International Law and Private Actor Active Cyber Defensive Measures

13 Pages Posted: 28 May 2013

See all articles by Paul Rosenzweig

Paul Rosenzweig

George Washington University School of Law

Date Written: May 27, 2013

Abstract

American legal theorists and policy analysts are increasingly considering whether it would be appropriate to authorize private sector actors to take active measures in their own cyber self-defense, a concept known colloquially as "hack back." But none, to date, have given any consideration to how authorized American hack back might implicate international law. This short article seeks to fill that gap with some preliminary thoughts regarding the application of non-American law to American private sector hack back. The fundamental conclusions are two-fold: 1) To the extent any customary international law exists at all it is likely to discourage private sector self-help outside the framework of state-sponsored action; and 2) Almost certainly, hack back by an American private sector actor will violate the domestic law of the country where a non-US computer or server is located. In light of these twin conclusions, American companies considering offensive cyber operations would do well to proceed with caution.

Suggested Citation

Rosenzweig, Paul, International Law and Private Actor Active Cyber Defensive Measures (May 27, 2013). Stanford Journal of International Law, Vol. 47, Forthcoming, Available at SSRN: https://ssrn.com/abstract=2270673 or http://dx.doi.org/10.2139/ssrn.2270673

Paul Rosenzweig (Contact Author)

George Washington University School of Law ( email )

2000 H Street, N.W.
Washington, DC 20052
United States

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
898
Abstract Views
4,463
Rank
48,602
PlumX Metrics