nach oben

Erschienen in:

2017 | OriginalPaper | Buchkapitel

6. Cyber Espionage

verfasst von : Kriangsak Kittichaisaree

Erschienen in: Public International Law of Cyberspace

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The disclosures by whistleblower Edward Snowden starting from mid-2013 onward about alleged widespread cyber espionage against individuals, corporations, States, and international organizations across the globe have led to serious concerns and international reactions vis-à-vis this kind of activity. This chapter analyzes whether cyber espionage is permitted under international law and, if so, to what extent. Limits on cyber espionage set by the various branches of international law, such as the international law applicable to diplomatic and consular relations and the international law of the sea are elaborated. The meaning of the relevant rules (such as inviolability of the premises and archives of a diplomatic mission, an international organization, or a special mission in the cyber context) is explained in detail. The justification for the distinction between an “offensive intelligence gathering activity” involving destruction or manipulation of data, on the one hand, and a “passive intelligence gathering activity” in the sense of merely copying the data without authorization without more, on the other hand, is analyzed. So is the justification for the distinction between a commercial/industrial espionage and a non-commercial/industrial one.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Application of the Law of Armed Conflict, Including International Humanitarian Law, In Cyberspace

Nächstes Kapitel Cyber Crimes

Katharina Ziolkowski, “Peacetime Cyber Espionage – New Tendencies in Public International Law” in Peacetime Regime, ed. Ziolkowski, 425.

NATO Standardization Agency (NSA), NATO Glossary of Terms and Definitions (AAP-6 of 2013) 2-C-11, available at: http://nsa.nato.int/nsa/zPublic/ap/aap6/AAP-6.pdf.

See, Lev Grossman, “The Code War,” Time, 21 Jul. 2014, 20–27; Singer and Friedman, Cybersecurity and Cyberwar, 91–95.

Tallinn Manual 2.0, chap. 5 Cyber operations not per se regulated by international law, Rule 32 Peacetime cyber espionage.

“NSA could ‘spy on offline computers’, says latest leak,” BBC, 15 Jan. 2014.

Leo Kelion, “GCHQ and NSA ‘track Google cookies’,” BBC, 11 Dec. 2013.

“GCHQ taps fibre-optic cables for secret access to world’s communications,” Guardian, 21 Jun. 2013.

Barton Gellman and Ashkan Soltani, “NSA infiltrates links to Yahoo, Google data centers worldwide, Snowden documents say,” Washington Post, 30 Oct. 2013; “Snowden leaks: Google ‘outraged’ at alleged NSA hacking,” BBC, 31 Oct. 2013. For a chart on the NSA’s activities in this respect, see, Michael Scherer, “Edward Snowden: The Dark Prophet,” Time, 23 Dec. 2013, 59.

Raphael Satter, “NSA ‘hijacks’ Microsoft’s reporting system,” China Post, 31 Dec. 2013, 2.

Evan Perez and Shimon Prokupecz, “Newly discovered hack has U.S. fearing foreign infiltration,” CNN, 18 Dec. 2015.

Josh Chin, “China Launches Quantum Satellite”, Wall St. J., 16 Aug. 2016, 1.

Tim Lister, “Latest NSA leaks point finger at high-tech eavesdropping hub in UK,” CNN, 20 Dec. 2013. See also, Tim Hume, “Snowden, Assange, Greenwald, Dotcom: Can this gang of four take down a PM?,” CNN, 15 Sept. 2014, on the alleged “Five Eyes Intelligence” partnership between the UK, US, Australia, Canada, and New Zealand.

The UK Cyber Security Strategy: Protecting and promoting the UK in a digital world (2011), 15.

Nathan Thornburg, “Inside the Chinese Hack Attack,” Time, 25 Aug. 2005; Richard Norton-Taylor, “Titan Rain – how Chinese hackers targeted Whitehall,” Guardian, 4 Sept. 2007.

Chris Frates and Curt Devine, “Government hacks and security breaches skyrocket,” CNN, 19 Dec. 2014; The Federal Government’s Track Record on Cybersecurity and Critical Infrastructure, a report prepared by the Minority Staff of the Homeland Security and Government Affairs Committee, 4 Feb. 2014, 2. See also, Jose Pagliery, “China hacked the FDIC – and US officials covered it up, report says,” CNN, 13 Jul. 2016.

“US National Security Agency ‘spied on French diplomats’,” BBC, 22 Oct. 2013; Time, 23 Dec. 2013, 52.

Lev Grossman, “The Code War”, Time, 21 Jul. 2014, 20 at 25.

Kim Zetter, “NSA laughs at PCs, prefers hacking routers and switches,” Security, 4 Sept. 2013.

Jamie Crawford, “Russian hacks Pentagon network, Carter says,” CNN, 5 Jun. 2015. See also, Leo Kelion, “Why Windows hack is being blamed on Russia-liked group”, BBC, 2 Nov. 2016.

Oren Dorell, “Spyware tainted Iran talks site,” USA Today, 11 Jun. 2015, 1A.

Anton Troianovski, “Hackers Attack German Parliament’s Computer Network,” Wall St. J., 13–14 Jun. 2015, A5; “Russia was behind German parliament hack,” BBC, 13 May 2016; Leo Kelion, “Why Windows hack is being blamed on Russia-linked group”, BBC, 2 Nov 2016.

David E. Sanger, “U.S. Decides to Retaliate Against China’s Hacking,” New York Times, 31 Jul. 2015; “Cyber-security: Trouble shooting,” Economist, 12 Sept. 2015, 37–38; Jose Pagliery, “Hackers stole 5.6 million government fingerprints – more than estimated,” CNN, 23 Sept. 2015.

Yuan-Ming Chiao, “Cyberwarfare against DPP reported peaking,” China Post, 22 Dec. 2015, 16.

Ellen Nakashima, “Russian government hackers penetrated DNC, stole opposition research on Trump,” Washington Post, 14 Jun. 2016; “Russia ‘hacked Democrats data on Trump’ says US,” BBC, 14 Jun. 2016; Matt Vella, “TIME Person of the Year 2016 2nd Runner-Up: The Hacker”, Time, 19 Dec. 2016, 60–63; Gordon Corera, “Can US election hack be traced to Russia?”, BBC, 22 Dec. 2016. See also, “US accuses Russia of cyber attacks”, BBC, 8 Oct. 2016; Bruce Schneier, “Hackers are putting U.S. election at risk,” CNN, 28 Jul. 2016. On the allegation that Russia was trying to use online propaganda and cyberattacks to influence Germany’s general election in 2017 see, “BfV: Russia is trying to destabilize Germany”, Al Jazeera, 8 Dec. 2016.

“Harper ‘very concerned’ about reports of Canada spying on Brazil,” Canadian Press, 8 Oct. 2013; “Canada spied on Brazil government: report,” China Post, 8 Oct. 2013, 2; “Canada PM ‘very concerned’ about spying report,” Taiwan News, 10 Oct. 2014, 4.

Bernik, Cybercrime and Cyberwarfare, 81–82.

Brandon Bailey, “Unidentified country assumed to be behind spying software,” Huffington Post, 24 Nov. 2014.

“The spy who hacked me,” Economist, 29 Nov. 2014, 54.

Rob Lever, “Advanced cyberspying tool dates from 2008: researchers,” China Post, 25 Nov. 2014, 3.

“Hackers target CEOs in ‘Darkhotel’ scheme,” China Post, 12 Nov. 2014, 6. This is similar to “masque attacks”, discovered in November 2014, in which hackers tricked owners of Apple devices into installing applications that stole their information (“Apple gadgets vulnerable to cyberattacks: researcher”, ibid.).

Supra, note 28.

“What Cyberthreats To Fear the Most,” Wall St. J., 20 Jun. 2016, R8 (interview with Lt. Gen. James K. “Kevin” McLaughlin).

“The spy who hacked me”, op. cit. See also, Kerschischnig, Cyberthreats and International Law, passim.

Jose Pagliery and Evan Perez, “Super-sneaky malware found in companies worldwide,” CNN, 25 Feb. 2015.

Jose Pagliery, “Ex-NSA director: China has hacked ‘every major corporation’ in U.S.,” CNN, 14 Mar. 2015.

“China may be behind US health data breach: report,” China Post, 7 Feb. 2015, 1. The news report did not elaborate whether the Chinese Government was suspected to have been involved in the hack, however. For a detailed report on economic/industrial/commercial espionage, see, the Office of the National Counterintelligence Executive, Foreign Spies Stealing US Economic Secrets in Cyberspace: Report to Congress on Foreign Economic Collection and Industrial Espionage, 2009–2011, (Office of the Director of National Intelligence, Washington, DC: Oct. 2011).

“US sentences Chinese hacker for stealing military information,” BBC, 14 Jul. 2016; “US: Chinese national jailed over military hacking,” Al Jazeera, 14 Jul. 2016.

Tallinn Manual, 30.

Schmitt, “Cyber Responses ‘By The Numbers’“. For a similar view, see, Benedikt Pirker, “Territorial Sovereignty and Integrity and the Challenges of Cyberspace” in Peacetime Regime, ed. Ziolkowki, 201–202.

Cf. Dinah PoKempner, “Cyberspace and State Obligations in the Area of Human Rights” in ibid., 253, opining: “While espionage is usually a criminal offence in municipal law, there is generally a legal disconnect regarding peacetime espionage in international law, making an international rule of prohibition or permission difficult to articulate. Universally condemned and often punished, spying is also universally practiced against friend and foe alike.”

Ziolkowski’s view echoes PoKempner’s but goes further by asserting that “the international rules governing property rights protection [such as the Paris Convention for the Protection of Industrial Property of 1883 as subsequently amended, the 1994 Agreement on Trade-related Aspects of Intellectual Property Rights, or TRIPS, and the World Intellectual Property Organization (WIPO) Copyright Treaty of 1996] do not contain a prohibition of espionage” (Ziolkowski, “Peacetime Cyber Espionage”, 435,and see also 431–436, 438, 449–450).

E.g., Sweden, Govt. Bill 2008/09:2201; Germany, BND-Gesetz vom 20 Dezember 1990, amended in 2013, Sec. 2(1)(4); Netherlands, West op de inlichtingen – en veiligheidsdiensten (WIV) 2002, Art. 6.2.d, 27(1); UK, Regulation of Investigatory Powers Act (RIPA), 5(3)(c), 8(4); Italy, Law No. 124 of 3 August 2007 Published in the Official Journal No. 187 of 13 August 2007, Sec. 6(2); Belgium, Arts. 11.1 and 38 of Wet betreffende de methoden voor het verzamelen van gegevens door de inlichtingen – en veiligheidsdie.

Tallinn Manual 2.0, chap. 5 Cyber operations not per se regulated by international law, Commentary to Rule 32 Peacetime cyber espionage.

Tallinn Manual 2.0, chap. 1 Sovereignty.

See the testimonies of the Director of the NSA before the House Permanent Select Committee on Intelligence, as reported by Sydney J. Freedberg Jr., “DNI, NSA Seek Offensive Cyber Clarity; ‘OPM’ Not An Attack,” Breaking Defense, 10 Sept. 2015.

United State v. Wang, No. 14–118 (W.D. Pa, 1 May 2014) summarized in “United States Indicts Chinese Military Officers for Economic Espionage,” Amer. JIL 108 (2014), 537–540. The relevant US statutory provisions included 18 U.S.C. §§1208A (identity theft), 1030 (computer fraud), 1831 (economic espionage), and 1832 (trade secrets).

Lucy Hooker, “Are hi-tech spies stealing all your firm’s secrets”, BBC, 23 Aug. 2016.

Press Release of the Ministry of Foreign Affairs of China dated 19 May 2014.

Ibid.

Stephen Collinson, “U.S. and China make progress, but differences lurk,” CNN, 25 Sept. 2015; “US and China agree cybercrime truce,” BBC, 25 Sept. 2015. For a largely negative assessment by the head of the US Cyber Command on the outcome of that agreement 1 year later, see “Chinese cyber spied may be watching you, experts warn”, CNN, 23 Aug. 2016.

Ziolkowski, “Peacetime Cyber Espionage”, 434–435, citing, inter alia, ICCPR Art. 17(1) in conjunction with Art. 2(1) “individuals within [the State’s …] territory and subject to its jurisdiction”; Art. 8(1) in conjunction with Art. 1 (“within their jurisdiction”) of the 1950 European Convention on Human Rights; Art. 1(2) of the American Convention of Human Rights of 1969, in conjunction with Art. 1(1) thereof (“all persons subject to their jurisdiction”); and Art. 21(1) of the Arab Charter of Human Rights of 2004, in conjunction with Art. 2 thereof (“within its territory and subject to its jurisdiction”).

Wrange, “Intervention in National and Private Cyberspace and International Law”, 322 and see his arguments at 319–321; Melzer, Cyberwarfare and International Law, 9; Russell Buchan, “The International Legal Regulation of State-Sponsored Cyber Espionage,” in International Cyber Norms, eds. Osula and Rõigas, 65 at 67–81.

ICJ, Military and Paramilitary Activities in and against Nicaragua (Nicaragua v. the United States of America), Merits, Judgment, ICJ Rep. 1986, p. 14, at p. 106, para. 202.

Ibid., para. 205.

UNGA Res. 2625 (XXV), 24 Oct. 1970.

Ibid.

Order of 3 Mar. 2014, ICJ Rep. 2014, p. 147, para. 27, and see also paras. 26 and 28.

Tallinn Manual 2.0, chap. 5 Cyber operations not per se regulated by international law, Commentary to Rule 32 Peacetime cyber espionage.

StR 347/92 of 30 July 1993, juris, para. 8; StB 11/91 of 29 May 1991, juris, para. 7. This information appears in Note No. 34/2015 of 2 Feb. 2015 from the Permanent Mission of the FRG to the United Nations, New York, addressed to the Under-Secretary-General for Legal Affairs and UN Legal Counsel, providing information on the FRG’s practice regarding “Immunity of State officials from foreign criminal jurisdiction” as requested by the UN International Law Commission.

2 BvL 19/91, 2 BvR 1206/91, 2 BvR 1584/91 and 2 BvR 1601/93 of 15 May 1995, juris, para. 174. Cited in the Note of the Permanent Mission of the FRG, ibid.

Art. 19(2) (c), UNCLOS.

Art. 19(2) (d), UNCLOS.

Tallinn Manual 2.0, chap. 8 Law of the sea.

Arts. 39, 53(3), and 54, UNCLOS.

International Law Commission’s Commentary to draft article 3(1) (d) of the Draft Articles on Diplomatic Intercourse and Immunities, ILC Yearbook, 1958, vol. II, p. 90.

Case Concerning United States Diplomatic and Consular Staff in Tehran, ICJ Rep. 1980, p. 3 at para. 45.

Unless such property is: (a) private immovable property situated in the territory of the receiving State, unless he holds it on behalf of the sending State for the purposes of the mission; (b) held with the diplomatic agent as executor, administrator, heir or legatee as a private person and not on behalf of the sending State; or is related to any professional or commercial activity exercised by the diplomatic agent in the receiving State outside his official functions.

E. Denza, Diplomatic Law: Commentary on the Vienna Convention on Diplomatic Relations (Oxford: Clarendon Press, 1998), 133–134.

Tallinn Manual 2.0, chap. 7 Diplomatic and consular law.

Corfu Channel Case (UK v. Albania), ICJ Rep. 1949, p. 4 at pp. 18, 20, 22, 25.

Case Concerning United States Diplomatic and Consular Staff in Tehran, ICJ Rep. 1980, p. 3 at para. 45.

1400 UN Treaty Ser. 231.

Tallinn Manual 2.0, chap. 3 Jurisdiction. A small minority of the Experts are of the view that such functional immunity has to be accorded by a special agreement between the receiving and the sending States, such as a Status of Force Agreement.

[1988] 1 WLR 16.

[1988] 1 QB 712.

[2013] EWHC 1502 (Admin).

Ibid., para. 43.

Ibid., para. 44.

Ibid., para. 45.

Ibid., paras. 31–36.

Ibid., para. 51.

Regina (Bancoult) v Secretary of State for Foreign and Commonwealth Affairs (No. 3) [2014] EWCA Civ 708; [2014] WLR (D) 237.

Cf. Terry D. Gill, “Non-Intervention in the Cyber Context,” in Peacetime Regime for State Activities in Cyberspace, ed. Katharina Ziolkowski (Tallinn: NATO CCD COE, 2013), 225; Jovan Kurbalija, “E-Diplomacy and Diplomatic Law in the Internet Era,” loc. cit., 393 at 410–411, 417–420.

See also, Shasta Darlington and Catherine E. Shoichet, “Brazil, Mexico summon U.S. ambassadors over espionage reports,” CNN, 3 Sept. 2013.

Time, 23 Dec. 2013, 52.

Time, 6–13 July 2015, 10. Also, “US National Security Agency ‘spied on French diplomats’,” BBC, 22 Oct. 2013.

E.g., Ken Dilanian, “CIA halts spying in Europe,” ABC News, 20 Sept. 2014; and id., “CIA cuts back spying on allied EU nations,” China Post, 21 Sept. 2014, 1.

See also, Ken Dilanian, “CIA stops spying on friendly nations in W. Europe,” Daily Star (Lebanon), 20 Sept. 2014.

As contended by Ziolkowsi, “Peacetime Cyber Espionage”, 439–442.

Severson, “American Surveillance on Non-U.S. Persons”, 482.

Ibid., 471, 486–498.

Ibid., 501–502.

Doc. A/C.6/69/L. 18.

UNGA Res. A/69/121 of 18 Dec. 2014.

Buchan, “The International Legal Regulation of State-Sponsored Cyber Espionage”, 83–84. See also, id., “Cyber Espionage and International Law” in Research Handbook, eds. Tsagourias and Russell Buchan, 168–189.

1 UN Treaty Ser. 15, in force on 14 Dec. 1946.

For a detailed analysis, see, A. Sam Muller, International Organizations and Their Host States: Aspects of Their Legal Relationship (The Hague: Kluwer, 1995), chap. 6.

11 UN Treaty Ser. No. 147 (1947), in force on 21 Nov. 1947.

Taking Additional Steps to Address the National Emergency with Respect to Significant Malicious Cyber-Related Activities, Executive Order of 28 Dec. 2016, Exec. Order No. 13757, 82 Fed. Reg. 1 (Dec. 28, 2016).

Titel: Cyber Espionage
verfasst von: Kriangsak Kittichaisaree
Verlag: Springer International Publishing
Buch: Public International Law of Cyberspace
Print ISBN: 978-3-319-54656-8

Electronic ISBN: 978-3-319-54657-5

Copyright-Jahr: 2017
DOI: https://doi.org/10.1007/978-3-319-54657-5_6