Earlier this month, the government of the Netherlands hosted a Global Conference on Cyberspace, which was, apparently, fairly well received, as the Chair’s Statement suggests.
One important side event, for readers of this blog, was a conference of state legal advisers from over 35 States at a “Tallinn Manual 2.0 consultation meeting.” The authors who produced the Tallinn Manual on the International Law Applicable to Cyber Warfare have been hard at work at a second version that would greatly expand the coverage. In particular Tallinn 2.0 examines the international legal framework that applies to cyber operations that do NOT rise to the level of an armed attack. The relevant legal regimes include the law of State responsibility, the law of the sea, international telecommunications law, space law, diplomatic and consular law, and, with respect to individuals, human rights law. Tallinn 2.0 also explores how the general principles of international law, such as sovereignty, jurisdiction, due diligence and the prohibition of intervention, apply in the cyber context.
At the event the authors of Tallinn 2.0 presented draft materials from the new manual. Most of the participating States were non-NATO and non-Western, with representation from literally every continent. In addition to a number of NATO and European states (like Switzerland, Sweden, Finland), there was also representation from Mexico, Brazil, Chile, Argentina, Morocco, Jordan, Saudi Arabia, Israel, Georgia, Azerbeidjan, Russia, Pakistan, India, Sri Lanka, China, Japan, Thailand, Republic of Korea, the Philippines and Australia. A short news summary from one of the sponsors CCD COE can be found here.
As one Dutch official, Rutger van Marissing, put it to me: “This is a complex challenge, but it is relevant for an growing number of States and therefore requires broad and inclusive engagement. The Tallinn Manual can be a useful source of academic interpretation in this field and the Netherlands was pleased to be able to provide assistance to the CCD COE by using its diplomatic channels to send out invitations.”
I agree. Since all, or almost all of the conflict we see in cyberspace occurs at the sub-“armed attack” level, the first Tallinn Manual, though a magisterial work was of modest practical importance. If the Tallinn 2.0 process produces the beginning of global international law consensus on issues relating to more common and vexing intrusions (degradation, disruption and exfiltration of data, for example) it will go a long way to putting cyber conflict on a sound international law footing.
