Cyber Espionage
- LAST REVIEWED: 24 September 2020
- LAST MODIFIED: 24 September 2020
- DOI: 10.1093/obo/9780199796953-0212
- LAST REVIEWED: 24 September 2020
- LAST MODIFIED: 24 September 2020
- DOI: 10.1093/obo/9780199796953-0212
Introduction
Cyberspace gives rise to risks as well as opportunities, and a prominent threat emerging from this domain is cyber espionage. Because no internationally and legally recognized definition of cyber espionage exists, the following definitions of espionage will be used only to frame the subject under examination. “Cyber espionage” describes the exploitation of cyberspace for the purpose of accessing and collecting confidential data. It can occur via close or remote access. “Close access cyber espionage” involves the collection of confidential data through the installation of hardware or software by malicious actors in close physical proximity to the targeted computer network or system. In contrast, “remote access cyber espionage” is launched some distance from the targeted network, usually by exploiting pathways created by the Internet. Cyber espionage takes different forms depending upon the type of confidential data targeted, the actor undertaking this activity, and the context in which it occurs. “Political” cyber espionage is usually state-sponsored (although it can be undertaken by nonstate actors such as terrorist groups) and describes the appropriation of political and military information belonging to state and nonstate actors during times of peace or armed conflict. “Economic” cyber espionage is also state-sponsored but instead involves the theft of confidential business information from foreign companies. “Industrial” cyber espionage entails the theft of confidential business information, but, unlike economic cyber espionage, it is carried out by companies against foreign rivals without the support or assistance of a state. The dawn of cyberspace has heralded an exponential increase in political, economic, and industrial espionage for several reasons: first, cyberspace is used to store huge amounts of confidential information, and is therefore a resource-rich environment for cyber spies to target; second, the instantaneous nature of cyberspace means that cyber spies can access confidential information quickly, cheaply, and efficiently; and third, cyberspace is a virtual and interconnected domain, meaning that espionage can be conducted remotely and anonymously, thus making it a relatively risk-free enterprise. Peacetime espionage is not specifically regulated by international law, and thus there is no “international law of espionage” that can be applied to cyber-enabled espionage. But this does not mean that cyber espionage exists in an international law vacuum. In fact, there is an array of general principles of international law as well as specialized regimes that are potentially applicable to cyber espionage. Unlike peacetime espionage, cyber espionage committed during times of armed conflict is directly regulated by international humanitarian law.
General Overview
Oxford Bibliographies already contains an entry on espionage and international law (see the article “Espionage in International Law”). However, the a-territorial, interconnected, and instantaneous nature of cyberspace creates particular problems for the application of international law to cyber espionage and, since the 2013 Edward Snowden revelations, there has been a surge in scholarship examining these issues, thus requiring a separate entry for this topic. Prior to the Snowden disclosures, only a handful of texts dealt with the topic. Early academic authors focused on cyber espionage in the context of “information warfare” (Kanuck 1996). In 1999, the Office of the General Counsel of the US Department of Defense likewise issued a memorandum on international legal issues in information operations, including unauthorized cyber intrusions (see US Department of Defense, Office of General Counsel 1999). Other early studies focused on whether international law even applied to cyber espionage. Today, the tenor of the literature focuses on different issues and seeks to draw distinctions between different forms of cyber espionage based on the methods used or the type of information targeted (such as economic and industrial data). Ziolkowski 2013 was the first publication to provide an intensive analysis of how international law applies to cyber espionage. Rule 32 of the Schmitt 2017 states that peacetime cyber espionage is not per se regulated by international law. Rather, it is the manner (i.e., the methods) in which cyber espionage operations are conducted that may violate international law and, when considering how these rules apply to cyber operations, the Tallinn Manual 2.0 often uses cyber espionage as an example. This statement is consistent with prior scholarship (Lafouasse 2011) as well as express statements by states (Egan 2017), which have maintained that there is no prohibition per se on espionage activities generally in international law. However, there is no consensus on what “methods” used to conduct cyber espionage may violate certain rules of international law. Few book-length analyses exist on the topic. Buchan 2018 systematically analyzes how international law applies to cyber espionage, although its research scope is limited to political and economic cyber espionage conducted during times of peace. Pehlivan 2019 offers another rare but brief treatment of the subject, focusing on municipal legal responses to economic and industrial cyber espionage. The subject of cyber espionage can be viewed through the prism of the principles of territorial sovereignty and nonintervention, diplomatic and consular law, and international humanitarian law. Other discrete issues relate to the existence of customary exceptions, the status of economic and industrial cyber espionage, and cyber espionage targeted against individuals. Looking prospectively at how international law should evolve, a segment of the literature has devoted its attention to lex ferenda analyses of cyber espionage.
Buchan, Russell. Cyber Espionage and International Law. Oxford: Hart, 2018.
This monograph contains three elements. First, it defines cyber espionage. Second, it presents political and economic cyber espionage as a threat to international peace and security. Third, it examines whether cyber espionage is regulated by general principles of international law and specialized regimes. It also contains chapters assessing whether cyber espionage is permitted by customary law and whether it can be justified on the basis of self-defense and the doctrine of necessity.
Egan, Brian J. “International Law and Stability in Cyberspace.” Berkeley Journal of International Law 35 (2017): 169–180.
This is a statement by the Legal Adviser at the US State Department on the application of international law to cyberspace. The statement claims that most if not all states engage in intelligence collection abroad and, in light of this, there is no absolute prohibition on this activity under international law. Importantly, the statement cautions that specific intelligence operations may nonetheless violate international law.
Kanuck, Sean P. “Information Warfare: New Challenges for Public International Law.” Harvard International Law Journal 37 (1996): 272–292.
This is a broad article identifying the challenges that information warfare presents for public international law. It discusses the legality of cyber espionage, and offers an original analysis on how the information age may be redrawing the contours of international law concepts such as “territory” and “jurisdiction.”
Lafouasse, Fabien. L’Espionnage dans le Droit International. Paris: Nouveau Monde, 2011.
This book is the most comprehensive and thorough study of the application of international law to espionage. It therefore represents a useful starting point when studying espionage, though it only discusses cyber espionage in passim. The book’s main contribution is the distinction between territorially intrusive acts of espionage and those which are not intrusive because they occur outside the target-state’s territory, such as on the high seas or international air space.
Pehlivan, Oğuz Kaan. Confronting Cyberespionage under International Law. New York: Routledge, 2019.
This book argues that cyber espionage is a type of cyber attack. As such, it determines that domestic and international law is available to regulate cyber espionage and can therefore be harnessed to confront the threat posed by this activity. It provides a broad overview of the application of these frameworks to cyber espionage, and its specific focus is on the regulation of economic and industrial cyber espionage under various municipal systems.
Schmitt, Michael N. Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations. Cambridge, UK: Cambridge University Press, 2017.
Rule 32 holds that cyber espionage is not per se regulated by international law. Yet it determines that international law may regulate the underlying act depending upon the actors involved, the information collected, and the operative legal context. The legality of cyber espionage is therefore addressed under other international legal rules; namely, the principles of territorial sovereignty and nonintervention, and diplomatic and consular law.
US Department of Defense, Office of General Counsel. An Assessment of International Legal Issues in Information Operations. 2d ed. Arlington, VA: US Department of Defense, 1999.
Until recently, this 1999 assessment stood as the most comprehensive and authoritative US statement on international legal issues raised by the increased resort to information operations, including cyber espionage operations. The memorandum argued that an unauthorized electronic intrusion into another nation’s computer systems may well end up being regarded as a violation of the target-state’s sovereignty — thus suggesting that only state practice can settle this topical issue.
Ziolkowski, Katharina. “Peacetime Cyber Espionage—New Tendencies in Public International Law.” In Peacetime Regime for State Activities in Cyberspace: International Law, International Relations and Diplomacy. By Katharina Ziolkowski, 425–464. Tallinn, Estonia: NATO Cooperative Cyber Defence Centre of Excellence, 2013.
A catalogue-like piece analyzing the application of international law to political and economic cyber espionage under international law. One of the first to do so systematically and a good starting point for research. This chapter zeros in on the principles of territorial sovereignty, nonintervention and nonuse of force, as well as the law of the sea, international economic law, human rights law, and diplomatic and consular law.
Users without a subscription are not able to see the full content on this page. Please subscribe or login.
How to Subscribe
Oxford Bibliographies Online is available by subscription and perpetual access to institutions. For more information or to contact an Oxford Sales Representative click here.
Article
- Act of State Doctrine
- Africa and Intellectual Property Rights for Plant Varietie...
- African Approaches to International Law
- African Commission on Human and Peoples' Rights and the Af...
- Africa’s International Intellectual Property Law Regimes
- Africa’s International Investment Law Regimes
- Agreements, Bilateral and Regional Trade
- Agreements, Multilateral Environmental
- Aliens
- Applicable Law in Investment Agreements
- Archipelagic States
- Arctic Region
- Armed Opposition Groups
- Aut Dedere Aut Judicare
- Balance of Power
- Bandung Conference, The
- Boundaries
- British Mandate of Palestine and International Law, The
- Children's Rights
- China, Judicial Application of International Law in
- China, Law of the Sea in
- Civil Service, International
- Civil-Military Relations
- Codification
- Cold War International Law
- Collective Security
- Command Responsibility
- Common Heritage of Mankind
- Complementarity Principle
- Compliance in International Law
- Conspiracy/Joint Criminal Enterprise
- Constitutional Law, International
- Consular Relations
- Contemporary Catholic Approaches
- Continental Shelf, Idea and Limits of the
- Cooperation in Criminal Matters, Cross-Border
- Countermeasures
- Courts, International
- Crimes against Humanity
- Criminal Law, International
- Cultural Rights
- Cyber Espionage
- Cyber Warfare
- Debt, Sovereign
- Decolonization in International Law
- Democracy
- Development Law, International
- Disarmament in International Law
- Discrimination
- Disputes, Peaceful Settlement of
- Drugs, International Regulation, and Criminal Liability
- Early 19th Century, 1789-1870
- Ecological Restoration and International Law
- Economic Law, International
- Effectiveness and Evolution in Treaty Interpretation
- Enforced Disappearances in International Law
- Enforcement of Human Rights
- Environmental Compliance Mechanisms
- Environmental Institutions, International
- Environmental Law, International
- Estoppel
- European Arrest Warrant
- Exclusive Economic Zone
- Extraterritorial Application of Human Rights Treaties
- Fascism and International Law
- Feminist Approaches to International Law
- Financial Law, International
- Forceful Intervention for Protection of Human Rights in Af...
- Foreign Investment
- Fragmentation
- Freedom of Expression
- French Revolution
- Gender and International Law, Theoretical and Methodologic...
- Gender and International Security
- General Customary Law
- General Principles of Law
- Genocide
- Georgia and International Law
- Grotius, Hugo
- Habeas Corpus
- Hijaz and International Law, The
- History of International Law, 1550–1700
- Hostilities, Direct Participation in
- Human Rights
- Human Rights and Regional Protection, Relativism and Unive...
- Human Rights, European Court of
- Human Rights, Foundations of
- Human Rights Law, History of
- Human Trafficking
- Hybrid International Criminal Tribunals
- Immunities
- Immunity, Sovereign
- in Latin America and the Caribbean, International Legal Pr...
- Indigenous Peoples
- Individual Criminal Responsibility
- Institutional Law
- Inter-American Commission on Human Rights (IACHR) and Inte...
- International and Non-International Armed Conflict, Detent...
- International Committee of the Red Cross
- International Community
- International Court of Justice
- International Criminal Court, The
- International Criminal Law, Complicity in
- International Criminal Tribunal for Rwanda (ICTR)
- International Criminal Tribunal for the Former Yugoslavia ...
- International Fisheries Law
- International Humanitarian Law
- International Humanitarian Law, China and
- International Humanitarian Law, Targeting in
- International Intellectual Property Law, China and
- International Investment Agreements, Fair and Equitable Tr...
- International Investment Arbitration
- International Investment Law, China and
- International Investment Law, Expropriation in
- International Law, Aggression in
- International Law, Amnesty and
- International Law and Economic Development
- International Law, Anthropology and
- International Law, Big Data and
- International Law, Climate Change and
- International Law, Derogations and Reservations in
- International Law, Dispute Settlement in
- International Law, Ecofeminism and
- International Law, Espionage in
- International Law, Hegemony in
- International Law in Cyberspace, China and
- International Law in Greek
- International Law in Italian
- International Law in Northeast Asia
- International Law in Portuguese
- International Law in Turkish
- International Law, Legitimacy in
- International Law, Marxist Approaches to
- International Law, Military Intervention in
- International Law, Money Laundering in
- International Law, Monism and Dualism in
- International Law, Peacekeeping in
- International Law, Proportionality in
- International Law, Reasonableness in
- International Law, Recognition in
- International Law, Self-Determination in
- International Law, State Responsibility in
- International Law, State Succession in
- International Law, the State in
- International Law, The Turkish-Greek Population Exchange a...
- International Law, the Turn to History in
- International Law, The United States and
- International Law, Trade and Development in
- International Law, Unequal Treaties in
- International Law, Use of Force in
- International Legal Personality
- International Regulation of the Internet
- International Relations Study in China, International Law ...
- International Rule of Law, An
- International Territorial Administration
- International Trade and Human Rights
- Intervention, Humanitarian
- Investment Protection Treaties
- Investor-State Conciliation and Mediation
- Iran and International Law
- Iraq War, Britain and the
- Islamic Cooperation, International Law and the Organizatio...
- Islamic International Law
- Islamic Law and Human Rights
- Islands
- Jerusalem
- Jurisdiction
- Jurisprudence (Judicial Law-Making)
- Jus Cogens
- Just War
- Landlocked Countries and the Law of the Sea
- Law of the Sea
- Law of Treaties, The
- Law-Making by Non-State Actors
- League of Nations, The
- Lebanon, Special Tribunal for
- Legal Pluralism
- Legal Status of Military Forces Abroad
- Liability for International Environmental Harm
- Liberation and Resistance Movements
- Mandates in International Law
- Maritime Delimitation
- Martens Clause
- Medieval International Law
- Mens Rea, International Crimes
- Middle East Boundaries and State Formation
- Migration
- Military Necessity
- Military Occupation
- Minorities
- Modes of Participation
- Most-Favored-Nation Clauses
- Multinational Corporations in International Law
- Nationality and Statelessness
- Natural Law
- Neutrality
- New Approaches to International Law
- New Haven School of International Law, The
- Non liquet
- Noninternational Armed Conflict (“Civil War”)
- Nonstate Actors
- Nuclear Non-Proliferation
- Nuremberg Trials
- Organizations, International
- Pacifism in International Law
- Palestine (and the Israel Question)
- Peace Treaties
- Piracy
- Political Science, International Law and
- Positivism
- Private Military and Security Companies
- Protection, Diplomatic
- Public Interest, Human Rights, and Foreign Investment
- Queering International Law
- Rational Choice Theory
- Recognition of Foreign Penal Judgments
- Refugee Law, China and
- Refugees
- Rendition, Extraterritorial Abduction, and Extraordinary R...
- Reparations
- Russian Approaches to International Law
- Sanctions, International
- Sanctions, International
- Secession
- Self-Defense
- Slavery
- Soft Law
- Space Law
- Spanish School of International Law (c. 16th and 17th Cent...
- Sports Law, International
- State of Necessity
- Superior Orders
- Taba Arbitration, The
- Teaching International Law
- Territorial Title
- Terrorism
- The 1948 Arab-Israeli Conflict and International Law
- The Ottoman Empire and International Law
- Theory, Critical International Legal
- Tibet
- Tokyo Trials, The
- Torture
- Transnational Constitutionalism, Africa and
- Transnational Corruption
- Treaty Interpretation
- Ukrainian Approaches
- UN Partition Plan for Palestine and International Law, The
- UN Security Council, Women and the
- Underwater Cultural Heritage
- Unilateral Acts
- United Nations and its Principal Organs, The
- Universal Jurisdiction
- Uti Possidetis Iuris
- Vatican and the Holy See
- Victims’ Rights, International Criminal Law, and Proceedin...
- War Crimes
- Watercourses, International
- Western Sahara
- World Trade Organization Law, China and