![Sample our Law journals, sign in here to start your FREE access for 14 days]({"type":"image" , "src" : "/sda/5942/TOC-Subject-Sample-2021-Law.jpg"})
ABSTRACT
The paper argues that the obligation of States to prevent harmful international activities perpetrated within their territory, or any other area under their exclusive control, applies to activities conducted in cyber space. Thus, a State is bound by an obligation to prevent detrimental cyber conduct committed from its territory or transiting through its territory, or any other area under its exclusive control, when it knows or should have known of the conduct, when the conduct contradicts the rights of another State, and when it may cause or is causing serious harm. Where a State is aware or should have been aware of the misuse of its territorial cyber infrastructure, the State must attempt to prevent or to react to the harmful transboundary operation, applying all reasonable measures. The content of the obligation of due diligence to prevent damaging cross-border cyber activities depends on the economic, financial and human resources of the State. The paper concludes that the obligation to preclude harmful international cyber operations constitutes only a first step in securing information and communication technology and should be sustained and improved by the introduction of a treaty on cyber security.
Disclosure statement
No potential conflict of interest was reported by the author.
Notes
1 The International Law Commission (ILC) is a United Nations (UN) organ whose aim is to prepare treaties’ drafts codifying the customary rules of a particular field of international law. It has prepared the Draft Articles on Responsibility of States for Internationally Wrongful Acts. This text has been extensively cited in State practice as well as by international courts and tribunals, so that most of its provisions can be considered as an authoritative statement of the customary international law on State responsibility.
2 General principles of law are the third source of international law, along with treaties and customary international law, as provided by the Statute of the ICJ.
3 The so-called Tallinn Manual 2, initiated by the North Atlantic Treaty Organization Cooperative Cyber Defense Centre Excellence, was drafted by an international group of international law experts and aimed to producing a non-binding document applying existing international law to cyber space in peacetime.
4 The principle of non-intervention is a corollary of a State’s sovereignty that is understood as the exercise of full and exclusive authority over the State’s territory to the exclusion of any other authority.
A prohibited intervention must accordingly be one bearing on matters in which each State is permitted … to decide freely. One of these is the choice of a political, economic, social and cultural system, and the formulation of foreign policy. Intervention is wrongful when it uses methods of coercion in regard to such choices. (ICJ Case concerning Military and Paramilitary in and against Nicaragua (Nicaragua v. United States) ICJ Reports 1986, para 202)
5 Under Art 51 UN Charter, armed attacks are a necessary requirement for the resort to the right to self-defence by a State. Armed attacks have been defined as severe uses of armed force. ICJ Case concerning Military and Paramilitary in and against Nicaragua (Nicaragua v. United States) 1986 ICJ Reports, para. 191.
6 Offenses against the confidentiality, integrity and availability of computer data and systems; computer-related offences; content-related offences; and offences related to infringement of copyrights and related rights.
7 Such a treaty should have a wider scope than the Council of Europe Convention on Cyber Crime that criminalises only 4 categories of cyber activities and, as of November 2017, was ratified by only 56 States, including non-members of the Council of Europe.
8 The EU has already adopted such an instrument. See directive 2016/1148 of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union, Official Journal of the European Union, 19 July 2016, L 194/1.