Are States Interested in the Application of International Law in Cyberspace? – HUJI CyberLaw Newsletter Editorial #6 | The Federmann Cyber Security Center

Welcome to the sixth newsletter of the HUJI CyberLaw Program.

Our program focuses on studying the manner in which cyberspace is regulated, what sort of liability is imposed on different actors, and how can the law be effectively enforced. The discussion of such questions in the context of domestic legal system presents myriad challenges due to the incongruity between governmental control over territory and the deterritorialized features of cyberspace, and due to gaps between the regulatory capacity of governmental and private actors (i.e. tech companies). Moving on to the international realm introduces new complications. This is partly because the traditional shortcomings of international law – lack of centralized law-making, paucity of courts with general and compulsory jurisdiction and limited enforcement capabilities – hinder the development and application of international law to new regulatory challenges. Still, a more difficult conundrum presents itself: are states even interested in the application of international law in cyberspace?

A recent research paper, co-written by Brig. Gen. (retired) Dan Efrony and myself, which is discussed in our inaugural Lex Cybernetica podcast, shows that states that have been targeted by a cyber-attack often do not admit that they were attacked; even when they admit that they were attacked, they are not quick to attribute responsibility; and even when they attribute responsibility, they sometimes do not invoke the right to take counter-measures. In not a single case has a state invoked the Tallinn Manuals provisions for the use of force against cyberattacks, including in response to attacks that caused serious material, political, and security harm. Arguably, the research shows that in this field – like in some other fields in which actors targeted by cyber-attacks, crimes or acts of espionage – the law plays a modest role in regulating interactions and providing remedies for harms. It is remarkable that some of the most sensitive areas of human interaction in cyber-space – international cyber-attacks – remain under-regulated in law and in practice.

The question confronting us is what, if any, adjustments are required in legal rules, legal institutions and procedures, and enforcement mechanisms, in order to render the law relevant once again. This is, in a way, our Program’s key challenge, and much of our research work in international law, but also in domestic law, criminology, and public policy is designed to bridge the growing gap between law, practice, technology, values, and interests. We therefore study questions such as the need to develop online human rights, strengthen civil liability for cyber-breaches, use technology for improved prevention of cybercrime, regulate new machine-brain online interfaces, create new cyber security ecosystems, and develop attribution procedures.

It is this need to “think outside the box” and, at time, construct a new box, that makes our work in the Program so exciting. And in many of the areas we work on – including in international law, where the push back against legal rules adds to chronic weakness of law-making and law-applying institutions – such intellectual excitement is also supplemented with a sense of urgency. Hopefully, research in these areas can make a real positive difference. I thank you for your interest and support. As always, we look forward to receiving your thoughts and comments about our activities.

Sincerely,
Yuval Shany
Program Director

Are States Interested in the Application of International Law in Cyberspace? – HUJI CyberLaw Newsletter Editorial #6

Latest News

Comment on Fairness in the Context of the Israeli Credit Scoring Initiative

Interview - Maria Varaki

Interview - Eduardo Iglesias Jiménez

New Lex Cybernetica Podcast – Vulnerability of Smart Medicine

New Blog Post – Bursting the Bubble on Echo Chambers of Radicalization