International Law and Cyberspace Flashcards
What are the three main forms of international law?
Treaty Law, Customary Law, General Principles of Law
What is Pacta sunt servanda?
It means every treaty in force is binding upon the parties and must be performed in good faith (Article 26 of Vienna Convention).
What is the key issue in applying Treaty Law in the cyber context?
How norms of non-cyber-specific instruments are to be interpreted in the cyber context.
What are the two elements required for customary international law?
State practice (usus) and opinio juris (belief that practice is legally necessary).
What obstacles exist for the emergence of customary norms in cyberspace?
Requirement of practice over time, invisibility of cyber activities, strategic ambiguity, consistency, and density.
What is the principle of sovereignty in cyberspace?
A state enjoys sovereign authority over cyber infrastructure and activities within its territory.
What is a violation of sovereignty in the cyber context?
Physical damage, loss of functionality, or interference with governmental functions of another state.
What are the three types of jurisdiction states possess?
Prescriptive (legislative), enforcement (executive), and judicial (adjudicatory).
What is territorial jurisdiction in cyberspace?
A state may exercise jurisdiction over cyber activities originating in or affecting its territory.
What is extraterritorial prescriptive jurisdiction?
A state can regulate cyber activities by its nationals or those that impact its essential interests.
What are the main international human rights relevant to cyberspace?
Freedom of expression, privacy, due process, economic and social rights, access to the Internet.
What is the applicability of the Law of Armed Conflict to cyber operations?
Cyber operations in armed conflict are subject to international humanitarian law.
What are the two types of armed conflicts under international law?
International armed conflict (between states) and non-international armed conflict (within a state).
What is a cyber attack?
A cyber operation expected to cause injury, death, or destruction.
What is the principle of distinction in cyber warfare?
Cyber attacks must distinguish between civilian and military targets.
What is prohibited under international law regarding cyber attacks?
Attacking civilians, civilian objects, indiscriminate attacks, and acts of cyber terrorism.
Who may be lawfully targeted in a cyber attack?
Armed forces members, organized armed groups, civilians participating in hostilities.
What is prohibited under the means and methods of cyber warfare?
Causing unnecessary suffering, using indiscriminate methods, employing cyber booby traps.
What is the principle of proportionality in cyber warfare?
Cyber attacks must not cause excessive civilian harm relative to military advantage.
What must be done before launching a cyber attack?
Verify targets, take precautions, provide advance warning when possible.
What is the right of visit in maritime cyber operations?
A warship may board a vessel if suspected of cyber piracy or illegal cyber activities.
What is the legal status of cyber operations in national airspace?
States may regulate aircraft conducting cyber operations in their airspace.
What restrictions exist on cyber operations in outer space?
Cyber operations must be for peaceful purposes and avoid interference with other states’ activities.
What does the NIS2 Directive require from essential entities?
Implement risk management measures for cybersecurity, including incident handling and encryption.
What is the principle of non-intervention in cyber diplomacy?
Diplomatic missions must not engage in cyber activities interfering with a host state’s internal affairs.
What protections exist for cyber infrastructure in diplomatic missions?
Cyber infrastructure in diplomatic premises is inviolable and must be protected from intrusion.
What is the legal framework governing cyber operations on the high seas?
Cyber operations must comply with international law and be conducted for peaceful purposes.
What are the obligations of states in regulating private cyber actors?
States must supervise private cyber activities and ensure they comply with international law.
What principle governs cyber warfare targeting?
Military objectives should be selected to minimize civilian harm when multiple options exist.
What is cyber espionage under international law?
Unlawful cyber intelligence gathering that may result in loss of legal protections for captured spies.
What is the responsibility of states regarding cyber attacks?
States must not knowingly allow cyber infrastructure to be used for unlawful acts affecting other states.
What is the universality principle in cyber crime jurisdiction?
Certain cyber crimes can be prosecuted by any state under international law.
What are key factors in determining jurisdiction over cyber crimes?
Connection to the crime, location of perpetrator, extradition treaties, and state interests.
What is cyber sovereignty?
A state’s exclusive control over cyber activities within its jurisdiction.
What are cyber booby traps?
Malicious cyber tools designed to trigger unexpected harmful actions, prohibited under warfare law.
What is the effects doctrine in territorial jurisdiction?
A state may exercise jurisdiction if cyber activities have substantial effects within its territory.
What is a cyber levée en masse?
Civilians spontaneously taking up cyber arms against an invading force, enjoying combatant status.
What is the role of consent in cyber operations?
A state may consent to another state’s cyber operations within its jurisdiction.
What is cyber terrorism?
Cyber attacks intended primarily to spread terror among the civilian population, prohibited under international law.
What is the significance of the UN Charter in cyberspace governance?
The UN Charter is fundamental to international law and applies to cyberspace. It emphasizes sovereignty, non-intervention, and the prohibition of the use of force, meaning that cyber operations must adhere to these principles.
How does the principle of non-intervention apply to cyber operations?
The principle of non-intervention prohibits states from using cyber means to interfere in the internal or external affairs of another state, such as influencing elections or undermining a government’s authority.
What are the main legal challenges in applying international humanitarian law (IHL) to cyber warfare?
The key challenges include attribution difficulties, determining whether a cyber attack meets the threshold of an armed conflict, ensuring distinction between civilian and military targets, and assessing proportionality in the cyber domain.
What role does attribution play in cyber conflict and international law?
Attribution is crucial in holding states accountable for cyber operations. It involves technical evidence, intelligence assessments, and legal frameworks to determine the responsible party, but remains complex due to anonymity and spoofing techniques.
What is the threshold for a cyber operation to be considered a ‘use of force’ under international law?
A cyber operation constitutes a ‘use of force’ if it causes significant physical damage, injury, or loss of life comparable to conventional military attacks. The interpretation is guided by Article 2(4) of the UN Charter and state practice.
How does the law of state responsibility apply to cyber operations?
Under international law, a state is responsible for cyber operations conducted by its government agencies, as well as for private actors if they act under the direction or control of the state or if the state knowingly allows harmful cyber activities.
What is the ‘due diligence’ obligation of states regarding cyber activities?
Due diligence requires states to prevent their territory from being used for cyber operations that harm other states. While not all states accept this as a binding legal duty, many consider it an emerging norm in international law.
What is the difference between a cyber espionage operation and a cyber attack under international law?
Cyber espionage, which involves unauthorized data collection, is generally not considered a use of force and falls into a legal gray area. However, cyber attacks, which cause destruction or harm, may violate international law and trigger self-defense rights.
What is the ‘effects-based approach’ in determining the legality of cyber operations?
The effects-based approach assesses the impact of a cyber operation rather than its technical means. If the consequences are comparable to a kinetic attack, it may be considered a use of force or an armed attack under international law.
How does the principle of proportionality apply to cyber attacks?
A cyber attack must not cause excessive collateral damage to civilians or civilian infrastructure relative to the anticipated military advantage. This principle is particularly challenging in cyberspace due to indirect and cascading effects.
What legal protections exist for critical infrastructure under international law?
International law does not explicitly prohibit cyber attacks on civilian infrastructure, but targeting essential services like power grids, hospitals, and water supplies could violate humanitarian law if it disproportionately affects civilians.
How does international law address cyber operations targeting financial institutions?
While no universal rule prohibits cyber operations against financial institutions, such attacks could be seen as economic coercion, violate sovereignty, or disrupt international stability, potentially invoking countermeasures by affected states.
Can states respond to cyber attacks with countermeasures?
Yes, under international law, states can take countermeasures—such as sanctions or cyber retaliation—if they are proportional, non-forceful, and aimed at compelling the responsible state to comply with its legal obligations.
What is the Tallinn Manual, and how does it contribute to cyber law?
The Tallinn Manual is a non-binding academic study outlining how international law applies to cyber conflicts. It provides legal interpretations on sovereignty, self-defense, cyber warfare, and state responsibility in cyberspace.
How does the principle of necessity limit state responses to cyber threats?
Necessity requires that a state only take cyber measures that are essential to protect its interests and when no alternative lawful measures are available, ensuring that responses remain within legal boundaries.
What is the legal status of hacktivism under international law?
Hacktivism—unauthorized cyber activities by non-state actors for political purposes—is generally illegal under domestic laws, and states may hold responsible governments accountable if hacktivists operate with state support.
What legal principles apply to self-defense against cyber attacks?
A state may invoke the right to self-defense under Article 51 of the UN Charter if a cyber attack reaches the threshold of an armed attack, causing significant harm. The response must be necessary and proportional.
What are the limitations on economic sanctions in response to cyber operations?
Economic sanctions must comply with international law, meaning they should not violate trade agreements, humanitarian obligations, or disproportionately harm civilian populations.
What is the ‘responsibility to protect’ (R2P) doctrine in relation to cyberspace?
The R2P doctrine suggests that states must protect their populations from cyber-enabled atrocities such as genocide, war crimes, and ethnic cleansing, and the international community may intervene if a state fails to do so.
What role do international organizations play in cyber norm development?
Organizations like the UN, NATO, and the EU establish cyber norms by setting legal frameworks, facilitating diplomatic discussions, and promoting cooperative cybersecurity measures to maintain global stability.
