Hostname: page-component-669899f699-7tmb6 Total loading time: 0 Render date: 2025-04-25T17:13:10.370Z Has data issue: false hasContentIssue false

Data Warfare and Creating a Global Legal and Regulatory Landscape: Challenges and Solutions

Published online by Cambridge University Press:  04 October 2024

Varda Mone
Affiliation:
Assistant Professor, Centre of Excellence in Public Policy, Sustainability and ESG Research, Alliance School of Law, Alliance University, Bangalore, India. Email: [email protected].
Sadikov Maksudboy Abdulajonovich
Affiliation:
Senior Lecturer, Tashkent State University of Law, Uzbekistan. Email: [email protected].
Ammar Younas
Affiliation:
Institute of Philosophy, Chinese Academy of Science, Beijing, China, and School of Humanities, University of Chinese Academy of Sciences, Beijing, China. Email: [email protected].
Sailaja Petikam
Affiliation:
Professor in Law, Saveetha School of Law, Saveetha Institute of Medical and Technical Sciences (SIMATs), Chennai, Tamin Nadu, India. Email: [email protected].

Abstract

The world is witnessing an increase in cross-border data transfers and breaches orchestrated by State and non-State actors. Cross-border data transfers may lead to friction among States to localize or globalize data and to provide regulatory frameworks. “Data warfare” or information-war operations are often not covered under conventional rules; however, they are categorized as acts of espionage and subject to domestic regulations. As such, the operations are used to achieve a variety of objectives, including stealing sensitive information, spreading propaganda, and causing economic damage. Notable instances of the theft of sensitive information include the recent Bangladesh government website breach, exposing 50 million records, and the Unique Identification Authority of India (UIDAI) website hack.

Regulating the “data war” under the existing principles of international law may be unsuccessful in creating robust international legal frameworks to address the associated challenges. These developments further accentuate the global divide between data-rich regions in the Global North, with strong data protection mechanisms (such as the GDPR and the California Privacy Rights Act), and regions in the Global South, where there is a lack of comprehensive data protection laws and regulatory regimes. This disparity underscores the urgent need for global cooperation for substantial international regulatory mechanisms.

This article examines the complexities surrounding data warfare; it highlights the imperative need for establishing a robust global legal framework for data protection, delving into the concept of data war. It also acknowledges the growing influence of advanced technologies like data computing and mining and their ongoing threats to the fundamental rights of individuals associated with exposed personal data. The authors address the deficiencies in international legal provisions and advocate for a global regulatory approach to data protection as a critical means of safeguarding personal freedoms and countering the escalating threats in the digital age.

Type
Article
Copyright
Copyright © The Author(s), 2024. Published by International Association of Law Libraries

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

Article purchase

Temporarily unavailable

Footnotes

The editor thanks Sandy Hervieux, Head Librarian, Nahum Gelber Law Library, McGill University (Montreal), for her invaluable editorial assistance with this article.

References

1 Clark, Nigel and Albris, Kristin, “In the interest(s) of many: Governing data in crises,” Politics and Governance 8, no. 4 (2020): 421–31CrossRefGoogle Scholar, https://doi.org/10.17645/pag.v8i4.3110.

2 Authors’ own definition: “virtual terra nullis” can be defined as unoccupied digital spaces and environments with no established laws, controls, or ownership.

3 Arora, P., “General data protection regulation—A global standard? Privacy futures, digital activism, and surveillance cultures in the Global South,” Surveillance & Society 17, no. 5 (2019): 717–25CrossRefGoogle Scholar, https://doi.org/10.24908/ss.v17i5.13307.

4 Mumford, Densua, “Data colonialism: compelling and useful, but whither epistemes?,” Information, Communication & Society 25, no. 10 (2022): 1511–16CrossRefGoogle Scholar, https://doi.org/10.1080/1369118X.2021.1986103.

5 Paragi, Beata, “Digital4development? European data protection in the global South,” Third World Quarterly 42, no. 2 (2020): 254–73Google Scholar, https://doi.org/10.1080/01436597.2020.1811961.

6 Ibid., 254.

7 Bartlett, Jamie, The People Vs Tech: How the internet is killing democracy (and how we save it) (London: Random House, 2018), 203–05Google Scholar.

8 Rubinstein, Ira S., Lee, Ronald D., and Schwartz, Paul M., “Data mining and Internet profiling: Emerging regulatory and technological approaches,” University of Chicago Law Review 75 (2008): 261–85Google Scholar, https://papers.ssrn.com/sol3/papers.cfm?abstract_id=1116728#.

9 Chen, Yongxi and Cheung, Anne S. Y., “The transparent self under big data profiling: Privacy and Chinese legislation on the social credit system,” Journal of Comparative Law 12 (2017): 356–78Google Scholar, https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2992537.

10 D. Svantesson, “Data localisation trends and challenges: Considerations for the review of the Privacy Guidelines,” OECD Digital Economy Papers, no. 301 (Paris: OECD Publishing, 2020), https://doi.org/10.1787/7fbaed62-en.

11 Simon Hendery, “Cisco firewalls targeted in sophisticated nation-state espionage hack,” SC Media, Apr. 25, 2024, https://www.scmagazine.com/news/cisco-firewalls-targeted-in-sophisticated-nation-state-espionage-hack.

12 “FBI, CISA, and Partners Release Advisory Highlighting North Korean Cyber Espionage Activity,” Cybersecurity and Infrastructure Security Agency (CISA), July 25, 2024, https://www.cisa.gov/news-events/alerts/2024/07/25/fbi-cisa-and-partners-release-advisory-highlighting-north-korean-cyber-espionage-activity.

13 Mutua, Makau Wa, “Savages, Victims, and Saviors: the Metaphor of Human Rights,” Harvard International Law Journal 42, no. 1 (2001): 201–45Google Scholar, https://papers.ssrn.com/sol3/Papers.cfm?abstract_id=1525547.

14 Wang, Qifan, “Applicability of Jus in Bello in Cyber Space: Dilemmas and Challenges,” International Journal of Cyber Warfare and Terrorism 4, no. 3 (2014): 43–62CrossRefGoogle Scholar, https://doi.org/10.4018/ijcwt.201407010.

15 The wrongful act doctrine, also known as the law of State responsibility, is a principle in international law that holds countries accountable for actions that violate international legal obligations. It establishes when a State can be considered responsible for breaching international law and outlines the consequences of such breaches. This doctrine provides a framework for attributing responsibility to States for their internationally wrongful acts, which could include harmful data operations, and allows for legal recourse and potential reparations.

16 D. Wildi, “Applicability of the Jus in Bello to Cyber Operations Against Civilian Data: A Legal Grey Zone in the Protection of Data,” GSI Working Papers 2023/04, Geneva: Global Studies Institute (2023): 1–38, https://archive-ouverte.unige.ch/unige:172625.

17 D. Anastasiou and R. Schäler, “Translating vital information: Localisation, internationalisation, and globalisation,” Syn-thèses journal 3, no. 11 (2010): 11–25.

18 Jean-Marie Chenou and Juan Sebastián Rojas Fuerte, “The Difficult Path to the Insertion of the Global South in Internet Governance,” in Internet Governance in the Global South, ed. David Oppermann (São Paulo: International Relations Research Center, 2018), 42–73, https://tinyurl.com/tuvdzsh5.

19 Syed Ishtiaque Ahmed et al., “Privacy vulnerabilities in the practices of repairing broken digital artifacts in Bangladesh,” Information Technologies & International Development 13 (2017): 186–99, https://epublications.marquette.edu/mscs_fac/628.

20 A. K. Tyagi, G. Rekha, and N. Sreenath, “Is your privacy safe with Aadhaar?: An open discussion,” in Fifth International Conference on Parallel, Distributed and Grid Computing (PDGC) (IEEE, 2018), 318–23.

21 Caitlin Kenny, “The Equifax data breach and the resulting legal recourse,” Brooklyn Journal of Corporate, Financial and Commercial Law 13 (2018): 215–38, https://brooklynworks.brooklaw.edu/bjcfcl/vol13/iss1/10.

22 Martin C. Libicki, What is information warfare? (Washington, D.C.: Center for Advanced Concepts and Technology, Institute for National Strategic Studies, National Defense University, 1995), 97.

23 Rebecca Crootof, “International Cyber-torts: Expanding State Accountability in Cyberspace,” Cornell Law Review 103 (2017): 565–644, https://scholarship.law.cornell.edu/clr/vol103/iss3/2.

24 Susan Landau, Surveillance or Security?: The Risks Posed by New Wiretapping Technologies (Cambridge, MA: MIT Press, 2011).

25 Libicki, What is information warfare?, 97 (n 22).

26 Roxana Vatanparast, “Data governance and the elasticity of sovereignty,” Brooklyn Journal of International Law 46 (2020): 1–36, https://brooklynworks.brooklaw.edu/bjil/vol46/iss1/1.

27 Andrew Keane Woods, “Litigating data sovereignty,” Yale Law Journal 128, no. 2 (2018): 328–406, https://www.yalelawjournal.org/article/litigating-data-sovereignty.

28 Mona Shtaya,“Nowhere to hide: The impact of Israel's digital surveillance regime on the Palestinians,” Middle East Institute, Apr. 27, 2022, https://www.mei.edu/publications/nowhere-hide-impact-israels-digital-surveillance-regime-palestinians.

29 Daryna Antoniuk, “Pro-Palestinian operation claims dozens of data breaches against Israeli firms,” The Record, Dec. 29, 2023, https://therecord.media/cyber-toufan-data-breaches-israel-iran-palestinians.

30 Gabor Rona and Lauren Aarons, “State responsibility to respect, protect and fulfil human rights obligations in cyberspace,” Journal of National Security Law & Policy 8 (2015): 503–30, https://jnslp.com/wp-content/uploads/2017/10/State-Responsibility-to-Respect_2.pdf.

31 Roscini, Marco, “Worldwide Warfare- ‘Jus Ad Bellum’ and the Use of Cyber Force,” Max Planck Yearbook of United Nations Law 14 (2010): 85130CrossRefGoogle Scholar.

32 Jeanette Yau, “The wild, wild web: explaining variation in ASEAN member-state cyber policy” (PhD diss., University of British Columbia, 2022).

33 Margarita Cisneros, “Cyber-warfare: jus post bellum” (PhD diss., Naval Postgraduate School, Monterey California, 2015).

34 Libicki, What is information warfare? (n 22), 74.

35 Waxman, Matthew C., “Cyber Attacks as ‘Force’ Under UN Charter Article 2(4),” International Law Studies 87 (2011): 4357Google Scholar, https://digital-commons.usnwc.edu/cgi/viewcontent.cgi?article=1075&context=ils.

36 Charter of the United Nations, June 26, 1945, 1 U.N.T.S. XVI, art. 55.

37 Brunner, Michael Walker, “The Jus Ad Bellum in Cyberspace: A New Framework,” Penn State Journal of Law & International Affairs 11, no. 2 (2023): 54–95Google Scholar, https://elibrary.law.psu.edu/jlia/vol11/iss2/5.

38 Wildi, “Applicability of the Jus in Bello to Cyber Operations” (n 16), 3.

39 Dorothy E. Denning, Information warfare and security, vol. 4 (Boston: Addison-Wesley, 1999).

40 Abu Bhuiyan, “Global South and Supranational Internet Policymaking,” in Internet Governance and the Global South: Demand for a New Framework, ed. Abu Bhuiyan (London: Palgrave Macmillan, 2014), 1–19, https://doi.org/10.1057/9781137344342_1.

41 “Emerging cyber threats in 2023 from AI to quantum to data poisoning,” CSO Online, Sep. 7, 2023, https://www.csoonline.com/article/651125/emerging-cyber-threats-in-2023-from-ai-to-quantum-to-data-poisoning.html.

42 Karen E. C. Levy and David Merritt Johns, “When open data is a Trojan Horse: The weaponization of transparency in science and governance,” Big Data & Society 3, no. 1 (2016), https://doi.org/10.1177/2053951715621568.

43 US Cybersecurity and Infrastructure Security Agency, “AA22-110A: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure,” May 2, 2022, https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-110a.

44 Schmitt, Michael N., ed., Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations (Cambridge: Cambridge University Press, 2017)CrossRefGoogle Scholar.

45 Lubin, Asaf, “The rights to privacy and data protection under international humanitarian law and human rights law,” in Research Handbook on Human Rights and Humanitarian Law: Further Reflections and Perspectives, eds. Kolb, Robert, Gaggioli, Gloria, and Kilibarda, Pavle (Cheltenham, UK: Edward Elgar, 2022), 463–92Google Scholar, https://doi.org/10.4337/9781789900972.00035.

46 Take, Ingo, “Regulating the Internet infrastructure: A comparative appraisal of the legitimacy of ICANN, ITU, and the WSIS,” Regulation & Governance 6, no. 4 (2012): 499–523CrossRefGoogle Scholar, https://doi.org/10.1111/j.1748-5991.2012.01151.x.