No CrossRef data available.
We use cookies to distinguish you from other users and to provide you with a better experience on our websites. Close this message to accept cookies or find out how to manage your cookie settings.
We use cookies to distinguish you from other users and to provide you with a better experience on our websites. Close this message to accept cookies or find out how to manage your cookie settings.
Published online by Cambridge University Press: 04 October 2024
The world is witnessing an increase in cross-border data transfers and breaches orchestrated by State and non-State actors. Cross-border data transfers may lead to friction among States to localize or globalize data and to provide regulatory frameworks. “Data warfare” or information-war operations are often not covered under conventional rules; however, they are categorized as acts of espionage and subject to domestic regulations. As such, the operations are used to achieve a variety of objectives, including stealing sensitive information, spreading propaganda, and causing economic damage. Notable instances of the theft of sensitive information include the recent Bangladesh government website breach, exposing 50 million records, and the Unique Identification Authority of India (UIDAI) website hack.
Regulating the “data war” under the existing principles of international law may be unsuccessful in creating robust international legal frameworks to address the associated challenges. These developments further accentuate the global divide between data-rich regions in the Global North, with strong data protection mechanisms (such as the GDPR and the California Privacy Rights Act), and regions in the Global South, where there is a lack of comprehensive data protection laws and regulatory regimes. This disparity underscores the urgent need for global cooperation for substantial international regulatory mechanisms.
This article examines the complexities surrounding data warfare; it highlights the imperative need for establishing a robust global legal framework for data protection, delving into the concept of data war. It also acknowledges the growing influence of advanced technologies like data computing and mining and their ongoing threats to the fundamental rights of individuals associated with exposed personal data. The authors address the deficiencies in international legal provisions and advocate for a global regulatory approach to data protection as a critical means of safeguarding personal freedoms and countering the escalating threats in the digital age.
The editor thanks Sandy Hervieux, Head Librarian, Nahum Gelber Law Library, McGill University (Montreal), for her invaluable editorial assistance with this article.
1 Clark, Nigel and Albris, Kristin, “In the interest(s) of many: Governing data in crises,” Politics and Governance 8, no. 4 (2020): 421–31CrossRefGoogle Scholar, https://doi.org/10.17645/pag.v8i4.3110.
2 Authors’ own definition: “virtual terra nullis” can be defined as unoccupied digital spaces and environments with no established laws, controls, or ownership.
3 Arora, P., “General data protection regulation—A global standard? Privacy futures, digital activism, and surveillance cultures in the Global South,” Surveillance & Society 17, no. 5 (2019): 717–25CrossRefGoogle Scholar, https://doi.org/10.24908/ss.v17i5.13307.
4 Mumford, Densua, “Data colonialism: compelling and useful, but whither epistemes?,” Information, Communication & Society 25, no. 10 (2022): 1511–16CrossRefGoogle Scholar, https://doi.org/10.1080/1369118X.2021.1986103.
5 Paragi, Beata, “Digital4development? European data protection in the global South,” Third World Quarterly 42, no. 2 (2020): 254–73Google Scholar, https://doi.org/10.1080/01436597.2020.1811961.
6 Ibid., 254.
7 Bartlett, Jamie, The People Vs Tech: How the internet is killing democracy (and how we save it) (London: Random House, 2018), 203–05Google Scholar.
8 Rubinstein, Ira S., Lee, Ronald D., and Schwartz, Paul M., “Data mining and Internet profiling: Emerging regulatory and technological approaches,” University of Chicago Law Review 75 (2008): 261–85Google Scholar, https://papers.ssrn.com/sol3/papers.cfm?abstract_id=1116728#.
9 Chen, Yongxi and Cheung, Anne S. Y., “The transparent self under big data profiling: Privacy and Chinese legislation on the social credit system,” Journal of Comparative Law 12 (2017): 356–78Google Scholar, https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2992537.
10 D. Svantesson, “Data localisation trends and challenges: Considerations for the review of the Privacy Guidelines,” OECD Digital Economy Papers, no. 301 (Paris: OECD Publishing, 2020), https://doi.org/10.1787/7fbaed62-en.
11 Simon Hendery, “Cisco firewalls targeted in sophisticated nation-state espionage hack,” SC Media, Apr. 25, 2024, https://www.scmagazine.com/news/cisco-firewalls-targeted-in-sophisticated-nation-state-espionage-hack.
12 “FBI, CISA, and Partners Release Advisory Highlighting North Korean Cyber Espionage Activity,” Cybersecurity and Infrastructure Security Agency (CISA), July 25, 2024, https://www.cisa.gov/news-events/alerts/2024/07/25/fbi-cisa-and-partners-release-advisory-highlighting-north-korean-cyber-espionage-activity.
13 Mutua, Makau Wa, “Savages, Victims, and Saviors: the Metaphor of Human Rights,” Harvard International Law Journal 42, no. 1 (2001): 201–45Google Scholar, https://papers.ssrn.com/sol3/Papers.cfm?abstract_id=1525547.
14 Wang, Qifan, “Applicability of Jus in Bello in Cyber Space: Dilemmas and Challenges,” International Journal of Cyber Warfare and Terrorism 4, no. 3 (2014): 43–62CrossRefGoogle Scholar, https://doi.org/10.4018/ijcwt.201407010.
15 The wrongful act doctrine, also known as the law of State responsibility, is a principle in international law that holds countries accountable for actions that violate international legal obligations. It establishes when a State can be considered responsible for breaching international law and outlines the consequences of such breaches. This doctrine provides a framework for attributing responsibility to States for their internationally wrongful acts, which could include harmful data operations, and allows for legal recourse and potential reparations.
16 D. Wildi, “Applicability of the Jus in Bello to Cyber Operations Against Civilian Data: A Legal Grey Zone in the Protection of Data,” GSI Working Papers 2023/04, Geneva: Global Studies Institute (2023): 1–38, https://archive-ouverte.unige.ch/unige:172625.
17 D. Anastasiou and R. Schäler, “Translating vital information: Localisation, internationalisation, and globalisation,” Syn-thèses journal 3, no. 11 (2010): 11–25.
18 Jean-Marie Chenou and Juan Sebastián Rojas Fuerte, “The Difficult Path to the Insertion of the Global South in Internet Governance,” in Internet Governance in the Global South, ed. David Oppermann (São Paulo: International Relations Research Center, 2018), 42–73, https://tinyurl.com/tuvdzsh5.
19 Syed Ishtiaque Ahmed et al., “Privacy vulnerabilities in the practices of repairing broken digital artifacts in Bangladesh,” Information Technologies & International Development 13 (2017): 186–99, https://epublications.marquette.edu/mscs_fac/628.
20 A. K. Tyagi, G. Rekha, and N. Sreenath, “Is your privacy safe with Aadhaar?: An open discussion,” in Fifth International Conference on Parallel, Distributed and Grid Computing (PDGC) (IEEE, 2018), 318–23.
21 Caitlin Kenny, “The Equifax data breach and the resulting legal recourse,” Brooklyn Journal of Corporate, Financial and Commercial Law 13 (2018): 215–38, https://brooklynworks.brooklaw.edu/bjcfcl/vol13/iss1/10.
22 Martin C. Libicki, What is information warfare? (Washington, D.C.: Center for Advanced Concepts and Technology, Institute for National Strategic Studies, National Defense University, 1995), 97.
23 Rebecca Crootof, “International Cyber-torts: Expanding State Accountability in Cyberspace,” Cornell Law Review 103 (2017): 565–644, https://scholarship.law.cornell.edu/clr/vol103/iss3/2.
24 Susan Landau, Surveillance or Security?: The Risks Posed by New Wiretapping Technologies (Cambridge, MA: MIT Press, 2011).
25 Libicki, What is information warfare?, 97 (n 22).
26 Roxana Vatanparast, “Data governance and the elasticity of sovereignty,” Brooklyn Journal of International Law 46 (2020): 1–36, https://brooklynworks.brooklaw.edu/bjil/vol46/iss1/1.
27 Andrew Keane Woods, “Litigating data sovereignty,” Yale Law Journal 128, no. 2 (2018): 328–406, https://www.yalelawjournal.org/article/litigating-data-sovereignty.
28 Mona Shtaya,“Nowhere to hide: The impact of Israel's digital surveillance regime on the Palestinians,” Middle East Institute, Apr. 27, 2022, https://www.mei.edu/publications/nowhere-hide-impact-israels-digital-surveillance-regime-palestinians.
29 Daryna Antoniuk, “Pro-Palestinian operation claims dozens of data breaches against Israeli firms,” The Record, Dec. 29, 2023, https://therecord.media/cyber-toufan-data-breaches-israel-iran-palestinians.
30 Gabor Rona and Lauren Aarons, “State responsibility to respect, protect and fulfil human rights obligations in cyberspace,” Journal of National Security Law & Policy 8 (2015): 503–30, https://jnslp.com/wp-content/uploads/2017/10/State-Responsibility-to-Respect_2.pdf.
31 Roscini, Marco, “Worldwide Warfare- ‘Jus Ad Bellum’ and the Use of Cyber Force,” Max Planck Yearbook of United Nations Law 14 (2010): 85–130CrossRefGoogle Scholar.
32 Jeanette Yau, “The wild, wild web: explaining variation in ASEAN member-state cyber policy” (PhD diss., University of British Columbia, 2022).
33 Margarita Cisneros, “Cyber-warfare: jus post bellum” (PhD diss., Naval Postgraduate School, Monterey California, 2015).
34 Libicki, What is information warfare? (n 22), 74.
35 Waxman, Matthew C., “Cyber Attacks as ‘Force’ Under UN Charter Article 2(4),” International Law Studies 87 (2011): 43–57Google Scholar, https://digital-commons.usnwc.edu/cgi/viewcontent.cgi?article=1075&context=ils.
36 Charter of the United Nations, June 26, 1945, 1 U.N.T.S. XVI, art. 55.
37 Brunner, Michael Walker, “The Jus Ad Bellum in Cyberspace: A New Framework,” Penn State Journal of Law & International Affairs 11, no. 2 (2023): 54–95Google Scholar, https://elibrary.law.psu.edu/jlia/vol11/iss2/5.
38 Wildi, “Applicability of the Jus in Bello to Cyber Operations” (n 16), 3.
39 Dorothy E. Denning, Information warfare and security, vol. 4 (Boston: Addison-Wesley, 1999).
40 Abu Bhuiyan, “Global South and Supranational Internet Policymaking,” in Internet Governance and the Global South: Demand for a New Framework, ed. Abu Bhuiyan (London: Palgrave Macmillan, 2014), 1–19, https://doi.org/10.1057/9781137344342_1.
41 “Emerging cyber threats in 2023 from AI to quantum to data poisoning,” CSO Online, Sep. 7, 2023, https://www.csoonline.com/article/651125/emerging-cyber-threats-in-2023-from-ai-to-quantum-to-data-poisoning.html.
42 Karen E. C. Levy and David Merritt Johns, “When open data is a Trojan Horse: The weaponization of transparency in science and governance,” Big Data & Society 3, no. 1 (2016), https://doi.org/10.1177/2053951715621568.
43 US Cybersecurity and Infrastructure Security Agency, “AA22-110A: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure,” May 2, 2022, https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-110a.
44 Schmitt, Michael N., ed., Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations (Cambridge: Cambridge University Press, 2017)CrossRefGoogle Scholar.
45 Lubin, Asaf, “The rights to privacy and data protection under international humanitarian law and human rights law,” in Research Handbook on Human Rights and Humanitarian Law: Further Reflections and Perspectives, eds. Kolb, Robert, Gaggioli, Gloria, and Kilibarda, Pavle (Cheltenham, UK: Edward Elgar, 2022), 463–92Google Scholar, https://doi.org/10.4337/9781789900972.00035.
46 Take, Ingo, “Regulating the Internet infrastructure: A comparative appraisal of the legitimacy of ICANN, ITU, and the WSIS,” Regulation & Governance 6, no. 4 (2012): 499–523CrossRefGoogle Scholar, https://doi.org/10.1111/j.1748-5991.2012.01151.x.