This article is written by Kezia Shaji, pursuing a Diploma in Cyber Law, FinTech Regulations and Technology Contracts from LawSikho.

Introduction

Technology has made everyone witness its peak the last decade. While it is amusing how technology could make the world feel connected on the other hand it compliments one with an obvious evil which is the vulnerability of these platforms. Earlier the fear was the existence of a mere virus slowing down the efficiency of the system which has now developed to highly sophisticated softwares which could cause serious destruction not just to the system but to human beings. From being able to leak information thereby spreading rumors and causing panic to hacking someone’s system in order to gain absolute information over all their personal details the list goes on. Although it tends to affect the people in technologically developed countries more the chances of sparing people living in countries which are still not fully developed in technological terms are not negligible.

It’s a whole system of interconnected networks. All this has landed cyber security as one of the biggest concerns of the times and unarguably one of the most discussed topics in countries all around the world. The primary concern being the introduction of an international statute to regulate cyber warfare. This exhaustive article helps give one a gist about what cyberspace and cyber warfare means and also examines whether cyber security should be a humanitarian concern and briefs about a few international conventions and reports dealing with the same and further goes on to mention about the challenges that still needs to be given adequate attention with regard to cyber warfare in the international domain.

Cyber Space 

Gone are those days people would physically gather to watch a movie in a theatre or to even play a game. With the advent of cyberspace, people who gather together to play games play by looking into their device from any part of the globe. The term ‘cyberspace’ was first coined in the year 1981 by American-Canadian author William Gibson who defined cyberspace as the creation of a computer network in a world which is filled with artificially intelligent beings. Cyberspace exists anywhere there is internet. Further the US Department of Defense defines cyberspace as “a global domain within the information environment consisting of an interdependent network of information technology infrastructures, including the internet, telecommunications networks, computer systems, and embedded processors and controllers.” Therefore it can be understood as the electronic virtual medium which helps in facilitating online communication. It helps users to play games, interact, share information and conduct business online. 

Cyber Warfare

There exists no universal standard definition of the term ‘cyber warfare’ but the term has been interchangeably used with the term ‘cyber-attack.’ Cyber warfare can be understood as the network-based conflict by the usage of technology to destroy the activities of a particular state.

State with a deliberate intention of attacking the information systems for strategic or military purposes. The destruction could be of multiple kinds such as targeting the major infrastructures of the country such as their major dams or by disrupting the transportation by disabling time systems or by targeting the communication system of the country which would obviously cause havoc. The most common kinds of cyber-attacks include phishing, malware attacks, denial of service attacks and eavesdropping. The attacks could be initiated by a state or even certain international organizations with the intent to harm and damage the other country’s digital infrastructure. The main aim of conducting such attacks is to weaken the adversary’s digital structure thereby causing harm and disruption in the whole region/state.  

Is Cyber Security a humanitarian concern?

There are a million ways through which crimes occur in the virtual domain. Yet the international humanitarian law does not extend its application unless it involves an armed conflict. Even in cases of armed conflict the statutes are not efficient enough to regulate the crimes. The controversy of whether all the cyber activities should be included under the ambit of International Humanitarian Law seems to be a never ending one although there are barely any few individuals who would not want such an intervention. The fact that in today’s post globalized era, there is barely anyone who can survive without the internet. From undue access to one’s personal details to denying people access to information through methods like internet shutdowns, are violations of the basic human rights granted to people.

These attacks amount to breach of confidentiality of information which eventually leads to targeted attacks on human right activists or journalists or any such people involved in humanitarian work. An example to support this is the Saudi government targeting and hacking the cell phone to trap the communications between their dissident Omar Abdulasziz and a journalist which eventually lead to the death of the Saudi journalist Jamal kashoggi. The UN Guiding Principles on Business and Human Rights clearly lays down the responsibility of the private sector to respect human rights and to make efforts to mitigate the harm caused. Yet there has been no measures called for. 

Existing International treaties to regulate Cyber Warfare

There are various treaties with respect to International Aviation Law, International Outer Space Law, Law of the Sea, International Telecommunications convention and the Arms Control Treaties which mentions putting an end to cyber warfare. The UN convention on certain conventional weapons suggested the regulating of the cyber weapons has been adopted by various countries. Further in 2001, the Council of Europe Convention had suggested that the convention could serve as a framework to combat cyber warfare. However, the biggest drawback was that it didn’t really talk about the large scale state organized cyber warfare but just restricted to cyber-crimes like child pornography and such others. The NATO Cooperative Cyber Defense Center of Excellence is a NATO accredited military organization which deals with matters pertaining to cyber security and its main aim is to promote international cooperation and work towards international cyber defense.

However, a few notable ones which can be of use are as mentioned below:

1. United Nations convention against transnational crime which obligated the states to adopt framework for extradition and to make laws against organized criminal groups.
2. The report of the European Union Committee of the UK which examined the role of the European Union as the protective power and also proposed for the creation of the Computer Emergency Response Teams abbreviated as the CERT’s.
3. The 2010 resolution by the UN regarding ‘the creation of a global culture of cybersecurity and taking stock of national efforts to protect critical infrastructure and information.’

Challenges to overcome

Although a standard international statute might be successful in enabling the eradication of all the cyber-attacks being conducted to an extent, the most primary challenge that needs to be addressed is the determination of the original identity of the attacker since cyberspace allows for the anonymity of the individual. In the virtual world it is very difficult to track the real geographical location or the identity of the attacker. Say even one is successful in tracking down the attacker, the question regarding where the legal proceedings against the attacker should be initiated is a concern. Jurisdiction is one of the most fundamental issues in cyberspace. Further, all the laws that are being made should be only with the compliance of all the countries which practically is not very far from impossible. Further another challenge is with respect to arbitration of cyber-crimes and how it entices the cyber criminals.

International arbitrations include sensitive and personal details of the parties which if leaked can defame the parties or even cause a whole havoc. With a recent shift from the traditional judicial process to arbitration where parties necessarily are not from the same jurisdictions, the proceedings are held virtually. The transferring or storage of data in cross border litigation are not always immune from cyber risks putting their information at a risk of being leaked out for the world to see. 

Conclusion 

In today’s world, the technological advancements is directly proportional to the security risks contained with it. Cyber-crime is an international menace which has been successful in not being able to be regulated at an international level. Although a good number of countries in the world have signed treaties and implemented laws to curb cyber-attacks that proves to be not very sufficient due to the geographical differences and morality factor that differs with each place. What could be considered legal in one country might not be acceptable in another. There is a dearth of an international statute to deal with the issues arising in cyberspace between two countries.

In a world which is aiming at digital sovereignty, the existing laws would not suffice the need of the hour. The very negligence of not taking this issue seriously will cause serious consequences on mankind destroying the peace of the sovereign countries and the people therein. The network connectivity of cyber-crime makes it one of the most dangerous and globalized crimes. There needs to be a universal level of cooperation between countries in addressing these complexities only then can the technology serve the future with the best and not to sell menace since cyberspace is ever evolving.

References

• https://papers.ssrn.com/sol3/papers.cfm?abstract_id=1673785 
• https://www.britannica.com/topic/cyberspace 
• Dictionary of Military and Associated Terms http://www.dtic.mil/doctrine/dod_dictionary/data/c/10160.html
• https://www.rand.org/topics/cyber-warfare.html 
• https://www.apc.org/en/news/why-cybersecurity-human-rights-issue-and-it-time-start-treating-it-one 
• https://papers.ssrn.com/sol3/papers.cfm?abstract_id=1673785 
• ALDRICH 20; SHACKLEFORD 220; SCHAARP 161; GREENBERG CHAPTER 2SEL2; HOLIS 1051
• International Telecommunications Conventions, Oct 25, 1972, arts 4, 35, 28
• https://convention.coe.in/treaty/en/treatieshtml/185.htm
• https://papers.ssrn.com/sol3/papers.cfm?abstract_id=1673785
• https://ccdcoe.org/ 
• https://guides.ll.georgetown.edu/c.php?g=363530&p=4821478 
• House of Lords, European Union Committee F(home affairs), 5th Report of Session 2009-10 (http://www.publications.parliament.uk/pa/Id200910/Idselect/Ideucom/68/68.pdf) 
• UNGA Res/58/199, Fifty-eighth session, ‘Creation of a global culture of cybersecurity and taking stock of national efforts to protect critical information infrastructure’
• https://uk.practicallaw.thomsonreuters.com/w-003-5790?transitionType=Deafult&contextData=(sc.Default)