Prosecuting Cyberterrorists: Applying Traditional Jurisdictional Frameworks to a Modern Threat

Paul Stockton

Sonecon, LLC

Michele Golabek-Goldman

Yale University - Law School; Harvard University - Harvard Kennedy School (HKS)

April 29, 2013

Stanford Law & Policy Review, Vol. 25, 2014

The United States faces a growing risk of cyberterrorism against its financial system, electric power grid, and other critical infrastructure sectors. Senior U.S. policymakers note that building U.S. capacity to prosecute cyberterrorists could play a key role in deterring and disrupting such attacks. To facilitate prosecution, the federal government is bolstering its technical expertise to attribute attacks to those who perpetrate them, even when, as is increasingly the case, the perpetrators exploit computers in dozens of nations to strike U.S. infrastructure. Relatively little attention has been paid, however, to another prerequisite for prosecuting cyberterrorists: that of building a legal framework that can bring those who attack from abroad to justice.

The best approach to prosecuting cyberterrorists striking from abroad is to add extraterritorial application to current domestic criminal laws bearing on cyberattack. Yet, scholars have barely begun to explore how the United States can best justify such extraterritorial extension under international law and assert a legitimate claim of prescriptive jurisdiction when a terrorist hijacks thousands of computers across the globe. Still less attention has been paid to the question of how to resolve the conflicting claims of national jurisdiction that such attacks would likely engender.

This Article argues that the protective principle — which predicates prescriptive jurisdiction on whether a nation suffered a fundamental security threat — should govern cyberterrorist prosecutions. To support this argument, the Article examines the full range of principles on which states could claim prescriptive jurisdiction and assesses their strengths and weaknesses for extending extraterritorial application of U.S. statutes to cyberterrorism. This Article also contends that if multiple nations asserted legitimate claims of jurisdiction based on the protective principle, sequential prosecutions would provide the best way to minimize potential disagreements over which nation receives precedence. Both recommendations — to utilize the protective principle for prescriptive jurisdiction and to rely on sequential prosecutions to resolve multiple jurisdictional claims — could be important components of future international agreements to address cyberterrorism.

Number of Pages in PDF File: 83

Keywords: cyberattack, jurisdiction, conflict of laws, extraterritoriality, protective principle, prosecution, Distributed Denial of Service (DDoS), cyberspace, cyberterrorism

Accepted Paper Series

Download This Paper

Date posted: April 30, 2013 ; Last revised: June 9, 2013

Suggested Citation

Stockton, Paul and Golabek-Goldman, Michele, Prosecuting Cyberterrorists: Applying Traditional Jurisdictional Frameworks to a Modern Threat (April 29, 2013). Stanford Law & Policy Review, Vol. 25, 2014. Available at SSRN: http://ssrn.com/abstract=2257915

Contact Information

Paul Stockton (Contact Author)
Sonecon, LLC ( email )
633 Pennsylvania Avenue, NW
Suite 600
Washington, DC 20004
United States
Michele Golabek-Goldman
Yale University - Law School ( email )
127 Wall St.
New Haven, CT 06511
United States
Harvard University - Harvard Kennedy School (HKS) ( email )
79 John F. Kennedy Street
Cambridge, MA 02138
United States
Feedback to SSRN

Paper statistics
Abstract Views: 666
Downloads: 165
Download Rank: 103,509

© 2014 Social Science Electronic Publishing, Inc. All Rights Reserved.  FAQ   Terms of Use   Privacy Policy   Copyright   Contact Us
This page was processed by apollo3 in 0.516 seconds