Previous 2 / 4 Next

constitutes a use of force at international law. Such effects may include death, serious injury to persons, or significant damage to the victim state’s objects and/or state functioning. In assessing the scale and effects of malicious state cyber activity, states may take into account both the immediate impacts and the intended or reasonably expected consequential impacts. 8. Cyber activity that amounts to a use of force will also constitute an armed attack for the purposes of Article 51 of the UN Charter if it results in effects of a scale and nature equivalent to those caused by a kinetic armed attack. As an example, cyber activity that disables the cooling process in a nuclear reactor, resulting in serious damage and loss of life, would constitute an armed attack. Non-intervention 9. Malicious state cyber activity may be inconsistent with the rule of non-intervention. Such activity will violate the rule of non-intervention if it: a. has significant effects on a matter which falls within the target state’s inherently sovereign functions / domaine réservé (e.g. the right freely to choose its political, economic, social and cultural system, or matters such as taxation, national security, policing, border control, and the formulation of foreign policy); and b. is coercive (i.e. there is an intention to deprive the target state of control over matters falling within the scope of its inherently sovereign functions). Coercion can be direct or indirect and may range from dictatorial threats to more subtle means of control. While the coercive intention of the state actor is a critical element of the rule, intention may in some circumstances be inferred from the effects of cyber activity. 10. Examples of malicious cyber activity that might violate the non-intervention rule include: a cyber operation that deliberately manipulates the vote tally in an election or deprives a significant part of the electorate of the ability to vote; a prolonged and coordinated cyber disinformation operation that significantly undermines a state’s public health efforts during a pandemic; and cyber activity deliberately causing significant damage to, or loss of functionality in, a state’s critical infrastructure, including – for example – its healthcare system, financial system, or its electricity or telecommunications network. Sovereignty 11. The principle of sovereignty prohibits the interference by one state in the inherently governmental functions of another and prohibits the exercise of state power or authority on the territory of another state. In the physical realm, the principle has legal effect through the prohibition on the use of force, through the rule of non-intervention and also through a standalone rule of territorial sovereignty. Subject to limited exceptions (e.g. authorisation by the United Nations Security Council, self-defence, consent), that standalone rule prohibits a state from sending its troops or police forces into or through, or its aircraft over, foreign territory, and prohibits a state from carrying out official investigations or otherwise exercising jurisdiction on foreign territory. 12. In the cyber realm, the principle of sovereignty is given effect through the prohibition on the use of force and the rule of non-intervention. New Zealand considers that the standalone rule of territorial sovereignty also applies in the cyber context but acknowledges that further state practice is required for the precise boundaries of its application to crystallise. 13. In New Zealand’s view, the application of the rule of territorial sovereignty in cyberspace must take into account some critical features that distinguish cyberspace from the physical realm. In particular: i) cyberspace contains a virtual element which has no clear territorial link; ii) cyber activity may involve cyber infrastructure operating simultaneously in multiple territories and diffuse jurisdictions; and iii) the lack of physical distance in cyberspace means malicious actors can apply instantaneous effects on targets without warning. These features present unique opportunities for malicious actors and significant defensive challenges for states. They also make it difficult for states to prevent malicious cyber activity being conducted from or routed through their territory. 14. Bearing those factors in mind, and having regard to developing state practice, New Zealand considers that territorial sovereignty prohibits states from using cyber means to cause significant harmful effects manifesting on the territory of another state. However, New Zealand does not consider that territorial sovereignty prohibits

Select target paragraph3

● ● ●

The Application of International Law to State Activity in Cyberspace

Document

State

New Zealand

Type of Document (for States): Legal Framework-Related Documents: Views on International Law

Topics

Critical Infrastructure
Cyber Espionage
Data Protection
Human & Digital Rights
National Cyber Defense
Views on International Law

United Nations Regional Group

Western European and other States

Summary

The document states that the international law applies online as it does offline. Applicable international law includes: the United Nations Charter; the law of state responsibility; international humanitarian law; and international human rights law.
It specifies activities involved in cyberspace (a human component; a tangible, physical component; an intangible virtual component);
Includes section dedicated to the use of force, non-intervention, sovereignty, due-dilligence, and responding to cyber malicious cyber activity.

Source Link 1: https://dpmc.govt.nz/sites/default/files/2020-12/The%20Application%20of%20International%20Law%20to%20State%20Activity%20in%20Cyberspace.pdf

Year Published: 2020

Date Published: Dec 1, 2020

Document Language(s)

English

Preview

Map

Latitude: -40.900557

Longitude: 174.885971

Map (linked Document): New Zealand

Primary Documents

2020_New Zealand_en_The Application of International Law to State Activity in Cyberspace.pdf
english
Download View