Editing Scenario 08: Certificate authority hack

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.

Latest revision Your text
Line 46: Line 46:
 
'''[L7]''' As for option 4, some of the affected systems were providing secure access to State A’s company register. Running this register is State A’s inherently governmental function, and if the function could not be provided due to the interference by State B (incident 1), then State B’s conduct had amounted to a violation of State A’s sovereignty.
 
'''[L7]''' As for option 4, some of the affected systems were providing secure access to State A’s company register. Running this register is State A’s inherently governmental function, and if the function could not be provided due to the interference by State B (incident 1), then State B’s conduct had amounted to a violation of State A’s sovereignty.
   
'''[L8]''' The relevance of Option 5 depends on the legal qualification of the mass interception operation conducted by State B against individuals located in State A’s territory (incident 2). On one view, this is merely surveillance targeted against private persons which, as such, does not interfere with State A’s governmental functions. By contrast, another view is that if the operation in question was conducted in order to collect evidence for criminal proceedings without the consent of State A, then it qualified as a non-consensual exercise of law enforcement functions in State A’s territory. Because law enforcement is exclusively reserved to the territorial State under international law, on this view State B’s conduct would have violated State A’s sovereignty.<ref>Compare [https://doi.org/10.1017/9781316822524 Tallinn Manual 2.0], commentary to rule 4, para 18: “if one State conducts a law enforcement operation against a botnet in order to obtain evidence for criminal prosecution by taking over its command and control servers located in another State without that State’s consent, the former has violated the latter’s sovereignty because the operation usurps an inherently governmental function exclusively reserved to the territorial State under international law.”</ref>
+
'''[L8]''' The relevance of Option 5 depends on the legal qualification of the mass interception operation conducted by State B against individuals located in State A’s territory (incident 2). On one view, this is merely surveillance targeted against private persons which, as such, it does not interfere with State A’s governmental functions. By contrast, another view is that if the operation in question was conducted in order to collect evidence for criminal proceedings without the consent of State A, then it qualified as a non-consensual exercise of law enforcement functions in State A’s territory. Because law enforcement is exclusively reserved to the territorial State under international law, on this view State B’s conduct would have violated State A’s sovereignty.<ref>Compare [https://doi.org/10.1017/9781316822524 Tallinn Manual 2.0], commentary to rule 4, para 18: “if one State conducts a law enforcement operation against a botnet in order to obtain evidence for criminal prosecution by taking over its command and control servers located in another State without that State’s consent, the former has violated the latter’s sovereignty because the operation usurps an inherently governmental function exclusively reserved to the territorial State under international law.”</ref>
   
 
'''[L9]''' On the basis of the foregoing, it can be summarized that in the context of incident 1, State B violated the sovereignty of State A insofar the actions of the non-state actor can be attributed to State B. As for incident 2, the answer is unsettled in the present state of international law and depends primarily on the interpretation of the actual nature of State B’s conduct.
 
'''[L9]''' On the basis of the foregoing, it can be summarized that in the context of incident 1, State B violated the sovereignty of State A insofar the actions of the non-state actor can be attributed to State B. As for incident 2, the answer is unsettled in the present state of international law and depends primarily on the interpretation of the actual nature of State B’s conduct.

Please note that all contributions to International cyber law: interactive toolkit are considered to be released under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) (see International cyber law: interactive toolkit:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

Cancel Editing help (opens in new window)