The presentation is one unique presentation peculiar to TALLINN MANUAL version 1.0 and 2.0. Along with is discussed cyber policy attempts of other countries.The Tallinn Manual has long been the flagship research initiative of the NATO CCDCOE. The original Tallinn Manual (published in 2013 by Cambridge University Press) addressed the most severe cyber operations followed by version 2.0. The presentation cover the origin details of why this manual arrived at the global scene and what followed around at the global attempts for framing the global cyber policy.
5. Questions can be posted in the chat window or can
be taken on at the end of presentation
6. FOR AUDIENCE RETENTION, SLIDES ARE
GRAPHIC INTENSIVE FROM OPEN DOMAIN IN
GOOGLE SEARCH
I WILL RUSH THROUGH FEW SLIDES &
DELIBERATE ON FEW
The slides I rush are respective take off points for
interested participants to explore and know more.
Slides will show LESS and I will SPEAK more
10. Artificial Intelligence
Bitcoin & other crypto-currencies
Cloud computing
Cryptography
Cyber Crime Investigation and Forensics
Cyber Insurance
Cyber security and incident response
Cyber Terrorism & Warfare
Data breaches and data privacy
Digital Evidence
Digital payments, credit, debit & cash cards,
mobile wallets, net banking, UPI
Domain name disputes
E-commerce
E-governance, E-courts & E-tenders
Electronic & Digital Signatures
Electronic contracts
Electronic voting machines
Extradition of cyber criminals
Hacking, malware, ransomware, and other cybercrimes
Information Technology Law Compliance
Intermediaries like Internet Service Providers (ISPs), Social Media Platforms, Email services,
video streaming services
Internet of Things
Online education
Online gambling & gaming, and pharmacies
Online share trading, banking, and tax filing
Spam, hate speech and trolling
Telemedicine
Torrents, dark web, p2p networks, and file-sharing
Video conferencing
Software licenses
11. Artificial Intelligence
Bitcoin & other crypto-currencies
Cloud computing
Cryptography
Cyber Crime Investigation and Forensics
Cyber Insurance
Cyber security and incident response
Cyber Terrorism & Warfare
Data breaches and data privacy
Digital Evidence
Digital payments, credit, debit & cash cards,
mobile wallets, net banking, UPI
Domain name disputes
E-commerce
E-governance, E-courts & E-tenders
Electronic & Digital Signatures
Electronic contracts
Electronic voting machines
Extradition of cyber criminals
Hacking, malware, ransomware, and other cybercrimes
Information Technology Law Compliance
Intermediaries like Internet Service Providers (ISPs), Social Media Platforms, Email services,
video streaming services
Internet of Things
Online education
Online gambling & gaming, and pharmacies
Online share trading, banking, and tax filing
Spam, hate speech and trolling
Telemedicine
Torrents, dark web, p2p networks, and file-sharing
Video conferencing
Software licenses
12. STEP 1 : Simple Understanding: No CONFUSION
STEP 2 : Connecting DOTS: Little CONFUSION
STEP 3 : Global view : Awesome CONFUSION
STEP 4 : Towards Conclusion: ????? (We will discuss)
15. Michael N. Schmitt
,an American
international law
scholar specializing
in international
humanitarian law,
use of force issues,
and the international
law applicable to
cyberspace
Known for his work in directing
the 7+ year project leading to
publication of the two Tallinn
Manuals
16.
17. Tallinnis the capital and most populous city of
Estonia. Located in the northern part of the country,
on the shore of the Gulf of Finland of the Baltic Sea, it
has a population of 437,619 in 2020
HOME to the NATO Cyber Defence Centre of Excellence &
listed among the top ten digital cities in the world in 2007
18. The Tallinn Manual is an academic, non-binding
study on how international law (in particular the jus
ad bellum and jus in Bello) applies to CYBER
CONFLICTS & CYBER WARFARE
TALLINN MANUAL
19. Between 2009 and 2012, the Tallinn Manual was
written at the invitation of the Tallinn-based NATO
Cooperative Cyber Defence Centre of Excellence by
an international group of approximately twenty
experts. In April 2013, the manual was published by
Cambridge University Press
TALLINN MANUAL
22. BIRTH OF NATO with 12 countries
Belgium, Canada, Denmark, France,
Iceland, Italy, Luxembourg, Netherlands,
Norway, Portugal, United Kingdom and
United States
Often said that the North Atlantic
Treaty Organization was founded
in response to the threat posed
by the Soviet Union
23. BIRTH OF NATO with 12 countries
These countries were sworn to stand
against aggression
“AN ATTACK AGAINST ONE WILL BE AN
ATTACK AGAINST ALL”
24. NATO started with 12 countries
While as on date the strength is 30
countries
26. North Atlantic Treaty Organization also called
the North Atlantic Alliance, is an
intergovernmental military alliance between
30 European and North American
countries.
NATO
28. NATO's essential and enduring purpose is TO
SAFEGUARD THE FREEDOM AND SECURITY of
all its members by political and military means
COLLECTIVE DEFENCE is at the heart of the
Alliance and creates a spirit of solidarity
and cohesion among its members
NATO PURPOSE
29. Alliance’s creation was part of a broader effort to serve three
purposes:
NATO PURPOSE
Deterring SOVIET EXPANSIONISM
FORBIDDING revival of nationalist MILITARISM in
Europe through a strong North American presence on
the continent
Encouraging European POLITICAL INTEGRATION
30. NATO's Headquarters are located in Haren, Brussels, Belgium,
while the headquarters of Allied Command Operations is near
Mons, Belgium.
NATO HQs
38. Informal name of a controversial Soviet World War
II war memorial in Tallinn, Estonia, built at the site of
several war graves
BRONZE SOLDIER OF TALLINN
The monument depicting a Soviet soldier
was unveiled by the Soviets on 22
September 1947, at burial site of Soviet
troops who died while taking Tallinn in
World War II on 22nd Sept 1944
39. BRONZE SOLDIER OF TALLINN
This monument had developed two very distinct
identities
For the local Russian minority it
represents the “LIBERATOR” while for
the Estonians it represents the
“OPPRESSOR”
Over years, the STATUE had become a
focal point of tension between pro-
Kremlin and Estonian nationalist
movements
40. BRONZE SOLDIER OF TALLINN
In order to DEFUSE THE SITUATION and to RELOCATE THE WAR-
DEAD from a traffic intersection to a more peaceful resting
place the Estonian government DECIDED to move the
monument and the accompanying remains to A MILITARY
CEMETERY in Tallinn
Work began on the 26th of April 2007 and during the
day, mostly PEACEFUL protesters gathered at the site,
but in the evening a more VIOLENT CROWD emerged
41. BRONZE SOLDIER OF TALLINN
On 27 April 2007, the Estonian government relocated
the Bronze Soldier and, after their EXHUMATION
AND IDENTIFICATION, the remains of the Soviet
soldiers, to the Defence Forces Cemetery of Tallinn
POLITICAL DIFFERENCES over the interpretation of the
events of the war symbolised by the monument led
to a controversy between Russia and Estonia
42. A series of CYBERATTACKS which began on 27 April
2007 and targeted websites of Estonian organizations,
including Estonian parliament, banks, ministries,
newspapers and broadcasters.
This came amidst the COUNTRY―s DISAGREEMENT
WITH RUSSIA about THE RELOCATION OF THE
BRONZE SOLDIER OF TALLINN
44. BRONZE SOLDIER OF TALLINN
The events caught INTERNATIONAL
ATTENTION and led to a multitude of political
reactions
45. Attacks that had any influence on the general public
were DISTRIBUTED DENIAL OF SERVICE TYPE ATTACKS
ranging from single individuals using various
methods like ping floods to expensive rentals of
botnets usually used for spam distribution
46. Spamming of bigger news
portals commentaries and
DEFACEMENTS including that
of the Estonian Reform Party
website also occurred
Research has also shown that large conflicts took
place to EDIT the English-language version of the
Bronze Soldier's Wikipedia page
47. May have been the SECOND-LARGEST INSTANCE of
state-sponsored cyberwarfare, following TITAN RAIN
48. Titan Rain hackers GAINED ACCESS to many United
States DEFENSE CONTRACTOR computer networks
Titan Rain was a series of coordinated attacks on
computer systems in the United States since 2003
which went ON for at least three years
Attacks originated in Guangdong, China
Believed to be associated with a STATE-SPONSORED
advanced persistent threat.
49. Cyber attacks in question took place between 27
April and 18 May of 2007
Vast majority of the malicious traffic
originated from OUTSIDE ESTONIA
Malicious traffic contained clear indications of
Russian language background
52. On 2 May 2007, a criminal investigation was
opened into the attacks under a section of the
Estonian Penal Code criminalizing computer
sabotage and interference with the working
of a computer network, felonies punishable
by imprisonment of up to three years
Estonia's response & Legalities
53. As a number of attackers turned out to be within the
jurisdiction of the Russian Federation, on 10 May 2007,
Estonian Public Prosecutor's Office made a formal
investigation assistance request to the Russian
Federation's Supreme Procurature under a Mutual
Legal Assistance Treaty (MLAT) existing between
Estonia and Russia
Estonia's response & Legalities
54. Russian State DELEGATION PROMISED that it
would AID such investigation in every way and
visit Estonia soon
Estonia's response & Legalities
55. Estonia's response & Legalities
On 28 June, RUSSIAN SUPREME Procurature REFUSED
ASSISTANCE, claiming that the proposed
investigative processes are not covered by the
applicable MLAT
56. Estonian Public Prosecutor's Office CRITICIZED this
decision while pointing out that all the requested
processes are actually enumerated in the MLAT
Estonia's response & Legalities
On 24 January 2008, Dmitri Galushkevich, a
student living in Tallinn, was FOUND GUILTY
of participating in the attacks and fined 17,500
kroons (approximately US$1,640) for attacking
the website of the Estonian Reform Party
57. Estonia's response & Legalities
Dmitri Galuškevitš conviction was POSSIBLE because
he committed the attacks from ESTONIA and
therefore enough evidence could be collected
58. RUSSIAN Response
Since 2008, RUSSIAN AUTHORITIES have been
consistently denying Estonian law
enforcement any investigative cooperation,
thus effectively ELIMINATING CHANCES that
those of the perpetrators that fall within
Russian jurisdiction will be brought to TRIAL
59. The attacks triggered a number of MILITARY
ORGANIZATIONS around the world TO RECONSIDER
THE IMPORTANCE OF NETWORK SECURITY to modern
military doctrine
International & NATO Response
On 14 June 2007, DEFENCE MINISTERS of NATO org
held a meeting in Brussels, PROMISING IMMEDIATE
ACTION
63. In response to such attacks, NATO
conducted an internal assessment of
their cyber security and
infrastructure defenses
NATO response
Developed into the creation of a cyber defense
policy and the creation of the NATO Cooperative
Cyber Defence Center of Excellence (CCDCOE)
The assessment resulted in a report issued
to the allied defense ministers
64. NATO CCD COE
The report OUTLINED
INTERNATIONAL LAWS which are
considered applicable to the CYBER
REALM
The manual includes a total of NINETY-FIVE "BLACK-
LETTER RULES" addressing cyber conflicts
65. On 25 June 2007, Estonian president met with US
president, and among the topics DISCUSSED were the
attacks on Estonian infrastructure and est of NATO
Cooperative Cyber Defence Centre of Excellence
(CCDCOE) to operate out of Tallinn, Estonia, since
August 2008
CCDCOE
66.
67. • Analysis and Simulation for Air
operations
• Civil-Military Cooperation
• Cold Weather Operations
• Combined Joint Operations from
the Sea
• Command and Control
• Cooperative Cyber Defence
• Counter-Improvised Explosive
Devices
• Counter Intelligence
• Crisis Management and Disaster
Response
• Defence Against Terrorism
• Energy Security
• Explosive Ordnance Disposal
• Human Intelligence
• Integrated Air and Missile
Defence
• Joint Air Power
• Joint Chemical, Biological,
Radiological and Nuclear Defence
• Maritime Security
• Military Engineering
• Military Medicine
• Military Police
• Modelling and Simulation
• Mountain Warfare
• Naval Mine Warfare
• Operations in Confined and
Shallow Waters
• Security Force Assistance
• Stability Policing
• Strategic Communications
69. ESTABLISHED on 14 May 2008, it
received full accreditation by NATO and
attained the status of International
Military Organisation on 28 October
2008
70. NATO CCD COE
i.e. NATO Cooperative Cyber Defence
Centre of Excellence
Located in Tallinn, Estonia
71. “DIRECT RESULT of the cyberattacks was
the creation of the NATO Cooperative
Cyber Defence Centre of Excellence in
Tallinn, Estonia”
74. TALLINN MANUAL
Tallinn Manual originally entitled,
“Tallinn Manual on the International Law
applicable to Cyber Warfare”
75. The manual suggests that states do not
have SOVEREIGNTY OVER THE INTERNET,
but that they do have SOVEREIGNTY OVER
COMPONENTS OF THE INTERNET in their
territory
Tallinn Manual has WORKED TO PROVIDE A
GLOBAL NORM in cyber space by applying
existing international law to cyber warfare
TALLINN MANUAL
76. The Tallinn Manual is an academic, non-
binding study on how international law (in
particular the jus ad bellum and jus in
bello) applies to cyber conflicts and cyber
warfare
TALLINN MANUAL
77. TALLINN MANUAL
The Tallinn Manual is an academic, non-
binding study on how international law (in
particular the jus ad bellum and jus in
bello) applies to cyber conflicts and cyber
warfare
78.
79. "refers to the CONDITIONS under which
STATES may RESORT to WAR or to the
use of armed force in general.“
These rules FOCUS on certain CRITERIA
for what makes a war just
Jus ad bellum
80. Jus in bello
International humanitarian law, or jus in bello,
is the law that governs the way in which
warfare is conducted
Independent from questions about the
justification or reasons for war, or its
prevention, covered by jus ad bellum
IHL is purely humanitarian, seeking to
limit the suffering caused
81. NON-STATE ACTORS include organizations and
individuals that are not affiliated with, directed by,
or funded through the government
In United States law, a STATE ACTOR is a person who
is acting on behalf of a governmental body, and is
therefore subject to limitations imposed on
government by the United States Constitution
STATE vs NON STATE ACTORS
82. LEX LATA
Is a Latin expression that means "the law
as it exists”
83. Is a Latin expression that means "future law" used in
the sense of "what the law should be"
LEX FERENDA
84. SOVEREIGNTY
In any state, sovereignty is assigned to the PERSON, BODY,
OR INSTITUTION that has the ULTIMATE AUTHORITY over
other people in order to ESTABLISH A LAW
Sovereignty is the SUPREME AUTHORITY within a TERRITORY
In political theory, sovereignty is a SUBSTANTIVE TERM
designating SUPREME LEGITIMATE AUTHORITY
In international law, sovereignty is the Exercise of Power by
A State. De jure sovereignty refers to the legal right to do so;
De facto sovereignty refers to the factual ability to do so.
85. Idea to CONTROL AND GOVERN ACCESS,
Information, Communication, Network, and
Infrastructure in digital realm by international actors
DIGITAL SOVEREIGNTY
Source: Couture, Stephane & Toupin, Sophie. 2019. “What Does the Notion of “Sovereignty”
Mean When Referring to the Digital?”, New Media & Society, 21(10):2305-2322.
88. Cybercrime Legislation Worldwide
United Nations Conference on Trade and Development
154 countries (80 per cent) have enacted CYBERCRIME
LEGISLATION
EUROPE has the HIGHEST ADOPTION RATE (93 per cent)
and ASIA and the Pacific the LOWEST (55 per cent)
Evolving cybercrime landscape and resulting skills gaps are a
SIGNIFICANT CHALLENGE for LAW ENFORCEMENT AGENCIES
and prosecutors, especially for cross-border enforcement
92. Cybercrime Legislation Worldwide
In the federal level, U.S. has three fundamental regulations
enacted in HIPAA (1996), Gramm-Leach-Billey Act (1999), and
Homeland Security Act (2002)
93. Cybercrime Legislation Worldwide
In the federal level, U.S. has three fundamental regulations
enacted in HIPAA (1996), Gramm-Leach-Billey Act (1999), and
Homeland Security Act (2002)
The Gramm-Leach-Bliley Act requires financial
institutions – companies that offer consumers
financial products to explain their information-
sharing practices to their customers and to
safeguard sensitive data
94. Cybercrime Legislation Worldwide
In the federal level, U.S. has three fundamental regulations
enacted in HIPAA (1996), Gramm-Leach-Billey Act (1999), and
Homeland Security Act (2002)
Prevent terrorist attacks within the United
States, reduce the vulnerability to terrorism, and
minimize damage and assist in recovery for
terrorist attacks
96. Cybercrime Legislation Worldwide
In RUSSIA, the federal authority adopted the Russian Federal
Law on Personal Data no. 152 FZ since 2006
Russia controversially stipulates SECURITY concern as a
priority over PRIVACY RIGHTS and the U.S. have a
similar problem since Snowden‖s issue rise into public
attention
Source: Kittichaisaree, Kriangsak. 2017. Public International Law of Cyberspace. New York:
Springer.
97. Cybercrime Legislation Worldwide
Malaysia does not have a standalone cyber act or bill in
which it creates room for deep state‖ intervention to citizen‖s
data (ICLG, 2019).
INDONESIA is in worse condition–its proposed law on
cybersecurity was postponed to be adopted due to massive
student demonstrations in 2019 caused by human rights
concerns
Source : ICLG. 2019. Cybersecurity Laws and Regulations: Malaysia. https://iclg.com/practice-areas/cybersecurity-laws-
andregulations/malaysia and Jakarta Globe. 2019. Cybersecurity Bill Postponed Until Houses Next Term.
https://jakartaglobe.id/context/cybersecurity-bill-postponed-until-houses-next-term/
98.
99. BUDAPEST CONVENTION is claimed to be the only
international treaty on cyberspace
Convention on Cybercrime of the Council of Europe (CETS
No.185), known as the Budapest Convention, is the only
binding international instrument on this issue
Cybercrime Legislation Worldwide
Source: https://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/185
100. Serves as a GUIDELINE for any country developing
comprehensive national legislation against Cybercrime and as
a framework for international cooperation between State
Parties to this treaty
The Budapest Convention is supplemented by a Protocol on
Xenophobia and Racism committed through computer
systems
Cybercrime Legislation Worldwide
Source: https://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/189
101. Serves as a GUIDELINE for any country developing
comprehensive national legislation against Cybercrime and as
a framework for international cooperation between State
Parties to this treaty
The Budapest Convention is supplemented by a Protocol on
Xenophobia and Racism committed through computer
systems
Cybercrime Legislation Worldwide
Source: https://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/189
Refers to the fear or hatred of that which is perceived
to be foreign or strange.
105. "They are the founder members,
they will make the law and they will
change the law. We can become a
member but we cannot participate
in making or changing the law,”
https://www.outlookindia.com/newsscroll/india-cant-be-guest-member-of-eu-budapest-
convention-dr-gulshan-rai/1373827
114. “Complexities & challenges of international law on
cyberspace are increasingly deprived by recent trend on
DIGITAL SOVEREIGNTY INTERPRETATIONS”
COMPLEXITIES & CHALLENGES OF INTERNATIONAL LAW
Source: https://www.e-ir.info/2020/03/14/international-law-on-cyber-security-in-the-age-of-
digital-sovereignty/
115. COMPLEXITIES & CHALLENGES OF INTERNATIONAL LAW
Source: https://www.e-ir.info/2020/03/14/international-law-on-cyber-security-in-the-age-of-
digital-sovereignty/
In recent years, this idea has been gaining traction because of
three historical conjunctures in cyberspace: China and Russia
cyber alliance on digital sovereignty; Snowden and Wikileaks
cases; and the rise of GAFA
116. COMPLEXITIES & CHALLENGES OF INTERNATIONAL LAW
Source: https://www.e-ir.info/2020/03/14/international-law-on-cyber-security-in-the-age-of-
digital-sovereignty/
In recent years, this idea has been gaining traction because of
three historical conjunctures in cyberspace: China and Russia
cyber alliance on digital sovereignty; Snowden and Wikileaks
cases; and the rise of GAFA
118. CHINA AND RUSSIA CYBER ALLIANCE ON DIGITAL
SOVEREIGNTY
Source: https://theglobalobservatory.org/2016/12/russia-china-digital-sovereignty-shanghai-cooperation-
organization/
119. CHINA AND RUSSIA CYBER ALLIANCE ON DIGITAL
SOVEREIGNTY
Source: https://theglobalobservatory.org/2016/12/russia-china-digital-sovereignty-shanghai-cooperation-
organization/
Officials and high-profile media figures from Russia and China
met in Guangzhou for the first ever CHINA-RUSSIA INTERNET
MEDIA FORUM in October 2016
Discussions in detail about the countries‖ overlapping
cybersecurity concerns
Speakers congratulated each other and planned their
collective effort to combat attempts by “Western
mainstream media” to control the informational space
120. CHINA AND RUSSIA CYBER ALLIANCE ON DIGITAL
SOVEREIGNTY
Source: https://theglobalobservatory.org/2016/12/russia-china-digital-sovereignty-shanghai-cooperation-
organization/
Substantial degree of collaboration was formalized in the context of
heightened Russo-Chinese cooperation with signing of an agreement on
CYBERSECURITY COOPERATION PROVISIONS that primarily included to
limit the use of informational technology designed “to interfere in the
internal affairs of states; undermine SOVEREIGNTY, POLITICAL, ECONOMIC
and SOCIAL STABILITY; [and] DISTURB PUBLIC ORDER”
121. CHINA AND RUSSIA CYBER ALLIANCE ON DIGITAL
SOVEREIGNTY
Source: https://theglobalobservatory.org/2016/12/russia-china-digital-sovereignty-shanghai-cooperation-
organization/
Russian cybersecurity company Kaspersky Labs
reporting 194 Chinese cyberattacks in the first seven months —
compared to just 72 in 2015. These attacks targeted Russian
government agencies, the defense and aerospace industries,
and nuclear technology companies. And they‖re probably
UNDERREPORTED: A Kaspersky Labs spokesperson told that
only around 10% of their corporate clients exchange data
related to hacks with their security network.
122. CHINA AND RUSSIA CYBER ALLIANCE ON DIGITAL
SOVEREIGNTY
Source: https://theglobalobservatory.org/2016/12/russia-china-digital-sovereignty-shanghai-cooperation-
organization/
“Despite the attacks, Russia and China have continued their
cybersecurity cooperation, at least publicly. As per Russian
Deputy Minister of Foreign Affairs , representatives of this
ministry and intelligence services hold consultations with
Chinese officials on cybersecurity issues twice a year. Still,
these exchanges do not amount to substantive agreements.”
123. CHINA AND RUSSIA CYBER ALLIANCE ON DIGITAL
SOVEREIGNTY
Russia seems impressed!!!!!
131. The STRONG Chinese HOLD : GFWC
DEEP PACKET INSPECTION: Advanced method of examining
and managing network traffic. It is a form of packet filtering
that locates, identifies, classifies, reroutes or blocks packets
with specific data or code payloads that conventional packet
filtering, which examines only packet headers, cannot detect
132. Chinese government uses Deep Packet Inspection to monitor
and censor network traffic and content that it claims is
harmful to Chinese citizens or state interests. This material
includes pornography, information on religion, and political
dissent
The STRONG Chinese HOLD : GFWC
Source: https://en.wikipedia.org/wiki/Deep_packet_inspection
Chinese network ISPs use DPI to see if there is any
sensitive keyword going through their network. If so,
the connection will be cut. People within China often
find themselves blocked while accessing Web sites
containing content related to Taiwanese and Tibetan
independence
133.
134. Is a Chinese Internet meme created as a mocking
protest against Internet censorship and the Great
Firewall and means literally "fuck your mother“
GRASS MUD HORSE
It has become an Internet chat forum cult
phenomenon in China and has garnered
worldwide press attention, with videos, cartoons
and merchandise of the animal
Source: https://en.wikipedia.org/wiki/Grass_Mud_Horse
135. CHINA AND RUSSIA CYBER ALLIANCE ON DIGITAL
SOVEREIGNTY
Source: https://theglobalobservatory.org/2016/12/russia-china-digital-sovereignty-shanghai-cooperation-
organization/
Rather than an alliance, Russia and China have a marriage of convenience that
reflects a shared priority: REGIME STABILITY
Note: Given Russian hostility to consumer encryption, these tools are likely to be particularly
attractive to the state
Russia mentions that efforts at monitoring by china at deep packet
inspection are well-established in Chinese internet infrastructure, and have
thus received a great deal of attention in Russia. Also China has employed
effectively to bypass encryption efforts, may be receiving similar attention
among officials in the Russian government.
On the Russian side, this amounts in part to envy of China‖s near-
comprehensive control of national cyberspace.
141. SNOWDEN & ASSANGE
Manning was convicted by US military court of
multiple offences under the US Espionage Act and
sentenced to 35 years‖ imprisonment 2010 onwards
until 2017 when her sentence was commuted
There after…suicide attempts, gender change etc and
In out In Out In Out …..continues
Source:
www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwiRvNz86KXwAhUlyzgGHc9dBDQQFjAAegQIBRAD&url=https%3A%2F%2Fwww.
aph.gov.au%2FDocumentStore.ashx%3Fid%3Db52d9a86-9d30-4029-9168-4c429289cb6e%26subId%3D668365&usg=AOvVaw2mOCX2hF_X0dje4WPreixn
157. Cybercrime Legislation Worldwide
Cyber Law of Antigua and Barbuda
The Electronic Crimes Act 2013 penalizes several cyber
crimes including unauthorized access, identify theft,
electronic forgery, electronic fraud, misuse of encryption,
child pornography, electronic terrorism, false websites &
spam
The Electronic Crimes Act 2013 also enables
mobile phone tracking in emergencies
Source: https://www.asianlaws.org/blog/the-ultimate-guide-to-global-cyber-laws/
158. Cybercrime Legislation Worldwide
Cyber Law of Australia
Australia has a VERY MATURE CYBER LAW ECOSYSTEM comprising
several Acts and Regulations
The Cybercrime Act 2001 was enacted by the Parliament of
Australia primarily to amend the LAW RELATING TO
COMPUTER OFFENCES
The Criminal Code Act 1995 penalizes Unauthorised access, modification
or impairment; with intent to commit a serious offence; Unauthorised
access or modification of restricted data; and Possession of hacking
tools
The Mutual Assistance in Criminal Matters Act 1987 allows for
international assistance in criminal matters to be provided and
obtained by Australia
Source: https://www.asianlaws.org/blog/the-ultimate-guide-to-global-cyber-laws/
159. Cybercrime Legislation Worldwide
The Spam Act 2003 sets up a scheme for REGULATING
COMMERCIAL EMAIL and other types of commercial
electronic messages
Cyber Law of Australia
The Enhancing Online Safety Act 2015 establishes an eSafety
Commissioner and contains provisions relating to CYBER BULLYING
The Extradition (Cybercrime) Regulation 2013 read in conjunction
with section 5 of the Extradition Act 1988, DEFINES EXTRADITION
COUNTRIES
The Privacy Act 1998 sets up a scheme for notification of eligible
data breaches
Source: https://www.asianlaws.org/blog/the-ultimate-guide-to-global-cyber-laws/
160. Cybercrime Legislation Worldwide
The Telecommunications Act 1997 sets up a system for regulating tele-
communications. The Telecommunications (Interception and Access) Act 1979
establishes a system of preserving certain stored communications that are
held by a carrier. The purpose of the preservation is TO PREVENT THE
COMMUNICATIONS FROM BEING DESTROYED before they can be accessed
under certain warrants issued under the Act
Cyber Law of Australia
161. Cybercrime Legislation Worldwide
Cyber Law of Australia
Source: https://ciso.economictimes.indiatimes.com/news/australia-passes-cyber-
snooping-laws-with-global-implications/66983214
SYDNEY: Australia Thursday
passed controversial laws
allowing spies and police to
snoop on the encrypted
communications of
suspected terrorists and
criminals, as experts
warned the "unprecedented
powers" had far-reaching
implications for global
cybersecurity. There has
been extensive debate
about the laws and their
reach beyond Australia's
shores in what is seen as
the latest salvo between
global governments and
tech firms over national
security and privacy.
162. Cybercrime Legislation Worldwide
Cyber Law of Australia
Source: https://theconversation.com/a-state-actor-has-targeted-australian-political-
parties-but-that-shouldnt-surprise-us-111997
“ The Australian political digital infrastructure is a target in an ongoing nation
state cyber competition which falls just below the threshold of open conflict “
Cyber power states capable of adopting “sophisticated”
measures might include the United States, Israel, Russia,
perhaps Iran and North Korea. Suspicion currently falls on
China.
163. Asia-Pacific Economic Cooperation (APEC), an international forum that
seeks to promote promoting open trade and practical economic
cooperation in the Asia-Pacific Region. In 2002, APEC issued Cybersecurity
Strategy which is included in the Shanghai Declaration. The strategy
outlined six areas for co-operation among member economies including
legal developments, information sharing and co-operation, security and
technical guidelines, public awareness, and training and education
Cybercrime Legislation Worldwide
https://en.wikipedia.org/wiki/International_cybercrime
164. Cybercrime Legislation Worldwide
https://en.wikipedia.org/wiki/International_cybercrime
The Organisation for Economic Co-operation and
Development (OECD) is an international economic
organisation of 34 countries founded in 1961 to stimulate
economic progress and world trade
In 1990, the Information, Computer and Communications Policy (ICCP) Committee
created an Expert Group to develop a set of guidelines for information security
that was drafted until 1992 and then adopted by the OECD Council. In 2002, OECD
announced the completion of "Guidelines for the Security of Information
Systems and Networks: Towards a Culture of Security"
165. Cybercrime Legislation Worldwide
https://en.wikipedia.org/wiki/International_cybercrime
The Economic Community of West African States (ECOWAS) is a regional
group of west African Countries founded in 1975 it has fifteen member
states. In 2009, ECOWAS adopted the Directive on Fighting Cybercrime in
ECOWAS that provides a legal framework for the member states, which
includes substantive criminal law as well as procedural law
166. LONDON ACTION PLAN
Cybercrime Legislation Worldwide
https://en.wikipedia.org/wiki/International_cybercrime
London Action Plan is a scheme to endorse worldwide spam enforcement
cooperation and address unnecessary email-related problems, such as
online fraud and deception, phishing, and distribution of internet viruses
On October 11, 2004, government and communal agencies
from 27 nations accountable for implementing rules in
relation to SPAM met in London to talk about global spam
enforcement assistance. At this gathering, a wide range of
spam enforcement organizations convened to chat about
international spam enforcement cooperation
169. Cybercrime Legislation Worldwide
Cyber Law of the Commonwealth
The Commonwealth of Nations is a sui generis political
association of 53 member states, nearly all of them former
territories of the British Empire
170. The European Union (EU) is a political and economic union of
28 member states – Austria, Belgium, Bulgaria, Croatia,
Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland,
France, Germany, Greece, Hungary, Ireland, Italy, Latvia,
Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal,
Romania, Slovakia, Slovenia, Spain, Sweden and the UK
Cybercrime Legislation Worldwide
Cyber Law of Council of Europe
Source: https://www.asianlaws.org/blog/the-ultimate-guide-to-global-cyber-laws/
171. Cooperation Council consisting Bahrain, Kuwait, Oman, Qatar, Saudi
Arabia, and the United Arab Emirates
Cyber Law of GCC countries
Cybercrime Legislation Worldwide
The purpose of the Arab Convention on Combating Information
Technology Offences is to enhance and strengthen cooperation between
the Arab States in the area of combating information technology offences
Source: https://www.asianlaws.org/blog/the-ultimate-guide-to-global-cyber-laws/
172. The United Nations is an international organization
founded in 1945 and is currently made up of 193
Member States.
Cyber Law of United Nations
Cybercrime Legislation Worldwide
178. Cybercrime Legislation Worldwide
Consists of 19 hypothetical scenarios that contain a description
of cyber incidents inspired by real-world examples,
accompanied by DETAILED LEGAL ANALYSIS
The Cyber Law Toolkit is a dynamic interactive
web-based resource for legal professionals who
work with matters at the intersection of
international law and cyber operations
179. Cybercrime Legislation Worldwide
Aim of the ANALYSIS is to examine the
applicability of international law to the
scenarios and the issues they raise
Product of a yearlong project supported by the UK Economic
and Social Research Council. Partner institutions include the
University of Exeter, NATO Cooperative Cyber Defence Centre
of Excellence (CCDCOE), and the Czech National Cyber and
Information Security Agency (NCISA)
183. “The International Cyber Law Project is an online reference
tool that maps the cybersecurity policies of countries globally.
Launched this year by the United States Chamber of
Commerce, the tool helps sort through the cyber laws of
countries around the world.”
Cybercrime Legislation Worldwide
Source: https://www.meritalk.com/articles/international-cyber-law-project-launched/
184. The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks have
been designed by the U.S. Department of Commerce, European
Commission and Swiss Administration to provide companies on
both sides of the Atlantic with a mechanism to comply with
data protection requirements when transferring personal data
from the European Union and Switzerland to the United States
in support of transatlantic commerce
Cybercrime Legislation Worldwide
185. On July 16, 2020, the Court of Justice of the European Union issued
a judgment declaring as “invalid” the European Commission’s
Decision (EU) 2016/1250 of 12 July 2016 on the adequacy of the protection
provided by the EU-U.S. Privacy Shield. As a result of that decision, the EU-
U.S. Privacy Shield Framework is no longer a valid mechanism to comply
with EU data protection requirements when transferring personal data
from the European Union to the United States
Cybercrime Legislation Worldwide
193. Michael N. Schmitt
Version 1: The lawyer authors premised cloud as
something up in the sky, not aware of internet cables
Self confessed by author at
https://www.youtube.com/watch?v=w38HSUlnX6U 26:03
195. FEW EXAMPLES : CHALLENGES IN CLARITY
“….act in a reasonable way to defy threat”
“….will be binding if it is made in good faith”
“….when reasonable then….”
“….when appropriate, it acts…..”
“….when it is inevitable, then…..”
“….it is obvious but under limits…..”
198. Charter of the United Nations: Article 51
Source : https://legal.un.org/repertory/art51.shtml
“Nothing in the present Charter shall impair the inherent right of
individual or collective self-defence if an armed attack occurs
against a Member of the United Nations, until the Security Council
has taken measures necessary to maintain international peace
and security
199. Charter of the United Nations: Article 51
Source : https://legal.un.org/repertory/art51.shtml
“Nothing in the present Charter shall impair the inherent right of
individual or collective self-defence if an armed attack occurs
against a Member of the United Nations, until the Security Council
has taken measures necessary to maintain international peace
and security
200. TALLINN MANUAL 1.0
As per Schmitt, the group for Tallinn manual
Version 1.0 came up in 14 seconds as per
knowledge CENTRAL to him that mostly
included his own peers, friends and extended
friends
203. INTERNATIONAL LAWS ON CYBER SPACE : CHALLENGES
“Whatever you agree to or propose in the
policy/rule/standard , do not agree/propose to anything
that might strike at your state in future circumstances”
“BIND every CONCEIVABLE ADVERSARY as hard as you
can”
204. INTERNATIONAL LAWS ON CYBER SPACE : CHALLENGES
ABSENCE of effective international legal instruments on
cyberspace has largely been discussed in theoretical and
policy-making debates as the complexities in cyberspace
render difficult for actors to come into agreements, let alone
making agreeable binding law
205. INTERNATIONAL LAWS ON CYBER SPACE : CHALLENGES
Those who insist that cyberspace should remain a FREE and
DIFFUSED DOMAIN
STATES must take more influential roles in formulating
international law on cyberspace
3
Importance of THE INTERNATIONAL INSTITUTION and rule-
based multilateralism in managing cyberspace
206. INTERNATIONAL LAWS ON CYBER SPACE : CHALLENGES
International actors have not come into agreement
on the status of cyberspace whether it is global
commons, belongs to physical states‖ territory, or
based on their national origins
Source: Liaropoulos, Andrew. 2017. “Cyberspace Governance and State Sovereignty”, in Democracy and an Open-Economy
World Order, ed. George Bitros & Nicholas Kyriazis. Cham: Springer.
As a result, it creates MAJOR CHALLENGES to
determine JURISDICTION of international cyber
law until today
207. INTERNATIONAL LAWS ON CYBER SPACE : CHALLENGES
Further COMPLICATED by the fact that in the past few years
several international actors, mostly state actors, promote the
idea of DIGITAL SOVEREIGNTY to promote their interest to
take back control on information, communication, data, and
infrastructure related to the internet
Source: Gueham, Farid. 2017. Digital Sovereignty – Steps Towards a New System of Internet
Governance. Paris: Fondapol
Consequently, this creates harder
challenges on possible future international law on
CYBERSECURITY
208. INTERNATIONAL LAWS ON CYBER SPACE : CHALLENGES
When does STATE SPONSORSHIP of NON-
STATE CYBER OPERATIONS result in the two
states being “at war”?
210. Cyber attacks on the US banking sector have been attributed
primarily to the Izz ad-Din al-Qassam Cyber Fighters, a group
that launched them in response to the YouTube release of the
movie “Innocence of Muslims” and its alleged insult to the
Prophet Mohammed. Whether the Iranian government played
a part, and if so how, REMAINS UNCERTAIN.
Source: Ellen Nakashima, “Iran Blamed for Cyberattacks on US Banks and Companies,” The Washington Post, September 21,
2012, l; Jeb Boone,“WhoAre the Izz Ad-Din Al-Qassam Cyber Fighters?” GlobalPost, November 9, 2012,
http://www.globalpost.com/dispatches/globalpost-blogs/thegrid/who-are-the-izz-ad-din-al-qassam-cyberfighters
INTERNATIONAL LAWS ON CYBER SPACE : CHALLENGES
211. “A state agent hacks into a computer belonging to a private company
in another state in order to extract a ransom. The control and authority
over the computer are with the private company that owns the computer.
The computer and its contents have no relationship with the state‖s
exercise of its powers save for such purposes as criminal law
enforcement. As per xxx Law, a state‖s inherently sovereign powers
relate to areas over which a state has exclusive control, including state
infrastructure, rather than private citizens. If this is correct, such cyber
activity would not violate the independent powers of the state in which
the computer is located and neither could the activity be construed
as intervention, regardless of whether it is coercive”
INTERNATIONAL LAWS ON CYBER SPACE : CHALLENGES
PLEASE BEAR WITH LONG TEXT
Source: https://www.chathamhouse.org/2019/12/application-international-law-state-cyberattacks/4-application-law-case-studies
212. INTERNATIONAL LAWS ON CYBER SPACE : CHALLENGES
A state agent remotely shuts down the operation of a dominant internet
platform provider (such as Facebook) in another state, such that the entire
population of the latter state is unable to access the platform for three
days. On the basis of the above, only if the shutting down of the company
had a direct effect on the territorial state‖s exercise of its inherently
sovereign functions. Would the state-sponsored cyber activities constitute
a violation of the territorial state‖s sovereignty? If, for example, the
platform provider operated a portal on which a significant proportion
of the population were exclusively dependent to submit welfare claims,
that could be regarded as constituting a violation of sovereignty and the
non-intervention principle.
PLEASE BEAR WITH LONG TEXT
Source: https://www.chathamhouse.org/2019/12/application-international-law-state-cyberattacks/4-application-law-case-studies
213. INTERNATIONAL LAWS ON CYBER SPACE : CHALLENGES
PLEASE BEAR WITH LONG TEXT
“In 2014, the Sands Casino in the US suffered a cyberattack, which
is suspected to have been carried out by Iran. Notwithstanding the
extensive damage done to the operation (including the wiping of hard
drives and permanent erasure of a vast quantity of essential data), the
US did not frame the operation as a violation of international law; the FBI
investigated it in conjunction with local state police, but no further action
was taken”
This kind of activity WOULD BE A CRIMINAL ACT UNDER THE DOMESTIC
LAW of almost any country..but then international cyber space…???!!!!!
Source: https://www.chathamhouse.org/2019/12/application-international-law-state-cyberattacks/4-application-law-case-studies
214. INTERNATIONAL LAWS ON CYBER SPACE : CHALLENGES
In November 2014 , Sony PicturesSony‖s US affiliate was
hacked and confidential data extracted from its servers,
followed by the release of a huge quantity of personal data
More than 70 per cent of Sony‖s
computers were rendered inoperable
by the malware
Evidence suggests that the motive for the attack was
to persuade Sony not to release a film (―The Interview‖)
about North Korea, to which North Korea objected
Source: https://www.chathamhouse.org/2019/12/application-international-law-state-cyberattacks/4-application-law-case-studies
215. INTERNATIONAL LAWS ON CYBER SPACE : CHALLENGES
The US attributed the cyberattack to North Korea
Incident constitutes an exercise of law enforcement power on the part
of North Korea (assuming that criticizing North Korea‖s leader, Kim Jong-
un, is a criminal offence)
That would fit the definition of violation of sovereignty used above
Secretary of State said that the hack ―violated international norms but NO
ACTION except few sanctions effected and criticism of North Korea
Source: https://www.chathamhouse.org/2019/12/application-international-law-state-cyberattacks/4-application-law-case-studies
216. INTERNATIONAL LAWS ON CYBER SPACE : CHALLENGES
https://blogs.icrc.org/law-and-policy/2020/04/02/cyber-attacks-hospitals-covid-19/#_blank
217. INTERNATIONAL LAWS ON CYBER SPACE : CHALLENGES
https://medium.com/digital-diplomacy/the-impact-of-current-challenges-for-international-cyber-law-on-the-future-of-cybersecurity-
e2686f098e4c
218. INTERNATIONAL LAWS ON CYBER SPACE : CHALLENGES
https://www.lawfareblog.com/current-international-law-not-adequate-regime-cyberspace
223. Click, Print, Shoot!
Unimaginable as it may
sound, Cody Wilson, a law
student at the University
of Texas has made it
possible. Wilson created
the world’s first entirely
3d printed gun and named
it “The Liberator” as a
homage to the one-shot
pistols designed to be air-
dropped by the Allies over
France during its Nazi
occupation in World War
II
Cody Wilson
224. Three days after the plans were
released, the United States
Department of State demanded
that IT must retract the plans from
public availability. However, the
plans were downloaded over
100,000 times within those two
days. Later, the design even
appeared on The Pirate Bay and
the plans for the gun remain
available across the internet even
today
INTERNATIONAL LAWS ON CYBER SPACE : CHALLENGES
225. INTERNATIONAL LAWS ON CYBER SPACE : CHALLENGES
“To prove their responsibility requires evidence
of reports received, orders given and how
policies were set.”People with such information
should contact the investigators through secure
means of communication, he added, citing apps
such as Signal or a ProtonMail account.
226. INTERNATIONAL LAWS ON CYBER SPACE : CHALLENGES
Supposedly Iran conducted distributed denial of service campaign in 2011–
13 against the US financial sector which involved a sophisticated, globally
distributed network of compromised computer systems (a botnet),
reaching a cumulative total of 176 days of attacks
Harm sustained by US financial institutions targeted by the
operation ran into tens of millions of dollars
But how it ended up was with certain individuals involved indicted by the
US government in 2016 for attacking critical infrastructure
Source: https://www.chathamhouse.org/2019/12/application-international-law-state-cyberattacks/4-application-law-case-studies
227. A state could use cyber operations to manipulate another country‖s electoral
infrastructure
INTERNATIONAL LAWS ON CYBER SPACE : CHALLENGES
Source: https://www.chathamhouse.org/2019/12/application-international-law-state-cyberattacks/4-application-law-case-studies
For example, a hacking operation that tampers with the election results; changing
the status of voters on the roll so that their vote is listed only as provisional;
or deleting voters‖ names from the electoral roll.
In 2014 cyberattackers accessed the computer of Ukraine‖s Central
Election Commission and changed the result of the presidential election
to show the winner as a far-right candidate
In 2016, the website of Ghana‖s Central Election Commission was hacked and false
results announced from the Commission‖s Twitter account while votes were still
being counted
228. “In response to cyberattacks
on their election
infrastructure, some states
have designated their
electoral infrastructure
as critical national
infrastructure. This brings
electoral infrastructure
within the scope of the
consensus report of the 2015
UN Group of Governmental
Experts”
Source: https://leidensecurityandglobalaffairs.nl/articles/turning-down-the-heat-on-cyber-norms
INTERNATIONAL LAWS ON CYBER SPACE : CHALLENGES
229. States have peddled propaganda in other states for centuries
and advent of the internet has made this further easier. For
example through the use of bots operated from outside the
territory to circulate posts on social media about a particular
electoral candidate without the consent of the target state.
In the non-cyber context, if the information circulated
as propaganda is factual and neutral, such activity is not
considered to be a breach of the non-intervention principle
INTERNATIONAL LAWS ON CYBER SPACE : CHALLENGES
230. INTERNATIONAL LAWS ON CYBER SPACE : CHALLENGES
Source: For an excellent review of State and non-State activities in cyberspace, see Kenneth Geers etal., World War C:
Understanding Nation-State Motives Behind Today’s Advanced Cyber Attacks (Fire-Eye Labs), accessed January 31, 2014,
http://www.fireeye.com/resources/pdfs/fireeye-wwc-report.pdf.
…………….
231. INTERNATIONAL LAWS ON CYBER SPACE : CHALLENGES
While all AGREED that a cyber operation by another state that caused
damage to cyber infrastructure violated the territorial state‖s
sovereignty, whereas mere CYBER MONITORING DID NOT
BUT
DISAGREED over whether PLACING MALWARE INTO CYBER
INFRASTRUCTURE or altering or destroying data qualified as a violation
Experts that drafted the Tallinn Manual struggled with the
application of the principle of sovereignty
232. INTERNATIONAL LAWS ON CYBER SPACE : CHALLENGES
Experts that drafted the Tallinn Manual struggled with the
application of the principle of sovereignty
By this logic,
A cyber operation by State A that alters critical data stored in a
server on State B‖s territory violates State B‖s sovereignty.
BUT
However, if State B stored the same data in State C, State A‖s
operation would only violate State C‖s sovereignty
233. INTERNATIONAL LAWS ON CYBER SPACE : CHALLENGES
Source: https://voelkerrechtsblog.org/the-new-era-of-disinformation-wars/
237. As Russia operates in this GRAY ZONE which does
not have clear laws established they get two
advantages:
238. As Russia operates in this GRAY ZONE which does
not have clear laws established they get two
advantages:
Firstly : Makes it hard globally to condemn and
blame them DIRECTLY, also a GLOBAL CONSENSUS is
NOT reached to conclude that what they have done
is wrong
239. As Russia operates in this GRAY ZONE which does
not have clear laws established they get two
advantages:
Firstly : Makes it hard globally to condemn and
blame them DIRECTLY, also a GLOBAL CONSENSUS is
NOT reached to conclude that what they have done
is wrong
Secondly, it COMPLICATES the RESPONSE option i.e.
no legal frames
240.
241. Democratic National Committee cyber attacks took
place in 2015 and 2016, in which Russian computer
hackers infiltrated the Democratic National
Committee (DNC) computer network, leading to a
data breach
Cybersecurity EXPERTS, as well as the U.S.
government, determined that the cyberespionage
was the WORK OF RUSSIAN INTELLIGENCE agencies
242. On December 9, 2016, CIA concluded Russia
conducted the cyberattacks and other
operations during the 2016 U.S. election to
ASSIST DONALD TRUMP in winning the
presidency
Multiple U.S. intelligence agencies
CONCLUDED that Russian government
provided WikiLeaks with the stolen
emails from the DNC, as well as stolen
emails from Hillary Clinton
243. So proven on one side
technically that this is violation
of US SOVEREIGNITY
But then it lacked clarity as per
Russian side, so US could only
EXPEL DIPLOMATS and IMPOSE
SANCTIONS
244. So as per Schmitt, RUSSIA likes Gray Areas to
operate in
245. CYBERSPACE Anonymity
RELATIVE ANONYMITY of the Internet allows for a near
perfect deniability, as was the case in Estonia
All one has to do is either originate the attack
from or ROUTE the traffic through a country
that is not willing to cooperate
Makes it almost IMPOSSIBLE to bring the attackers to JUSTICE,
especially when considering the lack of common international
legal grounds for these new types of attacks and conflicts
246.
247.
248.
249.
250.
251.
252.
253.
254.
255.
256.
257.
258.
259.
260.
261.
262.
263.
264.
265.
266.
267.
268.
269.
270.
271.
272.
273. “Ultimately, Tallinn Manual 2.0 must be understood only
as an expression of the opinions of the two
International Groups of Experts as to the state of the
law. This Manual is meant to be a reflection of the law
as it existed at the point of Manual’s adoption by the
two International Groups of Expert in June 2016. In is
not a „best practices‟ guide, does not represent
„progressive development of the law‟, and is policy and
politics-neutral. In other words, Tallinn Manual 2.0 is
intended as an objective restatement of the lex lata”
TALLINN MANUAL 2.0
Lex lata (also called de lege lata) is a Latin expression that means "the law as it exists"
274. The first Tallinn Manual dealt with the law applicable
to armed conflict
and
The second deals with a much broader type of cyber
operations—those both in and out of armed conflict
TALLINN MANUAL 1.0 vs 2.0
275. TALLINN MANUAL: EXPERT GROUPS
The first group included the law of armed conflict (LOAC)
experts primarily from the Western Hemisphere. In
response to criticism, the international group of experts for
Tallinn 2.0 was broader both in origin (including members
from Thailand, Japan, China, and Belarus) and substantive
expertise (including experts in human rights, space law,
and international telecommunications law)
276. Also, the Manual is divided into FOUR PARTS
Part one deals with general international law and cyberspace.
The second part covers specialized regimes of international law and
cyberspace.
Third concerns international peace and security and cyber activities
are highlighted, which is drawn mostly from Tallinn 1.0.
The last part is the rest of Tallinn 1.0 and applies to the law of cyber
armed conflict.
TALLINN MANUAL: EXPERT GROUPS
The International Committee of the Red Cross (ICRC) was
invited to send observers to both groups, as were other states
and organizations
277. In many cases, its panel of drafters was
unable to reach a consensus, illustrating the
complexities that still haunt the cyber world.
TALLINN MANUAL: EXPERT GROUPS
278. It finds that its panelists “were incapable of
achieving consensus as to whether remote
cyber espionage reaching a particular
threshold of severity violates international
law
TALLINN MANUAL: EXPERT GROUPS
279. RULE NINE establishes that the mere fact alone that a cyberattack
originates in a state’s territory and that a cyberattack is routed through a
state’s cyber infrastructure is NOT ENOUGH to attribute that attack to the
state in question. Therefore, rule nine regulates a victimized state‖s
potential countermeasures to a cyber operation.
TALLINN MANUAL: EXPERT GROUPS
Countermeasures to a CYBER OPERATION
280. RULE NINE establishes that the mere fact alone that a cyberattack
originates in a state’s territory and that a cyberattack is routed through a
state’s cyber infrastructure is NOT ENOUGH to attribute that attack to the
state in question. Therefore, rule nine regulates a victimized state‖s
potential countermeasures to a cyber operation.
“[a] State injured by an internationally wrongful act may resort to
proportionate countermeasures, including cyber countermeasures,
against the responsible State.”
TALLINN MANUAL: EXPERT GROUPS
Countermeasures to a CYBER OPERATION
281. Protection of the PoW in the CYBER ERA
TALLINN MANUAL: EXPERT GROUPS
“Prohibited cyber actions include posting defamatory information that
reveals embarrassing or derogatory information or their emotional state.
This would embrace, for example, posting information or images on the
Internet that could be demeaning or that could subject prisoners of war or
interned protected persons to public ridicule or public curiosity… guard
against intrusion by public and private actors into the communications,
financial assets, or electronic records of prisoners of war or interned
protected persons.”
Experts interpret traditional Geneva Convention protections for
prisoners of war in the cyber era
Source: Tallinn Manual 2.0 page 522
282. “Though both the Manuals are non-binding instruments, the
Group of International Experts claimed that they reflected the
lex lata applicable to cyber operations. However, this claim is
questionable due to the dominating role of a few Western
states in the drafting process and the linked neglect of the
practice of “affected states” in cyber operations”
TALLINN MANUAL: EXPERT GROUPS
Source:
https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwjMtO2QsaXwAhXOfH0KHaxv
BUcQFjAFegQICxAD&url=https%3A%2F%2Fjournals.muni.cz%2Fmujlt%2Farticle%2Fdownload%2F11810%2F10665&usg=AOvVa
w3Gi6biqps0IhNUez2Aimzo
283. Criticism in the previous efforts was many states felt sidelined as their
viewpoints were not taken into consideration. Therefore, many experts
suggest that we NEED A TALLINN MANUAL 3.0, taking into account the
private interests and the interests of the Non-NATO member states from a
much broader spectrum
Do we need a Tallinn Manual 3.0?
Another challenge highlighted in the previous capacity building effort was that
“the states didn‖t want anyone to tell them what to do in the cyberspace.”
They want to leverage the cyberspace to fight a proxy war. Therefore, Tallinn
Manual 3.0 must be made with defined mechanisms of accountability, and all
the ambiguities must be addressed. Also, it must take into account incidents of
cyber-espionage and deem the act wrongful
Source: https://medium.com/@cyberdiplomacy/tallinn-manual-a-brief-review-of-the-international-law-applicable-to-cyber-
operations-5643c886d9e2
284. Do we need a Tallinn Manual 3.0?
Source: https://ccdcoe.org/news/2020/ccdcoe-to-host-the-tallinn-manual-3-0-process/
“The CCDCOE has committed to host a project to revise and
expand the influential Tallinn Manual 2.0 on International Law
Applicable to Cyber Operations. The comprehensive 2017
edition will be updated in the light of emerging State
practice.”
286. The Paris Call for Trust and Security in Cyberspace of 12
November 2018 is a call to come together to face the new
threats endangering citizens and infrastructure
Based around nine common principles to secure
cyberspace, which act as many areas for discussion
and action
287. The Paris Call invites all cyberspace actors to
work together and encourage States to
cooperate with private sector partners, the
world of research and civil society
The supporters of the Paris Call commit to working
together to adopt responsible behavior and
implement within cyberspace the fundamental
principles which apply in the physical world
288.
289.
290.
291.
292.
293. LOT‖s of efforts taking place globally but CONSENSUS missing
among all..(and consensus seems in DISAGREEMENT)
All efforts in ISOLATION while least ISOLATION efforts
expected
REALISATIONS AND STATE
SERIOUS TRANSPARENT efforts required for true realisation of
global cyber hygiene..(…but seems IMPOSSIBLE given the complexities of cyberspace)
GLOBAL COMMONS criteria for CYBER SPACE
A term typically used to describe international, supranational,
and global resource domains in which common-pool
resources are found. Global commons include the earth's
shared natural resources, such as the high oceans, the
atmosphere and outer space and the Antarctic in particular.