Talk:Scenario 08: Certificate authority hack
This is a sample comment. Kubomacak (talk) 18:35, 17 October 2018 (UTC)
Comments of reviewer
Executive summary - clear, concise
Keywords - reflect the content of scenario
Factual Narrative - very clear
Legal Analysis - I have nothing substantive to add; one surprising information for me was the mention of automatic prohibition of bulk surveillance in EU (fn 56) - I have to admit I have read these two decisions many times and never noticed any such ruling. CJEU admits it would be extremely difficult to pass the test of proportionality with any bulk scenario without specific and credible threat (not "general" such as crime or terrorism), but never read it such an extreme way that authors of scenario mention.
Re: L8-L9 comments
We are unsure as to how incident 2 can be regarded as a usurpation of an inherently governmental function. The man in the middle attack is directed against individuals (not the state or one of its governmental functions) in order to intercept communications - this isn't enforcement jurisdiction, it is surveillance.
In my opinion, enforcement jurisdiction includes the investigation of criminal offences, https://www.irwinlaw.com/cold/enforcement_jurisdiction. See also para 18 of commentary to rule 4 of TM 2.0.
In light of our previous comment, this sentence [As for incident 2, the answer depends on the actual goal of State B’s conduct.] needs revising. It is our view that violations of state sovereignty do not turn on the intention or goal of the offending state.
This requires further thought, since para 25 of commentary to rule 4 of TM 2.0 says that "The Experts concurred that intent is not a constitutive element of a breach of sovereignty."