37 Pages Posted: 14 Aug 2013 Last revised: 2 Jun 2014
Date Written: August 1, 2013
Cyber-espionage has received even greater attention in the wake of reports of persistent and brazen cyber-exploitation of U.S. and Canadian firms by the Chinese military. But the recent disclosures about NSA surveillance programs have made clear that a national program of cyber-defense of private firms intellectual property is politically infeasible. Following the lead of companies like Google, private corporations may increasingly resort to the use of self-defense, hacking back against cross-border incursions on the Internet. Most scholarship, however, has surprisingly viewed such actions as outside the ambit of international law. This note provides a novel account of how international law should govern cross-border hacks, and especially hack-backs. It proposes that significant harm to a State’s intellectual property should be viewed as “trans-boundary cyber-harm” and can be analyzed under traditional international legal principles, including the due diligence obligation to prevent significant harm to another State’s territorial sovereignty. Viewing cyber-espionage within this framework, international law may presently permit States to allow private actors to resort to self-defense as proportionate counter-measures. By doing so, this note offers a prescription for how States might regulate private actors to prevent unnecessary harm or vigilantism while preserving the right of self-defense.
Keywords: international law, hacking, hack-back, cyber-hacking, cyber-espionage, counter-measures, trans-boundary harm
Suggested Citation: Suggested Citation
Messerschmidt, Jan, Hackback: Permitting Retaliatory Hacking by Non-State Actors as Proportionate Countermeasures to Transboundary Cyberharm (August 1, 2013). Columbia Journal of Transnational Law, Forthcoming. Available at SSRN: https://ssrn.com/abstract=2309518
By David Pozen