International Law and Private Actor Active Cyber Defensive Measures
13 Pages Posted: 28 May 2013
Date Written: May 27, 2013
Abstract
American legal theorists and policy analysts are increasingly considering whether it would be appropriate to authorize private sector actors to take active measures in their own cyber self-defense, a concept known colloquially as "hack back." But none, to date, have given any consideration to how authorized American hack back might implicate international law. This short article seeks to fill that gap with some preliminary thoughts regarding the application of non-American law to American private sector hack back. The fundamental conclusions are two-fold: 1) To the extent any customary international law exists at all it is likely to discourage private sector self-help outside the framework of state-sponsored action; and 2) Almost certainly, hack back by an American private sector actor will violate the domestic law of the country where a non-US computer or server is located. In light of these twin conclusions, American companies considering offensive cyber operations would do well to proceed with caution.
Suggested Citation: Suggested Citation