Editing Scenario 08: Certificate authority hack

Jump to navigation Jump to search

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.

Latest revision Your text
Line 50: Line 50:
 
'''[L9]''' On the basis of the foregoing, it can be summarized that in the context of incident 1, State B violated the sovereignty of State A insofar the actions of the non-state actor can be attributed to State B. As for incident 2, the answer is unsettled in the present state of international law and depends primarily on the interpretation of the actual nature of State B’s conduct.
 
'''[L9]''' On the basis of the foregoing, it can be summarized that in the context of incident 1, State B violated the sovereignty of State A insofar the actions of the non-state actor can be attributed to State B. As for incident 2, the answer is unsettled in the present state of international law and depends primarily on the interpretation of the actual nature of State B’s conduct.
   
==== Prohibition of intervention ====
+
==== Prohibited intervention ====
 
{{#lst:Prohibition of intervention|Definition}}
 
{{#lst:Prohibition of intervention|Definition}}
 
'''[L10]''' In incident 1, State B interfered with the internal affairs of State A by having a non-State actor issue fraudulent certificates, thereby undermining the security of online government services. However, proving the coercive nature of the act can be difficult. It depends on the ultimate goal of State B, and whether the act can be causally linked to the goal. If State B merely wanted to cause nuisance and economic loss to State A without any particular goal, the act does not qualify as prohibited intervention (even though it does qualify as a violation of sovereignty: see above).
 
'''[L10]''' In incident 1, State B interfered with the internal affairs of State A by having a non-State actor issue fraudulent certificates, thereby undermining the security of online government services. However, proving the coercive nature of the act can be difficult. It depends on the ultimate goal of State B, and whether the act can be causally linked to the goal. If State B merely wanted to cause nuisance and economic loss to State A without any particular goal, the act does not qualify as prohibited intervention (even though it does qualify as a violation of sovereignty: see above).
Line 56: Line 56:
 
'''[L11]''' In incident 2, the analysis again depends on the goal of State B. If State B wanted to engage in cyber espionage against the Internet users in State A’s territory, or even if it wanted to conduct law enforcement activities in State A’s territory, without any intent to influence State A’s decisions on its internal or external affairs, the prohibition of intervention would not have been breached.
 
'''[L11]''' In incident 2, the analysis again depends on the goal of State B. If State B wanted to engage in cyber espionage against the Internet users in State A’s territory, or even if it wanted to conduct law enforcement activities in State A’s territory, without any intent to influence State A’s decisions on its internal or external affairs, the prohibition of intervention would not have been breached.
   
==== Obligations arising from international human rights law ====
+
==== Violation of obligations arising from international human rights law by State B ====
 
{{#lst:International human rights law|Definition}}
 
{{#lst:International human rights law|Definition}}
 
'''[L12]''' (1) Does the obligation of State B to respect the right to privacy pursuant to Article 17 ICCPR apply to its cyber operations against individuals in State A? The owners and presumably also the content of the intercepted email accounts were located in State A. State B, whose State organ commissioned the preparation of the interception and then executed it itself, would be obligated to respect the human rights of those natural persons if they were under its jurisdiction or control.
 
'''[L12]''' (1) Does the obligation of State B to respect the right to privacy pursuant to Article 17 ICCPR apply to its cyber operations against individuals in State A? The owners and presumably also the content of the intercepted email accounts were located in State A. State B, whose State organ commissioned the preparation of the interception and then executed it itself, would be obligated to respect the human rights of those natural persons if they were under its jurisdiction or control.

Please note that all contributions to International cyber law: interactive toolkit are considered to be released under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) (see International cyber law: interactive toolkit:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

Cancel Editing help (opens in new window)