Cyber Attacks and International Law on the Use of Force
eBook - ePub

Cyber Attacks and International Law on the Use of Force

The Turn to Information Ethics

  1. 218 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Cyber Attacks and International Law on the Use of Force

The Turn to Information Ethics

About this book

Examining the thematic intersection of law, technology and violence, this book explores cyber attacks against states and current international law on the use of force. The theory of information ethics is used to critique the law's conception of violence and to develop an informational approach as an alternative way to think about cyber attacks.

Cyber attacks against states constitute a new form of violence in the information age, and international law on the use of force is limited in its capacity to regulate them. This book draws on Luciano Floridi's theory of information ethics to critique the narrow conception of violence embodied in the law and to develop an alternative way to think about cyber attacks, violence, and the state. The author uses three case studies – the 2007 cyber attacks against Estonia, the Stuxnet incident involving Iran that was discovered in 2010, and the cyber attacks used as part of the Russian interference in the 2016 US presidential election – to demonstrate that an informational approach offers a means to reimagine the state as an entity and cyber attacks as a form of violence against it.

This interdisciplinary approach will appeal to an international audience of scholars in international law, international relations, security studies, cyber security, and anyone interested in the issues surrounding emerging technologies.

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Cyber Attacks and International Law on the Use of Force by Samuli Haataja in PDF and/or ePUB format, as well as other popular books in Law & International Law. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Routledge
Year
2018
Print ISBN
9781138482708
eBook ISBN
9781351057004
Edition
1
Topic
Law
Subtopic
International Law
Index
Law

1 Introduction

In international law, a classic example of the intersection between law and technology comes from the law of the sea. Prior to the modern 12 nautical mile limit of a state’s territorial sea, the so-called cannon shot rule put this distance at 3 nautical miles – the distance reflecting the technological capacity of cannons at the time. Despite debates about the origins of this rule and the exact technological capacity of cannons in the seventeenth and eighteenth centuries,1 the cannon shot rule reflects the basic idea that technology can shape how something is understood in law. In this instance, it helped shape the parameters of the legal space in which states can exercise their territorial sovereignty.2 More generally, the relationship between law and technology is often described as being much like the race between the tortoise and the hare: technology is seen as moving fast, whereas the law is slow and constantly needs to catch up or it risks becoming outdated.3 While not all new technologies raise legal issues, those technologies that make new things practicably possible do.4 For example, from the invention and development of bicycles and automobiles to ride-sharing applications and driverless vehicles, new technologies have required updated laws to regulate new forms of transportation on roads, and have therefore had an impact on the law.5
The development of digital information and communication technologies (ICTs) in particular has also made a range of new behaviors and interactions possible for both state and non-state actors in and through cyberspace. In 2000, for instance, in the Australian state of Queensland, an individual used a laptop to remotely obtain unauthorized access to the computer systems used to operate the local council’s sewerage system. He altered data, causing the system to malfunction, and this resulted in sewage escaping and causing environmental harm.6 On the other hand, in 2013 the blueprints for the new headquarters of the Australian Security and Intelligence Organization (ASIO) were stolen from the computer system of a contractor involved in the construction process. While the identity of those responsible for the breach is unknown, the source of the intrusion was traced to servers located in China.7 More recently, in 2017 the operation of a Cadbury chocolate factory in the Australian state of Tasmania was disrupted. This was caused by malicious software (malware), which had spread across the globe.8 As these incidents highlight, the development of digital ICTs enabling interactions in and through cyberspace has made a range of new things possible for both state and non-state actors, and this in turn has given rise to a number of legal issues.

Law, technology, and violence: Article 2(4) and cyber attacks

This book is concerned with a particular intersection of law and technology: international law on the use of force and cyber attacks. In this context, it explores the thematic intersection of law, technology, and violence.9 A central aim of international law has always been an effort to regulate and limit interstate conflict and violence. In the modern context, this concern is crystallized in the cornerstone provision of the United Nations (UN) Charter: the Article 2(4) prohibition on the use of force. This provision essentially prohibits states from engaging in particular forms of violence in their international relations. However, where states seek to pursue their interests in and through cyberspace, questions arise as to whether cyber attacks can constitute uses of force that are prohibited by international law. This is particularly problematic in the cyberspace context: while espionage, for example, traditionally is not prohibited by international law,10 the current technological context in which states operate both enables them to easily engage in a range of new activities and simultaneously renders them open to new vulnerabilities.
These issues have become increasingly pertinent in recent years. For example, in May 2017 the WannaCry ransomware infected over 300,000 computers in more than 150 countries and caused disruptions to the operation of businesses and hospitals.11 The US government later publicly blamed North Korea for the incident.12 The following month, in June 2017, the NotPetya malware infected computers in a range of government and private organizations in Ukraine and then spread to companies and organizations around the world.13 NotPetya was particularly unique, as it disguised itself as a form of ransomware like WannaCry; however, it was capable of simultaneously deleting user data. In 2018, the United States disclosed that Russia was responsible for the incident, which it described as ‘the most destructive and costly cyber-attack in history’, resulting in billions of US dollars’ worth of damage and major disruptions to global shipping and trade.14
While incidents such as these involve some type of harm caused by states against other states, there is considerable debate about whether cyber attacks such as these would amount to a use of force in violation of Article 2(4).15 For example, the Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations – a manual written by a group of international legal experts on the applicability of international law in cyberspace – provides that a cyber attack constitutes a use of force where its scale and effects are comparable to a traditional ‘use of force’.16 While this may be clear where, for instance, a cyber attack results in material effects, such as injury or death of human beings, or damage to or destruction of physical objects, it is more problematic when the effect is to undermine the integrity of information or disrupt the operation of computer systems and networks.17
Writing in the years following the September 11, 2001 terrorist attacks, Rosalyn Higgins maintained that among the key issues in the law on the use of force are ‘What sort of harm, against whom and where, constitutes an attack on a “State” within the meaning of Article 2(4)?’18 In the cyberspace context in particular, states from anywhere in the world can potentially cause new forms of harm against other states that might not involve bloody and destructive violence resembling traditional military offensives or the Al-Qaeda attacks on the United States. Obtaining unauthorized access to the blueprints of ASIO’s new headquarters from the computer of a private contractor, or launching sophisticated ransomware attacks against other states, may therefore not be expressly prohibited by international law or constitute the type of harmful behavior with which the prohibition on the use of force was originally concerned when the UN Charter was drafted in the 1940s. Yet these behaviors in and through cyberspace reinvigorate questions about what types of state activities are prohibited by the law in the twenty-first century. Questions therefore arise about the types of harmful interactions that are, or should be, prohibited, how harm manifests in a world of increasingly ICT-dependent states, and even what the state as an entity capable of being subject to harm looks like in this world. These are among the key questions that this book seeks to explore.
Within the law on the use of force – the modern manifestation of the jus ad bellum – this book focuses primarily on cyber attacks and the threshold distinction between what amounts to ‘force’ within Article 2(4) and the measures below this threshold that are considered to breach the non-intervention principle alone. It is thus concerned with the law on the use of force in a narrow sense.19 The term ‘incidents short of war’ is often used to describe a related distinction in international law: the differentiation between those measures amounting to a use of force but which fall below the higher ‘armed attack’ threshold.20 Yoram Dinstein, for example, writes that
Incidents involving the use of force, without reaching the threshold of war, occur quite often in the relations between States. Border patrols of neighbouring countries may exchange fire; naval units may torpedo vessels flying another flag; interceptor planes may shoot down aircraft belonging to another State, and so forth.21
On the other hand, economic coercion, for example, is not considered a form of ‘force’ for the purposes of Article 2(4) and would instead fall into the realm of the non-intervention principle.22 This book seeks to demonstrate how the orthodox account of what constitutes a use of force under international law embodies a particular conceptualization of violence.23 Consider, for instance, the above incidents, which involve the use of force according to Dinstein. Whether it is the members of the armed forces of one state inflicting harm to human soldiers of another state through kinetic weapons, or the launching of missiles or torpedoes that cause physical damage to the hulls of planes or naval vessels, in each instance the incidents involve a use of force understood as a particular form of violence involving injury or death to human beings, or damage to or destruction of physical objects.
In the context of cyber attacks, technology is challenging this conceptualization of violence. As this book illustrates, where cyber attacks result in material effects, the law has the ability to recognize them as a form of violence within the ambit of Article 2(4). However, where cyber attacks do not result in material effects and only, for example, disrupt the operation of computers and networks, they largely fall outside the conception of violence that is embodied in Article 2(4). It is argued that the reason for the conceptual challenge to how interstate violence in the cyberspace context is understood is not simply a result of new things becoming possible due to technological advances. Instead, the reasons are ontological. While ontology generally refers to the study of what is said to exist, in this book ontology is examined in the context of what exists in the eyes of the law, and therefore what the law is capable of recognizing as real.24 As will be demonstrated, the law subscribes to a particular worldview in which violence is understood in inherently anthropocentric and materialist terms as requiring harm to human beings or damage to physical objects. The law’s inability to recognize cyber attacks with non-material effects, such as damage to data or the disruption of information systems as a form of violence, is therefore due to the law’s ontological constraints. This is evidenced by its limited capacity to recognize cyber attacks with non-material effects as a form of ‘force’ within Article 2(4).
Where cyber attacks do not result in material effects and fall below the use of force threshold, they instead tend to be considered as potential breaches of the non-intervention principle. This is a principle of international law that prohibits states from using methods of coercion to intervene in each other’s internal or external affairs. It was classically concerned with ‘forceful intervention’,25 but in its modern form, it is understood to prohibit states from using coercive measures not involving military force.26 In relation to cyber attacks in particular, the non-intervention principle generally is used as a mechanism to capture those cyber attacks that fall below the use of force threshold that do not result in material effects.27 However, as this book will show, in so doing, cyber attacks below the use of force threshold are effectively depicted as a form of non-violence and cast into the periphery of the law on the use of force. This is particularly problematic given the increasing ways in which non-material cyber attacks can be used to disrupt the proper functioning of states reliant on ICTs for their prosperity and security. As such, this book argues that by taking the potential effects that such attacks can have on states seriously, the harm caused by non-material cyber attacks can also be considered within the scope of Article 2(4) and recognized as a new form of violence that...

Table of contents

  1. Cover
  2. Half Title
  3. Series Page
  4. Title Page
  5. Copyright Page
  6. Dedication Page
  7. Table of Contents
  8. Acknowledgements
  9. Acronyms and abbreviations
  10. 1 Introduction
  11. 2 Information ethics
  12. 3 Technology, violence, and law
  13. 4 Cyber attacks and international law on the use of force and non-intervention
  14. 5 The 2007 cyber attacks against Estonia
  15. 6 Stuxnet
  16. 7 Russian interference in the 2016 US presidential election
  17. 8 Information ethics and international law on the use of force
  18. 9 Conclusion
  19. Index