The 2013 GGE report stated that international law, and in particular the Charter of the United Nations, is applicable and is essential to maintaining peace and stability and promoting an open, secure, stable, accessible and peaceful ICT environment.
The 2015 GGE report offered views on how international law applies to the use of ICTs by States and touched upon State sovereignty, sovereign equality, settlement of disputes by peaceful means and non-intervention; obligations to respect and protect human rights and fundamental freedoms; application of the UN Charter in its entirety including the inherent right of States to take measures consistent with international law and as recognized in the Charter; the principles of humanity, necessity, proportionality and distinction; obligations regarding internationally wrongful acts. The OEWG and the GGE are continuing to discuss how international law applies in cyberspace.
This session seeks to provide an opportunity for multi-stakeholder participants to discuss the importance of international law in cyberspace, including for non-state actors, and on ways to deepen common understanding on “how” international law applies in cyberspace. Although the OEWG has discussed the section on international law in the draft report, non-governmental participants are welcome to express views on the draft report.
This session is co-chaired by:
Q: There a many many legal gaps and we need a comprehensive international treaty specially for Cyberspace for areas like Data governance, cybersecurity, cybercrime and internet governance and global digital responsible behaviors framework
Global Commission Stability in Cyberspace
Q: Be careful to qualify trans-border "disinformation" as illegal intervention into interntal affairs of other states. The risk is that governments determine what "disinformaiton" is and the free flow of information gets the victim of censorship. This is slippery territory.
Q: I am a lawyer with the UK Government and wanted to add (without needing to take the floor) that this has been a fascinating discussion which shows the value of involving all relevant stakeholders in the dialogue. It is an excellent initiative in which the UK is pleased to participate.
Managing Counsel, DXC Technology
Q: We heard earlier from Microsoft (thank you), MNCs can contribute via participation in the Paris Call and the Oxford Process. How else can corporations contribute and develop trust between technology companies and States?
Q: @François Delerue : we still remember when Internet was called "Information Superhighway". And IT is short for Information Technology. So pretty much everything is about one thing - information And that exactly is being attacked here : information. Disinformation campaigns destroy integrity of information. Makes it hard for people to find the information that they need. Instead they're being fed with false information - with very disturbing results : ethnic mass killings, children's deaths due to low rate of vaccination level due to vaccine-related hoaxes, riots on the streets, rising level of extremism and radicalism, society's polarization, and democracy disrupted & damaged even in big nations by disinformation campaigns done by foreign actors. Disinformation campaigns used to be very hard and very expensive to carry out. Cyberspace makes it easier to carry out this attack, cheaper, and with bigger impact.
Q: How can we collaborate through civil organizations to promote the adoption of applicable cybersecurity regulations, laws or frameworks, such as the Paris call or the Budapest Convention on cybercrime by the government sector in emerging countries that currently do not have policies, laws or intentions to adopt cybersecurity strategies to track digital crimes, and thus generate international collaboration to guarantee investigations and therefore a better digital ecosystem for civil society?
Q: How important do we think it is that the GGE or OEWG actually take at least one concrete position on international law’s application to cyberspace (as opposed to the ongoing debates about whether certain regimes like due diligence “exist” in cyberspace). Do people think the GGE/OEWG can have value if we can’t get a consensus, for example, that States should be prohibited from causing serious adverse consequences to hospitals or vaccine research amidst a globally recognized pandemic). I’m happy to take the floor to elaborate as well.
Q: Given increase in cyber incidents and (political) attributions by some states on others ( or at least their NSAs). Is there a movement at international diplomacy level to create an independent institution to adjudicate cyber conflicts among states ( a la ICJ), setting standards for attributions ( technical and legal) . To ensure that even small states have access to justice (should they be victims from bigger countries). (to Takeshi Akahori)
Q: Tilman made a comment that the ICRC welcomes not only discourse on the how International Law applies in particular circumstances in cyberspace but also development of new rules and norms. What do the panellists think about the thought that there are gaps on how current IL applies in cyberspace and that current IL is inadequate to address the legal issues that arise from the use of ICT?
Q: As Harriet said, there is an important role for other stakeholders in these discussions: Stakeholders can provide perspectives on how international law, inc international humanitarian and human rights law, and the UN Charter applies to the use of ICTs. For example, They can bring evidence of how cyber operations may constitute international wrongful acts, their impacts on individuals and communities, and in that way, they can help to shape the understanding of state obligations in cyberspace. The revised pre-draft of the OEWG doesn’t yet acknowledge this in its section on international law. Evidence is important in enforcing the law and bridging the gap between theory and practice. As Marietje said, accountability needs to be a key goal to move us beyond statements/words on paper. Do you think agreement can be reached among states so that these points are emphasised in the OEWG's report?
Q: I completely agree with the accountability. But, to my understanding IL and criminal law are orthogonal to each other (Liis said vertical vs horizontal). Yet states increasingly seem to delegate malicious operations to criminals. How are we to tackle this? I guess what I’m saying is, that the Internet brings stakeholders closer together, thus the multi stakeholder approaches, yet IL is states only.
Simon van Hoeve
Hague Ctr. For Strategic Studies
Q: Do we think that domestic law and domestic legal approaches should have a larger role in combatting malicious cyber threats? Do existing domestic legal approaches against cyber incidents undermine international legal approaches? For instance, when looking at Advanced Persistent Threat groups, the US has used their department of justice to issue a variety of indictments at the individuals behind several incidents, which has had some impacts on these groups. Do such actions perhaps further politicize cyberspace and thus undermine cooperative efforts, or do you think that such domestic legal avenues establish norms of behavior which are enviable and desirable from an international law perspective?
Q: How to ensure inclusive international discussions in the context of digital divide , how a state may be accountable for cyber operations that rely on its infrastructure in the inter-dependent and inter-connected global Network ?
Q: Thank you very much for organizing such a great event ! I would like to raise a question relating to the recent view released by New Zealand, which refer to a « prolonged and coordinated cyber disinformation operation » as an example of unlawful intervention. I have heard similar comments at different events recently. I agree this may constitute an unlawful intervention, but at the same time I cannot refrain from wondering whether it is appropriate to discuss it together with unlawful interventions in cyberspace, as highlighted by Harriet Moynihan. Indeed, in the case of disinformation campaign, the wrongfulness is not related to its cyber dimension (the way it spreads) but to the content. I would be interested to hear the thoughts of the panelists on that. I think this observation has also important implications for the ongoing discussions and negotiations on cyber (OEWG and GGE) but also on other matters, such as disinformation and digital affairs. Thank you very much.
Q: Many thanks Professor Akande for emphasising that international law is certainly applicable to non-state actors and in relation to cyberspace, and to Liis for also reiterating the importance of a Global Convention for Cybercrime. I am very interested in the furthering of a discourse on international cyber-criminal liability, within the framework of international criminal law. One wonders how we further such discourse. Do we begin from extending the jurisdiction of the ICC to acts of cyber-criminality? Is it even a possibility consideration the nature of cyberspace? Would it relate to a question of scale and degree? Will the Budapest Convention continue to suffice? (I do not think so). Is it a case requiring a reinterpretation of the stipulated jurisdiction of the ICC, so that for example, we begin to reconsider Articles 5-8 of the Rome Statue to extend to acts like cyber terrorism, cyber warfare etc., How do we progress with such a discourse within international law?
Q: How International law can help us to ensure having civilian peaceful and development oriented cyberspace for global public interest instead of turning ICT environment to new battlefield? Why someones want to regulate cyberwarfare and offensive doctrine in cyberspace in the name of applying IHL? If civilian lives matter civilian nature of cyberspace should be kept and protected by International law. We shouldn't allow some countries come to internet as global city with their tanks and cyberweapons. we should prevent and prohibit cyber Hiroshima like Stuxnet in Iran by IL not legitimize it by abusing of self defense with regard to different levels of capabilities.
Wout de Natris
IGF Dynamic Coalition on Internet Standards, Security and Safety
Q: There is no individual, organisation or state that wants to be hacked, phished, abused inline, etc. (This is different from that it may want (to use) these options.) This is a clear baseline in relation to security. Is this baseline a topic there is agreement on and if so, a start to agree on a way forward and if not a potential start? (to Takeshi Akahori)
Q: Hello everyone, Q: How International law can help us to ensure having civilian peaceful and development oriented cyberspace for global public interest instead of turning ICT environment to new battlefield? Why someones want to regulate cyberwarfare and offensive doctrine in cyberspace in the name of applying IHL? If civilian lives matter civilian nature of cyberspace should be kept and protected by International law. We shouldn't allow some countries come to internet as global city with their tanks and cyberweapons. we should prevent and prohibit cyber Hiroshima like Stuxnet in Iran by IL not legitimizing it by abusing of self defense. (to Takeshi Akahori)
Q: This discussion on applicability of international law concentrates on the jus cogens principles sovereignty, non-interference, non use of force, peaceful sttlement of disputes but less on the right to self-dertemination of people. For cyberspace self-determination of people is very crucial. Any comment from Liss, Marjette? From Wolfgang Kleinwächter, Global Commission Stability in Cyberspace
Q: Hello everyone, Q: How International law can help us to ensure having civilian peaceful and development oriented cyberspace for global public interest instead of turning ICT environment to new battlefield? Why someones want to regulate cyberwarfare and offensive doctrine in cyberspace in the name of applying IHL? If civilian lives matter civilian nature of cyberspace should be kept and protected by International law. We shouldn't allow some countries come to internet as global city with their tanks and cyberweapons. we should prevent and prohibit cyber Hiroshima like Stuxnet in Iran by IL not legitimizing it by abusing of self defense. (to Dapo Akande)
Q: We've seen reporting in the USA of attacks on covid vaccine supply chain and research and development. Could this be a focus of transparency efforts, a sort of pilot for private sector companies and states to jointly disclose threats and mitigation measures? (to Marietje Schaake)
Q: Dear Participants, You can take part in the discussion via this chatbox. Thank you!
EU Institute for Security Studies
Q: Welcome to the International Law session. You can tweet about this session using #LetsTalkCyber #UNcyberOEWG