A Cyber Duty of Due Diligence: Gentle Civilizer or Crude Destabilizer?

95 Texas Law Review 1555 (2017)

BYU Law Research Paper No. 17-16

23 Pages Posted: 19 Jul 2017

See all articles by Eric Talbot Jensen

Eric Talbot Jensen

Brigham Young University School of Law

Sean Watts

Creighton University School of Law

Date Written: July 13, 2017


Two of the most vexing issues in responding to malicious cyber activities include attribution of the harmful cyber activity and the pervasive participation of non-State actors. One potential solution to these problems is a response proxy – an entity against whom the response action is taken when action against a responsible party is not feasible. This article examines the potential of holding a State responsible, under the international law notion of State responsibility, for allowing harmful activities to emanate from its territory. Recognizing a cyber-specific obligation of due diligence to address emanation of such cyber harms might mitigate the attribution dilemma, particularly when attribution points to a non-State actor. That is, a primary rule of conduct requiring diligent management of territorial cyber infrastructure could give rise to responsibility on the part of nondiligent States as proxies for unidentified or unreachable malicious actors. Legal recognition of such breaches of diligence permits State victims of cyber harm to take action, including the use of countermeasures, to induce compliance and terminate harm without necessarily tracing attribution to the original, difficult-to-identify source.

Analysis of the principle of due diligence in cyberspace and its relationship to countermeasures illustrates an initially attractive solution to the attribution dilemma. But a complementary cautionary note identifies potential unintended consequences of due diligence-inspired countermeasures as an attempt to close the attribution gap. If aggressively applied, such proxy responses may prove counterproductive and lead to greater instability in the international system. Ultimately, due diligence could be an effective tool in justifying the use of countermeasures in the fight against the difficulties caused by the inability to attribute harmful cyber acts--but the cure may worsen the disease.

Keywords: cyber, warfare, armed conflict, countermeasures, due diligence, state responsibility

JEL Classification: K19, K33

Suggested Citation

Jensen, Eric Talbot and Watts, Sean, A Cyber Duty of Due Diligence: Gentle Civilizer or Crude Destabilizer? (July 13, 2017). 95 Texas Law Review 1555 (2017). Available at SSRN: https://ssrn.com/abstract=3002036

Eric Talbot Jensen (Contact Author)

Brigham Young University School of Law ( email )

504 JRCB
Provo, UT 84602
United States

Sean Watts

Creighton University School of Law ( email )

2500 California Plaza
Omaha, NE 68178
United States

Here is the Coronavirus
related research on SSRN

Paper statistics

Abstract Views
PlumX Metrics