Last two or even three decades we have been witnessing a huge increase in the use of technology. Despite all benefits, it additionally urges a big deal to regulate such a wide sphere as cyberspace. Nowadays, among other things, the most threatening or even wild matter is the legal regulation of cyberspace by international law.
This article is concerned with two main and most demanding pillars of international cyberspace regulation – in times of armed conflicts and cybercrimes. However, the article is split up into two parts, the first part will present the matter of cyberspace and armed conflicts, and the second part will present the issue of cybercrimes.
As known, international law (lex generalis) and international humanitarian law (lex specialis) are assigned to regulate the armed conflicts between States and/or non-state actors. Here is a trick, subjects who mostly violate (through their agents) are entitled to establish legal rules. It leads to the question: Would they really like to have more rules?
Our attempt to answer this question needs to add two more: What kind of regulations do we need? How could we find a balance between the State’s desire to destroy each other and the notion of humanity?
- Attempt to legislate
It is clear, that States are the primary legislators (creators) of rules in international rules, however, it is better to say, that presence of State consensus is a real legislator. Despite the fact, that international humanitarian law (IHL) is one of the most codified fields in international law in general, the last big update was in 1977 when the Additional Protocols were accepted. It is possible to say, treaties that restrict the use of particular weapons (for instance, chemical or biological and so on) are more updated, but it is more about weapon control and means of warfare (which is a part of IHL). The problem is that the primary rules are oriented toward physical (kinetic) warfare, but not cybernetic (cyber).
Another issue here, which was already mentioned, is consensus between States, more precisely between major players (US, China, India, Russia, Japan, Australia, the UK and the EU). These players have too broad disagreements regarding cyberspace regulation, for instance, when the EU countries (France, Germany) support the idea of common international regulation (Tallinn Manual), China perceives it as a militarization of cyberspace, the US develops its own position, Russia mostly does not care and does not even hide its activity.
So, the main question is how to overcome the lack of consensus. It is possible to offer two prospects. The first one is based on the already existing body of judicial and quasi-judicial agents (ICJ, ICC and so on). The interpretation is a highly powerful mechanism for making changes and developing international law, however, it is extremely expressive and time-consuming, additionally, the polarization and politicization of these institutions somehow «knock in a door».
The second option is soft law, which means the major role of international organisations (IO) in developing standards of conduct (guidance, good practice and so on). For IHL the primary IO is The International Red Cross and Red Crescent Movement. However, the biggest weakness of soft law is the lack of obligation, it does not have the legal power and is totally based on pollical accountability.
Nevertheless, both options might be combined and judicial and quasi-judicial bodies could use the non-binding instruments in the interpretation process because it clearly demonstrates the development of IHL.
- How to legislate?
Another issue which is closely connected to the previous one is the form of legislation. In international law, there are a few ways to create a binding instrument for all States (for violations of which they might be held responsible).
The first option is an international treaty (Convention, etc) between States, despite the pretty broad number of benefits of the idea of cyberspace regulation, it demands a certain level of commitment from the Parties of the treaty. Here, it is possible to get stuck in the fundamental issue – State sovereignty and the Lotus principle. The too-broad range of approaches to cyberspace is not a stable ground for an international treaty.
The second way is the creation of international custom (IHL already has it), however, it still demands consensus between States, due to the nature of the custom as a source of IL. To declare a certain type of conduct international custom three conditions are needed: 1) the presence of widespread State practice; 2) States perceive this conduct as an obligation (opinion juris) and 3)thenumber of States must support it, but not oppose. Taking into account the polarization within States’ approaches, it takes a while to create a proper custom. However, still there is a chance to reach agreements (by conduct) to decrease using of cyberspace tools against civilian objects in wartime. Soft law is an extremely suitable mechanism for creating international customs.
The third way is already motioned, it is a judicial decision by international judicial bodies.
Additionally, there is a need to determine what kind of rule is more appropriate in cyberspace regulation: rule or standard? Due to all preconditions which have been pointed out, the idea of establishing the rule in a classical legal meaning is too weak. The idea of the rule is to establish a precise way of behaviour which does comply with the rule, however, rules have clear downsides, and they might have broad gaps. These gaps usually are used by subjects to avoid the application of the rule, as a result, to avoid responsibility.
The idea behind the standard is to establish the frame of conduct. The standard might have a positive impact on general regulation. Standard is closer to customs and might be developed by IO with the support of the States. Moreover, the standard of conduct gives more freedom for IO and judicial bodies, so they might determine the essence of it case by case. The soft law could be a good tool for the standard due to its flexibility.
- Who ought to legislate?
The last part of the article is dedicated to the no less important issue of duty to legislate or more precisely, the legal ability and capacity to do so. Before, a few times emphasized the role of States’ consensus and its power. However, reaching common ground between States is a pretty demanding aspiration. That is why the role of IOs have increased, despite all regional fragmentation. Despite the creation by the States or another IO, IOs have a special purpose to exist or function.
IOs could and are the most suitable forum for creating shared positions regarding cyberspace regulation in wartime.
Of course, it is possible to say, that States are capable of calling a conference for the purpose of developing the mechanism of regulation, but in this case, remember the creation of WTO and its rules.
The question is, which organisation should be chosen as the forum? It is possible to name two possible solutions: the United Nations (UN) and The International Red Cross and Red Crescent Movement (ICRC). Despite all benefits of choosing any of these Organisations, each of them has a deep backside which might lead to failure.
The UN is becoming more and more politically dependent and fragmentation inside the UN seems to be longstanding, additionally, the UN approach to this question could be more compromise than consensus. Nobody likes to compromise, especially when it comes to the regulation of warfare.
ICRC was and still is a protector of IHL, last year’s Organisation is active in the sphere of cyberspace and already has lots of developments. The issue here is a soft law approach. Unfortunately, for ICRC is extremely hard to keep States together and create new binding mechanisms.
Conclusions
Answering all questions which have been pointed out, it is possible to say, that there is a need for common regulation of cyberspace.
Firstly, States ought to find common ground before cyberspace will become a place without rules and control. Losing control in cyberspace is a nightmare for all players in cyberspace, especially, if private actors will take charge.
Secondly, the idea of an international treaty is achievable, but it is better to start by accepting the general standard, which does not interfere too much with State’s approaches towards cyberspace in wartime.
Thirdly, due to a bug number of approaches towards cyber in wartime, it is better to stick to the ICRC’s already existing framework and on the basis of this develop the general standard.
By The European Institute for International Law and International Relations.
