IS THE CURRENT INTERNATIONAL LAW A GOOD FIT FOR CYBERSECURITY? A U.N. CHARTER-BASED ANALYSIS.

• Author: Fang, Yuan

1. INTRODUCTION

   The 21st century has witnessed the rapid emergence of cyber technologies worldwide. The Internet has dramatically gone beyond the physical boundary of each state, making cybersecurity a challenge facing the international community as a whole. (1) Among the various international systems, international law plays a significant role and functions irreplaceably in addressing these challenges. (2) However, it remains a question whether the regulatory framework of current international law is well equipped for the challenges deriving from cyberspace. As a response to this question, this article will particularly look to the law of war, which inquires about the legitimacy of the acts conducted under Jus in Bello (known as "international humanitarian law" or "law of armed conflict"), and Jus ad Bcllum (known as "use of force"). Generally, Jus in Bello governs the conduct of warring parties, whereas Jus ad Bellum formulates the conditions for war. (3) While there has been a relative abundance of scholarship exploring the applicability of Jus in Bello in the cyber sphere, (4) less attention has been paid to the cyber implications of Jus ad Bcllum. (5)

   Accordingly, this article will particularly focus on the interactions between cyber technology and Jus ad Bellum, primarily the "use of force" under the Charter of the United Nations (hereinafter "the U.N. Charter").

   The U.N. Charter prohibits the illegal use of force, but recognizes two circumstances where the use of force is permissible. (6) In terms of the illegitimate use of force, Art. 2(4) of the U.N. Charter stipulates that the threat or use of force is unjustifiable if it is "against the territorial integrity or political independence of any state, or in any other manner inconsistent with the Purposes of the United Nations." (7) On the contrary, U.N. Charter Art. 51 and Art. 42 provide two justifications for the use of force. Specifically, Art. 51 recognizes the Member State's "inherent right of individual or collective self-defense," (8) and Art. 42 legitimizes the use of force that adheres to the Security Council's authorization. (9) For this article, the following discussions will focus on two main issues: first, the controversies that arise from the scope of "use of force" under Art. 2(4) when it is applied within the cyber realm; second, the requirement of attribution under Art. 51 and its intersection with cyberspace. Instead of judging if specific acts conducted in cyberspace might fit into the U.N. Charter, the inquiry of this article is broader and more structural: arc the current rules and interpretations of the U.N. Charter sufficient for making that determination?

2. ON THE SCOPE OF "USE OF FORCE" UNDER ART. 2(4)

   1. The Scope of "Use of Force " in the Traditional Setting

      The answer to what the "use of force" under U.N. Charter Art. 2(4) exactly means first lies in the case law. Several monumental cases in the history of international law have shaped our current understanding of Art. 2(4) "use of force." In the case of Nicaragua, (10) the International Court of Justice (hereinafter "the I.C.J.") defined the "use of force" under Art. 2(4) as "the most grave forms of the use of force (those constituting an armed attack)," which are distinguishable from "other less grave forms."" To determine if certain acts fall within the definition of "use of force" under Art. 2(4), the I.C.J, looked to the "scale and effects" of the force used. (12) In applying the test, the I.C.J, stated that an armed attack can be neither "a mere frontier incident" nor merely "assistance to rebels in the form of the provision of weapons or logistical or other support" in light of its scale and effects. (13) Subsequent to Nicaragua, the Oil Platforms case (14) added to the interpretation of the "scale and effects" test. In its Oil Platforms judgment, the I.C.J, suggested that the cumulative nature of a series of forcible actions could possibly turn them into an "armed attack." (15) Additionally, the "scale and effects" test is further clarified by several other I.C.J, judgments, like Armed Activities and Eritrea-Ethiopia Claims Commission. (16) In spite of the increasing clarity, the "scale and effects" test is still frequently criticized for its uncertainty and ambiguity. As pointed out by some scholars, the "scale and effects" test neither "clearly elaborate[s] on the required scale and effects necessary to reach the threshold of armed attack," nor "provide[s] guidance on what type of response might be appropriate for acts that fall below the threshold." (17) As a consequence, the scope of "use of force" under Art. 2(4) is potentially overbroad, "rang[ing] from a fairly restricted use of force, such as a border raid causing limited loss or damage, to a full-scale invasion of [the] territory." (18)

      While the case law does not provide a clear answer regarding the scope of "use of force" under Art. 2(4), we are likely to gain a better understanding of it through the distinction between military coercion and economic/political coercion. Conventionally, Art. 2(4) of the U.N. Charter solely prohibits "military coercion." (19) For example, U.N. General Assembly Resolution 3314 formulated seven acts that fall within Art. 2(4), all of which are characterized by using or threatening to use armed force. (20) By contrast, the U.N. rejected the proposal of "economic coercion" in 1945, (21) and the proposal of "political coercion" in 1970, (22) explicitly excluding them from the scope of "use of force" under U.N. Charter Art. 2(4).

   2. The Scope of "Use of Force " in the Cyber Context

      This article will explore the scope of Art. 2(4) "use of force" in the cyber context, primarily within the framework of the Tallinn Manual on International Law Applicable to Cyber Warfare (hereinafter "the Tallinn Manual"), since it covers a much broader set of "views and expertise than is gathered in any other single source." (23) Organized and coordinated by the North Atlantic Treaty Organization (NATO), the Tallinn Manual 1.0 was released in 2013, (24) and the Tallinn Manual 2.0 was subsequently published in 2017. (25) Despite the fact that the means used for attacks have been diversified in cyberspace as compared to the traditional setting, the Tallinn Manuals' interpretation with respect to the "use of force" under U.N. Charter Art. 2(4) is generally pursuant to the existing rules. In terms of the "scale and effects" test in case law, both the Tallinn Manual 1.0 and 2.0 recognize that the focus on scale and effects is an "equally useful approach" in light of cyber operations. (26) With regard to the distinction between military coercion and economic/political coercion, the Tallinn Manual 1.0 proposes that cyber...