National position of Estonia (2019)
This page is under construction.
Introduction
This is the national position of Estonia on international law applicable to cyberspace operations. It was expressed in Tallinn on 29 May 2019 by the President of Estonia, Kersti Kaljulaid.[1]
List of topics
The Estonian national position addresses the following topics: Sovereignty, Due Diligence, Attribution, Self-Defence, Collective Self-Defence, Countermeasures, Collective Countermeasures, and Diplomatic response to malicious cyber activities.
General Statement
According to the Estonian official national position, existing international law applies to cyberspace. In particular, rights and obligations of international law including the UN Charter when states use IT and communication technologies. Estonia holds the view that what States can do or can do not in cyberspace should be found in the existing regime of international law. [2]
Sovereignty
According to the Estonian position, sovereignty entails not only rights, but also obligations. Therefore, States are responsible for their activities in cyberspace when they amount to internationally wrongful acts just like they are responsible for any other activity based on international treaties or customary international law. [3]
Due diligence
States have to make reasonable efforts to ensure that their territory is not used to adversely affect the right of other states. They should strive to develop means to offer support when requested by the injured state in order to identify, attribute or investigate malicious cyber operations. This expectation depends on national capacity as well as availability, and accessibility of information. These efforts must be undertaken considering the capacities of different states to be able to control such operations that exploit their infrastructure or systems. Meeting this expectation should encompass taking all feasible measures, rather than achieving concrete results. [4]
Attribution
Estonia holds the view that States own the right to attribute cyber operations both individually and collectively according to international law. What is required from the attributing state is not absolute certainty but what is reasonable. When assessing malicious cyber operations, technical information, political context, established behavioral patterns and other relevant indicators are considered. [5]
Self Defence
Estonia declares that States have the right to react to malicious cyber operations, including using diplomatic response, but also countermeasures, and, if necessary, the inherent right of self defence. Cyber operations which cause injury or death to persons or damage or destruction of objects could amount to a use of force or armed attack under the UN Charter. [6]
Countermeasures
Among other options for collective response, Estonia supports the use of countermeasures as a mean to lawfully respond to international wrongful acts perpetrated through cyberspace. Moreover, Estonia is furthering the position that states which are not directly injured may apply countermeasures to support the state directly affected by a malicious cyber operation. The countermeasures applied should follow the principle of proportionality and other principle established within the international customary law. [7]
Appendixes
See also
Notes and references
- ↑ President of Estonia: international law applies also in cyber space, 29 May 2019
- ↑ President of Estonia: international law applies also in cyber space, 29 May 2019
- ↑ President of Estonia: international law applies also in cyber space, 29 May 2019
- ↑ President of Estonia: international law applies also in cyber space, 29 May 2019
- ↑ President of Estonia: international law applies also in cyber space, 29 May 2019
- ↑ President of Estonia: international law applies also in cyber space, 29 May 2019
- ↑ President of Estonia: international law applies also in cyber space, 29 May 2019
Bibliography and further reading
- Michael N. Schmitt, "Estonia Speaks Out on Key Rules for Cyberspace", JustSecurity, 10 June 2019