Domestic law responses to transnational cyberattacks and other online harms: Internet dreams turned to internet nightmares and back again
(2020) 10 Notre Dame Journal of International & Comparative Law 56-81
28 Pages Posted:
Date Written: May 1, 2019
The symbiosis between dream and nightmare now seems to be playing out with regard to the Internet. Some two decades ago, it was possible to dream about the benevolence of the Internet. However, the optimism is now beset by risks, abuses, and scares that have taken the gloss off the promise of the Internet and the indulgence afforded to Internet operators. The exploitation of private information for commercial profit and tax avoidance, form part of the nightmares, leading to further reproaches about unfair competition within the digital sector, and from offline retailers, and media outlets. Next, the Internet of Things (IoT) promises to enhance everyday objects but also connects to an IoT platform, so that security and privacy are nightmares for IoT’s consumers. All the “online harms” that allegedly arise were the subject of a recent U.K. government discussion paper with that title. Among the twenty-three listed harms are: pornography and indecency, terrorism, harassment and intimidation, hatred, dangerous, unregulated, or untaxed goods, and disinformation (including fake news). This Online Harms agenda is the stuff of nightmares, especially as aspects go beyond existing criminality and create the further nightmare of the government as the arbiter of truth. The targets of the Online Harms document primarily comprise a domestic agenda and do not encompass the external threat of transnational cyberattacks, which is the subject of this paper. The reason for silence about transnational cyberattacks in the Online Harms document relates to bureaucratic demarcations in the U.K. administration. Other existential nightmares are tackled in a different set of documentation, namely the current National Cyber Security Strategy 2016–2021. The 2016 U.K. cyber strategy is to defend, deter, and develop. With this background and the desire to prevent dreams from being turned into nightmares, two main elements of domestic law will be tackled in this paper. The first element is whether it is possible conceptually to conceive a meaningful domestic law response to a transnational cyberattack. One must ask, can law be a valuable instrument to defend, deter, and develop the U.K. against cyberattacks? This enterprise will involve ontological inquiries to identify a potential harm as both a “cyberattack” and as “transnational.” Aside from these ontological debates about the identification of harm, the nature of law as an appropriate and capable regulatory instrument in cyberspace will then be examined. A further constraint is that a legal response will only be “meaningful” if it advances objectives in ways which are efficient and effective, as well as fair. The second element of the agenda is whether a meaningful domestic law agenda can be comprehensively devised in response to transnational cyberattacks. The agenda that can be implemented by law might be both tactical and operational. At the tactical level, there may be broad duties which relate to resilience and recovery. At the operational level, mechanisms to be tackled include police powers, criminal offenses, and sanctions.
Keywords: Cybersecurity, online harms, cyberattack, cyberterrorism
JEL Classification: K10, K14, K33, K19, K30, K33, K42, N40
Suggested Citation: Suggested Citation