Skip to main content

Über dieses Buch

This compact, highly engaging book examines the international legal regulation of both the conduct of States among themselves and conduct towards individuals, in relation to the use of cyberspace. Chapters introduce the perspectives of various stakeholders and the challenges for international law. The author discusses State responsibility and key cyberspace rights issues, and takes a detailed look at cyber warfare, espionage, crime and terrorism. The work also covers the situation of non-State actors and quasi-State actors (such as IS, or ISIS, or ISIL) and concludes with a consideration of future prospects for the international law of cyberspace.

Readers may explore international rules in the areas of jurisdiction of States in cyberspace, responsibility of States for cyber activities, human rights in the cyber world, permissible responses to cyber attacks, and more. Other topics addressed include the rules of engagement in cyber warfare, suppression of cyber crimes, permissible limits of cyber espionage, and suppression of cyber-related terrorism. Chapters feature explanations of case law from various jurisdictions, against the background of real-life cyber-related incidents across the globe. Written by an internationally recognized practitioner in the field, the book objectively guides readers through on-going debates on cyber-related issues against the background of international law.

This book is very accessibly written and is an enlightening read. It will appeal to a wide audience, from international lawyers to students of international law, military strategists, law enforcement officers, policy makers and the lay person.



Chapter 1. Introduction: Perspectives of Various Stakeholders and Challenges for International Law

The Internet, the main component of cyberspace, is one of the “dual use” technologies, which can be used for good and bad purposes depending on the intention of users. Currently, there are more than three billion Internet users around the world (or almost half of the world’s total population), the largest number of whom are in Asia, followed by Europe, Latin America, North America, Africa, and the Oceania. Nation States’ perspectives on the phenomenon of cyberspace naturally reflect their respective cyber capabilities, ideologies as well as strategic, economic, and political interests. States have been trying at various global and regional forums, including the United Nations, to deal with threats, opportunities, and other challenges arising in the cyber domain. However, due to their diverging positions on a new ideal international regulatory regime, relevant existing rules of public international law have to be resorted to, lest there be chaos in cyberspace. Public international law is the body of law governing international relations among States and/or international organizations, including their international legal obligations towards private natural persons or legal persons (or corporations). It derives essentially from international agreements and international custom and comprises international norms, rules, standards, and codes of conduct that can help prevent crises caused by misunderstanding, errors, or misattribution in cyberspace. This chapter explains the perspectives of cyberspace stakeholders and the operation and identification of public international law.
Kriangsak Kittichaisaree

Chapter 2. Jurisdiction and Attribution of State Responsibility in Cyberspace

While no State may claim sovereignty over cyberspace, States may exercise jurisdiction, which is the authority of the State to regulate conduct of natural persons or legal entities by its own domestic law, over cyber activities insofar as permissible under international law, including jurisdiction to prescribe law and regulations and jurisdiction to enforce them. Such jurisdiction is based on territoriality, passive personality, active personality, and protective principles to cope with the global connectivity, vulnerable technologies and anonymity in cyberspace that spans the land, sea, air and outer space domains. In order to hold a State responsible for a cyber activity, that activity must be attributed to the State in accordance with international rules on attribution for the purpose of responsibility, including the applicable standard of proof. The 2014 Sony Pictures Entertainment hack and the controversy surrounding alleged foreign interference by cyber means in the 2016 US Presidential election show the difficult challenges for the application of these rules. International organizations can be held accountable for cyber activities attributable to them, too.
Kriangsak Kittichaisaree

Chapter 3. Regulation of Cyberspace and Human Rights

The advent of the Internet and online activities creates the greatest challenges for privacy, freedom of expression, and other related human rights. This is the area where cyber activities have the most impact on the modern-day society. While the US gives a top priority to the freedom of expression, Europe accords more importance to privacy than the freedom of expression. A clash between these two differing priorities influences, to a large extent, the different levels and scopes of human rights protection in cyberspace across the Atlantic Ocean. International legal standards balancing human rights, on the one hand, and national security and/or law and order, on the other hand, in such areas as personal data protection, extraterritorial law enforcement measures, and the implementation of exceptions to the exercise of rights and freedoms in cyberspace, are enshrined in the 1966 International Covenant on Civil and Political Rights as well as in regional human rights instruments, such as the European Convention on Human Rights. National law of the States Parties to these instruments must comply with these international legal standards. The European Union has the world’s most advanced legal system of protection of personal data in cyberspace, and the right to be forgotten has now been upheld by the European Court of Justice. This is an area where the private sector, especially Internet service providers, can play an active role in balancing the customer’s human rights and the demand from law enforcement authorities for the private sector’s cooperation in protecting society from harm.
Kriangsak Kittichaisaree

Chapter 4. Cyber Warfare

Cyber weapons can be used by States as well as non-State actors to carry out cyberattacks. Cyberattacks may meet the threshold of use of force proscribed by Article 2(4) of the UN Charter if they cause catastrophic physical damage, and not merely severe economic losses. When a cyberattack meets the higher threshold of an “armed attack”, which is a most grave form of the use of force in terms of its scale and effect, this gives rise to the right of self-defence under Article 51 of the UN Charter and customary international law. Because of the exceptional speed of cyberattack, the right of self-defence against it must be effective or else this right would be an illusory one. Self-defence can, arguably, be resorted to against non-State actors operating from the territory of a State which is either unable or unwilling to prevent these actors from perpetrating an armed attack from its territory against the putative victim State. International law also recognizes that the putative victim State may respond to cyberattack below the threshold of an armed attack by means of countermeasures, reprisals, or retorsion, or on the basis of necessity. In order to prevent a cyber conflict from escalating, neutral States are not to take side with any of the belligerent States and the belligerent States themselves must respect the neutrality of neutral States. Cyber disarmament through codes of conduct together with domestic criminal law enforcement against proliferation of cyber weapons can help alleviate the threat of a cyber conflict.
Kriangsak Kittichaisaree

Chapter 5. Application of the Law of Armed Conflict, Including International Humanitarian Law, In Cyberspace

During a war or an armed conflict which is not a declared war, the law of armed conflict, including international humanitarian law, regulates the rights and obligations of fighting parties. The same applies to cyberattacks as part of a war or an armed conflict, where the parties concerned must respect not only the rules of permissible means and methods of warfare, but also the principles of proportionality, distinction between civilians and fighters, and military necessity. For example, the law of armed conflict prohibits cyberattacks that could have destroyed dams, power stations, nuclear stations, and other facilities or infrastructures, with excessively devastating consequences. However, a cyber infrastructure is usually a dual use object and it is practically difficult to distinguish between the one used for military purposes and that used for purely civilian purposes. In a cyber interdependent world, cyberattack against a military target may lead to a disproportionate, indiscriminate adverse effect on civilians not taking a direct part in hostilities. Military personnel must, therefore, make a careful, informed decision when planning and carrying out cyberattack during an armed conflict or a war. Non-State actors, cyber warriors, or cyber mercenaries taking a direct part in hostilities to support one or more side in an armed conflict/war may be subjected to attack by the other belligerent under the law of war. Artificial intelligence that makes soldiers wage cyber war against a remote target according to the programmed judgment of the AI presents a frightening challenge with regard to the law of armed conflict.
Kriangsak Kittichaisaree

Chapter 6. Cyber Espionage

The disclosures by whistleblower Edward Snowden starting from mid-2013 onward about alleged widespread cyber espionage against individuals, corporations, States, and international organizations across the globe have led to serious concerns and international reactions vis-à-vis this kind of activity. This chapter analyzes whether cyber espionage is permitted under international law and, if so, to what extent. Limits on cyber espionage set by the various branches of international law, such as the international law applicable to diplomatic and consular relations and the international law of the sea are elaborated. The meaning of the relevant rules (such as inviolability of the premises and archives of a diplomatic mission, an international organization, or a special mission in the cyber context) is explained in detail. The justification for the distinction between an “offensive intelligence gathering activity” involving destruction or manipulation of data, on the one hand, and a “passive intelligence gathering activity” in the sense of merely copying the data without authorization without more, on the other hand, is analyzed. So is the justification for the distinction between a commercial/industrial espionage and a non-commercial/industrial one.
Kriangsak Kittichaisaree

Chapter 7. Cyber Crimes

Cyber crimes pose everyday threats to anyone anywhere who is engaged in cyber activities. They include illegal access to a computer system; illegal access, interception or acquisition of computer data; illegal interference with a computer system or computer data; production, distribution or possession of computer misuse tools; and breach of privacy or data protection measures. Cyber crimes also encompass computer-related acts for personal or financial gain or harm consisting of computer-related fraud or forgery; computer-related identity offences; computer-related copyright or trademark offences; sending or controlling sending of Spam; computer-related acts causing personal harm; and computer-related production, distribution or possession of child pornography. The Council of Europe’s 2001 Budapest Convention on Cybercrime is the only multilateral agreement in force on cyber crimes and may be used as a model for national legislation as well as international legal cooperation to suppress cyber crimes. US law on cyber crime is analyzed in detail as a case study on criminal prosecution of cyber crime at the national level. Theft of virtual currencies such as bitcoin and virtual items online can be a prosecutable offence of cyber theft. Yet, there is no established case law at either the national or international level whether “hacktivism” (i.e., the non-violent use of a cyber means for political objectives such as website defacement, DoS or DDoS attacks, virtual sit-ins, or virtual sabotage) is an exercise of the freedom of expression and, as such, is not to be punished as a cyber crime.
Kriangsak Kittichaisaree

Chapter 8. Cyber Terrorism

Cyber terrorism has become a real threat to society. The UN Office on Drugs and Crime classifies cyber terrorism into six categories: propaganda (for the purposes of recruitment, incitement, and radicalization), financing, training, planning, execution, and cyberattacks. Cyber terrorism is in fact acts of terrorism that are “cyber-enabled”, using cyberspace or cyber technologies to perpetrate acts of terrorism against civil aviation, maritime navigation, and targeted victims, among others. The 2010 Beijing Convention and Protocol on aviation security are the first international conventions that specifically mention perpetration by “any technological means” to commit an act of terrorism. However, the other existing sectoral conventions dating back to the early 1960s can also be interpreted to suppress cyber terrorism in various ways. Some regional organizations, including the European Union, have taken steps with efforts to harmonize domestic law to combat international terrorism in line with the sectoral conventions. International cooperation to suppress cyber terrorism requires criminalization of acts that constitute cyber terrorism, extradition of offenders, and mutual legal assistance in criminal matters. Punishing online incitement to commit an act of terrorism, apologies for or glorification of terrorism may create a problem in that it might encroach upon the right to freedom of speech or expression recognized under the constitution of various States and protected by the 1966 International Covenant on Civil and Political Rights and other international human rights instruments.
Kriangsak Kittichaisaree

Chapter 9. Future Prospects of Public International Law of Cyberspace

Remedies for violation of rights in cyberspace may be available in domestic courts as well as international courts or tribunals, depending on the national law and the competence of such courts/tribunals in question and provided that procedural hurdles are overcome. Increased cybersecurity would mean less room for cyberattacks, cyber espionage, cyber crimes, and cyber terrorism. Closely related to the issue of cybersecurity is cyber deterrence, which has caught the attention of cyberwar studies. Deterrence works on two major elements: fear of retaliation, or punishment, by the defending party, and denial of any benefit to the adversary accruing from the initial attack carried out by the adversary. Secrecy, anonymity and difficulties in attribution in cyberspace together with the asymmetry of cyber capabilities among nation States create a big challenge for the application of the doctrine of cyber deterrence. Interdependence in cyberspace may help deter cyberattack insofar as such attack would also deny the attacker of a worthy benefit from the attack. The right model for cyberspace governance would make cyberspace a peaceful domain in which humankind can share benefits equitably. Nation States and international organizations are not suitable to lead cyberspace governance, which should be left to codes of conduct within the cybertechology industry, with government stepping in only to uphold international and national human rights standards which are sanctionable in courts of law. In any case, “cyber sovereignty”, with a State or a geographical region completely isolated in cyberspace from the rest, is not realistic in fact or in law.
Kriangsak Kittichaisaree


Weitere Informationen

Premium Partner

BranchenIndex Online

Die B2B-Firmensuche für Industrie und Wirtschaft: Kostenfrei in Firmenprofilen nach Lieferanten, Herstellern, Dienstleistern und Händlern recherchieren.



Wieviel digitale Transformation steckt im Informationsmanagement? Zum Zusammenspiel eines etablierten und eines neuen Managementkonzepts

Das Management des Digitalisierungsprozesses ist eine drängende Herausforderung für fast jedes Unternehmen. Ausgehend von drei aufeinander aufbauenden empirischen Untersuchungen lesen Sie hier, welche generellen Themenfelder und konkreten Aufgaben sich dem Management im Rahmen dieses Prozesses stellen. Erfahren Sie hier, warum das Management der digitalen Transformation als separates Konzept zum Informationsmanagement zu betrachten
und so auch organisatorisch separiert zu implementieren ist. Jetzt gratis downloaden!