Edited by Nicholas Tsagourias and Russell Buchan
Reviewed by Samuli Haataja (Griffith University)
This book is an edited collection concerned with the international legal dimensions of cyberspace and various cyber activities. Its focus is mainly on public international law and its application to state activities both in and through cyberspace. As such, the book is an addition to the growing body of academic literature in this field. With twenty-two chapters organised into five parts, the book brings together contributions from mainly international legal scholars on a broad range of legal issues raised by technology in this context. Part I considers cyberspace and general principles of international law and it comprises of chapters on the legal status of cyberspace, jurisdiction, state responsibility, intellectual property rights, human rights, and criminal responsibility. Part II focuses on international law and cyber threats and is made up of chapters on cyber terrorism, cyber espionage, and cybercrime. Part III discusses cyber attacks within the jus ad bellum. In addition to chapters on the use of force and self-defence, it also contains a chapter on deterrence. Part IV examines cyber warfare and the jus in bello and in addition to multiple chapters that consider the application of various principles of international humanitarian law, it also includes a chapter examining the ethical challenges of cyberwarfare. Finally, Part V addresses both regional and international institutional approaches to the regulation of cyber security. The end result is an accessible collection of chapters engaging with various intersections of international law and technology mainly through a focus on international security and conflict.
As the editors note in the Preface, the book was driven by concerns ‘about the applicability of international rules to cyberspace and to various cyber activities and the realisation that the range of issues and problems involved pose various challenges to international law’ (at xiii). In essence, the book is therefore about legal problems created by technology, and how (though sometimes also whether) the law can be used to solve these problems. This driving concern largely pervades the approach taken in most of the book’s chapters. Generally the chapters involve a description of a particular area of law (for example, state responsibility, intellectual property, the use of force, neutrality and so on), a discussion of the specific problems that arise in the cyber context, and concluding remarks or a brief discussion on how the law should apply in this context or whether there is need for new law. This is true particularly in relation to most of the contributions in Parts I–IV. In contrast, the contributions in Part V are largely descriptive of the various approaches taken by regional and international institutions (including the UN, EU, NATO, ASEAN and APEC) to regulate cyber security. Arguably the more thought-provoking contributions in this book, some of which will be discussed below, are those that strike a balance between succinctly discussing the relevant area of law and the issues raised in the cyber context (that is, fulfilling the objective of the book), while also engaging with the social, political, historical, or theoretical contexts of these issues. Nonetheless, given that the book is intended as a ‘research handbook’ and was driven by the aforementioned concern, the predominant approach is understandable. As such, the book is likely to be especially useful for post-graduate students and academic researchers seeking a good overview of the legal issues raised by cyberspace and cyber activities. The chapters largely function independently of each other and can therefore be read individually. A useful overview of each chapter and its central argument is included in the Introduction authored by Michael Schmitt, and each chapter also comes with a host of references to key authors and literature in the field.
As can be expected of an edited collection with several different contributors, there are aspects of the book that slightly detract from its overall coherence. One of the book’s shortcomings arises from the overlapping coverage of some topics and inconsistencies in terminology. For example, there are numerous chapters defining terms such as ‘cyberspace’ and ‘cyber attack’, and at times slightly different ‘cyber’ terminology is used across different chapters which may cause confusion for those less familiar with these terms. Similarly some topics are considered in multiple chapters. For instance, while Chapter 11 by Marco Roscini is dedicated to the examination of cyber attacks and the law on the use of force, the question of whether or when a cyber operation amounts to such is also discussed in numerous other chapters. Jurisdiction is another topic examined across multiple chapters, however this repetition is less noticeable given the different contexts in which it is examined. Another issue arises from the scope of the book. While a book with a subject matter as broad as ‘international law and cyberspace’ needs to somehow limit its scope, the range of the included topics could be more diverse. The inclusion of chapters on intellectual property rights and human rights indicates a more inclusive range of topics than those traditionally dominating scholarship in this area – namely the jus ad bellum and jus in bello. However, ultimately most chapters are centred on these very topics or issues otherwise related to international peace and security. Therefore areas of law such as international economic law and international environmental law are not substantially explored.
For those areas of the law that the book does explore however, most chapters provide an excellent and accessible overview of the pertinent legal issues raised in the cyber context. As mentioned, particularly thought-provoking are those contributions that also engage with the wider context of these legal issues, instead of simply outlining the law and considering its application to cyberspace or the cyber activity in question.
One of these contributions comes from Chapter 1 by Nicholas Tsagourias. The central focus of this chapter is on the status of cyberspace in international law. Tsagourias examines, for example, how the principle of sovereignty applies to cyberspace and whether states can assert their jurisdiction over both the physical and virtual parts of cyberspace. He also discusses whether cyberspace itself can be considered a sovereign entity, and the potential to identify cyberspace as a global commons like the high seas or outer space. He concludes that existing legal categories and principles apply to cyberspace and therefore that ‘a non liquet has been avoided’ (at 28). Tsagourias however also reflects on the role of law in shaping how cyberspace is conceptualised. For example, he highlights how the legal representation of spaces influences international lawyers’ conception of cyberspace and therefore how the law can have both a normative and performative function. He argues that the law ‘constructs the ontology and function of cyberspace by embedding in the legal norms that apply to cyberspace authoritative choices about the nature and use of cyberspace whilst at the same time it moulds such choices through its own principles and standards’ (at 14). Therefore while he ultimately advances the position that existing legal principles are sufficient to extend to cyberspace and activities therein, the chapter is not limited to a purely legal analysis in its approach. Instead, Tsagourias embeds the discussion of the legal status of cyberspace into a more nuanced account of the role of law and its spatial dimension in influencing how cyberspace is conceptualised and treated in legal analysis.
Chapter 5 on human rights and cyberspace by David Fidler is another interesting chapter. In this chapter Fidler considers the historical and political context of the legal issues raised by the Internet for human rights, through an examination of the relationship between human rights and cyberspace. The chapter provides an account of the relevant international human rights law, including discussion of key legal instruments, European Court of Human Rights jurisprudence, and issues raised by the Internet in relation to privacy, freedom of expression, and the digital divide. It also examines the human rights issues beyond this legal regime, touching for example on human rights and the politics of Internet governance, and privacy and security concerns in the wake of Edward Snowden’s revelations about the United States’ mass surveillance program. Fidler however engages with these issues through an examination of the evolving relationship between human rights and technology. He notes, for instance, the uniquely universal qualities of both human rights and cyberspace which challenge key principles of international law such as sovereignty and non-intervention. He maintains that behind these challenges lies the convergence of a ‘conceptual universalism in human rights thinking, and a technical universalism made possible by Internet technologies’ (at 98). Therefore he argues that when human rights and cyberspace come together, the pressure they place on inherently Westphalian legal principles increases as cyberspace takes on political significance and human rights obtain a ‘technological imperative’ (at 98–99). This, according to Fidler, manifests for example in the debate on whether Internet access in itself is a human right, or simply a technological means for the protection and promotion of human rights (at 109–110). Therefore while this chapter explores the legal issues raised by cyberspace for human rights law, it contextualises this discussion into the broader (and complex) relationship between human rights and technology. It also highlights the importance of international political conditions that continue to shape the dynamics of this relationship.
Chapter 9 on international law and cybercrime by Philipp Kastner and Frédéric Mégret, while mostly providing a standard account of the legal issues raised by cybercrime (outlining for example the substantive law and jurisdictional issues in this context), also explores the relationship between law and technology in this context. For instance, the authors consider whether the law itself is the only or most effective way to address the problem of cybercrime. They highlight not only the ways in which technology has created new avenues for crime and made new forms of crime possible, but also how technology has empowered individuals to combat and prevent cybercrime. For example, the authors note the importance and ability of individual users in taking proper precautions to eliminate opportunities for cybercrime, and the various technical measures – from antivirus software to firewalls – that can be utilised to combat the problem. However they also note the limitations of purely technical responses that only deal with the effects of the problem, and emphasise the importance of the law’s social role in deterring criminal behaviour and therefore addressing the underlying problem itself (at 205). Accordingly, instead of merely offering more law as the ‘solution’ to the problem of cybercrime, Kastner and Mégret draw attention to the wider social and technological context in which these problems arise and which need to be considered in order to address them. As such, this chapter not only examines the legal issues raised by cybercrime, but it encourages the reader to think about the relationship between law and technology in this context and to question the limits of purely legal solutions to cybercrime.
Overall the book is therefore successful in achieving its central goal of examining the applicability of international law to cyberspace and various cyber activities. This achievement however must be seen within the book’s parameters as ‘research handbook’ that is focused mainly on the application of the law in this particular context. Hence the book is perhaps not recommended to those seeking a deeper engagement with the legal issues it covers, or to those who are after critical perspectives on these issues. Nonetheless, the book provides an accessible entry point into this growing body of academic literature and insights into many of the key legal issues raised by cyberspace and cyber activities. To this end in particular, the book constitutes a valuable addition to the literature in this field.
 Michael Schmitt has published extensively on international law and cyberwarfare, and is the leading author behind the NATO Cooperative Cyber Defence Centre of Excellence’s (CCDCOE) study on international law and cyber warfare: see Michael N. Schmitt (ed.), Tallinn Manual on the International Law Applicable to Cyber Warfare (Cambridge: Cambridge University Press, 2013).
 For example in Chapter 6 (by Kai Ambos), ‘cyber attacks’ and ‘computer network attacks’ are said to refer to the same thing (at 119), whereas in Chapter 12 (by Carlo Focarelli) a ‘cyber network attack’ is described as a type of ‘cyber attack’ (at 264) (emphasis added).
 Chapters 8, 12 and 13 (respectively by Russell Buchan, Carlo Focarelli and Eric Myjer) all discuss when a cyber attack amounts to a use of armed force (at 186–188, 265–267 and 299-302 respectively). Similarly, Chapters 8 and 13 consider this for the purposes of determining the existence of an armed conflict (at 122–125 and 328–332 respectively).
 Chapter 2 (by Uta Kohl) is dedicated to jurisdiction in cyberspace, Chapter 1 discusses jurisdiction generally (at 19–20), Chapter 4 (by Andreas Rahmatian) in turn considers jurisdiction in relation to intellectual property law (at 78–82), and Chapter 6 (by Kai Ambos) discusses jurisdiction in relation to cybercrime (at 200–203).
 In Chapter 8 on cyber espionage, Russell Buchan highlights the issue of economic espionage involving non-state actors but the scope of the chapter is limited to cyber espionage by state actors (at 173–174). Also, in Chapter 9, Carlo Focarelli only briefly discusses the rule against transboundary harm in the context of the law on self-defence (at 279).