Hackback: Permitting Retaliatory Hacking by Non-State Actors as Proportionate Countermeasures to Transboundary Cyberharm
August 1, 2013
Columbia Journal of Transnational Law, Forthcoming
Cyber-espionage has received even greater attention in the wake of reports of persistent and brazen cyber-exploitation of U.S. and Canadian firms by the Chinese military. But the recent disclosures about NSA surveillance programs have made clear that a national program of cyber-defense of private firms intellectual property is politically infeasible. Following the lead of companies like Google, private corporations may increasingly resort to the use of self-defense, hacking back against cross-border incursions on the Internet. Most scholarship, however, has surprisingly viewed such actions as outside the ambit of international law. This note provides a novel account of how international law should govern cross-border hacks, and especially hack-backs. It proposes that significant harm to a State’s intellectual property should be viewed as “trans-boundary cyber-harm” and can be analyzed under traditional international legal principles, including the due diligence obligation to prevent significant harm to another State’s territorial sovereignty. Viewing cyber-espionage within this framework, international law may presently permit States to allow private actors to resort to self-defense as proportionate counter-measures. By doing so, this note offers a prescription for how States might regulate private actors to prevent unnecessary harm or vigilantism while preserving the right of self-defense.
Number of Pages in PDF File: 37
Keywords: international law, hacking, hack-back, cyber-hacking, cyber-espionage, counter-measures, trans-boundary harm
Date posted: August 14, 2013 ; Last revised: June 2, 2014