Control and capabilities test: Toward a new lex specialis governing state responsibility for third party cyber incidents

2017 9th International Conference on Cyber Conflict (CyCon) Pub Date : 2017-05-01 DOI:10.23919/CYCON.2017.8240334

P. Stockburger

{"title":"Control and capabilities test: Toward a new lex specialis governing state responsibility for third party cyber incidents","authors":"P. Stockburger","doi":"10.23919/CYCON.2017.8240334","DOIUrl":null,"url":null,"abstract":"It is well accepted under international law that a State is generally responsible for the internationally wrongful acts of its de jure and de facto State organs. It is equally well accepted that a State is generally responsible for the internationally wrongful acts of non-State actors who are neither de jure nor de facto State organs if the State sufficiently directs and controls each element of the internationally wrongful act committed by the non-State actor. This general rule, known as the “effective control” test, is recognized as the lex generalis governing imputed State responsibility for the unlawful actions of non-State actors. As the lex generalis, this principle does not vary with the nature of the wrongful act in question unless there is a clearly expressed lex specialis. Based on a review of State practice since 2014, there is, in fact, a lex specialis forming that would allow for imputed State responsibility for the internationally wrongful cyber operations of non-State actors even in the absence of evidence demonstrating “effective control.” Specifically, a review of State practice since 2014 reveals that States have attributed the unlawful cyber operations of non-State actors to States, publicly, even in the absence of evidence demonstrating clear State direction and control. States have instead applied what this paper calls the “control and capabilities” test, examining a multitude of factors to determine State responsibility, including: (1) the relationship between the non-State actor and the State, if any; (2) any apparent influence the State exercises over the non-State actor; (3) the methods used by the non-State actor; (4) the motivations of the two parties, if known; (5) whether the two parties use similar code; (6) technical capabilities; and (7) geographic location. This new attribution model, if risen to the level of customary international law as the lex specialis, would represent a dramatic shift in the law of State responsibility and would supplant the lex generalis “effective control” test in the context of imputed State responsibility for the unlawful cyber operations of non-State actors.","PeriodicalId":423770,"journal":{"name":"2017 9th International Conference on Cyber Conflict (CyCon)","volume":"78 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 9th International Conference on Cyber Conflict (CyCon)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23919/CYCON.2017.8240334","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

It is well accepted under international law that a State is generally responsible for the internationally wrongful acts of its de jure and de facto State organs. It is equally well accepted that a State is generally responsible for the internationally wrongful acts of non-State actors who are neither de jure nor de facto State organs if the State sufficiently directs and controls each element of the internationally wrongful act committed by the non-State actor. This general rule, known as the “effective control” test, is recognized as the lex generalis governing imputed State responsibility for the unlawful actions of non-State actors. As the lex generalis, this principle does not vary with the nature of the wrongful act in question unless there is a clearly expressed lex specialis. Based on a review of State practice since 2014, there is, in fact, a lex specialis forming that would allow for imputed State responsibility for the internationally wrongful cyber operations of non-State actors even in the absence of evidence demonstrating “effective control.” Specifically, a review of State practice since 2014 reveals that States have attributed the unlawful cyber operations of non-State actors to States, publicly, even in the absence of evidence demonstrating clear State direction and control. States have instead applied what this paper calls the “control and capabilities” test, examining a multitude of factors to determine State responsibility, including: (1) the relationship between the non-State actor and the State, if any; (2) any apparent influence the State exercises over the non-State actor; (3) the methods used by the non-State actor; (4) the motivations of the two parties, if known; (5) whether the two parties use similar code; (6) technical capabilities; and (7) geographic location. This new attribution model, if risen to the level of customary international law as the lex specialis, would represent a dramatic shift in the law of State responsibility and would supplant the lex generalis “effective control” test in the context of imputed State responsibility for the unlawful cyber operations of non-State actors.

查看原文本刊更多论文

控制和能力测试:建立新的专门法律来管理国家对第三方网络事件的责任

国际法普遍认为，一个国家一般要对其法律上和事实上的国家机关的国际不法行为负责。人们同样普遍接受的是，如果一个国家充分指导和控制非国家行为者所犯国际不法行为的每一个要素，那么它一般要对非国家行为者在法律上或事实上都不是国家机关的国际不法行为负责。这一被称为“有效控制”检验的一般规则被认为是关于非国家行为者非法行为应归责的国家责任的一般法。作为一般法，除非有明确表达的特别法，否则这一原则不会随所涉不法行为的性质而变化。根据对2014年以来国家实践的审查，事实上，正在形成一种专门法，即使在没有证据表明“有效控制”的情况下，也允许对非国家行为者的国际不法网络行动追究国家责任。具体而言，对2014年以来国家实践的审查表明，即使在没有证据表明国家明确指导和控制的情况下，国家也公开将非国家行为者的非法网络行动归咎于国家。相反，各国采用了本文所称的“控制和能力”检验标准，审查确定国家责任的众多因素，包括:(1)非国家行为者与国家之间的关系(如果有的话);(2)国家对非国家行为者施加的任何明显影响;(3)非国家行为者使用的方法;(四)双方当事人的动机，如果知道的话;(五)双方是否使用类似代码;(六)技术能力;(7)地理位置。这种新的归因模式，如果上升到习惯国际法的水平，成为专门法，将代表国家责任法的重大转变，并将在非国家行为者非法网络行动的归因国家责任方面取代一般法的“有效控制”检验。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2017 9th International Conference on Cyber Conflict (CyCon)

自引率

0.00%

发文量