Peacetime cyber espionage

Definition
Peacetime espionage has been traditionally considered as unregulated by international law. This is also reflected in the Tallinn Manual 2.0, which posits that ‘[a]lthough peacetime cyber espionage by States does not per se violate international law, the method by which it is carried out might do so.’

However, the methods of peacetime cyber espionage are varied and the legal consensus is almost non-existent with regard to cyber operations below the threshold of use of force or armed attack.

It must be noted that although cyber espionage operations may be legal from the perspective of international law, they are usually illegal according to domestic law of the target State, and the originating State usually has some requirements in its domestic law for conducting foreign intelligence operations.

The mere fact that an operation is a cyber espionage operation does not make it legal in international law, according to a majority of the experts drafting Tallinn Manual 2.0. According to a minority of the experts, espionage creates an exception for otherwise illegal certain cyber operations.

Bibliography and further reading

 * MN Schmitt (ed), Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations (CUP 2017)
 * Etc.