The “Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations”

at
Categories
Tags

 

 

The “Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations” (1) is one of the most comprehensive studies on the applicability of international law to cyberspace conflict, and thus cyber operations. In this study, multiple legal experts derived 154 rules from existing law. Several opinions on these rules were divided, so interpretation of the rules remains open for discussion.

 

In this assignment, you will examine two of these rules, consider the ethical and legal aspects of these rules, and offer your perspective on each.

 

The specific course learning outcome associated with this assignment is:

 

Review the legal and ethical aspects of cyber operations.

This course requires the use of Strayer Writing Standards (SWS). The library is your home for SWS assistance, including citations and formatting. Please refer to the Library site for all supports. Check with your professor for any additional instructions.

 

Instructions

Write a 3- to 5-page paper in which you evaluate Rules 4 and 9.

 

Rule 4

Rule 4 states that, according to international law, a state must not conduct cyberspace operations that violate the sovereignty of another state. A large part of cyber operations includes performing the collection of detailed intelligence on another state. This reconnaissance and access is often done “without causing physical damage or loss in functionality” at the targeted state. (1)

 

Describe the laws and rules that govern sovereignty, citing specific, credible sources that support your assertions and conclusions.

Explain why a state would want to collect intelligence, why it might be required ethically, and whether cyber operations that collect detailed intelligence on another state violate its sovereignty.

Provide a thorough, researched rationale for your perspective.

Rule 9

Rule 9 states that a state may exercise territorial jurisdiction over cyberspace infrastructure and persons engaged in cyberspace activities within its territory; cyberspace activities originating in, or completed within, its territory; or cyberspace activities having a substantial effect within its territory. A large part of cyber operations includes transmitting data – usually encrypted – which, because of network routing, may transit through the territorial cyberspace architecture of another state. (1)

 

Describe the laws and rules that govern territorial jurisdiction, citing specific, credible sources.

Explain whether cyber operations that collect detailed intelligence on another state may exercise jurisdiction over data that traverses its territory, citing specific, credible sources that support your assertions and conclusions.

Provide a thorough, researched rationale for your perspective.

Sample Solution

The “Tallinn Manual 2.0” serves as a foundational text for understanding the complex interplay between international law and cyber operations. While it offers a comprehensive framework, the dynamic nature of cyberspace inherently leads to divergent interpretations of existing legal principles when applied to this novel domain. This paper will critically examine Rules 4 and 9 of the Tallinn Manual 2.0, delving into their legal and ethical dimensions, and offering a perspective on each.

Rule 4: State Sovereignty and Cyber Operations

Rule 4 asserts that “A State must not conduct cyber operations that violate the sovereignty of another State.” This rule is fundamental, as sovereignty is a cornerstone of international law, denoting a state’s exclusive right to exercise supreme authority within its territory without external interference.

Laws and Rules Governing Sovereignty:

The principle of state sovereignty is enshrined in various international legal instruments and customary international law. The United Nations Charter, particularly Article 2(4), prohibits the threat or use of force against the territorial integrity or political independence of any state, implicitly reinforcing the principle of non-intervention. Article 2(7) further stipulates that nothing in the Charter authorizes the UN to intervene in matters essentially within the domestic jurisdiction of any state, again underscoring the sovereign right to self-governance.

The Declaration on Principles of International Law concerning Friendly Relations and Co-operation among States in accordance with the Charter of the United Nations (UN General Assembly Resolution 2625 (XXV), 1970) elaborates on this, stating that “No State or group of States has the right to intervene, directly or indirectly, for any reason whatever, in the internal or external affairs of any other State.” This principle is a cornerstone of the Westphalian system, emphasizing the independence and equality of states (Shaw, 2017).

However, the application of sovereignty to cyberspace is particularly contentious. While traditional notions of sovereignty easily apply to physical incursions, the intangible nature of cyberspace presents a challenge. Is a cyber intrusion that causes no physical damage still a violation of sovereignty? Legal scholars are divided. Some argue for a “de minimis” threshold, where only operations causing significant disruptive effects or physical damage would cross the line (Schmitt, 2013). Others, particularly those adopting a more “maximalist” view, contend that any unauthorized intrusion into a state’s cyber infrastructure, regardless of immediate damage, constitutes a violation of its exclusive control over its cyber domain (Gill & Joyner, 2018).

Why a State Would Want to Collect Intelligence and its Ethical Requirements:

States primarily collect intelligence to safeguard their national security interests, prevent attacks, inform foreign policy, and gain strategic advantages. This includes protecting critical infrastructure, identifying terrorist threats, monitoring adversaries’ capabilities, and understanding geopolitical shifts.

From an ethical standpoint, the collection of intelligence, particularly on adversaries or potential threats, can be argued as a moral imperative for a state. The responsibility to protect (R2P) its citizens from harm, both internal and external, necessitates vigilance and foresight. If intelligence gathering can prevent a terrorist attack, a large-scale cyber assault on critical infrastructure, or a conventional military strike, many would argue it is not just permissible but ethically required to minimize harm to its populace (Carafano & Goure, 2010). This utilitarian perspective prioritizes the greater good of national security over the abstract notion of privacy in another state’s digital networks.

However, ethical considerations also impose limits. Intelligence collection must be conducted within the bounds of international law and accepted norms. Indiscriminate mass surveillance, targeting of private citizens without legitimate security justifications, or covert operations that undermine democratic processes in other states raise significant ethical concerns regarding privacy, human rights, and non-interference (Frohlich & Heffernan, 2018).

Whether Cyber Operations that Collect Detailed Intelligence on Another State Violate its Sovereignty:

My perspective is that cyber operations that collect detailed intelligence on another state, even “without causing physical damage or loss in functionality,” do violate its sovereignty, particularly when involving unauthorized access to government or critical infrastructure networks.

My rationale is based on a broad interpretation of sovereignty as encompassing a state’s exclusive control over its internal affairs and its digital domain. While traditional international law focused on physical territory, the concept of sovereignty must adapt to the realities of the digital age.

  1. Exclusive Control: Sovereignty implies a state’s exclusive right to control activities within its territory, including its digital infrastructure and data. Unauthorized access, even for passive intelligence collection, represents an intrusion into this exclusive domain. It is analogous to a foreign intelligence agent covertly entering a government building in another country to gather information, even if they cause no physical damage—such an act would unquestionably be a violation of sovereignty. The medium (cyberspace) should not negate the principle.
  2. Lack of Consent: The essence of a sovereignty violation is the absence of consent. When a state’s networks are covertly accessed for intelligence, consent is inherently lacking. The “without causing physical damage or loss in functionality” clause in Rule 4 is a red herring; the violation lies in the unauthorized intrusion, not necessarily its immediate destructive outcome.
  3. Potential for Malign Use: Even if initially passive, such unauthorized access inherently carries the potential for future malign use. Reconnaissance often precedes more disruptive or destructive operations. Allowing such “benign” intrusions tacitly legitimizes a dangerous precedent, where states’ digital borders are permeable without consequence, undermining the very concept of digital self-determination.
  4. Territoriality of Cyberspace: While cyberspace is often described as borderless, its infrastructure (servers, cables, routers) is physically located within sovereign territories. An operation that collects intelligence often involves traversing or accessing devices within a specific state’s physical borders, thereby implicating its territorial sovereignty (Moore, 2010).

While states undoubtedly have a right, and perhaps an ethical imperative, to collect intelligence for self-preservation, this should ideally be done through legitimate means, such as open-source intelligence, diplomatic channels, or consensual intelligence-sharing agreements. Covert cyber reconnaissance, by its nature, undermines the mutual respect and non-interference that underpin the international system. The argument that “no physical damage” equates to “no violation” sets a dangerous precedent, as it could legitimize a constant state of low-level cyber intrusion that erodes trust and destabilizes international relations.

Rule 9: Territorial Jurisdiction and Data Transit

Rule 9 states that “A State may exercise territorial jurisdiction over cyberspace infrastructure and persons engaged in cyberspace activities within its territory; cyberspace activities originating in, or completed within, its territory; or cyberspace activities having a substantial effect within its territory.” This rule attempts to apply traditional notions of territorial jurisdiction to the fluid and interconnected nature of cyberspace, particularly regarding data transit.

Laws and Rules Governing Territorial Jurisdiction:

Territorial jurisdiction is a fundamental principle of international law, asserting that a state has the authority to prescribe, adjudicate, and enforce laws with respect to persons, property, and events within its geographical boundaries (Brownlie, 2008). This principle is deeply rooted in the concept of state sovereignty.

Key aspects of territorial jurisdiction include:

  1. Subjective Territorial Principle: A state has jurisdiction over acts that originate within its territory, even if the effects occur elsewhere.
  2. Objective Territorial Principle: A state has jurisdiction over acts that are completed within its territory, or have a substantial effect within its territory, even if the act originated elsewhere. This is often invoked in cases of transnational crime or harm (United States v. Aluminum Company of America, 1945).
  3. Physical Infrastructure: A state clearly has jurisdiction over the physical components of cyberspace infrastructure (servers, cables, data centers) located on its soil.

This question has been answered.

Get Answer
WeCreativez WhatsApp Support
Our customer support team is here to answer your questions. Ask us anything!
👋 Hi, Welcome to Compliant Papers.
Hi, how can I help?