International Law and Private Actor Active Cyber Defensive Measures

13 Pages Posted: 28 May 2013

See all articles by Paul Rosenzweig

Paul Rosenzweig

George Washington University School of Law

Date Written: May 27, 2013


American legal theorists and policy analysts are increasingly considering whether it would be appropriate to authorize private sector actors to take active measures in their own cyber self-defense, a concept known colloquially as "hack back." But none, to date, have given any consideration to how authorized American hack back might implicate international law. This short article seeks to fill that gap with some preliminary thoughts regarding the application of non-American law to American private sector hack back. The fundamental conclusions are two-fold: 1) To the extent any customary international law exists at all it is likely to discourage private sector self-help outside the framework of state-sponsored action; and 2) Almost certainly, hack back by an American private sector actor will violate the domestic law of the country where a non-US computer or server is located. In light of these twin conclusions, American companies considering offensive cyber operations would do well to proceed with caution.

Suggested Citation

Rosenzweig, Paul, International Law and Private Actor Active Cyber Defensive Measures (May 27, 2013). Stanford Journal of International Law, Vol. 47, Forthcoming, Available at SSRN: or

Paul Rosenzweig (Contact Author)

George Washington University School of Law ( email )

2000 H Street, N.W.
Washington, DC 20052
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics