More on this book
Kindle Notes & Highlights
There are very few treaties that directly deal with cyber operations and those that have been adopted are of limited scope. Similarly, because State cyber practice is mostly classified and publicly available expressions of opinio juris are sparse, it is difficult to definitively identify any cyber-specific customary international law. This lack of cyber-specific international law does not mean, however, that cyber operations exist in a normative void. Both International Groups of Experts were unanimous in their estimation that existing international law applies to cyber operations, an
...more
For the purposes of this Manual, the physical, logical, and social layers of cyberspace are encompassed in the principle of sovereignty. The physical layer comprises the physical network components (i.e., hardware and other infrastructure, such as cables, routers, servers, and computers). The logical layer consists of the connections that exist between network devices. It includes applications, data, and protocols that allow the exchange of data across the physical layer. The social layer encompasses individuals and groups engaged in cyber activities.
Rule 4 – Violation of sovereignty A State must not conduct cyber operations that violate the sovereignty of another State.
2. This Rule applies in the relations between States, that is, to actions undertaken by, or attributable to, States. The International Group of Experts agreed that it does not extend to the actions of non-State actors unless such actions are attributable to a State
target State’s sovereignty does not mean that their actions are lawful. On the contrary, such operations are likely to violate the domestic law of States having jurisdiction over, inter alia, the persons or activities involved.
16. Although the International Group of Experts could not define ‘inherently governmental functions’ definitively, it agreed that a cyber operation that interferes with data or services that are necessary for the exercise of inherently governmental functions is prohibited as a violation of sovereignty (and in some cases the prohibition of intervention, Rule 66). Examples include changing or deleting data such that it interferes with the delivery of social services, the conduct of elections, the collection of taxes, the effective conduct of diplomacy, and the performance of key national defence
...more
Due diligence Rule 6 – Due diligence (general principle) A State must exercise due diligence in not allowing its territory, or territory or cyber infrastructure under its governmental control, to be used for cyber operations that affect the rights of, and produce serious adverse consequences for, other States.
If you are going to have infrastructure, you must do it responsibly.
of expression. Similarly, a State could block individuals seeking to express themselves from accessing specific IP addresses or domain names, take down websites, employ filtering technologies to deny access to pages containing keywords or other specific content, or obstruct the sending of email, text, and other forms of point-to-point or group communications. These activities infringe upon the right to freedom of expression when not in accordance with Rule 37. It must be noted that such actions might also violate other rights, such as the freedoms of peaceful assembly and association.412
restriction on cyber activities that might otherwise be protected by international human rights law must be ‘necessary’, although States enjoy a margin of appreciation in this regard.456 To illustrate, it is generally considered necessary to restrict the exercise of freedom of expression online or the enjoyment of the right to privacy (Rule 35) in order to eliminate child pornography and child exploitation,457 protect intellectual property rights,458 and stop incitement to genocide.459 The International Group of Experts noted that with respect to the mass collection of electronic
...more
