Beyond Naming and Shaming: Accusations and International Law in Cybersecurity
European Journal of International Law (forthcoming 2020)
37 Pages Posted: 21 Mar 2019 Last revised: 9 Jun 2020
Date Written: March 6, 2019
Abstract
Accusations of bad State behavior in cyberspace are proliferating, yet this increase in naming has not obviously produced much shame. Accused States uniformly deny the accusation or decline to comment, without changing behavior. For international lawyers, the problem is compounded by the absence of international law in these charges - States are not invoking international law when they complain of other States' behavior, suggesting the law is weak - or worse, irrelevant - in holding States accountable for their cyber operations.
In lieu of “naming and shaming,” we introduce and examine the broader concept of “accusation” as a social, political, and legal practice with diverse uses in cyberspace and beyond. Accusers must make strategic choices about how they frame their accusations, and we unpack various elements accusers may manipulate to advantage. Accusations also have many purposes. They may seek to “name and shame” an accused into conforming to certain behavioral expectations, but they may also aim at defensive or deterrent effects on both the accused and, crucially, on third parties. Particularly important, accusations may play a constitutive role, constructing new norms, including customary international law, within the international community. In short, accusations offer States and other stakeholder a menu of strategic options beyond those identified by the extant literature on naming and shaming.
Keywords: naming and shaming, accusations, cyber operations, attribution, cyberwar, cybercrime, cybersecurity, cyber attack, cyber espionage, constructivism, international law, international relations, customary international law
JEL Classification: F5, F50, F51, F53, F59, K00, K33, K42
Suggested Citation: Suggested Citation