, 407–8 (SCADA) systems 147 EU Cybercrime Centre (EC3), EU Tallinn Manual see Tallin Manual cybersecurity law 409, 413 technical measures, possible necessary EU Cybercrime Convention Committee 165–6 (T-CY) 418–19 terrorist groups, lack of perceived threat Eurojust cross-border prosecution 409, 412, from 164 413 UN Draft Comprehensive Anti-Terrorism UN Office on Drugs and Crime (UNODC) Convention, terrorist offences 489 definition 155–7, 158, 159, 160, 161–2 see also international criminal responsibility
Nicholas Tsagourias and Russell Buchan - 9781782547396 Downloaded from Elgar Online at 09/23/2021 05:45:16PM via free access
Columns Design XML Ltd / Job: Tsagourias-Research_Handbook_International_Law_and_Cyberspace / Division: Index /Pg. Position: 6 / Date: 8/5 JOBNAME: Tsagourias PAGE: 7 SESS: 2 OUTPUT: Mon May 18 10:36:31 2015
Index 497
cybercrime, international legal dimensions system interference 195 190–207 technical means of protection and adjudication and enforcement 201 preventive measures 204–5 awareness-raising campaigns 205 territoriality principle of regulation and child pornography 196–7 enforcement 198–200 comprehensive multilateral instrument, need UN Convention against Transnational for 206 Organized Crime (Palermo computer integrity crimes 191 Convention) 198, 199 computer-related forgery and fraud 196 cyberspace cooperation between States 198–9 data protection see data protection copyright issues 193, 197 definition 14–24 ‘crimes’ committed in virtual worlds 191 as global commons see cyberspace, legal cybercrime definition 190–92 status, cyberspace as global commons data retention requirements 203 human rights see human rights denial of service attacks 195 law of neutrality see law of neutrality EU Council of Europe Convention on virtual layers 15, 221–2 Cybercrime (Budapest Convention) cyberspace, infrastructure 149, 162–3, 192–7, 198–9, 200, 202–5, ASEAN, ICT infrastructure and capacity 412, 414, 418–19 development 452–4, 461 EU Framework Decision 162, 192–3, collateral damage and malfunction of 202–3, 415 civilian facilities 349–50, 354 harm to property or persons 191 critical infrastructure and essential services, human rights and liberties protection 199, serious disruption of 245–50, 268–70, 203–4 302–3, 310, 330–32 illegal interception and protection of cyber infrastructure used to launch cyber privacy of electronic communication attack 253 194–5 dual-use of cyber infrastructure and intellectual property issues 193 principle of distinction 131–3 international regime to fight cybercrime property, harm to property or persons, 198–200 cybercrime, international legal international substantive law 192–8 dimensions 191 jurisdiction problems 200–203, 206–7 protection of critical 221–2 mutual assistance and extradition 199–200 secure ICT infrastructure, NATO and cyber national legislation and fragmentation 201 defence 433–4 offences where a computer system is security of critical see cyber deterrence and targeted intentionally 194 public international law, security of penalties for illegal access 194 critical infrastructures personal data protection 204 State’s critical infrastructure, digital nature privacy rights 203–4 of 216 production and distribution of devices used technological capabilities and cyber to commit offences 195–6 infrastructure disparities 449–50 safe havens, need for elimination of 206 UN General Assembly (UNGA), cyber search and seize powers and territorial attacks causing physical damage to issues 199 property 242–5 self-regulation 204–5 cyberspace, intellectual property rights 72–93 service providers, liability and Berne Convention 74, 78, 79, 84 responsibility 203, 205 cybercrime, international legal dimensions similar activities with different legalities in 193 different countries 193 EU intellectual property laws 80–83 sovereignty issues 196–7 EU Unitary Patent Regulation 81, 84 spamming 195 European Patent Convention (EPC) 78, 81, State of origin and State of destination 83–4, 91 conflict 202–3 in international law 73–7
Nicholas Tsagourias and Russell Buchan - 9781782547396 Downloaded from Elgar Online at 09/23/2021 05:45:16PM via free access
Columns Design XML Ltd / Job: Tsagourias-Research_Handbook_International_Law_and_Cyberspace / Division: Index /Pg. Position: 7 / Date: 8/5 JOBNAME: Tsagourias PAGE: 8 SESS: 2 OUTPUT: Mon May 18 10:36:31 2015
498 Research handbook on international law and cyberspace
Paris Convention 74, 78, 80 transnational online publishing 30–31 property and sovereignty, distinction in law see also cyberspace, legal status; legal 75–7 dimensions trade marks and domain names 91–2 cyberspace jurisdiction, TRIPs Agreement 74, 79, 80, 84 adjudicative/legislative jurisdiction 35–51 Uniform Domain Name Dispute Resolution advertising and selling drugs 39, 50 Policy (UDRP) 74, 92 copyright claims 48 cyberspace, intellectual property rights, defamation and data protection 43–5, 47 copyright protection of computer democratic legitimacy problems 38 software 83–91 destination approach and accessibility ‘author’s own intellectual creation’ 85–7 38–44 EU Database Directive 84–5 destination approach and targeting 44–7, EU Information Society Directive 90–91 48–9 EU Software Directive 84, 85–7, 88, 90 destination approach under customary idea–expression dichotomy principle 88–9 international law 47–9 ISPs and ‘notify-and-take down’ approach effects doctrine 48 87–8 ‘everything that is not prohibited is non-literal copying of software 88 permitted’ approach 36–7 permitted acts with regard to computer free trade commitments 42–3 programs 90–91 online gambling 40–42, 47 possible cyber attacks and response of origin approach 49–51 international law 89–90 publishing pornography 39 protection of computer-related inventions State’s legal standards 35–6 by patent l 91 surfers purchasing artefacts from third software originality definition 85–6 parties 38–9 WIPO Copyright Treaty 74, 84 territoriality principle within non-territorial cyberspace, intellectual property rights, cyberspace 37–51 territorial nature 77–83 trademark owners 45–6 EU copyright law and territoriality principle US due process requirement 47 81–2 voluntary compliance or enforcement via EU supranational laws and harmonisation local intermediaries 49 of intellectual property laws 80–82 cyberspace, legal status 13–29 international conventions 78–9 cyberspace definition 14–24 lex loci protectionis 79, 82–3 cyberspace global domain within the private international law 82–3 information environment 15 in public international law and intellectual cyberspace layers 15, 221–2 property law 77–82 future challenges 28–9 relaxation of territoriality principle 79 see also cyberspace jurisdiction; legal cyberspace jurisdiction 30–54 dimensions competence under public international law cyberspace, legal status, cyberspace as global 31–5 commons 24–8 enforcement jurisdiction 51–3 Antarctica, legal status as example 26–7 international law scope 31–3 cyberspace differences from other global jurisdictional principles versus legal commons 28 harmonisation 34–5 high seas designation 25–6 piracy sites, blocking 52–3 and Outer Space Treaty 26 self-censorship 53 and sovereignty principle 27–8 States claiming regulatory competence in cyberspace, legal status, sovereignty and parallel 33–4 international law 16–24 territorial fragmentation of the internet 52–3 activities endangering important national territoriality principle and sovereignty 33 interests 20 transnational corporations, power and cyberspace as sovereign entity, and interests of 31 self-determination by community 22–4
Nicholas Tsagourias and Russell Buchan - 9781782547396 Downloaded from Elgar Online at 09/23/2021 05:45:16PM via free access
Columns Design XML Ltd / Job: Tsagourias-Research_Handbook_International_Law_and_Cyberspace / Division: Index /Pg. Position: 8 / Date: 8/5 JOBNAME: Tsagourias PAGE: 9 SESS: 2 OUTPUT: Mon May 18 10:36:31 2015
Index 499
deterritorialisation as detachment of NATO, 2020 Report on cyber defence 274, regulatory authority from a specific 275 territory 21–2 NATO Cooperative Cyber Defence Centre effects doctrine 20 of Excellence (CCDCOE) 258 external sovereignty power 17–18 NATO and security challenges to critical extraterritorial extension 16–17, 19 infrastructure 270 indirect exercise 20–21 Non-Aligned Movement (NAM) and jurisdiction 18–22 anticipatory self-defence 271, 272 no-sovereignty thesis and self-regulation 16 proportionality test 274–5 power concept 18 in response to armed attack 369 spill over effects 21 scepticism over 281–3 and Tallinn Manual see Tallinn Manual technology regulation 21 topicality of cyber security 257–9 territory as element of sovereignty 18, 21 UN General Assembly Resolution on cyberspace, self-defence in 255–83 misuse of information technologies 280 ad hoc international institutions and rules UN Security Council and inherent right to for the Internet, need for 282–3 self-defence 277–8 against non-State actors 276–80 US Patriot Act 269–70 against non-State actors, and private and violation of the principle of trans-border harm, difference between non-intervention 261–2 279–80 cyberspace, self-defence in, UN Charter anticipatory self-defence 270–73 Article 51 255, 261 collective self-defence 260, 270, 275–6, and anticipatory self-defence 271–3 434–7 ‘critical infrastructure’ targeted by cyber conditions concomitant to exercise of 273–5 attacks 268–70 cyber attacks preceded/accompanied a customary law applying ‘separately from conventional attack 260, 261–2 international treaty law’ 267–8 cyber attacks and unlawful use of force 263 cyber attacks as ‘armed attacks’ 263–70, cyber network attack (CNA) definition 264 272–3, 275, 276, 279–80, 281–2 cyber sanctions 281 and ‘use of force’ 265, 267 cyber security intelligence information cyberspace sovereignty sharing with private sector companies, considerations, Asia-Pacific cyber security call for 259 447–8, 463 cyberspace as interconnection of electronic and cyber espionage 175, 177–8, 179–80, pathways 256 182, 183–4, 186 Distributed Denial of Service (DDoS) cyber exploitation as violation of 241 259–60, 264, 265 and cybercrime, international legal EU Directive on attacks against information dimensions 196–7 systems 269 and cyberspace as global commons 27–8 immediacy, understanding of 275 and human rights 100–101 industrial control systems, programmable and intellectual property, distinction in law logic controllers 261 75–7 information requests and use of and international law see cyberspace, legal private-sector ISPs 264 status, sovereignty and international Institut de Droit International, Santiago law Resolution on self-defence 266, Internet freedom and Internet sovereignty 270–71, 277 contrasts 111 jus ad bellum legal approach 262–3 and non-intervention policies 97 legal doctrine, prevailing approaches 262–3 and territoriality principle 33 malware 257, 261 violations, and law of neutrality 380–81, National Strategies and Policies on 389, 394–5, 397–8 cybersecurity 258–9 see also State practice; State responsibility; NATO, 2010 Strategic Concept 257–8 territoriality
Nicholas Tsagourias and Russell Buchan - 9781782547396 Downloaded from Elgar Online at 09/23/2021 05:45:16PM via free access
Columns Design XML Ltd / Job: Tsagourias-Research_Handbook_International_Law_and_Cyberspace / Division: Index /Pg. Position: 9 / Date: 8/5 JOBNAME: Tsagourias PAGE: 10 SESS: 2 OUTPUT: Mon May 18 10:36:31 2015
500 Research handbook on international law and cyberspace
Danton, J 80 Dreier, T 74, 78 Dashwood, A 422 Droege, C 119–26passim, 129, 130, 131, 133, d’Aspremont, J 173 136, 137, 143, 329, 341, 343, 347, 352, data protection 131, 204, 318, 416–17 353, 360, 364 backup data use 316 Drummond, D 168 data destruction, and principle of dual-use function 115, 131–3, 358–62, 377–8 proportionality 375–6 Ducheine, P 119, 211–32, 240, 366, 370, 407 deletion as use of force, but without Dulles, J 292 physical damage 244–5 Dunlap, C 262, 359 European Data Protection Supervisor Dupert, R 261 (EDPS) 407–8 duration of attack 124–5, 129, 330, 332 Internet and data transmission 398, 399 jurisdiction and defamation 43–5, 47 Easton, C 72 privacy rights 203–4 EastWest Institute, A Measure of Restraint in retention schemes, and cyber terrorism 167 Cyberspace 188–9, 288–9 supervisory control and data acquisition Eaton, J 62 (SCADA) systems 147 economic cooperation see Asia-Pacific cyber Davidson, O 354, 359 security, Asia-Pacific Economic Davis, J 260 Cooperation (APEC) DDoS (Distributed Denial of Service) see economic, social and cultural rights 104–8 under computer systems economic targets as economic coercion 249 De Hert, P 193, 195, 202 Edwards, L 88 Deconinck, G 264 Edwards, S 109 Deeks, A 337 Elisan, C 309 Dehghan, S 261 Emerson, R 23 Dekker, I 295 Erdbrink, T 361 Delupis, I 185 Erlank, W 76 Demarest, G 170 espionage see cyber espionage DeNardis, L 220 essential services, serious disruption of Denmark, A 24 245–50, 268–70, 302–3, 310, 330–32 Denning, D 157, 164, 312, 314 see also cyberspace, infrastructure Derclaye, E 86 Estonia, cyber attacks 56, 64, 221, 259–60, Derejko, N 337 262, 276, 335, 349–50, 429, 437–8, Dervan, L 132, 134 475–6 deterrence see cyber deterrence Estrin, D 341 ‘digital divide’ and right to development ethical challenges of cyber weapons 307–25 107–8, 109–10 autonomous propagation methods, Dinniss, H 119, 122–39passim, 143, 236, 263, avoidance of 317 345, 346, 347, 351, 356, 361 backup data use 316 Dinstein, Y 123, 149, 237, 238, 240, 265, 267, botnets and remote control 309, 313, 315, 271, 273, 274, 285, 301–2, 303, 347, 319 382, 387 cyber attack damage repair 316–17 Dinwoodie, G 73, 75, 78, 79, 80, 82 cyber espionage to cyber attack escalation Dipert, R 309 311, 316–17 Distefano, G 355 cyber weapons definition 309–10 Doerr, O 139 infrastructure damage and indirect killing Döge, J 263 310 domain names 21–2, 74, 76, 79, 92, 116 justification for cyber attack 312 Dörmann, K 120, 124, 128, 129, 131, 133, malware 308, 309, 312, 313 263, 329, 343, 348, 352 overkill tendencies 315 Dörr, O 236, 237 peculiarities of cyber weapons and Doswald-Beck, L 238, 327, 348, 385, 387 differences from traditional weapons Drahos, P 72, 74 310–11
Nicholas Tsagourias and Russell Buchan - 9781782547396 Downloaded from Elgar Online at 09/23/2021 05:45:16PM via free access
Columns Design XML Ltd / Job: Tsagourias-Research_Handbook_International_Law_and_Cyberspace / Division: Index /Pg. Position: 10 / Date: 8/5 JOBNAME: Tsagourias PAGE: 11 SESS: 2 OUTPUT: Mon May 18 10:36:31 2015
Index 501
precision, lack of 308 Television Without Frontiers Directive 50 principle of responsibility for conduct in Trade Mark Directive 80 warfare 316–17 Unitary Patent Regulation 81, 84 product tampering and perfidy 312–14 website blocking 52 prolonged effect of damage 316 EU cyber security law 403–25 system interdependence challenges 311 anti-terrorism measures 424 targeting errors 314–15 Area of Freedom, Security and Justice traditional counterattacks, combining with (AFSJ) 405, 410–11, 413, 415, 420, 312 421, 424 unreliability of cyber weapons 314–15 CERT (Computer Emergency Response ethical challenges of cyber weapons, collateral Team) 411 damage 317–25 Common Foreign and Security Policy analysis costs and development of (CFSP) 413, 414, 419, 421–4 mitigation procedures 321–3 Common Security and Defence Policy attack propagation costs 320–21 (CSDP) 403, 413, 420–24 attribution methods 322 consumer protection 411 blocking network services 323 core EU values, inclusion of 411 bulletin boards and blogs, use of 322 Council of Europe Convention on denial-of-service attacks 319 Cybercrime (Budapest Convention) direct damage, costs of recovering from and 149, 162–3, 192–7, 198–9, 200, 202–5, costs of repair 320 412, 414, 418–19 economic value of attacks 324–5 cyber espionage 408 and information extraction problems cyber resilience 408, 412 318–19, 321 cyber security and cybercrime definitions psychological damage 323–4 407–8 types 317–18 cyber war 408 vulnerability analysis 323 Cybercrime Convention Committee (T-CY) EU 418–19 Copyright Directive 45, 86 cybercrime reduction strategies 412–13 copyright law and territoriality principle differing policy fields, need for combination 81–2 of 405 Council of Europe Convention on Digital Agenda for Europe (DAE) 411 Cybercrime (Budapest Convention) EU Commission Communication, ‘Network 149, 162–3, 192–7, 198–9, 200, 202–5, and Information Security’ 410, 411 412, 414, 418–19 EU Cybercrime Centre (EC3) 409, 413 Data Protection Directive 44 EU Cybersecurity Strategy 411–14 Database Directive 84–5 Eurojust cross-border prosecution of Directive on attacks against information cybercrime 409, 412, 413 systems 269 European Data Protection Supervisor Electronic Commerce Directive 39, 41, (EDPS) 407–8 50–51 European Information Sharing and Alert Europe-only communication network System (EISAS) 409 suggestion 53 European Network and Information exclusive origin rule 50–51 Security Agency (ENISA) 409, 411, and facilitative acts of terrorism 150–51 412 Framework Decision on Attacks against European Police College (CEPOL) 413 Information Systems 162, 192–3, European Public-Private Partnership for 202–3, 415 Resilience (EP3R) 410 Information Society Directive 90–91 European Security Strategy 411 intellectual property laws 80–83 Europol support 408–9, 412, 413 Online Music Recommendation 81 EU–US Working Group on Cyber-Security privacy and personal data protection 103 and Cyber-Crime (WGCC) 408, 411, Software Directive 84, 85–7, 88, 90 414
Nicholas Tsagourias and Russell Buchan - 9781782547396 Downloaded from Elgar Online at 09/23/2021 05:45:16PM via free access
Columns Design XML Ltd / Job: Tsagourias-Research_Handbook_International_Law_and_Cyberspace / Division: Index /Pg. Position: 11 / Date: 8/5 JOBNAME: Tsagourias PAGE: 12 SESS: 2 OUTPUT: Mon May 18 10:36:31 2015
502 Research handbook on international law and cyberspace
information sharing and mutual assistance European Court of Human Rights (ECtHR) 412 Balan v Moldova 72 institutional framework 408–10 Infopaq 82, 86 international cyberspace policy, intellectual property rights 77 establishment of coherent 414 national differences on freedom of Internet regulation 406 expression 100, 101 Lisbon Treaty 403–4, 413, 416, 420–21 originality for computer programs and policies on cybercrime and cybersecurity databases 86 410–14 Yildirim v Turkey 53, 101 principle of conferral 405, 419–20 see also EU cybersecurity law private actor involvement 410, 412 European Court of Justice (CJEU) States’ operational capability, strengthening Donner (Free Movement of Goods) 45 412 ECOWAS (Small Arms and Light Weapons) Stockholm Programme 410 technological resources, development of 422 413–14 European Parliament v Council of the TEU mutual defence clause 418 European Union 424 TEU ‘non-contamination clause’ 421–3 Gambelli 41–2 TEU, ‘Union’s External Action’ 413 Google Spain v Agencia Española de TFEU data protection rules 416–17 Protección de Datos 44–5 TFEU on establishment and functioning of L’Oréal v eBay International 45 the internal market 416 Mauritius 419, 423 TFEU on judicial cooperation in criminal Pammer and Hotel Alpenhof 45–6 matters 415 Pinckney v KDG Mediatech 46 TFEU solidarity clause 417–18 role of see EU cybersecurity law, legal basis see also European Court of Human Rights choice and role of Court of Justice (ECtHR); European Court of Justice Wintersteiger v Products 4U 48 (CJEU) see also EU cybersecurity law EU cyber security law, legal basis choice and European Network and Information Security role of Court of Justice 419–24 Agency (ENISA) 258 ‘centre of gravity’ approach’ 423 European Parliament and solidarity clause comprehensive approach, need for 421–4 417–18 cyber defence issues 423, 424 European Patent Convention (EPC) 78, 81, principle of consistency 420 83–4, 91 EU cyber security law, legal instruments, extradition 199–200 fragmentation in 414–19 see also Snowden (Edward) revelations Directive proposal for measures to ensure a high common level of network and Fanelli, R 232 information security 415–16 Fassbender, B 175 EU Framework Decision on attacks against Fawcett, J 72, 73, 82, 83 information systems 415 Feakin, T 446, 449, 457, 458, 463 European Parliament and solidarity clause Fedosov, S 436 417–18 Feinstein, L 277 General Data Protection Regulation Fenrick, W 132 proposal 416–17 Ficsor, M 74 judicial cooperation 415 Fidler, D 94–117, 172, 174, 178, 179, 188, mainstream cyberspace issues into EU 189, 203, 223, 226 external relations proposal 419 Fildes, J 261 Regulation proposal on electronic Finnemore, M 489 identification and trust services for Fitzmaurice, G 32 electronic transactions 416 Fleck, D 226, 382, 384, 386 European Convention on Human Rights Fleming, P 148, 150 (ECHR) 100, 199, 204 Flory, P 293
Nicholas Tsagourias and Russell Buchan - 9781782547396 Downloaded from Elgar Online at 09/23/2021 05:45:16PM via free access
Columns Design XML Ltd / Job: Tsagourias-Research_Handbook_International_Law_and_Cyberspace / Division: Index /Pg. Position: 12 / Date: 8/5 JOBNAME: Tsagourias PAGE: 13 SESS: 3 OUTPUT: Mon May 18 10:36:31 2015
Index 503
Focarelli, C 75, 148, 188, 226, 228, 241, Gill, T 134, 149, 161, 183, 214, 224, 226, 255–83, 300, 312 228, 307, 308, 311, 314, 316, 361, Føllesdal, A 404 366–79 Foltz, A 330 Gillet, M 138 force Gioia, A 390 armed force and conflict see armed force Gjelten, T 97, 307, 309, 436 and conflict Glennon, M 278, 346 cyber operations as use of see cyber global commons see cyberspace, legal status, operations as use of force cyberspace as global commons Forcese, C 185 Global Network Initiative (GNI) 115 Ford, C 468 Goel, S 307 Forowicz, M 134 Goetz, M 212 Forseberg, T 18 Goldsmith, J 13, 16, 21, 119, 125, 126, 131, France 38, 78, 110 139, 187, 241 Franck, T 277 Gombeer, K 281 Franzese, P 182 Goodman, S 448 Freedman, L 215 Google cyber attack 168, 184 Friedman, A 213 Gorman, S 324, 332 Gosnell Handler, S 236 Gable, K 165 Govaere, I 404 Garcia-Mora, M 185 Graber, C 21 Gardam, J 301 Graham, M 256 Garside, J 52 Gray, C 271, 274 Gasser, H-P 161 Green, L 385 Gattegno, I 164 Greenberg, L 358, 361 Gazmin, V 450 Greenwald, G 284, 297 Geers, K 342 Greenwood, C 120, 277, 329, 368 Geiss, R 125, 132, 133, 134, 135, 137, 341 Griller, S 420 Gellman, B 115 Grimm, D 23 Geneva Conventions Gross, D 256 armed conflict and attack 122, 123–4, 142, Gross, M 308 241–2, 282, 327, 328, 329, 352, 367–8, Grotius, H 25, 76 371–2, 376, 398 Guelff, R 385 civilians taking ‘direct part in hostilities’ 128 Guitton, C 330 collateral damage to civilian objects 373, 374 Haaster, J van 23, 211, 227, 230, 231 and international humanitarian law 120, hackers 56, 157, 158, 213, 334–5, 348–9, 398 129, 130, 131, 134, 135, 136, 137, 172, see also botnets and remote control; 343, 371–2 malware; virus attacks non-international armed conflict 126, 161, Hagopian, A 310 336, 339–40, 362 Hague Convention 134, 327, 385–7, 391, 393, principle of distinction 130, 133, 344, 345, 394, 396–7, 398, 399 362 Hanifah, A 448 principle of precaution 136, 137 Hankel, G 134 principle of proportionality 134, 135 Hanspach, M 212 Georgia, cyber attacks 56, 243, 260–62, 277, Hardin, G 28 319, 349–50, 391–2, 439, 466, 475–6 Hardin, R 339 Germany 38, 39–40, 41, 43 Hardt, S 228 and US NSA cyber espionage 62–3, 113, Haslam, E 123, 124 178, 179–80, 184, 473 Hathaway, O 118, 122, 125, 126, 127, 131, Gervais, M 138–9 135, 139, 347, 466, 476, 478 Gharibi, H 234 Healey, J 219, 223, 428 Gibson, W 22 Heath, K 75, 147–67, 191
Nicholas Tsagourias and Russell Buchan - 9781782547396 Downloaded from Elgar Online at 09/23/2021 05:45:16PM via free access
Columns Design XML Ltd / Job: Tsagourias-Research_Handbook_International_Law_and_Cyberspace / Division: Index /Pg. Position: 13 / Date: 15/5 JOBNAME: Tsagourias PAGE: 14 SESS: 2 OUTPUT: Mon May 18 10:36:31 2015
504 Research handbook on international law and cyberspace
Heckathorn, D 339 cyber security 112–15 Heinl, C 447, 449, 450, 453, 455 extraterritorial application of right to Heinsch, R 140 privacy 114 Heintschel von Heinegg, W 241 Global Network Initiative (GNI) 115 Heliskoski, J 422 Internet freedom and Internet sovereignty Henckaerts, J-M 130, 238, 327, 348 contrasts 111 Henderson, C 257, 432, 460, 465–90 Internet governance 111–12 Herdegen, M 246 private enterprise and cyber technologies Herman, M 174 115–16 Hern, A 331 Wassenaar Arrangement on Export Controls Herrera, G 21 and ‘dual use’ ICT technologies 115 Hervik, P 35 human rights, Internet technology and Hessbruegge, J 66 international politics Hestermeyer, H 355 Hider, J 261 communication technologies, evolution of Hildebrandt, M 26 95–6 Hillion, C 405, 420, 421, 423 cyberspace connection with human rights Hinkle, K 123, 125, 126 96–7 Hmoud, M 280 military potential of the Internet 97 Hong, X 79 packet switching 95–6 Hörnle, J 50, 82 sovereignty and non-intervention policies Horsley, T 420 97 HPCR Manual on International Law US political dominance 96, 97, 113–14 Applicable to Air and Missile Warfare Hunter, D 24 238, 240 Huntley, T 187 Hugenholtz, B 78, 81 Huntsman, J 223 human rights 94–117 Hurt, C 40 cybercrime and liberties protection 199, Hutchins, E 229–30 203–4 cyberspace and general principles of ICANN (Internet Corporation for Assigned international law 98–9 Names and Numbers) 21–2, 74, 76, 79, ‘digital divide’ and right to development 116 107–8, 109–10 ICRC see International Committee of the Red economic, social and cultural rights 104–8 Cross (ICRC) International Covenant on Economic, Social identification problems see attribution and Cultural Rights (ICESCR) 104–7 Imburgia, J 346 Internet access as new human right 109–10 right to freedom of expression and national indiscriminate attacks see principle of differences 100–102, 110 distinction, relevance of, prohibition of and sovereignty 100–101 indiscriminate attacks in cyberspace UN ‘Right to Privacy in the Digital Age’ industrial protest as terrorism, problems with draft resolution 113 159–60 violations, and cyber espionage 179–80 information see also international humanitarian law access, cyber espionage and international human rights, civil and political rights 99–104 law 171, 178–9 authoritarian government restriction 102 Critical Information Infrastructure (CII) Freedom House report 102, 114 288–9 Internet censorship 100–102 EU Commission Communication, ‘Network right to privacy and national differences and Information Security’ 410, 411 103–4 EU Directive proposal on information human rights, international relations and security 415–16 cyberspace 110–16 European Information Sharing and Alert authoritarian government threats 112–13 System (EISAS) 409
Nicholas Tsagourias and Russell Buchan - 9781782547396 Downloaded from Elgar Online at 09/23/2021 05:45:16PM via free access
Columns Design XML Ltd / Job: Tsagourias-Research_Handbook_International_Law_and_Cyberspace / Division: Index /Pg. Position: 14 / Date: 8/5 JOBNAME: Tsagourias PAGE: 15 SESS: 2 OUTPUT: Mon May 18 10:36:31 2015
Index 505
European Network and Information Declaration of Independence of Kosovo 37, Security Agency (ENISA) 409, 411, 65 412 due diligence disputes 67–9, 394–5 extraction problems, and ethical challenges Fisheries Jurisdiction (Spain v Canada) 244 318–19, 321 Gabcˇíkovo-Nagymaros Project illegal interception and protection of (Hungary/Slovakia) 279, 355 privacy 194–5 Legality of the Threat or Use of Nuclear industry cooperation and information Weapons 123, 235, 238, 265, 267, sharing 444 271–2, 279, 293–5, 299, 301, 303, NATO Communications and Information 343–4 (NCI) Agency 431–2 Martens Clause and protection and private sector involvement in information authority of the principles of sharing 179, 211–12, 222, 259, 264 international law 344 sovereignty over 183–4, 186 see also cyber security Navigational and Related Rights (Costa infrastructure see cyberspace, infrastructure Rica v Nicaragua) 246–7, 355 Inkster, N 112 Nicaragua 60, 64, 65, 126, 175, 180–81, Institut de Droit International, Santiago 182, 186, 233, 236–8, 242–3, 250, 252, Resolution on self-defence 266, 270–71, 253–5, 266, 267, 273–5, 278, 301, 334, 277 376–7 intellectual property rights see cyberspace, Nottenbohm Case (Lichtenstein v intellectual property rights Guatemala) 19 intelligence see cyber espionage Oil Platforms (Islamic Republic of Iran v intensity of attack 124–5, 330, 332, 340–41 United States) 265, 267, 273, 275 Inter-American Court of Human Rights on principle of non-intervention 251, 253 idea–expression dichotomy 89 Pulp Mills (Argentina v Uruguay) 69, 279 Velasquez-Rodriguez 66–7 SAS Institute v World Programming Ltd 90 international armed conflict, classification see on self-defence against non-State actors classification of cyber warfare, 276, 277 international armed conflict US Diplomatic and Consular Staff in International Committee of the Red Cross Tehran 57, 67, 333, 335 (ICRC) International Covenant on Civil and Political armed conflict definition 329 Rights (ICCPR) 100, 101, 103–4, 114, customary law status 136 199 ‘effective contribution’ requirement 130–31, International Covenant on Economic, Social 134, 335 and Cultural Rights (ICESCR) 104–7 intensity threshold 340–41 international crime of terrorism see cyber Interpretive Guidance on the Notion of terrorism, cyber attacks and general Direct Participation in Hostilities international crime of terrorism 362–3, 372 International Criminal Court (ICC) non-international armed conflict 336–7, 340 ‘act of aggression’ 137, 138–41 weapons definition 238 crimes against humanity 141–2 International Court of Justice (ICJ) jurisdiction 120, 126 Armed Activities in Congo 270 war crimes definition 121 Arrest Warrant Case (Democratic Republic international criminal responsibility 118–43 of Congo v Belgium) 19, 20 attribution of attack to one of the parties to ‘author’s own intellectual creation’ 86–7 the conflict 125–6, 129 Bosnian Genocide 57, 59, 60, 68, 70, 278, computer network attacks (CNAs), 334, 352 overview 118–20 Congo v Uganda 67–8 cyber attacks and crimes against humanity Corfu Chanel Case (UK v Albania) 17, 141–2 63–4, 66, 67, 182, 250, 254, 279, 333, cyber warfare definition 119–20 394–5 cybercrime definition 118
Nicholas Tsagourias and Russell Buchan - 9781782547396 Downloaded from Elgar Online at 09/23/2021 05:45:16PM via free access
Columns Design XML Ltd / Job: Tsagourias-Research_Handbook_International_Law_and_Cyberspace / Division: Index /Pg. Position: 15 / Date: 8/5 JOBNAME: Tsagourias PAGE: 16 SESS: 2 OUTPUT: Mon May 18 10:36:31 2015
506 Research handbook on international law and cyberspace
International Criminal Court see Prosecutor v Tadic´ 60, 121, 125, 126, 127, International Criminal Court (ICC) 278, 327, 328, 334, 335, 336–7, 345, international criminal responsibility concept 348, 368, 384 120 international humanitarian law jurisdiction for cyber attacks 120 and classification of cyber warfare 326–7, Tallinn Manual see Tallin Manual 331–2, 335, 336, 339–40 see also cybercrime international criminal responsibility, cyber international criminal responsibility, cyber attacks as war crimes 129–37 attacks and crime of aggression 120, principal of distinction see principle of 137–41 distinction ‘act of aggression’ 137, 138–41 see also human rights leadership clause 137–8 international humanitarian law applied to use of any weapons 139 cyber warfare 366–79 use of armed force 138–9 attacks of a perfidious nature, banning of international criminal responsibility, cyber 374 attacks as war crimes 121–37 collateral effects and feasible precautions armed conflict, existence of 121–6 373 civilians lose immunity from attack if they conducting of attacks, law of armed take ‘direct part in hostilities’ 128 conduct relating to 371–4 cyber attacks causing excessive collateral cyber attacks as adjunct to traditional means damage and principle of 370–71 proportionality 134–6 cyber surveillance and espionage 369 data as a protected object 131 cyber terrorism 369–70 delimitation problems and principle of Geneva Convention see Geneva Convention distinction 130–31 geographical scope of armed conflict 368–9 determining whether armed force has been International Humanitarian Law or Law of applied 122–3 Armed Conflict (IHL/LOAC) 366–71 dual-use of cyber infrastructure and non-international armed conflicts 368 principle of distinction 131–3 principle of distinction 372 duration of participation 124–5, 129 principle of proportionality in attacks and Geneva Convention see Geneva against civilians or civilian objects Convention 372–3 geographical scope of armed conflict 126–7 prohibition of means of attack not directed intensity of attack 124–5 at specific military objectives 373–4 interconnectivity between military and rules relating to the targeting of persons and civilian computer systems 131–3 objects 372 international humanitarian law (IHL) self-defence in response to armed attack principles 129–37 369 minor disruptions 124 stand-alone cyber attacks 369–70 principle of distinction 130–33, 135 targeting of objects directly converted into a principle of precaution 136–7 military function 374 principle of proportionality 134–6 weapons or methods of combat which prohibition of indiscriminate attacks and would cause superfluous injury to principle of distinction 133 enemy combatants, restrictions on 374 quality of attacks 124–5 international humanitarian law applied to responsible agent 127–9 cyber warfare, principle of violent effects of CNA producing lasting proportionality in attacks employing harmful result 123–4 cyber weapons 374–8, 379 International Criminal Tribunal for the Former any attack not reasonably likely to cause Yugoslavia (ICTY) physical effects upon civilians or armed conflict definition 121–2 civilian objects 376–7 Prosecutor v Galic 135, 161, 373 data destruction 375–6
Nicholas Tsagourias and Russell Buchan - 9781782547396 Downloaded from Elgar Online at 09/23/2021 05:45:16PM via free access
Columns Design XML Ltd / Job: Tsagourias-Research_Handbook_International_Law_and_Cyberspace / Division: Index /Pg. Position: 16 / Date: 8/5 JOBNAME: Tsagourias PAGE: 17 SESS: 4 OUTPUT: Mon May 18 10:36:31 2015
Index 507
dual use function and collateral effects see also computer systems; cyber attacks 377–8 Iran 169, 182, 390 military ‘information operations’ not Iran–US Claims Tribunal, Yeager v Islamic considered as attack 375 Republic of Iran 60–61 operations considered as mere Stuxnet attack 56, 133, 153, 212, 243, 261, inconvenience 375 288, 308, 310, 315, 316, 318, 322, 324, International Law Commission (ILC) 57–9, 330, 361, 370, 376–7, 466 66, 125–6 Iraq 141, 350, 390–91 international law and cyber espionage see Israel 276–7, 285, 341 cyber espionage and international law International Multilateral Partnership Against Jacobs, D 61 Cyber Threats (IMPACT) 257 James, A 16 international obligation breach, and State Jamnejad, M 183, 250, 252 responsibility see State responsibility, Janczewski, L 229 international obligation breach Japan 448 international peace and security threat, cyber Jaycox, M 223 espionage see cyber espionage and Jennings, P 446 international law, as threat to Jennings, R 182, 186 international peace and security Jensen, E 268, 291, 327, 361, 397 international relations, and cyberspace see Jewkes, Y 157 human rights, international relations and Johnson, D 2, 13, 16, 37–8 cyberspace Johnson, R 245 international substantive law, and cybercrime Jordan, D 227 192–8 Joubert, V 429, 435 International Telecommunication Regulations Joyner, C 236, 265 (ITRs) 111–12 jurisdiction see cyberspace jurisdiction International Telecommunication Union (ITU) 165, 257 Kaesling, K 81 International Tribunal of the Law of the Sea Kahn, J 296 (ITLOS), due diligence concept 66 Kamal, A 29 Internet Kammerhofer, J 277 access as new human right 109–10 Kanuck, S 19 blocking network services 20, 319, 323 Kaplan, D 308 censorship 100–102 Kastenberg, J 392 and cyberspace, differences in meaning Kastner, P 148, 149, 190–207, 223, 265, 407, 55–6 460, 466 and data transmission, law of neutrality Katz, J 283 398, 399 Kaurin, P 317 domain names 21–2, 74, 76, 79, 92, 116 Kegel, G 78 freedom and Internet sovereignty contrasts Keller, H 134 111 Kelsey, J 343, 346, 353, 360, 361, 396 general use by terrorist groups 150 Kemp, G 139 ‘Internet sovereignty’ perspective 98 Ker, P 159 neutrality 476 Kerr, O 201 online gambling 40–42, 47 Kessler, O 119, 123, 125, 139 regulation 111–12, 220–21, 406 Keyser, M 418 service providers, liability and Kimmel, P 324 responsibility 203, 205 kinetic effects equivalency (KEE) test see social networks as targets 361 principle of distinction, relevance of, technology, and human rights see human kinetic effects equivalency (KEE) test rights, Internet technology and Kingbury, K 324 international politics Kirkpatrick, D 219 territorial fragmentation 52–3 Kirsch, S 156
Nicholas Tsagourias and Russell Buchan - 9781782547396 Downloaded from Elgar Online at 09/23/2021 05:45:16PM via free access
Columns Design XML Ltd / Job: Tsagourias-Research_Handbook_International_Law_and_Cyberspace / Division: Index /Pg. Position: 17 / Date: 15/5 JOBNAME: Tsagourias PAGE: 18 SESS: 2 OUTPUT: Mon May 18 10:36:31 2015
508 Research handbook on international law and cyberspace
Kleinwächter, W 95, 97 neutrality definition 382–4 Klimburg, A 218, 418, 428, 442 non-belligerency practice 384 Knake, R 188, 253, 260, 317 non-discrimination principle 387, 388–9 Koepsell, D 14 non-participation principle 387–8 Koh, H 14, 56, 63, 187–8, 234, 242, 243, 263, permanent neutrality position 382–3 351 sources in customary international law 381, Kohl, U 18, 20, 30–54, 72, 79, 183, 190, 200, 385–7 201, 226 Tallinn Manual see Tallinn Manual Kolasky, R 331 temporary neutrality 383–4 Kolb, A 88 territorial sovereignty violations 380–81, Koops, B-J 223 389, 394–5, 397–8 Korns, S 392 UN Charter regime and Security Council Korzak, E 330 Resolution effects 389–91, 393, 394, Kostic, D 140 395 Koufa, K 151, 157 Lawson, S 222, 370 Koutrakos, P 413, 420 League of Arab States Convention 196, 197, Kramer, E 255 200, 202–3 Kraska, J 119–20 Lee, D 250 Krasner, S 17 Lee, Y 448 Kreβ, C 140, 141 legal dimensions Kuehl, D 15 of cybercrime see cybercrime, international Kulsrud, C 380 legal dimensions Kunig, P 181, 182, 252 law of neutrality see law of neutrality Kur, A 74, 78 military operations, ‘adequate’ legal basis Kurbalija, J 220 requirement 228–9 Kurlantzick, J 456 self-defence in cyberspace 262–3 Kwon, H 449, 457 see also cyberspace jurisdiction; cyberspace, legal status Lahmann, H 132, 133, 134, 135, 137 Leiner, B 95 Lanchester, J 212 Lemley, M 75 Landler, M 259 Lessig, L 15, 16 Lanz, C 389 Levie, H 329–30 Larik, J 405 Lewis, J 446, 449, 463 Lauterpacht, H 57, 236 Libicki, M 290, 297, 323 law of neutrality 380–400 Lieber, F 344 belligerent’s right to use force to counter Lieber, K 293 violations of State’s neutrality 394 Liefländer, T 274 computer facilities 397, 399 Lin, H 118, 119, 122, 123, 132, 241, 249, cyber activity attribution problems and due 269, 308 diligence 394–5 Liptak, A 36 cyber context 391–9 Lisbon Treaty, EU cybersecurity law 403–4, cyber context, expressly applicable rules 413, 416, 420–21 392–4 Loewenheim, U 84 cyber espionage and communication with Lombois, C 34 belligerents 398–9 Lotrionte, C 236, 265 Georgia, South Ossetia War and website Lowe, A 48 hacking 381–2 Lowe, V 37, 397 Hague Convention 134, 327, 385–7, 391, Lubell, N 119, 120, 123, 124, 129, 131, 276, 393, 394, 396–7, 398, 399 337 Internet and data transmission 398, 399 Lucarelli, E 256 Iraqi invasion of Kuwait and modified Lucas, G 261 nature of neutrality 390–91 Luiijf, E 219, 223 law of armed conflict (LOAC) 396–9 Lülf, C 120, 123, 127
Nicholas Tsagourias and Russell Buchan - 9781782547396 Downloaded from Elgar Online at 09/23/2021 05:45:16PM via free access
Columns Design XML Ltd / Job: Tsagourias-Research_Handbook_International_Law_and_Cyberspace / Division: Index /Pg. Position: 18 / Date: 8/5 JOBNAME: Tsagourias PAGE: 19 SESS: 2 OUTPUT: Mon May 18 10:36:31 2015
Index 509
Lynch, C 113 Miryousefi, A 234 Lynn, W 258 Monar, J 405 Moore, J 271, 388 MacAskill, E 284, 297 Morgan, P 290, 303 McBurney, P 240 Morley, D 30 McClure, R 119 Morozov, E 102 McConnell, B 285, 286, 288, 289, 291 Morris, N 63 McConnell, M 262 Moseley, A 311 Malin, C 309 Mueller, B 189 malware 252–3, 257, 261, 308, 309, 312, 313, Müllerson, R 233 444 Mulvenon, J 24, 287, 289, 296 see also hackers Murphy, J 180, 189, 244 Mandiant Report 168, 169, 333 Murphy, T 25 Mann, F 19, 32 Marauhn, T 427 Mutz, G 32 Markoff, J 255, 259, 392 Myers, S 277 Marsden, C 406 Myjer, E 256, 284–304 Martin, C 190 Masli, U 449 Nakashima, E 115, 249, 333, 361 Mason, S 358 Nasu, H 446–64 Matera, C 406 national involvement see State practice; State Maurer, T 468, 470, 471, 474, 475, 481, 487, responsibility 488 NATO Maybaum, M 229 2010 Strategic Concept 257–8 Mayer, F 406, 418 2020 Report on cyber defence 274, 275 Mégret, F 148, 149, 190–207, 223, 265, 407, collective defence 291 460, 466 collective self-defence 260, 270 Melnitzky, A 179, 187 Cooperative Cyber Defence Centre of Melzer, N 119, 122, 123, 124, 125, 128, 129, Excellence (CCDCOE) 258 131, 138, 244, 247, 329, 348, 353, 354, information security initiatives 70 362, 363 NATO and cyber defence 426–45 Mendez, F 410 Allied Command Operations (ACO) 432 Meyer, D 256 CERTs (Computer Emergency Response Meyer, J 359 Teams) 440–41 Meyer, P 466, 473, 481 Communications and Information (NCI) military operations Agency 431–2 cyber attack in support of conventional 260, Computer Incident Response Capability 261–2, 285 (NCIRC) 429, 433, 444 cyber operations directed against civilians Consultation, Control and Command (NC3) see principle of distinction, relevance Board 431 of, prohibition of military cyber Cooperative Cyber Defence Centre of operations directed against civilians Excellence (NATO CCD COE) 441, cyber operations, notion of 212–13, 214, 442 226–32 Cyber Defence Management Board ‘information operations’ not considered as (CDMB) 431, 432, 439 attack 375 Cyber Defence Programme (Prague and Internet technology 97 Capabilities Commitment) 429 principle of distinction 358–9 Euro-Atlantic Disaster Response security against cyber treats 286, 288–9 Coordination Centre (EADRCC) 438 targeting of objects directly converted into exercises 432, 440–41, 443 military function 374 governance 430–32 Miquelson-Weismann, M 197, 199, 204 industry cooperation and information Mirtl, P 218 sharing 443, 444
Nicholas Tsagourias and Russell Buchan - 9781782547396 Downloaded from Elgar Online at 09/23/2021 05:45:16PM via free access
Columns Design XML Ltd / Job: Tsagourias-Research_Handbook_International_Law_and_Cyberspace / Division: Index /Pg. Position: 19 / Date: 8/5 JOBNAME: Tsagourias PAGE: 20 SESS: 2 OUTPUT: Mon May 18 10:36:31 2015
510 Research handbook on international law and cyberspace
international organizations, liaison with nuclear deterrence 432, 442, 443 differences from cyber deterrence 296–7, Malware Information Sharing Platform 299 (MISP) 444 strategy see cyber deterrence and public NATO decision and NATO operation, international law, nuclear-deterrence meanings of 428 strategy (strategy of massive North Atlantic Council (NAC) 430–31, 435, retaliation) 437 nuclear security 272, 288–9 Policy on Cyber Defence 429, 430, 437–8, Nunziato, D 100 439–40, 442 Nye, J 28, 286 Rapid Reaction Teams (RRTs) 439–40 Science for Peace and Security Programme Obama, B 164 442 O’Connell, M 56, 70, 255, 261, 263, 278, Strategic Concept for the Defence and 281, 282, 289, 437 Security of the Members of NATO O’Donnell, B 119–20 429–30, 432, 434–6 O’Driscoll, M 384, 388 see also Estonia; Georgia Oehmichen, A 156 NATO and cyber defence, key aspects 432–43 Oeter, S 131 assistance to Member States and Olásolo, H 134 Memoranda of Understanding (MoUs) Olzak, T 229 439–40 Omanovic, E 115 civil crisis management 438–9 Onuf, N 17 collective self-defence 434–7 operations, cyber see ‘cyber operations’ consultation 437–8 headings cyber crisis management 434–40 Ophardt, J 137, 140, 346 cyber defence cooperation 442–3, 444 Opsahl, K 223 cyber warfare perceptions 436–7, 438 Owens, W 242, 247, 286 defence of NATO’s own networks 432–4 exercises to ensure preparedness 440–41 Palojärvi, P 242 secure ICT infrastructure 433–4 Panetta, L 333 strategic ambiguity on concept of ‘armed Paris Convention, intellectual property rights attack’ 435 74, 78, 80 training, education, and research 441–2 Parizo, E 259 Nemerofsky, J 186 Parks, W 175 Netherlands 41, 216, 225, 227, 331 Pastukhov, O 92 Neumann, P 215 Pateraki, A 414, 417 neutrality law see law of neutrality Pauli, D 147 New Zealand 41, 448 Paulus, A 139–40, 141 Newton-Small, J 253 peacetime Nollkaemper, A 61 cyber espionage and international law in Non-Aligned Movement (NAM) and 172 anticipatory self-defence 271, 272 protection of critical infrastructures 289 non-international armed conflict Pelican, L 176–7 classification of cyber warfare see perfidy 129, 312–14, 357 classification of cyber warfare, Permanent Court of International Justice non-international armed conflict (PCIJ) international humanitarian law applied to Factory at Chorzów (Indemnities) 57 cyber warfare 368 Lotus 18, 19, 20, 21, 36, 37, 48, 51, 65, non-intervention principle see principle of 181, 344 non-intervention Oder River Commission 279 non-State actors involvement 172–4, 276–80, S.S. ‘Wimbledon’ 28 449–50 Pernik, P 398 Noyes, M 307 persons, attacks on see civilian population
Nicholas Tsagourias and Russell Buchan - 9781782547396 Downloaded from Elgar Online at 09/23/2021 05:45:16PM via free access
Columns Design XML Ltd / Job: Tsagourias-Research_Handbook_International_Law_and_Cyberspace / Division: Index /Pg. Position: 20 / Date: 8/5 JOBNAME: Tsagourias PAGE: 21 SESS: 2 OUTPUT: Mon May 18 10:36:31 2015
Index 511
Peters, A 65, 113 critical date for assessment of existence of Peterson, A 115 attack 350 Philippines 204 interference with functionality as damage Pictet, J 124, 127, 368 351–2 Pila, J 80 limits of 349–53 Pillay, N 108 problem of assessment of damage 349–51 Pilloud, C 130, 133, 136, 329, 336, 338, 339, principle of distinction, relevance of, 340, 362 prohibition of indiscriminate attacks in Pirker, B 182, 224, 226 cyberspace 357–64 Pocar, F 201 ‘civilianization’ of war 358 Poellet, K 247, 249 computers and computer companies as PoKempner, D 225 targets 360–61 political motive for terrorism, and organised ‘direct participation in hostilities’ crime 149–50 interpretation 362–4 political rights see human rights, civil and dual-use objects, distinction between political rights civilian objects and military objectives Porcedda, M 408 358–62 pornography 39, 196–7 identification problems and protection of Porter, A 404, 408, 409, 419 civilians 362–4 Portnoy, M 448 Internet and social networks as targets 361 Post, D 2, 13, 16, 37–8 military objectives definition 358–9 Pouw, E 228 prohibition of perfidy 357 Prakash, R 465, 466, 475, 478, 480 ‘war-sustaining’ installations 359–60 Press, D 293 principle of non-intervention principle of conferral, EU cybersecurity law cyber espionage and international law, 405, 419–20 international law application 180–86 principle of distinction law of neutrality 387–8 and dual-use of cyber infrastructure and sovereignty and non-intervention policies principle of distinction 131–3 97 international criminal responsibility, cyber violation 250–52, 253, 261–2 attacks as war crimes 130–33, 135 principle of precaution, cyber attacks as war international humanitarian law 160–61, 372 crimes 136–7 principle of distinction, relevance of 343–65 principle of proportionality armed conflict law 345 cyber attacks as war crimes 134–6 cyber attack definitions 346–7, 348 cyber-psychological operation (PSYOP) and international crime of terrorism 160–61 denial of services 354 and international humanitarian law see effectiveness in cyberspace 347–8 international humanitarian law applied Geneva Conventions 130, 133, 344, 345, to cyber warfare, principle of 362 proportionality in attacks employing Lieber Code 344 cyber weapons Martens Clause 344, 356 self-defence in cyberspace 274–5 prohibition of cyber attacks against the Prislan, V 26 civilian population and objects 346–53 private motivation for attacks 158–9 prohibition of military cyber operations private persons or entities, acts of, and State directed against civilians 353–7 responsibility 60, 61 principle of distinction, relevance of, kinetic private sector effects equivalency (KEE) test 348–9 classification of cyber warfare 334–5 acts of violence 348–9 cyber espionage and confidential collateral damage and malfunction of information sharing 179, 259, 264 civilian facilities 349–50, 354 and cyber technologies 115–16, 195–6, computer system hacking as attack 348–9 211–12, 216, 222, 223
Nicholas Tsagourias and Russell Buchan - 9781782547396 Downloaded from Elgar Online at 09/23/2021 05:45:16PM via free access
Columns Design XML Ltd / Job: Tsagourias-Research_Handbook_International_Law_and_Cyberspace / Division: Index /Pg. Position: 21 / Date: 8/5 JOBNAME: Tsagourias PAGE: 22 SESS: 2 OUTPUT: Mon May 18 10:36:31 2015
512 Research handbook on international law and cyberspace
engagement, Asia-Pacific Economic Saul, B 75, 147–67, 191 Cooperation (APEC) 461–2 Scassa, T 182 involvement, EU cybersecurity law 410, Schabas, W 141 412 Schachtman, N 262, 426, 436 property Schaller, C 175 infrastructure see cyberspace, infrastructure Schell, B 190 intellectual see cyberspace, intellectual Schiller, H 30, 31 property rights Schjolberg, S 206 public international law Schmitt, E 334 and cyber deterrence see cyber deterrence Schmitt, M 1–9, 118, 123–31passim, 138, and public international law 139, 149, 187, 214, 240, 246, 253, 255, and intellectual property 77–82 263, 264, 267, 268, 270, 273, 276, 280, 299–301, 302, 326, 329, 338, 339, 341, Rahmatian, A 72–93, 226 347, 352, 353–4, 359, 361, 363–4 Randelzhofer, A 139 Tallinn Manual see Tallinn Manual Raymond, D 318 Schreier, F 240 Reed, T 351 Schricker, G 84 Rees, N 447, 450, 457 Schrijver, N 26 regulation Schultz, T 20, 398 comprehensive multilateral instrument, need Schwartz, P 104 for 206 Scoville, H 175 cyber terrorism, comprehensive instrument security see cyber security and regulation need 163–7 Segal, A 311 Internet 111–12, 220–21, 406 Segura-Serrano, A 246 see also ‘legal’ headings Seidl-Hohenveldern, I 78 Reinold, T 276, 277 self-censorship, jurisdiction in cyberspace 53 Reitman, R 112 self-defence in cyberspace see cyberspace, Reydam, L 34 self-defence in Rid, T 232, 240, 243, 285, 288, 289–90, 296, Serbia and Montenegro 350 298, 367, 369, 370, 377, 437 Shachtman, N 392 Roberts, A 385 Shackelford, S 263 Robins, K 30 Shafer, G 332 Robinson, N 404 Shakarian, P 392 Rona, G 278 Shamah, D 332 Ronzitti, N 233, 390 Shanahan, L 160 Rosati, E 86 Shanker, T 334 Roscini, M 75, 148, 187, 224, 226, 228, Sharp, W 236 233–54, 262, 263, 264, 265, 268, 275, Shaw, M 32, 394 282, 299, 312, 331, 466 Shearer, I 34 Ross, M 417 Sheldon, J 436 Rothman, M 219 Shelling, T 296 Rowe, N 307–25 Sherman, B 86 Ruggie, J 18 Sikkink, K 489 Russia 70, 111, 114, 277–8, 457, 478 Silver, D 139, 237 see also Estonia; Georgia Simma, B 255 Russo, F 390 Simpson, B 381, 399 Ryngaert, C 20, 32, 33 Singel, R 262, 437 Singer, D 426–7 Safferling, C 140 Singer, P 213, 262, 426 Sanger, D 212, 218, 360 Slaughter, A-M 277 Sassòli, M 360 Smith, G 48 Satzger, H 139 Smith, J 185 Saudi Arabia 244–5, 330 Smith, M 215
Nicholas Tsagourias and Russell Buchan - 9781782547396 Downloaded from Elgar Online at 09/23/2021 05:45:16PM via free access
Columns Design XML Ltd / Job: Tsagourias-Research_Handbook_International_Law_and_Cyberspace / Division: Index /Pg. Position: 22 / Date: 8/5 JOBNAME: Tsagourias PAGE: 23 SESS: 2 OUTPUT: Mon May 18 10:36:31 2015
Index 513
Smith, T 317, 319, 325, 350 State responsibility, international obligation Snowden (Edward) revelations 53, 62, 64, breach 65–70 94–5, 112, 113–15, 169, 172–3, 179, cooperation and concerted action, need for 180, 219, 224, 466, 473 70, 71 Sommer, P 212 due diligence violation 66–9, 71 South Korea 448 grounds for establishing responsibility 66 sovereignty see cyberspace sovereignty lack of consensus on 65 Spernbauer, M 423, 425 notification selection criteria 69–70 Sri Lanka 157 Steiger, D 131–2, 247 Staker, C 37, 397 Stohl, M 148, 150 State practice Stone, J 175 classification of cyber warfare 330, 334–5 Stone Sweet, A 409, 420 cyber espionage and national infrastructure Stout, C 324 information 179 cyber espionage and refusal to accept Strate, L 22 responsibility when accused 195–6 Strawser, B 312, 314 cybercrime and national legislation and Sulmasy, G 185 fragmentation 201 Swaine, J 260 operational capability, strengthening, EU Swanson, L 119, 123, 260 cybersecurity law 412 Syria 158, 260, 360, 361, 370, 371, 376 State-level cyber operations see cyber operations, State-level cyber paradigms Tadjdeh, Y 427 State-sponsored cyber attacks 158, 161–2, Tallinn Manual 164 cyber attack definition 348, 374, 376 States claiming regulatory competence in cyber operation as use of force 188, 242, parallel 33–4 245, 250, 252–3, 299–301, 302, 328, see also cyberspace sovereignty 329, 330, 335 State responsibility 55–71 cyber operations against civilians 353–4, acts of private persons or entities 60, 61 363, 375 Articles on the Responsibilities of States cyber terrorism 161 (ARS) 58–61, 66, 68 cyber warfare and the applicability of breach of international obligation 61–2 international law 366, 475 computer hacking attacks 56 dual-use entities as military targets 361 de facto agents 59, 60, 66 interference with functionality as damage exercise of government authority elements 351 in absence of State authority function international criminal responsibility 119–20, 60–61 123, 124, 127–39passim, 141 government authority delegation 59–60 law of neutrality 386–7, 392–3, 394–5, 397, Internet and cyberspace, differences in 398, 399 meaning 55–6 non-international armed conflicts 369 requirements 57–62 organization criterion 338 State responsibility, attribution in cyberspace and self-defence 265, 273, 369 62–5 standard of the reasonable acts emanating from location under commander/combatant 373 exclusive jurisdiction of another State State responsibility, attribution in 65 cyberspace 63, 64, 65, 69 ambiguity and margin of discretion 63 Taubman, A 72, 74 computer identification 62–3, 69–70 Taylor, P 18 electronic surveillance 62–3, 64, 65 technology evidence requirements and territorial and cyber deterrence see cyber deterrence location of computers 63–5 and public international law, cyber personal identification problems 62, 63 deterrent feasibility and technical Tallinn Manual see Tallinn Manual considerations
Nicholas Tsagourias and Russell Buchan - 9781782547396 Downloaded from Elgar Online at 09/23/2021 05:45:16PM via free access
Columns Design XML Ltd / Job: Tsagourias-Research_Handbook_International_Law_and_Cyberspace / Division: Index /Pg. Position: 23 / Date: 8/5 JOBNAME: Tsagourias PAGE: 24 SESS: 2 OUTPUT: Mon May 18 10:36:31 2015
514 Research handbook on international law and cyberspace
cyber deterrent feasibility and technical Traynor, I 260 considerations 297–8 Trezise, H 446–64 and cyber infrastructure disparities 449–50 Tsagourias, N 13–29, 33, 48, 63, 64, 72, 75, cyber terrorism and possible necessary 98, 149, 224, 231, 235, 247, 261–2, 267, technical measures 165–6 278, 287, 296, 301, 394, 398, 448 cybercrime and technical means of Tullos, O 264 protection and preventive measures Turns, D 118, 127, 128, 131, 149, 349, 362, 204–5 363, 364, 380–400 Internet technology and human rights see human rights, Internet technology and UK international politics BT v One in A Million 92 private enterprise and cyber technologies computer program protection 86–7 115–16 Copyright, Designs and Patents Act 72, 84, technological resources, development of, 85, 86–7, 89, 90–91 EU 413–14 copyright law and territoriality principle Temple Lang, J 406 78–9 terminology problems, cyber deterrence and cybercrime cost 1 public international law 297–8 cybersquatting 92 territoriality Digital Economy Act 75 coercion and violation of territorial integrity Gambling Act 51 181–3 Harrods v Dow Jones Co 43 objective, cybercrime and principle of John Richardson Computers Ltd v Flanders nationality 202 89 principle 33, 48, 198–200 Lewis & Ors v King 43 search and seize powers and cybercrime military cyber operations definition 227 199 Navitaire 89 sovereignty as protection of territorial Obscene Publications Act 39 integrity 182, 183 R v Perrin 39, 50 territorial nature of intellectual property see R v Sheppard & Amor 19 cyberspace, intellectual property rights, SAS Institute v World Programming Ltd 89 territorial nature Twentieth Century Fox Film Corp & Ors v territorial sovereignty violations, law of British Telecommunications 52 neutrality 380–81, 389, 394–5, 397–8 Vidal-Hall & Ors v Google Inc 44 see also cyberspace sovereignty UN Charter terrorism see cyber terrorism self-defence in cyberspace see cyberspace, Thomas, N 449, 452, 458, 461, 462 self-defence in, UN Charter Article 51 Thomson, J 16 and use of force 186–8, 265, 267, 299–302 Tiirmaa-Klaar, H 220, 223, 428 UN Convention against Transnational Tikk, E 250, 260, 281, 350, 438 Organized Crime 149, 198, 199 Timberg, C 333 UN Counter-Terrorism Implementation Timlin, K 449 Taskforce (CTITF) 147, 151 Timofeeva, Y 38 UN Draft Comprehensive Anti-Terrorism Tirmaa-Klaar, H 418 Convention, terrorist offences definition Tladi, D 278 155–7, 158, 159, 160, 161–2 Tobanksy, L 15 UN General Assembly (UNGA) Toebes, B 106 Declaration on the Definition of Aggression Torremans, P 72, 73, 79, 82, 83 237 Touré, H 147 and prohibition of use of force see cyber Townsend, M 157 operations as a use of force, UN Trachtman, J 17, 28 General Assembly (UNGA) and transnational corporations, power and interests prohibition of use of force of 31 protection of critical information Trauner, F 404 infrastructures 288
Nicholas Tsagourias and Russell Buchan - 9781782547396 Downloaded from Elgar Online at 09/23/2021 05:45:16PM via free access
Columns Design XML Ltd / Job: Tsagourias-Research_Handbook_International_Law_and_Cyberspace / Division: Index /Pg. Position: 24 / Date: 8/5 JOBNAME: Tsagourias PAGE: 25 SESS: 2 OUTPUT: Mon May 18 10:36:31 2015
Index 515
regulation of cyber security see UN and the Groups of Governmental Experts (GGEs), regulation of cyber security, General Second Group, ICT disruptions and Assembly (UNGA) risk 477, 480–81 Resolution on misuse of information Groups of Governmental Experts (GGEs), technologies 280 Third Group 478–81 UN Global Counter-Terrorism Strategy 151 Second Committee (Economic and UN Hostages Convention 154 Financial Committee) and Global UN Internationally Protected Persons Culture of Cyber-security initiative Convention 154 469–71 UN Office of Drugs and Crime (UNODC), Second Committee, global culture of cyber cyber terrorism definition 147, 150 security 470–71 Second Committee, voluntary UN and the regulation of cyber security self-assessment tool for national efforts 465–90 471 differences on fundamental issues between Third Committee (Social, Humanitarian and Eastern and Western States 466 Cultural Committee) 471–3, 489 Economic and Social Council (ECOSOC) Third Committee (Social, Humanitarian and 484–6 Cultural Committee), resolution emerging regulatory framework for cyber combating the criminal misuse of security 477 information technologies 471–2 information security 467–9, 474–81 Third Committee (Social, Humanitarian and International Code of Conduct for Cultural Committee) resolution on Information Security 478–81 right to privacy in the digital age 473 International Telecommunications Unit, Third Committee (Social, Humanitarian and Global Cyber-Security Agenda 487–8 Cultural Committee) and UN Crime International Telecommunications Unit, Prevention and Criminal Justice online protection for children 488 Programme 472 Internet neutrality 476 Vienna Declaration on Crime and Justice norms, rules and principles of responsible 485–6 behaviour by States, recommendations UN Reports of International Arbitral Awards for 480 (RIAA) UN Charter affirmation and rules on the Island of Palmas Case (US v Netherlands) non-use of force and self-defence 480 17, 279 Trail Smelter 279 UN Global Counter-Terrorism Strategy 482 UN ‘Right to Privacy in the Digital Age’ draft UN Institute for Disarmament Research resolution 113 (UNIDR) 488–9 UN Security Council Resolutions UN Office on Drugs and Crime (UNODC) inherent right to self-defence 277–8 489 regulation of cyber security 481–4 UN Security Council (UNSC) 481–4 and terrorism 150–51, 156, 158 UN and the regulation of cyber security, UN Special Tribunal for Lebanon 155–6, 158 General Assembly (UNGA) 467–81 UN Terrorist Bombings Convention 154–5 First Committee (Disarmament and US International Security) 467–9, 474–6, botnets 319 477–8, 488 Cable News Network LP v cnnews.com 47, Groups of Governmental Experts (GGEs) 52 469, 470, 473–81 Caroline 271, 273 Groups of Governmental Experts (GGEs), Comprehensive National Cybersecurity First Group 474–6 Initiative (CNCI) 258–9 Groups of Governmental Experts (GGEs), CompuServe v Patterson 19, 20 Fourth Group 481 Computer Associates v Altai 89 Groups of Governmental Experts (GGEs), Computer Software Act 84 Second Group 476–8 copyright authorship and lex originis 79
Nicholas Tsagourias and Russell Buchan - 9781782547396 Downloaded from Elgar Online at 09/23/2021 05:45:16PM via free access
Columns Design XML Ltd / Job: Tsagourias-Research_Handbook_International_Law_and_Cyberspace / Division: Index /Pg. Position: 25 / Date: 8/5 JOBNAME: Tsagourias PAGE: 26 SESS: 2 OUTPUT: Mon May 18 10:36:31 2015
516 Research handbook on international law and cyberspace
Cyber Policy Review 55, 56 website blocking 52 cyber security intelligence information Yahoo! v La Ligue contre le racisme et sharing with private sector companies, l’antisémitisme 193 call for 259 Young v New Haven Advocate 47 Digital Millenium Copyright Act (DCMA) 74–5, 90 Vagts, D 381, 389, 391 drones’ hacking claims 245 Valeriano, B 427 due process requirement 47 Van Bochoven, L 428 east coast blackout 349 Van Elsuwege, P 413 Espionage Act 171–2 Van Ginkel, B 222 EU–US Working Group on Cyber-Security Van Hoboken, J 224 and Cyber-Crime (WGCC) 408, 411, Van Vooren, B 404, 421, 422 414 Vassilaki, I 38 excessive intelligence collection methods, Verdelho, P 200 criticism of 167 Vermeulen, M 414 Federal Anti-Tampering Law 312–13 ‘virtual group’ involvement, classification of Hartford Fire Insurance Co v California 49 cyber warfare 338–40 International Shoe Co v Washington 20, 47 virtual worlds, ‘crimes’ committed in 191 International Strategy for Cyberspace virus attacks 244–5 13–14, 343 malware 252–3, 257, 261, 308, 309, 312, Iran–US Claims Tribunal, Yeager v Islamic 313, 444 Republic of Iran 60–61 Stuxnet see under Iran National Security Strategy, and anticipatory see also hackers self-defence 271, 285 Viscusi, W 324 NSA cyber espionage 62–3, 113, 178, Vité, S 326 179–80, 184, 473 Vivant, M 84, 85 NSA electronic surveillance practices 62, Vogler, J 24–5 64, 65 Von Heinegg, W 182, 186 Patriot Act 165, 269–70 People v World Interactive Gaming Wachenfeld, M 390 Corporation 47 Wala, R 278 political dominance 96, 97, 113–14 Walden, I 220 Presidential Decision Directive on cyber Walker, G 397, 400 capacity 284, 297–8 Wall, D 191, 194 Presidential Policy Directive, cyber Waltz, K 97, 174 espionage definition 170–71 Walzer, M 307 privacy and personal data protection 103, war crimes see international criminal 114 responsibility, cyber attacks as war Reno v American Civil Liberties Union 256 crimes Restatement (Third) of Foreign Relations ‘war-sustaining’ installations 359–60 Law 49 warfare see cyber warfare Snowden (Edward) revelations 53, 62, 64, Wassenaar Arrangement on Export Controls 94–5, 112, 113–15, 169, 172–3, 179, and ‘dual use’ ICT technologies 115 180, 219, 224, 466, 473 Waters, S 399 spy plane incident (Gary Powers) 177 Watkin, K 214 Strategic Command, nuclear deterrence 296 Watt, H 410 T-Mobile West Corp. v Crow 19 Watts, A 182, 186 territoriality principle 80 Waxman, M 138, 187, 236, 242, 247, 262, The Exchange v McFaddon 17 265, 427 US v $734, 578.82 in US Currency 47 weapons see cyber weapons US v Yousef 20 Wegener, H 488 US–China cyber security working group Weisbord, N 137 490 Weissbrodt, D 118, 119, 123, 139
Nicholas Tsagourias and Russell Buchan - 9781782547396 Downloaded from Elgar Online at 09/23/2021 05:45:16PM via free access
Columns Design XML Ltd / Job: Tsagourias-Research_Handbook_International_Law_and_Cyberspace / Division: Index /Pg. Position: 26 / Date: 8/5 JOBNAME: Tsagourias PAGE: 27 SESS: 2 OUTPUT: Mon May 18 10:36:31 2015
Index 517
Wenger, A 358 Wriston, W 181 Werle, G 120, 127 WTO Appellate Body, United States – Werner, W 119, 123, 125, 139, 295 Measures Affecting the Cross-Border Wessel, R 258, 403–25, 432 Supply of Gambling and Betting Services Wikileaks see Snowden (Edward) revelations 42, 52 Wills, A 224, 414 Wu, T 13, 22 Willson, D 392 Wilmshurst, E 249, 278, 326 Yadron, D 324, 332 Wilson, C 92 Yar, M 157 Winterfeld, S 229 Yoo, J 185 Woltag, J-C 149, 426 Younes, A 92 Wood, M 183, 250, 252 Young, B 55 World Conference on International Telecommunications 111–12, 265–6 Zekoll, J 405, 410 Wortham, A 187 Zhang, L 233 Wray, R 110 Ziolkowski, K 170, 171, 178, 182, 183, 224, Wright, J 134, 136 226, 238, 241, 245, 258, 426–45 Wright, Q 181, 185 Zuckerberg, M 109
Nicholas Tsagourias and Russell Buchan - 9781782547396 Downloaded from Elgar Online at 09/23/2021 05:45:16PM via free access
Columns Design XML Ltd / Job: Tsagourias-Research_Handbook_International_Law_and_Cyberspace / Division: Index /Pg. Position: 27 / Date: 8/5 JOBNAME: Tsagourias PAGE: 28 SESS: 2 OUTPUT: Mon May 18 10:36:31 2015
Nicholas Tsagourias and Russell Buchan - 9781782547396 Downloaded from Elgar Online at 09/23/2021 05:45:16PM via free access
Columns Design XML Ltd / Job: Tsagourias-Research_Handbook_International_Law_and_Cyberspace / Division: Index /Pg. Position: 28 / Date: 8/5