International Law and Private Actor Active Cyber Defensive Measures

13 Pages Posted: 28 May 2013  

Paul Rosenzweig

George Washington University School of Law; The Heritage Foundation

Date Written: May 27, 2013

Abstract

American legal theorists and policy analysts are increasingly considering whether it would be appropriate to authorize private sector actors to take active measures in their own cyber self-defense, a concept known colloquially as "hack back." But none, to date, have given any consideration to how authorized American hack back might implicate international law. This short article seeks to fill that gap with some preliminary thoughts regarding the application of non-American law to American private sector hack back. The fundamental conclusions are two-fold: 1) To the extent any customary international law exists at all it is likely to discourage private sector self-help outside the framework of state-sponsored action; and 2) Almost certainly, hack back by an American private sector actor will violate the domestic law of the country where a non-US computer or server is located. In light of these twin conclusions, American companies considering offensive cyber operations would do well to proceed with caution.

Suggested Citation

Rosenzweig, Paul, International Law and Private Actor Active Cyber Defensive Measures (May 27, 2013). Stanford Journal of International Law, Vol. 47, Forthcoming. Available at SSRN: https://ssrn.com/abstract=2270673 or http://dx.doi.org/10.2139/ssrn.2270673

Paul Rosenzweig (Contact Author)

George Washington University School of Law ( email )

2000 H Street, N.W.
Washington, DC 20052
United States

The Heritage Foundation ( email )

214 Massachusetts Ave NE
Washington, DC 20002-4999
United States

HOME PAGE: http://www.heritage.org

Register to save articles to
your library

Register

Paper statistics

Downloads
548
rank
43,997
Abstract Views
2,322
PlumX