Fears of an impending “cyberwar” have changed cyberspace. Responsibility for Internet security is increasingly being delegated to military authorities, intelligence services are playing a bigger role, and the extent to which international law of war is applicable to the cybersphere is a question that is being discussed.
Contrary to what political rhetoric about “cyberattacks” and “cyberwarfare” might suggest, the majority of malicious acts in cyberspace are not considered to be “attacks” under international law of war. Mostly they are cybercrime, and subject to the general legal norms of civilian criminal jurisdiction.
Dinah PoKempner warns against playing the “national security” card in connection with cyberoffenses to trump human rights. Not every conceivable threat to the interests of a state or its current government has repercussions on national security. Even where national security is plainly under threat, all measures used to restrict rights must be subject to public, legal and judicial review. Any lack of democratic oversight creates the danger of serious violations of human rights and civil liberties.
PoKempner calls for a clear separation of the military and civilian elements of cyberpolicy at national level. In peacetime, there needs to be a democratically controlled legal framework to regulate state intervention. International action is required to implement restrictions on the supply of dangerous surveillance systems and hence achieve digital arms control. It should also be an international goal in cyberspace to distinguish civilian and military infrastructure more clearly. Civilian infrastructure should be identifiable as such to prevent it becoming a legitimate target of attack in the event of an armed conflict.