The Geography of International Law and the Cyber Domain

Louise Arimatsu 25th February 2015

The geographical scope of the law of armed conflict (LOAC) has engaged the interest of IHL experts for some years dividing opinion as to whether the reach of the law is determined by the territorial border, the location of the parties to the conflict, or restricted to the site of the hostilities. This is more than just a theoretical question since the consequence of adopting one particular view rather than another can result in different findings as to the legality of the conduct in question. International human rights law (IHRL) experts have likewise concerned themselves with the geographical scope of IHRL albeit in a different vernacular given the different point of departure.

Since the purpose of IHRL is to regulate the state’s relations with persons in its territory, in contrast to LOAC, there is consensus that the law applies throughout the state’s territory. However, divisions have surfaced on whether a state’s obligations are geographically limited to the state’s sovereign territory or, in exceptional circumstance, such obligations arise extraterritorially. Over the years, member states of the European Convention on Human Rights have accepted the idea that their obligations are triggered extraterritorially in situations where they have ‘effective control’ over persons and/or territory irrespective of sovereignty. Arguments persist over specific situations but the principle is now well-established.

The UN human rights bodies have longfavoured a similar approach when interpreting the applicability of a state’s obligations pursuant to the ICCPR. In General Comment 31, the Human Rights Committee expressly maintained that “a State party [to the ICCPR] must respect and ensure the rights laid down in the Covenant to anyone within the power or effective control of that State Party, even if not situated within the territory of the State Party”. Not all states subscribe to this interpretation including, for example, the US which has consistently asserted that the Covenant does not apply extraterritorially.

Measures adopted by the US following the Snowden disclosures have reinforced this distinction exemplified by the legal reforms (even if inadequate) which have been introduced to protect the privacy of US citizens in contrast to the policy announcement that the US would “take into account that all persons should be treated with dignity and respect, regardless of their nationality or wherever they might reside” when conducting digital surveillance operations.

But the challenge does not end there, since even if all states accepted the extraterritorial applicability of the Covenant, the traditional notion of ‘effective control’ sits uncomfortably with the nature of digital operations. One option is for states to agree that control over digital communication infrastructure through tapping or penetration amounts to effective control as suggested by the UN High Commission for Human Rights. An alternative way forward is for states to concede that their obligation is to respect the rights of all persons irrespective of geographical location or effective control. In time this latter option may prove to be the more attractive for technologically advanced states including, most notably the US, demonstrated by the experience of the Obama Administration following the cyber-attack on Sony Pictures in November 2014.

That the hackers violated US criminal law was not in doubt: the attack caused significant destruction and constituted theft on an unprecedented scale. As evidence suggesting North Korea’s involvement in the attack mounted, legal experts opined that the hack also constituted a violation of international law: namely, a breach of US sovereignty. But when Sony cancelled the Christmas release of The Interview in response to subsequent threats by the hackers, as far as the American public were concerned, the perceived wrongdoing constituted – above all – an attack on the freedom of expression. This sentiment was echoed in a White House statement which stated, “we take seriously North Korea’s attack that aimed … to threaten artists and other individuals with the goal of restricting their right to free expression.” But if North Korea does have a legal duty not to violate the freedom of expression of US citizens it must surely be on the basis that its Covenant obligations are extraterritorial in scope. This raises the question of whether, as societies become increasingly networked, states will feel the need to reevaluate the scope of their IHRL obligations, if only for reasons of self-interest.

Author profile

Dr Louise Arimatsu is an Associate Fellow at Chatham House and Honorary Senior Research Fellow in the Law Department at Exeter University. She was a member of the Group of Experts on the Tallinn Manual on the International Law Applicable to Cyber Warfare.

Citations

Louise Arimatsu, ‘The Geography of International Law and the Cyber Domain’ (OxHRH Blog, 25 February 2015) <http://humanrights.dev3.oneltd.eu/the-geography-of-international-law-and-the-cyber-domain/> [Date of Access].

Leave a Reply

Your email address will not be published. Required fields are marked *