The Prohibition on Extraterritorial Enforcement Jurisdiction in the Datasphere

Handbook on Extraterritoriality in International Law (Austen L. Parrish and Cedric Ryngaert eds., 2022 Forthcoming)

Indiana Legal Studies Research Paper No. 472

17 Pages Posted: 24 Jan 2022 Last revised: 2 Nov 2022

See all articles by Asaf Lubin

Asaf Lubin

Indiana University Maurer School of Law; Berkman Klein Center for Internet & Society; Yale University - Information Society Project; Federmann Cybersecurity Center, Hebrew University of Jerusalem Faculty of Law

Date Written: 2022

Abstract

The omnipresent and ever-fluid nature of the datasphere complicates the work of our cyber constables. Our conventional understanding of a sovereign’s right to exclude others—the prohibition on extraterritorial enforcement jurisdiction that was reaffirmed in the famous Lotus case—may start to feel somewhat anachronistic in the face of new emerging technologies for remote searches and seizures. Modern law enforcement agencies are further bolstered by a data ecosystem which centers around powerful corporate intermediaries who may, on occasion, be coopted or coerced to collaborate in incidents of extraterritorial enforcement overreach.

Consider, for example, the following non-exhaustive list of cyber enforcement activities. Which of these techniques might you deem tolerable when employed against a target abroad without the consent or knowledge of the foreign state? Which of these might you consider to be crossing a threshold, and what factual and legal factors might influence your determination?

(1) Data scraping from social media platforms, other websites, and open-access databases located on servers abroad to import information.
(2) Subverting the command-and-control server of an anonymized botnet operating from one of the corners of the “dark web.”
(3) Electronically tracing and restoring cryptocurrency payments that were paid to a foreign criminal cyber gang involved in a crippling ransomware attack.
(4) Compelling a domestically registered company to release certain data concerning a national involved in a domestic crime, where the data is stored abroad.

In this chapter I explore each of these four scenarios. Each scenario ties to a different aspect of the datasphere which frays at the edges of traditional doctrine. These four aspects are: (1) consent, (2) anonymization, (3) piracy, and (4) data un-territoriality. For each of these aspects I try to demonstrate how jurisdictional rules may evolve, as a matter of lex ferenda, to better balance territorial integrity and cyber stability. My analysis thus attempts to provide a preliminary taxonomy of certain categories of cyber policing activity that could serve as a roadmap for future rule-prescribers and rule-appliers. Given the rise in cybercrime in recent years the paper ultimately challenges the normative validity and factual sustainability of the current doctrinal tradeoffs between external sovereignty and cyber stability.

Keywords: Cyber Enforcement, Cyber Investigations, Cybercrime, Sovereignty, Data, Digital Rights, Consent, Anonymization, Extraterritoriality, International Law, Law Enforcement, Cyber Espionage, Criminal Investigations, Criminal Procedural, Digital Forensics

JEL Classification: K14, K33, K42

Suggested Citation

Lubin, Asaf, The Prohibition on Extraterritorial Enforcement Jurisdiction in the Datasphere (2022). Handbook on Extraterritoriality in International Law (Austen L. Parrish and Cedric Ryngaert eds., 2022 Forthcoming), Indiana Legal Studies Research Paper No. 472, Available at SSRN: https://ssrn.com/abstract=4012007

Asaf Lubin (Contact Author)

Indiana University Maurer School of Law ( email )

Office #322
211 S. Indiana Avenue
Bloomington, IN 47405
United States
8128556403 (Phone)

HOME PAGE: http://https://www.law.indiana.edu/about/people/bio.php?name=lubin-asaf

Berkman Klein Center for Internet & Society ( email )

Harvard Law School
23 Everett, 2nd Floor
Cambridge, MA 02138
United States

Yale University - Information Society Project ( email )

P.O. Box 208215
New Haven, CT 06520-8215
United States

Federmann Cybersecurity Center, Hebrew University of Jerusalem Faculty of Law

Mount Scopus
Mount Scopus, IL 91905
Israel

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
600
Abstract Views
1,409
rank
67,022
PlumX Metrics