Browsing by Author "Adamson, Liisi"

Present work focuses on the non-intervention principle and low-intensity cyber operations. More specifically, its main question is, whether the principle of non-intervention applies to low-intensity cyber operations and if it does, is the legal framework of non-intervention principle an effective way to regulate peacetime low-intensity cyber operations. Information Age and the rapid development of ICTs have provided hostile actors the opportunity to exploit the advantages cyberspace offers. Fear for the largely unknown has fostered a rich academic debate around the applicability of the use of force and LOAC. Yet, all of the information operations we have seen thus far have remained under the Article 2(4) threshold and that will most likely be the trend also in the future. Low-intensity cyber operations, meaning those that do not produce any damage or the damage caused is insignificant, can affect severely the everyday functioning of a heavily technology dependent State. They are inexpensive, easy to deploy, effective and can be used during peacetime with the added benefit of attacker anonymity. Thus, understanding the international law framework covering such operations is of outmost importance. The thesis first looks at the concept of sovereignty in relation to cyberspace, since the non-intervention principle derives from the notion of sovereignty. Due to cyberspace’s intangible nature, two main misconceptions have arisen. Firstly, cyberspace is often mistakenly found to be part of the global commons. Secondly, cyberspace is often seen as a domain, where States cannot assert their authority. Whilst addressing those two misconceptions, it is concluded that neither of those arguments is particularly true. States can exercise sovereignty and assert authority over the information infrastructure located in their territory. Theoretical framework of the non-intervention principle sets forth that the principle has a dual legal basis. Grounded on the one hand in treaty law and on the other hand customary international law, the principle was most clearly delineated by the UN from 1960s to 1980s. Generally, the non-intervention principle is said to consist of two elements: coercion and intervention that affects the internal or external affairs of the State. It is established that the nature of coercion has changed over time. That is also what this present work is grounded in. Cyber operations represent the next step in the evolution of States’ interventionist means. Whilst applying the international law framework of non-intervention principle to low-intensity cyber operations it becomes clear that the standards applied within the framework are too high to effectively regulate such offensive operations. The scope of States’ margin of appreciation regarding domaine réservé has been significantly reduced and the level of coercion needed to effectively apply the non-intervention principle does not correspond to today’s security environment. States are increasingly using cyber operations to achieve their strategic goals. From Estonia in 2007 to Sony in 2014 the interventionist means of States have grown to be less intensive, yet more penetrating, long-term and effective. A vivid example is cyber espionage, which is often disregarded in the discourse as a matter that is already resolved. Yet, as the cyber means grow more effective, cyber espionage through low-intensity cyber operations becomes more penetrative and the line between violation of sovereignty and non-intervention principle becomes clouded. In order for a cyber operation to breach the non-intervention principle, it must have a coercive nature and not be categorised as mere intrusion. The examples of State-on-State cyber operations show that none of the known cyber attacks has crossed the UN Charter Article 2(4) threshold. Instead they could be seen as unlawful interventions if extensive interpretation is applied. That leads to the second question of the present work: is the non-intervention principle effective in tackling the low-intensity cyber operations? Whereas the framework of the non-intervention principle is valid and relevant, the standards applied therein, developed close to three decades ago, do not adequately consider the changed security landscape of the 21st century. While the security threats become more penetrative and invasive, yet the interventionist means become low-intensity, the international community must look for feasible solutions for the technology future to come.