|dc.description.abstract||In this dissertation, through four separately published articles, I address several contentious
questions with regard to offensive cyberspace capabilities and the role of international law in the
digital era. Offensive cyberspace capabilities, which for clarity purposes I refer to as “cyberattacks,”
are operations in cyberspace that target the confidentiality, integrity, and availability
(colloquially known as the CIA triad) of information technology systems.1 Throughout these four
articles, I explore contemporary international law as it applies to cyber conflict. I argue interntional
law, at present, is not always well-suited to fully address the full breadth of challenges presented
by the increasing use of cyber-attacks by states. Moreover, cyber-attacks are not used exclusively
by states. For example, civilians and certain organized groups are finding this domain appealing
for achieving their ends.
In Doxfare, I challenge the prevalent view that the prohibition on intervention, in order to
be triggered, should be accompanied with a coercive act. The context of this paper is the 2016 U.S.
election interference, allegedly orchestrated by the Russian government, carried out primarily
through cyberspace. This interference, in the form of hacking the Democratic National Committee
and John Podesta’s e-mail accounts, as well as publishing these e-mails through WikiLeaks
(“doxing”), challenges the very basic notions of wrongful interference under contemporary
international law. The crux of the difficulty is in international law’s inability in delegitimizing
transnational hacking for political purposes, because these acts are often non-coercive, a constitutive element of the norm on non-intervention. This paper argues, that in order to address
transnational election interferences, international law should adapt by redefining the boundaries of
the norm on non-intervention, given that interventions could be in the form of non-coercive
hacking and doxing.
World Wide Web provides a new theory to address cyber espionage through international
law. Traditionally, while most domestic legal systems make foreign espionage illegal, international
law does not explicitly prohibit inter-state espionage, neither does it condemn this well-established
practice. This article argues that changes in surveillance technology enable some serious threats to
international peace and security, and should therefore be treated in a more nuanced manner under
international law – that is, an evaluation of the nature of espionage, the data collected, and the
possible nature of future use of that data. This approach rejects the blanket legitimization of
espionage provided by international law, considering how cyber espionage could potentially
threaten human rights, such as the right to privacy.2
Virtual Violence considers the extent to which international humanitarian law protects
civilians, in an armed conflict, from cyber-attacks that are not kinetic in nature. Intuitively, direct
effects resulting from cyber-attacks may vary from minor inconvenience, to disruption and
interruption, and more rarely – to kinetic effects. Translating into the international humanitarian
law taxonomy – whether disruptive cyber-attacks qualify as “attacks,” therefore requiring that the
adversary using them comply with the rules on conduct of hostilities – distinction, military
necessity, proportionality, and humanity.3 By analyzing current cases of disruptive cyber-attacks the article argues that scope of “attacks” should be adapted to afford better civilian protection from
serious disruptive effects caused by cyber-attacks.
In Hacktivites, I argue that the concept of direct participation in hostilities (DPH) does not
consider the full breadth of cyber activities that civilians could be engaged in, potentially
externalizing these civilians to being classified as civilians who directly participate in hostilities,
thus losing their protected status under international humanitarian law. Such classification could
mean the difference between life and death – since civilians who have taken arms and joined the
hostilities are forfeiting their protection from direct attacks. Junaid Hussein, an ISIS-affiliated
hacker, was the first known case of a civilian who was targeted with lethal force, in relation to his
allegedly hostile cyberspace activities – including the spread of personal information about U.S.
soldiers in active duty. This raises a host of questions about how the DPH’s framework constitutive elements apply in cyberspace, for example – threshold of harm. The paper concludes that there is no uniform interpretation of the DPH framework (comparing U.S., ICRC, and the Tallinn Manual), and that most of these interpretations, when applied to cyber-attacks, adopt overly broad views on what constitutes direct participation in hacktivities.
I have also contributed some of my findings on specialized media platforms – such as Just
Security and Wired. These op-eds are also part of my dissertation, as they demonstrate my research endeavors in a more informal context. They also illustrate my approach to legal scholarship, that outsourcing it to the broader public in a more manageable and succinct manner.||en_US