Definition of military objectives
One of the basic precepts of IHL is the rule that the parties to the conflict must at all times distinguish between civilian objects and military objectives and may, accordingly, only direct their operations against military objectives. The binding definition of military objectives is found in Article 52(2) of Additional Protocol I:
The formal scope of application of the Protocol is limited only to international armed conflicts (IACs). However, an identical definition of military objectives is found in treaties applicable in non-international armed conflicts (NIACs). Moreover, certain non-party States to the Protocol accept the customary nature of the definition. Accordingly, the ICRC has characterized the definition of military objectives as a norm of customary international law applicable in both IACs and NIACs.
Relevant rules of IHL apply to kinetic operations as well as to cyber operations.
Qualification of data as a military objective under IHL
|Data as a military objective|
|Since the binding definition of military objectives is limited to “objects”, it is of crucial importance whether data may qualify as an “object” and therefore a military objective, particularly in respect of cyber operations that do not result in a physical effect. If data do not qualify as “objects”, then cyber operations against data would be unconstrained by IHL and civilian datasets would be left unprotected by IHL in times of armed conflict.
Two main views have emerged in this regard. On the one hand, some experts consider the notion “object” to be limited to something with physical properties that is visible and tangible in the real world. This view is based on a textual interpretation of the term “object” and it finds further support in the 1987 ICRC commentary to the Additional Protocols. On this view, cyber operations against data do not fall within the ambit of IHL unless the operation in question results in some physical effect and/or a loss of functionality of the target system.
On the other hand, other experts view data as falling within the notion of “object” under IHL. They consider that the remarks on visibility and tangibility in the ICRC commentary were meant to distinguish between concrete things (for instance, a bridge) and abstract notions (for instance, civilian morale). Accordingly, data are analogous to the former category of concrete things because they are likewise susceptible to being attacked and destroyed. This interpretation brings civilian datasets within the protection of IHL, thus fostering a central value of IHL, namely, the protection of civilians and civilian objects. Given that, on this view, data qualifies as an “object”, cyber operations against data must, unless a specific exception can be identified, be justified by reference to the definition of military objectives.
Notes and references
- Art 48 AP I; ICRC CIHL Study, rule 7.
- Art 1 AP I.
- See, eg, Amended Protocol II to the CCW, Article 2(6); Second Protocol to the Hague Convention for the Protection of Cultural Property, Article 1(f).
- See, eg, Brian Egan, Legal Adviser, Department of State, “Remarks to the American Society of International Law: International Law, Legal Diplomacy, and the Counter-ISIL Campaign” (1 April 2016), 242 (“In particular, I’d like to spend a few minutes walking through some of the targeting rules that the United States regards as customary international law applicable to all parties in a NIAC: … Insofar as objects are concerned, military objectives are those objects which by their nature, location, purpose or use make an effective contribution to military action and whose total or partial destruction, capture or neutralization, in the circumstances ruling at the time, offers a definite military advantage.”).
- ICRC CIHL Study, rule 8.
- Tallinn Manual 2.0, rule 80 (“Cyber operations executed in the context of an armed conflict are subject to the law of armed conflict.”).
- Tallinn Manual 2.0, commentary to rule 100, paras 5–6 (noting that the majority of experts considered that due to it being intangible, data does not fall within the ordinary meaning of the term object, which is “something visible and tangible”) (internal quotation marks deleted); but see Michael N Schmitt, ‘The Notion of ‘Objects’ during Cyber Operations: A Riposte in Defence of Interpretive and Applicative Precision’ (2015) 48 IsrLR 81, 93 (noting that although the “visible and tangible” criterion influenced the Tallinn Manual experts’ deliberations, it was not dispositive).
- Tallinn Manual 2.0, commentary to rule 100, para 5 (“An ‘object’ is characterised in the ICRC Additional Protocols 1987 Commentary as something ‘visible and tangible’.”), citing Yves Sandoz, Christophe Swinarski and Bruno Zimmermann (eds), Commentary on the Additional Protocols of 8 June 1977 to the Geneva Conventions of 12 August 1949 (ICRC 1987), 633–34 paras 2007–08.
- Tallinn Manual 2.0, commentary to rule 100, para 6.
- Heather A Harrison Dinniss, ‘The Nature of Objects: Targeting Networks and the Challenge of Defining Cyber Military Objectives’ (2015) 48 IsrLR 39, 44; Kubo Mačák, ‘Military Objectives 2.0: The Case for Interpreting Computer Data as Objects under International Humanitarian Law’ (2015) 48 IsrLR 55, 67–68.
- Kubo Mačák, ‘Military Objectives 2.0: The Case for Interpreting Computer Data as Objects under International Humanitarian Law’ (2015) 48 IsrLR 55, 73.
- Kubo Mačák, ‘Military Objectives 2.0: The Case for Interpreting Computer Data as Objects under International Humanitarian Law’ (2015) 48 IsrLR 55, 77–80; see also Tallinn Manual 2.0, rule 100, para 7 (criticizing the majority position for “running counter to the principle … that the civilian population enjoys general protection from the effects of hostilities”).