Election hacking, the rule of sovereignty, and deductive reasoning in customary international law

Abstract

AbstractThis article considers the international laws applicable to irresponsible state behaviour in cyberspace through the lens of the problem of election hacking. The rule of sovereignty has taken centre stage in these discussions and is said to be preferred to the non-intervention rule because it evades the problem of coercion. Proponents of the cyber rule of sovereignty contend that there is such a rule; opponents reject the existence of the rule as a matter of existing law. The objective here is to explore the methodologies involved in the identification of the cyber rule of sovereignty under customary international law. The work first frames the debate in the language of regulative and constitutive rules, allowing us to show that a regulative rule of sovereignty can, logically, and necessarily, be deduced from the constitutive rule of sovereignty. The content of the regulative rule can also be deduced from the constitutive rule of sovereignty, but it has a more limited scope than claimed by the proponents of the rule, notably the Tallinn Manual 2.0. The rule of sovereignty prohibits state cyber operations carried out on the territory of the target state and remote cyber operations which involve the exercise of sovereign authority on that territory, e.g., police evidence-gathering operations. The rule of sovereignty does not, however, prohibit other remote, ex situ state cyber operations, even those targeting ICTs used for governmental functions, including the conduct of elections. The rule of sovereignty is not, then, the solution to the problem of election hacking.