Prosecuting Cyberterrorists: Applying Traditional Jurisdictional Frameworks to a Modern Threat
Yale University - Law School; Harvard University - Harvard Kennedy School (HKS)
April 29, 2013
Stanford Law & Policy Review, Vol. 25, 2014
The United States faces a growing risk of cyberterrorism against its financial system, electric power grid, and other critical infrastructure sectors. Senior U.S. policymakers note that building U.S. capacity to prosecute cyberterrorists could play a key role in deterring and disrupting such attacks. To facilitate prosecution, the federal government is bolstering its technical expertise to attribute attacks to those who perpetrate them, even when, as is increasingly the case, the perpetrators exploit computers in dozens of nations to strike U.S. infrastructure. Relatively little attention has been paid, however, to another prerequisite for prosecuting cyberterrorists: that of building a legal framework that can bring those who attack from abroad to justice.
The best approach to prosecuting cyberterrorists striking from abroad is to add extraterritorial application to current domestic criminal laws bearing on cyberattack. Yet, scholars have barely begun to explore how the United States can best justify such extraterritorial extension under international law and assert a legitimate claim of prescriptive jurisdiction when a terrorist hijacks thousands of computers across the globe. Still less attention has been paid to the question of how to resolve the conflicting claims of national jurisdiction that such attacks would likely engender.
This Article argues that the protective principle — which predicates prescriptive jurisdiction on whether a nation suffered a fundamental security threat — should govern cyberterrorist prosecutions. To support this argument, the Article examines the full range of principles on which states could claim prescriptive jurisdiction and assesses their strengths and weaknesses for extending extraterritorial application of U.S. statutes to cyberterrorism. This Article also contends that if multiple nations asserted legitimate claims of jurisdiction based on the protective principle, sequential prosecutions would provide the best way to minimize potential disagreements over which nation receives precedence. Both recommendations — to utilize the protective principle for prescriptive jurisdiction and to rely on sequential prosecutions to resolve multiple jurisdictional claims — could be important components of future international agreements to address cyberterrorism.
Number of Pages in PDF File: 83
Keywords: cyberattack, jurisdiction, conflict of laws, extraterritoriality, protective principle, prosecution, Distributed Denial of Service (DDoS), cyberspace, cyberterrorismAccepted Paper Series
Date posted: April 30, 2013 ; Last revised: June 9, 2013
© 2014 Social Science Electronic Publishing, Inc. All Rights Reserved.
This page was processed by apollo3 in 0.516 seconds