INTERNATIONAL LAW AND CYBERSECURITY: LEGAL CHALLENGES AND EMERGING FRAMEWORKS

This Article is written by Thuraya Hatim of University of Khartoum, an intern under Legal Vidhiya

Abstract

This article addresses the intersections between cybersecurity and international law and its legal challenges and emerging frameworks. The digital age we are living in right now forces us to set out legally binding instruments by which countries can rule. There are some frameworks that have been set out, such as The European Union’s Convention on Cyber Crime from 2001, NATO’s cyber security framework, solidified in the 2014 Cyber Defense Policy, and the Information Security Special Interest Group (UNISSIG) dedicated to that had been established by the United Nations, these frameworks had an impact on the cyber security field. Still, they could have been more effectively applied, and the reason for that is the conflict of laws, sovereignty issues, and international contradictions with laws in this field.

Countries need to cooperate internationally to establish strong, binding legal frameworks to combat cybercrimes and cyberattacks. Capacity building is also needed as an accountability mechanism to ensure that countries respect each other and prevent them from committing more crimes in the future.

Keywords

International Law, Cyber Security, International Conventions, Cyber Crimes, Frameworks, Digital Age, Sovereignty.

Introduction

The digital age we are living in has made our lives easy and fast because everything can be done with a click on our phones or computers. However, some people benefit from Cyberspace by misusing it to harm other people by stealing the money that is in their bank account or by blackmailing them with private information that they got by hacking their phones. Not only can people misuse Cyberspace, but states can also use it against each other, as what is happening now in today’s wars around the world is known as cyberwars. That is where the importance of cybersecurity arises.

Cybersecurity is one of the significant concerns of states and international law now since it affects every aspect of life, such as politics, economics, the health sector, and law. The concept of cybersecurity involves the techniques and measures that help secure various digital components like network data and computer systems from unauthorized access. Achieving cybersecurity will ensure data protection, individual privacy, and intellectual property rights.[1]

Cyberattacks and crimes have increased in recent years; in order to deal with these crimes, a coherent legal framework is necessary to address risks and protect rights in Cyberspace, so we need international laws and regulations to effectively address these problems. Despite this, there are still significant challenges in international law. The causes of this occur due to differences in legal systems and policies between countries, as well as difficulties in international coordination and cooperation in law enforcement.[2]

In order to protect Cyberspace by international law, there must be an effective framework and international cooperation between states. Because of the lack of these two elements, there is no international convention that regulates cybersecurity. There are indeed some conventions and principles that are existing, such as The European Union’s Convention on Cyber Crime from 2001 and NATO’s cyber security framework, solidified in the 2014 Cyber Defense Policy. The Information Security Special Interest Group (UNISSIG) dedicated to that had been established by the United Nations in 2011.

History of Cybersecurity and International Law

There is a long history of states trying to overcome the problems that come with using Cyberspace, like cybercrimes, cyberattacks, and cyberterrorism. Every aspect of life has changed with the full reliance on Cyberspace in our world; even the wars between countries have changed. So, one of the first global endeavors cooperation to achieve cybersecurity is The Group of Governmental Experts (GGE), which was established by the UN in 2003 to evaluate the influence of information and communication technologies (ICT) developments and to propose responsible state behavior in Cyberspace. in the 6^th meeting of the (GGE) that was held in 2021 concluded with an understanding of some nonbinding norms and the adding of the Law of Armed Conflict principles. However, the GGE was kind of successful and had an influence due to the non-binding nature of the adopted norms and their unclear articulation, which made their internalization weak when each side interpreted them differently.[3]Another endeavor for the United Nations General Assembly is authorizing an Open Ended Working Group (OEWG) as a process that resembles the GGE. Both GGE and OEWG had issues applying them at an international level; the key issues are the proliferation of Cyberspace, the inconsistencies in the notion of state sovereignty and its application in Cyberspace added to that the disagreements about the nature of cybersecurity governance, and the policies that have been put into place so far. [4]finally, the Information Security Special Interest Group (UNISSIG) that focused on the crucial area of information security, it was established in 2011 by The Digital and Technology Network (DTN). The UNISSIG is a primary method in the UN system for encouraging inter-agency cooperation and collaboration on matters related to information security.[5]

One of the most essential instruments in international law in this field is The European Union’s Convention on Cyber Crime, also known as The Budapest Convention 2001, which came into force in 2004. The convention establishes the foundation for international cooperation in the field of cybersecurity. In addition to governing the procedural laws pertaining to these offenses, the Cybercrime Convention acts as a model for other nations hoping to create legal frameworks that will discourage cybercrimes. The participating states are expected to standardize how procedural laws are applied to cybercrime investigations as part of this agreement; even though the convention is considered to be a significant step toward achieving cybersecurity, there is still some improvement that can be done to make it more practical such as, a more comprehensive legal framework is needed to tackle the increasing complexity and diversity of cyber crimes and the need for more effective cooperation and exchange of information to prevent and respond to cybercrime globally.[6]

The Cyber Defense Policy of 2014 also set up a framework for cyber security within NATO, recognizing Cyberspace as an operational domain alongside land, sea, air, and space. This policy emphasizes that cyberattacks could trigger Article 5, meaning an attack on one member could be seen as an attack on all. To enhance defense against cyber threats, the policy enhances coordination, resilience, and rapid response capabilities among member states. This approach was reinforced at the 2016 Warsaw Summit, where cyber defense was designated as a critical element of collective security and incorporated into NATO’s broader defense planning and operations.

The Universal Cybercrime Convention is the latest development in global cybersecurity, awaiting adoption by the UN General Assembly. In December 2019, the idea of a comprehensive international convention to counter the criminal use of information and communication technology was introduced to the General Assembly, leading to significant division within the global community. The convention is scheduled for presentation to the UN General Assembly this year. Upon acceptance, member countries will have the opportunity to sign and ratify it. The convention will require 40 signatories by December 2026 to come into force.[7]

The Challenges of Cybersecurity in International Law

The obstacles that stand between cybersecurity and its application on the global level are many; the key issues are:

1. Sovereignty issues: there are contradictions between the principle of sovereignty in international law and Cyberspace which leads to uncertainty when trying to apply the notions of Cyberspace in the traditional concepts of states’ sovereignty.
2. Conflicts of laws: when there is a conflict between two countries, which law must be applied? And how is the international law is going to influence the jurisdiction? Determining which rules should apply to online activities and where disputes should be resolved can lead to legal uncertainties and conflicts.
3. Cyberattacks and the use of force: the application of article 2(4) in the UN charter, which is about the use of force, and article (51) in the UN charter, is about the right to self-defend is not confident in the Cyberspace, and it is causing a lot of problems when it comes to application. Not only this, but it also contradicts international humanitarian law (IHL); Cyberspace has opened up an entirely different theatre of war that needs to be explored. The war is not as traditional as it used to be in the past; now, countries attack each other via Cyberspace, and these crimes are not familiar to international law.

The upcoming frameworks of international law in the field of cybersecurity must be updated and keep pace with rapid changes in Cyberspace to be inclusive of all laws and not inconsistent with one of them, and in order to achieve that, the countries must:

1. International cooperation and coordination: States must be very aware that in order to stop cybercrimes, cyberattacks, and cyberterrorism, there must be a cooperative endeavor to achieve their goal through conventions and other legal instruments.
2. Capacity building: the developed countries must help developing countries by mechanisms that let them fight cybercrimes and create a strong legal framework.
3. Accountability mechanisms: Strict punishments and sanctions are the best way to fight a rising crime. The future legal instruments must contain strict sanctions so the states can think twice before operating to harm another state by cyberattacks in addition to Solving conflicts that stem from cyber incidents through the creation of dedicated global tribunals or arbitration systems could be instrumental in upholding international rules and regulations in the digital realm.[8]

Cases in The Field of Cybersecurity

There are a lot of landmark cases and events that helped with shaping the cybersecurity in international law, like:

1. Equustek, a Canadian company, took legal action against Datalink in the case “Google Inc. v. Equustek Solutions Inc.” for selling counterfeit products. After failing to stop Datalink, Equustek sought a global injunction against Google to remove Datalink’s websites from search results. The Supreme Court of Canada upheld the injunction, emphasizing Google’s global reach as reasoning and the necessity to prevent harm. This case not only underscores the delicate balance between free speech and intellectual property rights but also sets a precedent for enforcing national court rulings beyond borders in the digital age, underscoring the complexities of global enforcement and jurisdiction.[9]
2. Power Ventures, a company, allows users to manage all their social media accounts from a single platform. In 2008, Facebook sued the company, alleging that it violated the federal Computer Fraud and Abuse Act (CFAA) and California’s state equivalent by allowing users to access Facebook data after Facebook had blocked a specific IP address Power used to access the data. Facebook also claimed that Power’s encouragement of users to invite friends to try Power through Facebook’s Events feature violated the CAN-SPAM Act, a federal law prohibiting the sending of commercial emails with misleading information. This was due to the email header information allegedly appearing from Facebook rather than Power. The district court’s ruling in February 2012 found Power responsible for both claims and in September 2013, Power was directed to pay over $3 million in damages to Facebook. According to the Electronic Frontier Foundation (EFF), Facebook’s legal stance could negatively impact both future innovators and consumers, potentially criminalizing commonly accepted internet behavior.[10]
3. the day is 26 February 2022. The world was hit with breaking news that Anonymous has hacked Russian state TV channels. A hacktivist collective and movement who have made a name taking part in multiple cyber wars in the past decade, this was in response to the Russian aggression on Ukrainian territory in the hopes of annexation. Anonymous hacked the Russian state TV networks to combat propaganda in Russia and highlight the damage to life meted out by the Kremlin in Ukraine. They also hacked 120,000 Russian troops’ personal information, and the Russian central bank stole 35,000 files. This was a clear indicator of how cyber war can change the momentum in battle, something that people had never seen so closely.
4. In the 2018 U.S. midterm elections, Russia was accused of conducting a series of harmful cyberattacks similar to those in the 2016 presidential election. They aimed to interfere with the election process by trying to access election infrastructure, spreading misinformation, and influencing public opinion through social media. Russian groups, including the Internet Research Agency (IRA), employed controversial strategies to target voters, exploiting social, political, and racial divisions to manipulate voting behaviors and undermine public confidence in the democratic system.

Conclusion

To sum up, international law in the field of cybersecurity intersects with every aspect of our lives. Because of that, international law must have a strong framework that sets out fundamental principles and laws to regulate the cybersecurity field.

The endeavors of international law until today, like The European Union’s Convention on Cyber Crime from 2001, NATO’s cyber security framework, solidified in the 2014 Cyber Defense Policy, and the Information Security Special Interest Group (UNISSIG) dedicated to that had been established by the United Nations is not enough to secure the Cyberspace, and there is a particular need for a new binding legal instrument to regulate the Cyberspace and protect it from crime and attacks.

Cybercrimes and cyberattacks can affect any country worldwide, and because of this, countries need to unite internationally to stop these crimes and punish the perpetrators. The effective application of international law in the cybersecurity field can be achieved through cooperation and coordination between states, setting out accountability mechanisms, and capacity building.

References

1. Cybersecurity | United Nations https://unsceb.org/topics/cybersecurity#:~:text=UN%20Information%20Security%20Special%20Interest%20Group&text=UNISSIG%20is%20the%20principal%20mechanism,security%20within%20its%20member%20organizations. ( visited at 19-8-2024)
2.   Facebook v. Power Ventures [WWW Document], 2014. Electronic Frontier Foundation. URL https://www.eff.org/cases/facebook-v-power-ventures#:~:text=In%202008%20Facebook%20sued%20the,that%20Power%20violated%20the%20CAN%2D.(visited at 19-8-2024)
3. Google LLC v. Equustek Solutions Inc. (Equustek II) – Global Freedom of Expression [WWW Document], 2023. Global Freedom of Expression. URL https://globalfreedomofexpression.columbia.edu/cases/google-llc-v-equustek-solutions-inc/.(visited at 17-8-2024).
4. Hassid, N. and Matania, E., A Global Regime for Cybersecurity and the Obstacles to Future Progress. Global Governance: A Review of Multilateralism and International Organizations, 30(1),13, 13-27. (2024)
5. Priyandita, G., 2024. The UN cybercrime convention: a victory for state sovereignty | The Strategist [WWW Document]. The Strategist. URL https://www.aspistrategist.org.au/the-un-cybercrime-convention-a-victory-for-state-sovereignty/, (visited at 15-8-2024)
6. Rehman, Z., Beyond Borders: International Law and Global Governance in the Digital Age. Volume .01 Issue .01, Journal of Accounting & Business Archive Review, 1, 1-12 (2023)
7. Sumadinata, W.S., Cybercrime And Global Security Threats: A Challenge In International Law. Volume XI Issue 3 Russian Law Journal, 11(3), 438, 438-444. (2023).

---

[1] Sumadinata, W.S., Cybercrime And Global Security Threats: A Challenge In International Law. Volume XI Issue 3 Russian Law Journal, 11(3), 438, 438-444. (2023).

[2] Rehman, Z., Beyond Borders: International Law and Global Governance in the Digital Age. Volume .01 Issue .01, Journal of Accounting & Business Archive Review, 1, 1-12 (2023)

[3] Hassid, N. and Matania, E., A Global Regime for Cybersecurity and the Obstacles to Future Progress. Global Governance: A Review of Multilateralism and International Organizations, 30(1),13, 13-27. (2024)

[4] Hassid, N. and Matania, E., A Global Regime for Cybersecurity and the Obstacles to Future Progress. Global Governance: A Review of Multilateralism and International Organizations, 30(1),13, 13-27. (2024)

[5] Cybersecurity | United Nations https://unsceb.org/topics/cybersecurity#:~:text=UN%20Information%20Security%20Special%20Interest%20Group&text=UNISSIG%20is%20the%20principal%20mechanism,security%20within%20its%20member%20organizations. ( visited at 19-8-2024)

[6] Sumadinata, W.S., Cybercrime And Global Security Threats: A Challenge In International Law. Volume XI Issue 3 Russian Law Journal, 11(3), 438, 438-444. (2023).

[7] Priyandita, G., 2024. The UN cybercrime convention: a victory for state sovereignty | The Strategist [WWW Document]. The Strategist. URL https://www.aspistrategist.org.au/the-un-cybercrime-convention-a-victory-for-state-sovereignty/, (visited at 15-8-2024)

[8] Rehman, Z., Beyond Borders: International Law and Global Governance in the Digital Age. Volume .01 Issue .01, Journal of Accounting & Business Archive Review, 1, 1-12 (2023)

[9] Google LLC v. Equustek Solutions Inc. (Equustek II) – Global Freedom of Expression [WWW Document], 2023. Global Freedom of Expression. URL https://globalfreedomofexpression.columbia.edu/cases/google-llc-v-equustek-solutions-inc/.(visited at 17-8-2024).

[10] Facebook v. Power Ventures [WWW Document], 2014. Electronic Frontier Foundation. URL https://www.eff.org/cases/facebook-v-power-ventures#:~:text=In%202008%20Facebook%20sued%20the,that%20Power%20violated%20the%20CAN%2D.(visited at 19-8-2024

Disclaimer: The materials provided herein are intended solely for informational purposes. Accessing or using the site or the materials does not establish an attorney-client relationship. The information presented on this site is not to be construed as legal or professional advice, and it should not be relied upon for such purposes or used as a substitute for advice from a licensed attorney in your state. Additionally, the viewpoint presented by the author is personal.