The legal and ethical aspects of cyber operations

by | May 25, 2025 | Law

 

 

Introduction

The “Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations” (1) is one of the most comprehensive studies on the applicability of international law to cyberspace conflict, and thus cyber operations. In this study, multiple legal experts derived 154 rules from existing law. Several opinions on these rules were divided, so interpretation of the rules remains open for discussion.

 

Examine two of these rules, consider the ethical and legal aspects of these rules, and offer your perspective on each.

 

The specific course learning outcome associated with this assignment is:

 

Review the legal and ethical aspects of cyber operations.

This course requires the use of Strayer Writing Standards (SWS). The library is your home for SWS assistance, including citations and formatting. Please refer to the Library site for all supports. Check with your professor for any additional instructions.

 

Write a 3- to 5-page paper in which you evaluate Rules 4 and 9.

 

Rule 4

Rule 4 states that, according to international law, a state must not conduct cyberspace operations that violate the sovereignty of another state. A large part of cyber operations includes performing the collection of detailed intelligence on another state. This reconnaissance and access is often done “without causing physical damage or loss in functionality” at the targeted state. (1)

 

Describe the laws and rules that govern sovereignty, citing specific, credible sources that support your assertions and conclusions.

Explain why a state would want to collect intelligence, why it might be required ethically, and whether cyber operations that collect detailed intelligence on another state violate its sovereignty.

Provide a thorough, researched rationale for your perspective.

Rule 9

Rule 9 states that a state may exercise territorial jurisdiction over cyberspace infrastructure and persons engaged in cyberspace activities within its territory; cyberspace activities originating in, or completed within, its territory; or cyberspace activities having a substantial effect within its territory. A large part of cyber operations includes transmitting data – usually encrypted – which, because of network routing, may transit through the territorial cyberspace architecture of another state. (1)

 

Describe the laws and rules that govern territorial jurisdiction, citing specific, credible sources.

Explain whether cyber operations that collect detailed intelligence on another state may exercise jurisdiction over data that traverses its territory, citing specific, credible sources that support your assertions and conclusions.

Sample solution

Dante Alighieri played a critical role in the literature world through his poem Divine Comedy that was written in the 14th century. The poem contains Inferno, Purgatorio, and Paradiso. The Inferno is a description of the nine circles of torment that are found on the earth. It depicts the realms of the people that have gone against the spiritual values and who, instead, have chosen bestial appetite, violence, or fraud and malice. The nine circles of hell are limbo, lust, gluttony, greed and wrath. Others are heresy, violence, fraud, and treachery. The purpose of this paper is to examine the Dante’s Inferno in the perspective of its portrayal of God’s image and the justification of hell. 

In this epic poem, God is portrayed as a super being guilty of multiple weaknesses including being egotistic, unjust, and hypocritical. Dante, in this poem, depicts God as being more human than divine by challenging God’s omnipotence. Additionally, the manner in which Dante describes Hell is in full contradiction to the morals of God as written in the Bible. When god arranges Hell to flatter Himself, He commits egotism, a sin that is common among human beings (Cheney, 2016). The weakness is depicted in Limbo and on the Gate of Hell where, for instance, God sends those who do not worship Him to Hell. This implies that failure to worship Him is a sin.


This question has been answered

God is also depicted as lacking justice in His actions thus removing the godly image. The injustice is portrayed by the manner in which the sodomites and opportunists are treated. The opportunists are subjected to banner chasing in their lives after death followed by being stung by insects and maggots. They are known to having done neither good nor bad during their lifetimes and, therefore, justice could have demanded that they be granted a neutral punishment having lived a neutral life. The sodomites are also punished unfairly by God when Brunetto Lattini is condemned to hell despite being a good leader (Babor, T. F., McGovern, T., & Robaina, K. (2017). While he commited sodomy, God chooses to ignore all the other good deeds that Brunetto did.

Finally, God is also portrayed as being hypocritical in His actions, a sin that further diminishes His godliness and makes Him more human. A case in point is when God condemns the sin of egotism and goes ahead to commit it repeatedly. Proverbs 29:23 states that “arrogance will bring your downfall, but if you are humble, you will be respected.” When Slattery condemns Dante’s human state as being weak, doubtful, and limited, he is proving God’s hypocrisy because He is also human (Verdicchio, 2015). The actions of God in Hell as portrayed by Dante are inconsistent with the Biblical literature. Both Dante and God are prone to making mistakes, something common among human beings thus making God more human.

To wrap it up, Dante portrays God is more human since He commits the same sins that humans commit: egotism, hypocrisy, and injustice. Hell is justified as being a destination for victims of the mistakes committed by God. The Hell is presented as being a totally different place as compared to what is written about it in the Bible. As a result, reading through the text gives an image of God who is prone to the very mistakes common to humans thus ripping Him off His lofty status of divine and, instead, making Him a mere human. Whether or not Dante did it intentionally is subject to debate but one thing is clear in the poem: the misconstrued notion of God is revealed to future generations.

 

References

Babor, T. F., McGovern, T., & Robaina, K. (2017). Dante’s inferno: Seven deadly sins in scientific publishing and how to avoid them. Addiction Science: A Guide for the Perplexed, 267.

Cheney, L. D. G. (2016). Illustrations for Dante’s Inferno: A Comparative Study of Sandro Botticelli, Giovanni Stradano, and Federico Zuccaro. Cultural and Religious Studies4(8), 487.

Verdicchio, M. (2015). Irony and Desire in Dante’s” Inferno” 27. Italica, 285-297.

The increasing reliance on cyberspace for essential services, communication, and national security has brought the traditional frameworks of international law into a new and complex domain. The “Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations” stands as a foundational effort to interpret and apply existing international law to this novel environment. Derived by a group of eminent legal experts, its 154 rules offer crucial guidance, yet their application often sparks debate due to the unique characteristics of cyberspace. This paper will critically examine two specific rules, Rule 4 concerning state sovereignty in cyberspace and Rule 9 on territorial jurisdiction, analyzing their ethical and legal dimensions and offering a perspective on their implications.

The increasing reliance on cyberspace for essential services, communication, and national security has brought the traditional frameworks of international law into a new and complex domain. The “Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations” stands as a foundational effort to interpret and apply existing international law to this novel environment. Derived by a group of eminent legal experts, its 154 rules offer crucial guidance, yet their application often sparks debate due to the unique characteristics of cyberspace. This paper will critically examine two specific rules, Rule 4 concerning state sovereignty in cyberspace and Rule 9 on territorial jurisdiction, analyzing their ethical and legal dimensions and offering a perspective on their implications.

Rule 4: State Sovereignty in Cyberspace

Rule 4 asserts that, under international law, a state must not conduct cyberspace operations that violate the sovereignty of another state. This rule immediately grapples with the challenge of defining “violation of sovereignty” in a realm where actions may not always result in physical damage or loss of functionality, particularly in the context of intelligence collection.

Laws and Rules Governing Sovereignty:

Sovereignty is a cornerstone principle of international law, signifying a state’s supreme authority within its territory and its independence from external control. Its legal foundations are deeply entrenched in customary international law and enshrined in key international instruments.

The Montevideo Convention on the Rights and Duties of States (1933), though a regional treaty, is widely recognized as reflecting customary international law regarding statehood and, by extension, sovereignty. Article 1 outlines the four criteria for statehood: a permanent population, a defined territory, a government, and the capacity to enter into relations with other states. The implication of having a “government” within a “defined territory” inherently points to the state’s exclusive authority over that territory.

The United Nations Charter (1945) further solidifies the principle of sovereign equality. Article 2(1) states, “The Organization is based on the principle of the sovereign equality of all its Members.” This implies that all states possess equal rights and duties and are equal members of the international community, irrespective of differences. Furthermore, Article 2(4) prohibits the threat or use of force against the territorial integrity or political independence of any state, a direct corollary of sovereignty. While not explicitly mentioning cyber operations, these foundational principles underscore the inviolability of a state’s internal affairs and territorial control.

The International Court of Justice (ICJ), in numerous cases, has affirmed the principle of sovereignty. A seminal case is Nicaragua v. United States (1986), where the ICJ found the U.S. in violation of customary international law prohibiting intervention in the internal affairs of other states. The court emphasized that states have a right to choose their own political, economic, social, and cultural systems, free from external interference. While this case predates widespread cyber operations, its emphasis on non-intervention directly applies to activities that undermine a state’s control over its critical infrastructure or governance, even if no physical damage occurs.

In the context of cyberspace, the challenge lies in applying these established principles to intangible actions. The core idea remains that a state has exclusive authority over its digital infrastructure and data within its borders, and external manipulation or intrusion without consent constitutes a violation of this authority.

Why a State Would Collect Intelligence, Ethical Requirements, and Sovereignty Violation by Cyber Operations:

States collect intelligence for a myriad of reasons, primarily to safeguard their national security, advance their foreign policy objectives, and gain strategic advantages. Intelligence gathering allows states to anticipate threats (e.g., terrorist attacks, military aggression), understand the capabilities and intentions of adversaries, monitor economic trends, and protect critical infrastructure.

Ethically, intelligence collection can be argued as required under certain circumstances, particularly when it serves the principle of state responsibility to protect its citizens. If a state knows of an imminent threat (e.g., a planned cyberattack on its critical infrastructure originating from another state), collecting intelligence to prevent that attack could be seen as an ethical imperative to ensure the safety and well-being of its population. This aligns with the concept of preventative self-defense, albeit in a non-kinetic realm. However, this ethical justification must be balanced against the ethical obligation to respect the sovereignty of other states and avoid actions that could escalate tensions or harm innocent parties.

The question of whether cyber operations that collect detailed intelligence on another state violate its sovereignty is highly contentious, and my perspective aligns with the view that such operations generally do violate sovereignty, even without physical damage or loss of functionality.

My rationale is based on the evolving understanding of sovereignty in the digital age:

Firstly, control over infrastructure is a manifestation of sovereignty. A state’s sovereignty extends to its cyberspace infrastructure (networks, servers, data within its borders). Unauthorized access to, or manipulation of, this infrastructure, even for passive intelligence collection, represents an intrusion into a state’s exclusive domain. It demonstrates a lack of respect for the target state’s control over its own digital territory, akin to unauthorized physical trespass into a government building, even if nothing is stolen or damaged. The act of “reconnaissance and access” itself, without the host state’s consent, is a violation of its right to exclude others from its digital domain.

Secondly, the purpose and potential of intelligence collection often inherently infringe on sovereign prerogatives. While the immediate effect might not be physical damage, detailed intelligence collection can undermine a state’s security, economic stability, or political independence. For example, collecting intelligence on a state’s critical infrastructure vulnerabilities, even without exploiting them, grants the collecting state a strategic advantage that can be leveraged later for coercive purposes or even destructive attacks. Knowing a state’s internal decision-making processes or confidential economic data can be used to influence its policies, which directly impinges on its sovereign right to self-determination. The potential for harm, coupled with the unauthorized intrusion, is the key.

Thirdly, the “no physical damage” threshold is insufficient to define sovereignty violation in cyberspace. Traditional notions of sovereignty largely focused on physical harm or explicit coercive intervention. However, cyberspace operations defy this narrow definition. The very act of surreptitious entry into a state’s government or critical networks, even for passive data exfiltration, represents an assertion of unauthorized authority over the target state’s digital assets. This is a denial of the target state’s right to control who accesses its information systems, a core component of its digital sovereignty. The international community is increasingly recognizing that non-destructive intrusions can still be coercive or destabilizing, thus violating sovereignty. The UN Group of Governmental Experts (GGE) reports and the Open-Ended Working Group (OEWG) discussions have consistently affirmed that existing international law, including sovereignty, applies to cyberspace, implying that unauthorized intrusions are generally problematic.

Therefore, while the ethical need for intelligence collection for self-preservation is acknowledged, such operations must be conducted within the bounds of international law. Unilateral, unauthorized cyber intelligence operations against another state’s infrastructure, even if non-destructive, constitute a violation of its sovereignty. Exceptions might be argued in cases of explicit consent or universally recognized principles like humanitarian intervention, which are highly debated and generally not applicable to routine intelligence gathering.

Rule 9: Territorial Jurisdiction in Cyberspace

Rule 9 states that a state may exercise territorial jurisdiction over cyberspace infrastructure and persons engaged in cyberspace activities within its territory; cyberspace activities originating in, or completed within, its territory; or cyberspace activities having a substantial effect within its territory. The challenge here is the transnational nature of data transmission, particularly encrypted data that might traverse multiple states’ cyber infrastructure due to network routing.

Laws and Rules Governing Territorial Jurisdiction:

Territorial jurisdiction is a fundamental principle of international law, asserting that a state has primary authority to prescribe and enforce laws within its physical borders. This principle stems directly from a state’s sovereignty over its territory.

The Lotus Case (France v. Turkey, 1927) before the Permanent Court of International Justice (PCIJ) is a foundational case for understanding territorial jurisdiction. While the case dealt with criminal jurisdiction on the high seas, it affirmed the principle that a state “may not exercise its power in any form in the territory of another State.” It also established the “objective territorial principle,” allowing a state to exercise jurisdiction over acts that commence outside its territory but are completed or have effects within its territory. This principle is crucial for understanding cyber jurisdiction.

The Restatement (Third) of Foreign Relations Law of the United States (1987) further elaborates on bases for jurisdiction, including:

  • Territoriality: A state has jurisdiction to prescribe law with respect to conduct that occurs, or has an effect, within its territory. This includes both subjective territoriality (conduct initiating within the territory) and objective territoriality (conduct concluding or having effects within the territory).
  • Nationality: A state has jurisdiction over its nationals, even when they are abroad.
  • Protective Principle: A state has jurisdiction over certain conduct outside its territory by non-nationals that threatens its national security or governmental functions.
  • Universal Jurisdiction: For certain heinous international crimes (e.g., piracy, genocide), any state may exercise jurisdiction.

This question has been answered.

Get Answer