Dear hosts of the conference!
Ladies and gentlemen!
I truly appreciate the opportunity to deliver a speech at such high-level conference and talk about our point of view on the key problems of application of international law to ICT environment.
This issue appears to be of great interest, and it has been pointed out in the Reports of the 2010, 2013 and 2015 UN Group of Government Experts.
I’d like to raise a few questions and offer answers that reflect our way of thinking about these issues.
1. Do the established principles and norms apply to ICT?
I think yes, because of three main reasons.
First. In modern conditions it is almost impossible and inexpedient to create a new branch of International Law. It’s impossible because the world is so changeable today and it’s unreal to achieve an agreement on such complicated issue. It’s inexpedient because everything new that we create will be based on existing principles and norms of International Law.
Second. We think that the established principles and norms of International law may be used in state practice. They have stood the test of time and reflect a certain consensus of the states concerning regulation of international relations. The states have a great experience of applying them to real causes related to maintenance of international peace and security.
Third. The great challenge in this application is that there is a prominent possibility of mistake in assessment of situation, considering the misuse of ICTs for military and political purposes and attribution of the actors responsible for this activity. Such mistake may provoke international conflict and as a consequence – a threat for international peace and security.
We prefer the approach of the adaptation of international law to a new field of application. It’s intended to reduce the possibility of this situation. Adaptation requires interpretation of some terms from the sources of International law and development of harmonious judicial principals and procedures for fulfilment of correspondent actions. I think that such approach could help us to get the necessary effect, but also will reduce duration and cost of this task.
2. What is an ICT environment from the standpoint of international law?
I think, ICT environment is a legal fiction, which consists in the fact that ICT environment is considered as a part of the territory of the state.
This allows us to extend the concept of «sovereignty» to the ICT environment. It should be understood that the ICT environment includes two components – the cyberspace and the media sphere.
Here we limit ourselves to cyberspace.
The main differences of cyberspace from the other components of territory are as follows.
- Cyberspace is created and exists through the efforts of people. Its creation caused the emergence of new objects of international relations (for example, an incident in the cyberspace, information system).
- Objects of international relations, legal facts that determine the dynamics of changing the legal relationships and their subjects have a virtual character, that is in large part they are invisible. This greatly limits our ability to use the witnesses and the means of objective control during investigation of incidents in cyberspace.
- Cyberspace as an object that is covered by sovereignty of the state is characterized by such aspects as inclusion in the global cyberspace and the safety of its use. They are the analogues for such property’s as territorial integrity and political independence. From this point of view, a disruption of national inclusion in global cyberspace, as well as violation of the safety of its use are similar to violation of territorial integrity and political independence.
3. What is the problem in application of «sovereignty» concept to cyberspace?
It is necessary to note several aspects.
First. Lack of territorial constraints of sovereignty limits the implementation of certain rules and principles of international law. For example, documentation of state border violations as a means of exercising territorial authority, as well as assurance of compliance with international obligations in the sovereign territory.
Second. There are some deficiencies in the international legal regulation. Primarily it concerns the legal relations in the field of sustainability and safe use of the DNS system. Some states, for historical reasons, believe that this system falls within their jurisdiction. But there is no any international obligations to ensure the stable functioning and safe use this system for the benefit of the entire international community. The lack of international regulation in this area limits the sovereignty of states in cyberspace.
Third. The lack of legal guarantees for the respect of human rights of citizens outside the national territory (for example, privacy, the right of authorship). As you know, states are obliged to respect these rights, but when for technical reasons data leaves national territory, the implementation of international commitments becomes physically impossible. This applies to personal data, the results of creative activity, and certain other rights and freedoms.
Forth. The limited jurisdiction of states in identifying delictual legal relations and persecution of entities responsible for their occurrence. It is known that a significant portion of incidents in the cyberspace is caused by activities of foreign entities. To investigate such incidents we must use information located at cyber facilities of foreign countries. Existing methods for solving this problem are not effective enough. We understand that the drafters of the Budapest Convention on Cybercrime wanted to overcome this disadvantage. It is known, that the Russian Federation has not signed the convention. As I see it, the only obstacle to this was the lack of confidence that the subjects of investigation of incidents in the cyberspace will limit themselves only to the task of incident investigation.
Perhaps it makes sense to return to this issue and create a system that has the same advantages as the Budapest Convention, but does not create additional concerns in the field of national security.
In our opinion, a corresponding initiative of the Russian Federation creates some basis for this.
The lack of state borders in the cyberspace cannot determine where the sovereignty of one state ends and the sovereignty of another begins. This is especially important in determining, for example, the boundaries of the armed conflict in cyberspace.
4. What Directions of adaptation of the international law to cyberspace may be prefer?
It seems that the main direction of adaptation of International Law to cyberspace is the adaptation of the key sources of the law.
By example we can discuss of some of the sources of international law. It let us to see the sketch of the basic directions of their adaptation to cyberspace.
UN Charter. All the provisions of the UN Charter can be applied to cyberspace.
At the same time it is important to further consolidate the construction of the use of ICT as a means of «force» (Article 2 (4) and «armed attack» (Article 51).
We believe that ICTs are not by definition a weapon, but may acquire such properties by making a weapon of some devices and non-military mechanisms and therefore be used for the organization of an armed attack.
The precedent of such an interpretation of an «armed attack» was created by UN Security Council resolutions (1368 September 12, 2001, 1373 September 28, 2001) following the results of the discussion of the tragic events in the United States on the 11th of September. This attack was carried out using civilian aircraft, which obviously is not a weapon.
The principles of international law embodied in the Declaration of 1970 do not create obstacles to their use in the regulation of international relations in the cyberspace. At the same time, in view of their application in a new area of international life, which has a number of specific features, they need to be supplemented. This addition could clarify the interpretation of certain formulations of the declaration in relation to cyberspace.
For example, to clarify the interpretation of territorial integrity, political independence, sovereign equality and some others – with regard to cyberspace.
Hague and Geneva Conventions. The principles and rules of the law of armed conflict and international humanitarian law are also consistent with the use of ICTs as a means of «force» against the enemy. However, due to the specific features of ICTs they need to be clarified.
For example, it is necessary to clarify how to separate in cyberspace the zone of armed conflict and the territory of neutral states?
What should be the mechanism for the identification of civilian and military sites in cyberspace, which is essential to the implementation of the main constraints imposed by international humanitarian law on military action?
What procedures should be performed by authorized bodies for international investigations on the grounds of violation of these restrictions by one of the belligerents?
Procedural principles and norms of the objectification of the hostile use of ICTs and attribution of the subject of this activity.
Nothing prevents the states from taking policy decisions on the use of available means to repel an «armed attack», but, as it seems, it is useful to base these policy decisions on international law.
There are two basic approaches to the objectification of the hostile use of ICTs and attribution of the subject of this activity:
- presumption of confidence in the forces of national security;
- presumption of confidence in the third party, such as an authorized international organization.
To minimize the risks of an erroneous assessment of the situation, like the discovery of the WMD in Iraq (2003), and to identify non-state actors operating in this field, it seems preferable to create a system of objectification and attribution on the basis of a combined approach.
Given the characteristics of ICTs as a factor of power struggles between the states it is important that the procedural rules and principles, including participation of national service providers and network operators in the process, have been approved by the international community.
In particular, I would like to express the position on the question of countermeasures in the sense of the draft convention on international legal responsibility of the states. With regard to cyberspace, the adoption of such measures is dangerous, because it can trigger the «war of all against all.»
In conclusion of my presentation, I would like to speak about the question of the rules of responsible behavior of states in ICT environment. It seems that their advancement, research of the problems of their application and development of the necessary conditions for this are among perspective directions of effort of the international community to prevent international conflicts in cyberspace.
Thank you for attention.
Geneva (Switzerland), April 20, 2016