Difference between revisions of "Sovereignty"

Jump to navigation Jump to search
8,268 bytes added ,  1 year ago
adding Czechia
(adding Czechia)
(73 intermediate revisions by 11 users not shown)
== Definition ==
<references /><section begin=Definition />
{| class="wikitable mw-collapsible" style="background-color:#ffffcc;"
! scope="col" style="background-color:#ffffaa;"| [[Sovereignty]]
|[[File:Crown-Silhouette.svg|frame|219x219px|Source: openclipart.org.]][[Sovereignty]] is a core principle of international law. According to a widely accepted definition of the term in the 1928 ''Island of Palmas'' arbitral award of 1928,<blockquote>[s]overeignty in the relations between States signifies independence. Independence in regard to a portion of the globe is the right to exercise therein, to the exclusion of any other State, the functions of a State.<ref>''Island of Palmas (Neth. v. U.S.)'', 2 RIAA 829, 838 (Perm. Ct. Arb. 1928).</ref></blockquote>According to multipleMultiple declarations by the UN,<ref>United Nations General Assembly, ''Report of the Group of Governmental Experts on Developments in the Field ofUNGA [https://unoda-web.s3-accelerate.amazonaws.com/wp-content/uploads/2016/01/A-RES-70-237-Information-Security.pdf andRes Telecommunications71/237 in(30 theDecember Context2015)] ofUN InternationalDoc Security''A/RES/20/237.</ref> NATO,<ref>North 22Atlantic JulyTreaty 2015Organization, <nowiki>http[https://www.unnato.orgint/gacps/searchic/view_doc.asp?symbol=Anatohq/70/174&referer=/english/&Lang=E</nowiki>official_texts_112964.</ref> NATO,<ref>'htm 'Wales Summit Declaration,'] Issued (issued by the HeadsHead of State and Government participating in the meeting of the North Atlantic Council in Wales'', (5 September 2015,) paragraphpara 72, <nowiki>https://www.nato.int/cps/ic/natohq/official_texts_112964.htm</nowiki>.</ref> OSCE,<ref>Organization for Security and Co-operationCooperation in Europe, Permanent Council,[https://www.osce.org/pc/227281?download=true ''Decision No. 1202, OSCE Confidence-Building Measures to Reduce the Risks of Conflict Stemming from the Use of Information and Communication Technologies''] (Permanent Council, 10 March 2016) PC.DEC/1202.<nowiki/ref> the European Union,<ref> Council of the European Union,[https://www.osceconsilium.orgeuropa.eu/pcmedia/227281?download=true<31666/nowiki>st14435en17.pdf "Council Conclusions on the Joint Communication to the European Parliament and the Council: Resilience, Deterrence and Defence: Building strong cybersecurity for the EU"] (Council conclusions, 20 November 2017).</ref> and individual States, have confirmed that international law applies in cyberspace. Accordingly, andso hencetoo alsodoes the principle of sovereignty. applies in cyberspace.However, Itthere is the subject of some debate toas whatto extentwhether this principle operates as a standalone rule of international law, the breach of which gives rise to state responsibility.
* For the proponents of this view, the prohibition on violationviolating ofthe sovereignty of other States is a substantive primary rule of international law, the breach of which is an internationally wrongful act. This view iswas atunanimously theaccepted basis ofby the analysisexperts inwho prepared the Tallinn Manual 2.0<ref>MNMichael SchmittN (ed)Schmitt, ''Tallinn[https://heinonline.org/HOL/P?h=hein.journals/cjil19&i=36 ManualVirtual 2.0Disenfranchisement: onCyber Election Meddling in the Grey Zones of International Law]' Applicable(2018) to19 CyberChiJIntlL Operations''30,40; (CUP[https://doi.org/10.1017/CBO9781139169288 2017)Tallinn Manual 2.0], commentary to rule 4, commentarypara 2 (‘States shoulder an obligation to respect the sovereignty of other States as a matter of international law’).</ref> and it haswas reportedly not been challenged by any of the over fifty States that had participated in the process of consultations ofregarding the Manual prior to its publication in 2017.<ref>See MNMichael N Schmitt and LLiis Vihul, ‘Respect‘[https://texaslawreview.org/respect-sovereignty-cyberspace/ Respect for Sovereignty in Cyberspace’Cyberspace]’ (2017) 95 TexasTex LawL ReviewRev. 1639, 1649 (noting that States ‘voiced no meaningful objection to Rule 4’ and that ‘it appeared to be received knowledge that a primary rule on territorial-sovereignty violations existed and applied to cyber operations.’).</ref> This view has now been adopted by several States including the Czech Republic<ref>Czech Republic, [https://www.nukib.cz/download/publications_en/CZ%20Statement%20-%20OEWG%20-%20International%20Law%2011.02.2020.pdf Statement by Mr. Richard Kadlčák, Special Envoy for Cyberspace, 2nd substantive session of the Open-ended Working Group on developments in the field of information and telecommunications in the context of international security] (11 February 2020), stating that ‘[t]he Czech Republic concurs with those considering the principle of sovereignty as an independent right and the respect to sovereignty as an independent obligation.’</ref>, France,<ref>French Ministry of the Armies, ‘[https://www.defense.gouv.fr/content/download/567648/9770527/file/international+law+applied+to+operations+in+cyberspace.pdf International Law Applied to Operations in Cyberspace]’, 9 September 2019, stating that ‘Any unauthorised penetration by a State of French systems or any production of effects on French territory via a digital vector may constitute, at the least, a breach of sovereignty’.</ref> Germany<ref>Norbert Riedel, ‘[https://www.auswaertiges-amt.de/en/newsroom/news/150518-ca-b-chatham-house/271832 Cyber Security as a Dimension of Security Policy]’ (18 May 2015), arguing that ‘[e]ven in cases where one cannot speak of a use of force, the use of cyber capabilities might constitute a violation of sovereignty, if the attack can be attributed to a state, which then in turn could lead to consequences within the confines of public international law’.</ref> and the Netherlands.<ref>Dutch Ministry of Foreign Affairs, ‘[https://www.government.nl/ministries/ministry-of-foreign-affairs/documents/parliamentary-documents/2019/09/26/letter-to-the-parliament-on-the-international-legal-order-in-cyberspace Letter to the parliament on the international legal order in cyberspace]’ (5 July 2019), stating that ‘countries may not conduct cyber operations that violate the sovereignty of another country’.</ref>
* By contrast, the opposing view is that sovereignty is a principle of international law that may guide State interactions, but it does not amount to a standalone primary rule.<ref name=":1">Gary P. Corn and Robert Taylor, ‘[https://doi.org/10.1017/aju.2017.57 Sovereignty in the Age of Cyber]’ (2017) 111 AJIL Unbound 207, 208 (arguing that sovereignty is ‘a principle of international law that guides state interactions’).</ref> This view has now been adopted by one State, the United Kingdom.<ref name=":2">Jeremy Wright, ‘[https://www.gov.uk/government/speeches/cyber-and-international-law-in-the-21st-century Cyber and International Law in the 21st Century]’ (23 May 2018) (stating that he was ‘not persuaded that we can currently extrapolate from that general principle a specific rule or additional prohibition for cyber activity beyond that of a prohibited intervention. The UK Government’s position is therefore that there is no such rule as a matter of current international law’); see also Memorandum from JM O’Connor, General Counsel of the Department of Defense, ‘International Law Framework for Employing Cyber Capabilities in Military Operations’ (19 January 2017) (considering that sovereignty is not ‘a binding legal norm, proscribing cyber actions by one State that result in effects occurring on the infrastructure located in another State, or that are manifest in another State’), as cited by Sean Watts & Theodore Richard, 'Baseline Territorial Sovereignty and Cyberspace' (2018) 22 Lewis & Clark L. Rev. 771, 829.</ref> By this approach, cyber operations never violate the sovereignty of a State, although they may constitute prohibited intervention, use of force or other internationally wrongful acts.
* By contrast, the opposing view considers that sovereignty is ‘a principle of international law that guides state interactions, but is not itself a binding rule‘.<ref>GP Corn and R Taylor, ‘Sovereignty in the Age of Cyber’ (2017) 111 AJIL Unbound 207, 208.</ref> It was originally formulated by two high-level US government legal advisors writing in their private capacity<ref>Gary Corn was the Staff Judge Advocate at the US Cyber Command and Robert Taylor was Former Principal Deputy General Counsel at the US Department of Defense. See Corn and Taylor (n 7) 207.</ref> and it has since been endorsed at least by the UK attorney general.<ref>J Wright, ‘Cyber and International Law in the 21st Century’ (23 May 2018) <<nowiki>https://www.gov.uk/government/speeches/cyber-and-international-law-in-the-21st-century</nowiki>> (‘The UK Government’s position is … that there is no such rule as a matter of current international law.’).</ref>
The remainder of this section proceeds on the basis of the former ‘sovereignty“sovereignty-as-rule’rule” approach. Those espousing the latter ‘sovereignty“sovereignty-as-principle’principle” approach should refer to other relevant sections of the legal analysis (such as that on the [[prohibition of intervention]]).
TheIt ‘internal’is understood that sovereignty has both an internal and an external component.<ref>Cf. James Crawford, ''Brownlie's Principles of Public International Law'' (OUP 2012) 448.</ref> In the cyber context, the “internal” facet of sovereignty entails that [a] State enjoys sovereign authority with regard to the cyber infrastructure, persons, and cyber activities located within its territory, subject to its international legal obligations.<ref name=":3">MN Schmitt[https://doi.org/10.1017/9781316822524 (ed), ''Tallinn Manual 2.0], onrule 2.</ref><ref>Sovereignty over cyber infrastructure derives from the Internationaltraditional Lawconcept Applicableof tosovereignty, Cyberindependent of the use of cyberspace. See Wolff Heintschel von Heinegg, Operations'[https://digital-commons.usnwc.edu/cgi/viewcontent.cgi?referer=https://www.google.ee/&httpsredir=1&article=1027&context=ils Territorial Sovereignty and Neutrality in Cyberspace]' (CUP 20172013) 89 Int’l L. Stud. 123 (noting that '[t]erritorial sovereignty [..] implies that, rulesubject 2to applicable customary or conventional rules of international law, the State alone is entitled to exercise jurisdiction, especially by subjecting objects and persons within its territory to domestic legislation and to enforce these rules.')</ref>
EachAs State’sa sovereigntygeneral isrule, protectedeach byState internationalmust lawrespect fromthe violationsovereignty byof other States.<ref>''IdUN GA Res 2625 (XXV) (24 October 1970) (Friendly Relations Declaration), preamble (emphasizing “that the purposes of the United Nations can be implemented only if States enjoy sovereign equality and comply fully with the requirements of this principle in their international relations”); [https://doi.org/10.1017/9781316822524 Tallinn Manual 2.''0], rule 4.</ref> It is clear that a cyber operation with severe destructive effects, comparable to a ‘non“non-cyber’cyber” armed attack or a use of force against a State, constitutes a violation of its sovereignty; however, with more subtle cyber operations, the question is far from settled.<ref>[https://doi.org/10.1017/9781316822524 Tallinn Manual 2.0], commentary to rule 4, para 5 and 12.</ref>
The following optionsmodalities, have been proposedhighlighted in the Tallinn Manual 2.0, represent different ways of determining what a “sovereignty violation” might mean in the context of cyber operations:
# A State organ conducting cyber operations against a target State Aor entities or persons located there while <b>physically present</b> in Statethe A’starget State's territory violates the State’starget State's sovereignty.<ref name=":4">See, eg, [https://www.icj-cij.org/files/case-related/152/152-20151216-JUD-01-00-EN.pdf ''Id.Certain Activities Carried Out by Nicaragua in the Border Area (Costa Rica v Nicaragua) and Construction of a Road in Costa Rica along the San Juan River (Nicaragua v Costa Rica)'' (Judgment)] [2015] ICJ Rep 665, 704–05, paras 97–99 (holding that the presence of Nicaragua’s military personnel in the territory under Costa Rica’s sovereignty amounted to a violation of Costa Rica’s territorial sovereignty); see also [https://doi.org/10.1017/9781316822524 Tallinn Manual 2.0], commentary to rule 4, commentarypara 6.</ref>  This was agreed by all Experts drafting the Manual; however, ‘a“a few’few” of the Experts thought that the extensive State practice carved out an exception for espionage operations.<ref name=":5">''Id[https://doi.''org/10.1017/9781316822524 Tallinn Manual 2.0], commentary to rule 4, commentarypara 7.; commentary to rule 32, commentarypara 9.</ref>
# Causation of <b>physical consequencesdamage or injury</b> '''by remote means''';<ref>''Id[https://doi.''org/10.1017/9781316822524 Tallinn Manual 2.0], commentary to rule 4, commentarypara 11.</ref> again, ‘a“a few’few” Experts took the position that this is a relevant but not a determinative factor by itself;.<ref>''Id[https://doi.''org/10.1017/9781316822524 Tallinn Manual 2.0], commentary to rule 4, commentarypara 12.</ref>
# Causation of a <b>loss of functionality</b> of cyber infrastructure: although the Tallinn Manual 2.0 experts agreed that a loss of functionality constituted “damage” and thus a breach of sovereignty, no consensus could be achieved as toon the precise threshold for a loss of functionality (the necessity of reinstallation of operating system or other software was proposed but not universally accepted); <ref>''Id[https://doi.''org/10.1017/9781316822524 Tallinn Manual 2.0], commentary to rule 4, commentarypara 13.</ref> Below this threshold, there was no agreement among the Experts whether operations that do not cause physical consequences or a loss of functionality qualify as a violation of sovereignty.<ref>[https://doi.org/10.1017/9781316822524 Tallinn Manual 2.0], commentary to rule 4, para 14.</ref>
# <b>Interference with</b> data or services that are necessary for the exercise of ‘inherently"<b>inherently governmental functions’functions</b>";<ref name=":6">''Id[https://doi.''org/10.1017/9781316822524 Tallinn Manual 2.0], commentary to rule 4, commentarypara 15.</ref> although the Experts could not definitivelyconclusively define the term ‘inherently"inherently governmental functions’functions", they agreed that, for example, the conduct of elections would so qualify;.<ref name=":7">''Id[https://doi.org/10.1017/9781316822524 Tallinn Manual 2.''0], commentary to rule 4, commentarypara 16.</ref> <!-- - What constitutes inherently governmental functions differs between states depending upon their particular political constitution.
# Usurpation of ‘inherently governmental functions’, such as exercise of law enforcement functions in another State’s territory without justification. <ref>''Id.'', rule 4, commentary 18.</ref>
- Interference can be distinguished from intervention (as understood by the principle of non-intervention) but there needs to be a steer as to what constitutes interference - so, intervention is coercion, but what is interference (disruption, undermining, compromising the delivery of governmental functions). -->
Attributing the conduct to a State different from State A is a necessary prerequisite for qualifying it as a violation of sovereignty. Non-State actors cannot violate sovereignty on their own.
# <b>Usurpation of ‘inherently"inherently governmental functions’functions"</b>, such as exercise of law enforcement functions in another State’s territory without justification. <ref>''Id[https://doi.''org/10.1017/9781316822524 Tallinn Manual 2.0], commentary to rule 4, commentarypara 18.</ref>
[[Attribution|Attributing]] the conductrelevant cyber operation to a State different from Statethe Atarget State is a necessary prerequisite for qualifying itthe cyber operation as a violation of the target State's sovereignty. Non-State actors cannot violate sovereignty on their own.
== Appendixes ==
Whether non-State actors can violate territorial sovereignty on their own is a matter of disagreement.<ref>In favour: see, eg, Theodore Christakis, ‘The ICJ Advisory Opinion on Kosovo: Has International Law Something to Say about Secession?’ (2011) 24 LJIL 73, 84; Marcelo Kohen, ‘The Court’s Contribution to Determining the Content of Fundamental Principles of International Law’ in Giorgio Gaja and Jenny Grote Stoutenburg (eds), ''Enhancing the Rule of Law through the International Court of Justice'' (Brill 2012) 145. Against: see, eg, [https://doi.org/10.1017/9781316822524 Tallinn Manual 2.0], commentary to rule 4, para 3.</ref>
|}<section end=Definition />
== Appendices ==
=== See also ===
* [[Scenario 01: Election interference]]
* [[Scenario 02: Cyber espionage against government departments]]
* [[Scenario 03: Cyber operation against the power grid]]
* [[Scenario 05: State investigates and responds to cyber operations against private actors in its territory]]
* [[Scenario 07: Leak of State-developed hacking tools]]
* [[Scenario 08: Certificate authority hack]]
* [[Scenario 09: Economic cyber espionage]]
* [[Scenario 11: Sale of surveillance tools in defiance of international sanctions]]
* [[Scenario 14: Ransomware campaign]]
=== Notes and references ===
=== Bibliography and further reading ===
* MN Schmitt (ed), ''Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations'' (CUP 2017)
* Etc.
=== External links ===
* (...)
[[Category:Legal concepts]]
Cookies help us deliver our services. By using our services, you agree to our use of cookies.

Navigation menu