Peacetime cyber espionage

From International cyber law: interactive toolkit
Jump to navigation Jump to search

In general[edit | edit source]

Peacetime cyber espionage
Peacetime espionage has been traditionally considered as unregulated by international law. This is also reflected in the Tallinn Manual 2.0, which posits that ‘[a]lthough peacetime cyber espionage by States does not per se violate international law, the method by which it is carried out might do so.’[1]

However, the methods of peacetime cyber espionage are varied and the legal consensus is almost non-existent with regard to cyber operations below the threshold of use of force or armed attack.

It must be noted that although cyber espionage operations are generally not illegal from the perspective of international law, they are usually prohibited according to the domestic law of the target State. Moreover, the acting State’s authorities will also typically be subject to specific domestic law prescriptions pertaining to the conduct of foreign intelligence operations.

Conversely, the mere fact that an operation is a cyber espionage operation does not make it legal in international law, according to a majority of the experts drafting Tallinn Manual 2.0.[2] According to a minority of the experts, espionage creates an exception for certain otherwise illegal cyber operations.[3]

Economic cyber espionage[edit | edit source]

Economic cyber espionage
The United States has, already in its 2011 International Strategy for Cyberspace, declared that it “will take measures to identify and respond to [persistent theft of intellectual property, whether by criminals, foreign firms, or state actors working on their behalf,] to help build an international environment that recognizes such acts as unlawful and impermissible, and hold such actors accountable.”[4] The G20 countries reaffirmed in 2015 that “no country should conduct or support ICT-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.”[5] In September 2015, the US and China agreed on a similar commitment on a bilateral basis.[6]

Therefore, there is a push to curb the practice by developing a prohibition of such practice as a matter of international law.

However, according to the prevailing opinion, no such prohibition has crystallised in customary international law. In this regard, it is noteworthy that the 2015 UN GGE report does not mention economic cyber espionage among the applicable norms, rules, and principles of responsible State behaviour in cyberspace.[7] Several authors,[8] including experts of the Tallinn Manual 2.0,[9] consider that there is no distinction between economic cyber espionage and other forms of cyber espionage in general international law.[10] Additionally, no international consensus exists that agreements such as WIPO TRIPS[11] protect trade secrets against espionage conducted by a foreign state, and it is unclear whether the affected company can challenge the spying State in a domestic court or pursuant to a bilateral investment treaty, if there is one.[12]

Accordingly, such conduct is not subject to any general prohibition under extant international law.

Appendixes[edit | edit source]

See also[edit | edit source]

Notes and references[edit | edit source]

  1. Tallinn Manual 2.0, rule 32.
  2. Tallinn Manual 2.0, rule 32 and commentary to rule 32, para 6.
  3. Id.; Ashley Deeks, 'An International Legal Framework for Surveillance' (2015) 55 VA.J.INT’LL. 291, 302-3.
  4. President of the United States, ‘International Strategy for Cyberspace: Prosperity, Security, and Openness in a Networked World’ (2011).
  5. G20 Leaders’ Communiqué (15–16 November 2015), para 26; see also G7 Principles and Actions on Cyber (Annex to the Ise-Shima Declaration from 27 May 2016).
  6. See US, ‘FACT SHEET: President Xi Jinping’s State Visit to the United States’ (25 September 2015).
  7. UNGA ‘Report of the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security’ (22 July 2015), A/70/174.
  8. Catherine Lotrionte, ‘Countering State-Sponsored Cyber Economic Espionage Under International Law’ (2015) 40 N.C. J. INT'L L. & COM. REG. 443, 488-492; David Fidler, ‘Economic Cyber Espionage and International Law: Controversies Involving Government Acquisition of Trade Secrets through Cyber Technologies’ (2013) 17/10 ASIL Insights; Erica Häger & Carolina Dackö, ‘Economic Espionage: A Report by Mannheimer Swartling’ (2018).
  9. Tallinn Manual 2.0, rule 32, commentary 3.
  10. For an opposing view, see Russell Buchan, ‘The International Legal Regulation of State-Sponsored Cyber Espionage’ (2016) in International Cyber Norms: Legal, Policy & Industry Perspectives, Anna-Maria Osula and Henry Rõigas (Eds.), NATO CCD COE Publications, Tallinn 2016.
  11. Agreement on Trade-Related Aspects of Intellectual Property Rights, Annex 1C to the Agreement Establishing the World Trade Organization (signed on 15 April 1994 in Marrakesh), 1869 UNTS 299, 33 ILM 1197.
  12. Erika Häger & Carolina Dackö, ‘Economic Espionage: A Report by Mannheimer Swartling’ (2018), page 5: “Economic espionage, to the extent it qualifies as a violation of intellectual property rights, should arguably be treated as an act comparable to commercial activities, jure gestionis. A [S]tate would then not be able to claim state immunity for such acts and could thus instead face a normal trial in a domestic court.“

Bibliography and further reading[edit | edit source]