Cyberspace and International law: discrepancy of concordance
(*) “In times of war, the law is silent”, such is described Cicero’s aphorism regarding the analysis of the state of the Law of International Security.
Cyberspace is a complex field that is difficult for jurists to grasp. The reason being that the rules and norms in force do not seem to be fully appropriate to it.
According to Nils Melzer, in “Cyberwarfare and International Law” (UNIDIR, 2011, p. 4), cyberspace constitutes a global and interconnected network of information and communication infrastructures. This includes the Internet, telecommunication networks, computer systems and the information contained therein. This means that cyberspace mobilizes both physical and non-physical elements.
Thus, cyberspace differs from the land, air, space and maritime space traditionally regulated by international law. Moreover, unlike conventional domains, cyberspace is the product of human creation and not of a so-called “natural” existence, as Graham Todd points out in “Armed attack in Cyberspace: deterring asymmetric warfare with an asymmetric definition” (Volume 64 of the Air Force Law Review, 2009, p. 68).
The global and monumental scale of the cyberattack that took place in Estonia in 2007 made people aware of the need to apprehend the phenomenon differently, according to Loïc Simonet, in “L’usage de la force dans le cyberespace et le droit international” (Volume 58 of the Annuaire français de droit international, 2012. pp. 117-143).
Indeed, two paths could be envisioned in order to promote greater security and predictability in cyberspace:
1. Enact a concrete international legal regime that is specifically aimed at computer operations;
2. Introducing non-binding confidence-building measures between States.
cyberspace: synonym for complexity in international law (?)
It goes without saying that cyberspace is not a space of “lawlessness”.
This is why, in the face of the many problems deduced from this sentence, there is no need for international law to be formally modified in order to adapt to cyberspace. The practice of determining the law applicable to cyberspace remains the responsibility of States. This position remains minor.
However, the prevailing position is that States, and others in the literature, should be more receptive to a proposal to adopt a treaty to regulate each other’s conduct, behaviour and actions in cyberspace.
Thus, the drafting of a treaty would imply the pro-action of initiatives including drafting committees, comprising representatives of each State, in order to reach a positive and median solution for the greatest number of actors from the international community.
Several recommendations would have to be taken into account.
It is important to establish concrete and common definitions of cyber terms, in order to eliminate all doubt, uncertainty and vagueness.
Like all States concerned by this problem, the adoption of a treaty requires the combination of both international and domestic law.
For it should also be made clear that international law applies to cyberspace.
In terms of cyber-warfare or cyber-attack, a reminder of the prohibition of the use of force would be considered paramount in the treaty.
At the same time, the States signatories to the treaty would have to adapt their internal legislation. This allows for a real grasp of the cyber threat. There could be a logic of penalizing hostilities of non-state actors within cyberspace. Similarly, an encouragement between states to cooperate and exchange information during a cyber attack is also possible.
These recommendations refer to previous initiatives.
For example, the 2015 GGE – acronym for “Group of Governmental Experts” or Group of Governmental Experts – recalls the recommendations cited above, especially since a majority of States wished to continue this work at the international level on the basis of the various reports constituted by these UN initiatives.
The last work of the GGE in 2017 ended in failure due to a lack of compromise, no sharing, and the fact that only States were involved. This is why there is a need for a new configuration including states, civil society and industry. Indeed, the drafting of a treaty has first of all a disadvantage in terms of its long duration in time. Especially in the field of cyberspace, it portrays great nations seeking to put forward their interests and their own vision. Since the states were unable to reach an agreement, the GGE in 2017 was unable to adopt a report.
Thus, in resolution A/RES/73/266, a new UN GGE was established in 2019. Its mission is to achieve the adoption of a new report by 2021. It comprises 25 UN Member States, in consultation with regional organizations such as the European Union.
Similarly, a new OEWG – acronym for “Open-ended Working Group” – was also created by resolution A/RES/73/27 of December 2018. Its mission is to develop principles, rules and standards related to the behaviour of States in cyberspace. At the same time, discussions are taking place. It includes all interested UN Member States. This group is in consultation with stakeholders including businesses, NGOs and academia. The report of this group would be presented to the General Assembly in autumn 2020.
In conclusion, it is essential to pursue various possibilities at the same time.
On one hand, it would be a matter for States to ramp up in order to draft a treaty. The latter would highlight the primary problems arising from cyberspace.
On the other hand, it would be a matter of rethinking customary law in a progressive manner. This would be in view of the multiplication of cyber attacks and the practice of States. This would be in relation to the norms applicable within cyberspace.
Finally, the peaceful conduct of States in cyberspace offers a framework that is as much favorable as it is non-normative. This introduces provisional codes of conduct.
PhD-Doctorante en Cyber Diplomatie (division de Cyber Sécurité)