The Petya ransomware cyberattack hit computers of Russian and Ukrainian companies on 27 June 2017. Photo by Donat Sorokin/TASS/Getty.
3. The Application of the Non-intervention Principle in Cyberspace
77. The non-intervention principle is the corollary of every state’s right to sovereignty, territorial integrity and political independence.131 It derives from and safeguards the general principle of sovereignty. The members of the UN GGE accepted that the prohibition on non-intervention applies in principle to states’ cyber operations in another state below the threshold of use of force. This chapter analyses the principle and considers how it applies to states’ cyber operations.
The members of the UN GGE accepted that the prohibition on non-intervention applies in principle to states’ cyber operations in another state below the threshold of use of force.
78. The 1970 Declaration on Principles of International Law concerning Friendly Relations and Cooperation among States in accordance with the Charter of the UN (Friendly Relations Declaration) provides that:
No State or group of States has the right to intervene, directly or indirectly, for any reason whatever, in the internal or external affairs of another State. Consequently, armed intervention and all other forms of interference or attempted threats against the personality of the State or against its political, economic and cultural elements, are in violation of international law.132
79. The prohibition on intervention is an inter-state doctrine, and does not apply to intervention by or in relation to the activities of non-state groups unless the activities of the non-state groups can be attributed to a state under the rules of attribution in international law.133 The principle is set out in many international law sources,134 and is grounded in Article 2(7) of the Charter, which prohibits the UN from intervening in ‘matters which are essentially within the jurisdiction of any state’. The ICJ said in Nicaragua that the non-intervention principle is ‘part and parcel of customary international law’, notwithstanding the fact that ‘examples of trespass against this principle are not infrequent’.135
80. Despite being codified in various international agreements and documents, the prohibition on non-intervention has been described by scholars as vague and ‘elusive’.136 It applies both to interventions by force and non-forcible interventions, but its content is not clearly defined outside the context of use of force.
81. Nevertheless, the ICJ in Nicaragua provided some useful guidance. The ICJ held that the non-intervention principle (outside the context of use of force) applies to one state’s actions in relation to another state where two elements are present:
- coercion by one state of another state;
- in relation to ‘matters in which each State is permitted, by the principle of State sovereignty, to decide freely. One of these is the choice of a political, economic, social and cultural system, and the formulation of foreign policy’.137
82. The ICJ’s dicta on the non-intervention prohibition in Nicaragua should not be read prescriptively since the ICJ was clear that, ‘the Court will only define those aspects of the principle which appear to be relevant to the resolution of the dispute’.138 Since the dispute in question primarily concerned forcible intervention, the court did not opine in any detail on how intervention and coercion might be defined outside the use of force context. Outside the area of use of force, ‘it is often unclear what is, and what is not, prohibited under customary international law. Much depends on context, and even on the state of relations between the states concerned’.139
83. The terms ‘interference’ and ‘intervention’ are sometimes used interchangeably; for example, China’s Five Principles of Peaceful Co-Existence include ‘mutual respect for sovereignty and territorial integrity’ and ‘non-interference in each other’s internal affairs’.140 This paper uses the term ‘intervention’ in the sense of coercive intervention in the internal or external affairs of another state.141 The two elements of the non-intervention principle are analyzed below.
I. Coercion
84. Under the non-intervention principle, the coercion must take place in relation to ‘matters of an inherently sovereign nature’, i.e. those over which the state has exclusive authority, including a state’s political, economic, social and cultural systems. The non-intervention principle, insofar as it concerns non-forcible interventions, thus relates to the element of sovereignty under which states are entitled to exercise their state powers independently and free from interference from other states.142 It follows that the main difference between violation of the non-intervention prohibition and other breaches of sovereignty is the element of coercion. This accords with the judgment of the ICJ in Nicaragua, in which the court noted that:
Intervention is wrongful when it uses methods of coercion in regard to such choices, which must remain free ones… the element of coercion… defines, and indeed forms the very essence of, prohibited intervention.143
85. Coercion regulates the line between minor interference and unfriendly acts on the one hand, and intervention sufficient to breach the prohibition on non-intervention on the other.144 The line between the two is not always easy to identify, particularly because there is no generally accepted definition of ‘coercion’ in international law.145 Nevertheless it is possible to identify certain features of what is meant by ‘coercion’ from the international law sources.
Coercion involves the application of pressure
86. The requirement of coercion involves an element of pressure or compulsion on the part of the coercing state. Without this requirement for a degree of pressure, the line between coercion and mere attempts to influence would become blurred. The degree of pressure that is required to deprive the target state of control of its state functions will vary in each case according to the facts, and cannot be quantified.146 But clearly a certain amount of pressure is required, and Jamnejad and Wood note that ‘if the pressure is such that it could be reasonably resisted, the sovereign will of the target state has not been subordinated’.147 As a result, ‘Only acts of a certain magnitude are likely to qualify as coercive’.148
87. An example of concern that attempts merely to influence should not be regarded as coercion can be seen in the statement made by the UK on adoption of the Friendly Relations Declaration in the UN General Assembly:
In considering the scope of ‘Intervention’, it should be recognized that in an interdependent world, it is inevitable and desirable that States will be concerned with and will seek to influence the actions and policies of other States, and that the objective of international law is not to prevent such activity but rather to ensure that it is compatible with the sovereign equality of States and self-determination of their peoples.149
88. Coercion is sometimes associated with dictatorial behaviour by one state in relation to another: ‘do x or else’. Oppenheim for example states that, ‘… to constitute intervention the interference must be forcible or dictatorial, or otherwise coercive, in effect depriving the state intervened against of control over the matter in question’.150 Outside the international law context, coercion is often characterized as a threat that is used in order to change the conscious behaviour of the target.151 The power of the threat is predicated on the fact that the target knows that it is being coerced, and will suffer consequences if it does not respond as the coercer wishes, rather like blackmail. But the international law sources discussed above suggest that coercion in the international law context is framed rather differently, in the sense of the application of pressure by one state to influence an outcome in, or conduct with respect to, a matter reserved to the sovereign state. This characterization of coercion is derived from the overarching principle of sovereignty in international law, and the notion of an unauthorized exercise of authority in relation to the target state’s exercise of independent and exclusive powers on its territory. Analogies with coercion outside the international law context therefore need to be treated with care.
In practice, the means and techniques used by a state to coerce another state in relation to the exercise of the latter’s state powers can be various and nuanced.
89. In practice, the means and techniques used by a state to coerce another state in relation to the exercise of the latter’s state powers can be various and nuanced. Damrosch argues that, ‘The traditional formulation of intervention as “dictatorial interference” resulting in the “subordination of the will” of one sovereign to another is … unsatisfactory, because some subtle techniques of political influence may be as effective as cruder forms of domination’.152 Oppenheim, when referring to intervention as interference that is forcible or dictatorial, adds ‘or otherwise coercive’, implying that the nature of coercion can in fact take a range of forms.153
Coercion is directed at securing a benefit for the perpetrating state
90. The Friendly Relations Declaration provides that ‘No State may use or encourage the use of economic, political or any other type of measures to coerce another State in order to obtain from it the subordination of the exercise of its sovereign rights and to secure from it advantages of any kind’.154 This suggests that the pressure must be directed towards affecting the behaviour of the target state in some way to the benefit of the perpetrating state. There are different formulations of what the coercive behaviour is designed to achieve. Is it the application of pressure:
- simply to usurp or undermine the target state’s ability to exercise its exclusive state functions independently?
- or must it, in attempting to deprive the target state of its free will over its sovereign functions, seek to compel an outcome in, or conduct with respect to, the target state’s exercise of those functions?
- or must it specifically try to force the target state into a change of government policy in some respect?
91. The international law sources on the non-intervention principle do not specifically refer to a requirement for the intervention to be directed towards a change of policy or government. The Friendly Relations Declaration refers to the ‘securing of advantages’;155 Oppenheim refers to ‘…interference in the affairs of another State for the purpose of maintaining or altering the actual condition of things’,156 including the right of a state to ‘adopt any Constitution it likes, arrange its administration in a way it thinks fit, and make use of legislature as it pleases’.157 The ICJ in Nicaragua stated that intervention is wrongful ‘when it uses methods of coercion in regard to such choices… which must remain free ones’.
92. The language in each of the above sources suggests that the coercive behaviour could extend beyond forcing a change of policy to other aims, such as preventing the target state from implementing a policy or restraining its ability to exercise its state powers in some way. At the same time, as noted above, the attempt to deprive the target state of its free will over its sovereign powers is carried out for the benefit of the perpetrating state in some way: the unauthorized exercise of authority is not incidental. The benefit sought need not relate to a specific policy issue; it may suffice for the target state’s control over the underlying policy area to be impaired in a way that adversely affects the target state.158 In light of this, the coercive behaviour is perhaps best described as pressure applied by one state to deprive the target state of its free will in relation to the exercise of its sovereign rights in an attempt to compel an outcome in, or conduct with respect to, a matter reserved to the target state.
93. The Nicaragua case suggests that coercive behaviour can be direct as well as indirect.159 The ICJ determined that US funding of the contras constituted intervention, notwithstanding that a series of intervening events were required after the US transfer of funds took place and before coercion of the Sandinista regime of Nicaragua occurred. The court adopted a more nuanced approach to understanding both coercive behaviour and intervention than simply direct, dictatorial behaviour.
Coercion in the cyber context
94. Some scholars writing in the cyber context have understood coercion in the sense of dictatorial action by a state to force a change of policy and on the basis of this ‘narrow coercion standard’ have concluded that the threshold for the non-intervention principle is a high one160 that needs reformulating in the cyber context.161 Others have argued that the non-intervention threshold is seldom reached, and advocate that as a result greater reliance should be placed on the sovereignty principle.162
95. But there seems no reason why a flexible approach to coercion should not apply in the cyber context, as in the non-cyber context. Several scholars writing in the cyber context have supported the idea of coercion as meaning coercive behaviour aimed at seeking an advantage of some kind by depriving the target state of its free will over the exercise of its sovereign powers. Watts, for example, argues that ‘actions merely restricting a state’s choice with respect to a course of action or compelling a course of action may be sufficient to amount to violations of the principle of non-intervention’.163 Gill defines intervention as ‘[A]ction aimed at coercing a State to do or abstain from doing something it is entitled to do under international law’.164
96. The examples of non-intervention in the Tallinn Manual 2.0 involve forcing a particular policy decision on the target state, for example ‘the use by one State of non-cyber coercive means to compel another State to adopt particular domestic legislation related to Internet server liability’, or using such means to compel another state ‘to refrain from becoming Party to a multilateral treaty dealing with cyber disarmament or human rights online’.165 But the Tallinn Manual 2.0’s definition of coercion in fact supports a broader understanding of coercion, which could include restraining a state from exercising its state functions more broadly, as well as forcing it to act in a particular way: ‘an affirmative act designed to deprive another State of its freedom of choice, that is, to force that State to act in an involuntary manner or involuntarily refrain from acting in a particular way’.166 The majority of the international experts involved in the Tallinn Manual 2.0 were also of the view that ‘the coercive effort must be designed to influence outcomes in, or conduct with respect to, a matter reserved to a target state’.167
Coercive behaviour is perhaps best described as pressure applied by one state to deprive the target state of its free will in relation to the exercise of its sovereign rights in an attempt to compel an outcome in, or conduct with respect to, a matter reserved to the target state.
97. The Australian government’s position on the application of the non-intervention principle in the cyber context reflects this more nuanced understanding of coercive behaviour, defining a prohibited intervention as:
…one that interferes by coercive means (in the sense that they effectively deprive another state of the ability to control, decide upon or govern matters of an inherently sovereign nature), either directly or indirectly, in matters that a state is permitted by the principle of state sovereignty to decide freely. Such matters include a state’s economic, political and social systems, and foreign policy.168
98. Coercive behaviour may thus be understood as pressure applied by one state to deprive the target state of its free will in relation to the exercise of its sovereign rights in an attempt to compel an outcome in, or conduct with respect to, a matter reserved to the target state. This could have quite significant implications when applied in the cyber context. It would capture the use by a state of covert cyber operations with the aim of disrupting or undermining the exercise of another government’s sovereign functions. The very inability of the target state to exercise control over its sovereign functions, with the harmful effects that are likely to ensue within the target state as a result, is the outcome that the perpetrating state is seeking to compel. There are many examples where states have used cyber operations in this way, for example attacks on another state’s critical infrastructure in order to punish or retaliate against that state.
Intent, motive or purpose
99. The formula for coercion suggested above reflects the fact that states will usually have a reason for applying pressure to another state in relation to the exercise of its sovereign functions. But it does not go so far as to require a specific intent, motive or purpose on the part of the coercing state in seeking to compel an outcome or conduct in the target state. In the Nicaragua case, the ICJ noted evidence that the US intended to overthrow the government of Nicaragua and intended to inflict economic damage. But the court declined to make findings with respect to the intentions or motives of the US, observing that:
in international law, if one State, with a view to the coercion of another State, supports and assists armed bands in that State whose purpose is to overthrow the government of that State, that amounts to an intervention by the one State in the internal affairs of the other, whether or not the political objective of the State giving such support and assistance is equally far-reaching.169
100. The court’s ruling suggests that the motive of the intervening state is of little relevance. It is the fact of coercive behaviour with respect to the victim state’s free will over its sovereign functions that establishes a prohibited intervention.170 The coercive behaviour on the part of the perpetrating state will, by its nature, be intentional, and thus the description of coercion discussed above necessarily involves an intention to compel an outcome or conduct.171
Must the coercive behaviour succeed?
101. A violation of sovereignty usually involves actual usurpation of a state’s sovereign powers by another state without consent.172 But under the non-intervention principle, it is the fact of the coercive behaviour itself, in relation to another state’s sovereign powers, that matters. This suggests that if the hostile state carries out coercive cyber operations against another state but does not succeed, it would still be caught by the non-intervention principle, just as an act involving a use of force that misses its target would still constitute a use of force. Potential as well as actual effects are therefore relevant when assessing the coercion element. Otherwise, a state that was targeted but, being well prepared, was not affected, could not claim a violation of international law, whereas a state that had not invested in such protections could.173
102. Since actual harmful effects are not a prerequisite for the non-intervention principle to be engaged, the element of coercion is better understood as the fact of ‘coercive behaviour’ by a state in relation to another state’s sovereign functions, which does not presuppose the success of the behaviour, rather than ‘coercion’. Some argue that coercion is essentially about the conduct on the part of the perpetrating state rather than the effects that such behaviour produces.174 Others, in assessing whether the non-intervention principle has been breached, place greater weight on the effects (actual or potential) of the behaviour on the target state’s inherently sovereign functions.175 In a sense, both conduct and effects are relevant: it is the fact of the coercive behaviour that is important, but (based on the definition at para 92 above) there is a close causal link between the coercive behaviour and its actual or potential effects on the target state’s free will to exercise control over its sovereign functions. To the extent that harmful effects do ensue, they may also provide evidence of the coercive behaviour, and will be relevant in assessing the proportionality of any response by the target state under international law. It is also worth noting that although potential rather than actual effects may suffice, it will be harder to evidence intervention where it is not possible to show practical effects on the ability of the target state to carry out its sovereign functions.
103. In the cyber context, the coercive behaviour of the perpetrating state is usually covert. The question arises as to whether the target state needs to know that it is being coerced in order for the coercion element to be established. If it is the fact of the coercive behaviour by the perpetrating state that establishes coercion, and if the coercion does not have to succeed in order to be unlawful, then it is not necessary for the target to know about it. The coercive behaviour is in itself enough.176
II. ‘Matters in which a state is permitted to decide freely’
104. For the non-intervention principle to be breached, there must be a causal nexus between the coercive behaviour on the one hand and the deprivation, or attempted deprivation, of the victim state’s authority in relation to the exercise of its state functions on the other. This connection is reflected in the ICJ’s dicta in Nicaragua that:
A prohibited intervention must … be one bearing on matters in which each State is permitted, by the principle of State sovereignty, to decide freely. One of these is the choice of a political, economic, social and cultural system, and the formulation of foreign policy. Intervention is wrongful when it uses methods of coercion in regard to such choices, which must remain free ones.177
105. The Tallinn Manual 2.0 and some scholars writing in the cyber context have equated the concept of a state’s inherently sovereign functions, for the purposes of the non-intervention principle, with what is known as domaine réservé,178 i.e. a state’s internal affairs, or a sphere of activity that is ‘not, in principle, regulated by international law’.179 The Tallinn Manual 2.0 states that ‘usurpation of an inherently government function’ (discussed in the context of violation of sovereignty) differs from intervention in that the former deals with inherently governmental functions, whereas the latter (intervention) involves the domaine réservé, ‘concepts that overlap to a degree but that are not identical’.180 It has been argued that the scope of a state’s domaine réservé is increasingly limited because there are hardly any topics or policy areas today that are inherently removed from the international sphere.181 This has contributed to a perception by some that the non-intervention principle has a relatively narrow application.
106. Even if international law has some bearing on the policy area in which a state exercises its state functions, the state may still retain ultimate authority over the area in question. Thus, international regulation of a subject does not remove it entirely from the domaine réservé; states retain independent authority to make choices among various lawful courses of action on a subject regulated by international law. For example, while international human rights law has had an impact on how states must interpret their policies on asylum, this does not mean that the conduct of these activities does not – to some extent – fall within the state’s sovereign powers. Even when a state is found to be in breach of its human rights obligations, for example, it retains the prerogative of implementing that adverse decision – the prerogative of responsibility – and thus the initiative in the matter.182
107. In any event, since the non-intervention principle derives from and is a reflection of the principle of sovereignty, the better view is that there are not two different standards of matters reserved to a state.183 The notion of domaine réservé is not particularly helpful in the non-intervention context. It concerns a state’s domestic jurisdiction, which, as noted above, is to be distinguished from a state’s inherently sovereign functions.184 It also does not include a state’s external affairs, which, as the ICJ made clear in Nicaragua, form part of the scope of the non-intervention principle.185 A better understanding of a state’s sovereign functions for the purposes of the non-intervention principle can be derived from the Nicaragua case and the Friendly Relations Declaration, in which state functions are characterized as including a state’s choice of political, economic, social and cultural system, as well as the formulation of foreign policy.186 The scope of a state’s inherently sovereign functions is thus quite broad, extending to the making of state policies in these areas through its organs and agencies of a legislative, executive and judicial kind.
108. While the scope of a state’s sovereign powers may be quite broad, state-sponsored cyber operations with effects on individuals or companies will not (without more) engage the non-intervention principle; it is only if the attack in question has an effect on the state’s exclusive exercise of its independent sovereign functions. This approach corresponds with the public statements issued by states to date in relation to unauthorized state cyber activity in another state’s territory. States have so far only invoked a violation of international law where there are practical effects on the ability of the victim state to exercise its inherently sovereign powers. A GRU campaign of indiscriminate and reckless cyberattacks above disrupted (among other targets) transport systems in Ukraine and was described by the UK as being ‘in flagrant violation of international law’.187 Likewise, in relation to the NotPetya attack, attributed by multiple states to Russia in February 2018,188 the UK said that it ‘showed a … disregard for Ukrainian sovereignty’ in targeting the Ukrainian government, financial and energy sectors.189 By contrast, the UK and US did not mention violation of international law in relation to the spear phishing190 campaign aimed at private universities, private companies and NGOs, which they attributed to Iran in March 2018.191 In relation to the WannaCry ransomware attack attributed to North Korean actors in December 2017, the UK, US and Australia stated this to be a ‘criminal use of cyber space’ rather than a violation of international law.192
States have so far only invoked a violation of international law where there are practical effects on the ability of the victim state to exercise its inherently sovereign powers.
109. These recent statements suggest a developing distinction between activities that affect a state’s ability to run its core state ‘systems’ generally (e.g. parliament; financial sector; energy; transport) and those activities that target individuals or private companies. This distinction is also reflected in the EU’s recent issue of restrictive measures against cyberattacks threatening the EU or its member states. In describing which cyberattacks fall within the scope of the measures, the EU refers to ‘financial market infrastructure’; ‘digital infrastructure’; ‘critical infrastructure’ and ‘any other sector’, as well as ‘critical State functions’,193 all of which suggest that the measures are directed at cyber operations that affect whole sectors, as opposed to cyberattacks on private individuals and private companies.
Proving intervention
110. In order to determine whether the non-intervention principle has been breached, the target state will need to assess whether it has been the victim of an attempt by another state to deprive it of its free will in relation to the exercise of its sovereign rights with a view to compelling an outcome in, or conduct with respect to, an inherently sovereign matter. In doing so, the target state will need to consider whether there is evidence of the application of pressure by the hostile state.
111. As with violation of sovereignty, the particular features of cyberspace make it challenging to make these assessments as the activity is usually covert, with the perpetrator hiding their identity, and conducted remotely from outside the territory. The evidence of who is carrying out the attack (non-state actor or state agent; and if the former, whether the non-state actor is acting on behalf of a state), for what purpose, and the relationship if any between the perpetrating state’s activity and the affected state’s government’s functions may not at first be evident. It will require careful investigation and, if the activity is conducted outside the target state, may require cooperation with international partners. In assessing whether a state is applying pressure in order to compel an outcome or conduct, the circumstances, including the political context, the history and relationship between the target state and alleged perpetrating state, and the wider circumstances are all likely to be relevant.
112. Certain other factors may also assist in identifying whether coercive behaviour is present, including the intensity of the attack and nature of the state interests affected by the cyber intrusion. The scale and severity of the effects of the cyber intrusion may also be relevant, including the reach in terms of the number of actors involuntarily affected by the cyber operation at issue.194 If the cyber intrusion concerns the disabling of critical state infrastructure for example, it may be more likely to be coercive because such an attack would necessarily have a practical effect on the free will of the target state to exercise its sovereign functions exclusively and effectively over that infrastructure. Given the link between coercion and sovereign powers, arguably the more ‘inherently sovereign’ the area under attack, the easier it will be to establish intervention overall.
113. While the non-intervention principle is well established in international law, and clearly applicable to cyber activities as it is to other state activities, there does not appear to be complete agreement, as we have seen, on the criteria for its application. Case studies, which are increasingly prevalent now that states are becoming more vocal about state-sponsored cyber intrusions, are useful in discussing the application of the principle.195 The next chapter considers specific scenarios in order to explore how the law discussed in chapters 2 and 3 can be applied to state-sponsored cyber intrusions in practice.
131 Oppenheim (1996), Oppenheim’s International Law, Vol. 1: Peace, p. 428.
132 Friendly Relations Declaration, UN General Assembly, 1970.
133 See, in particular, Part One, Chapter II of the ILC’s Articles on State Responsibility.
134 The principle is included in the constituent instruments of regional organizations, as well as in other multilateral and bilateral treaties. It is reflected in the Charter of the Organization of American States (Article 3); the Charter of Organization of African Unity (Article III(2); and the Charter of ASEAN (Article 2(2)(e) and (f)), among others. It has also been reflected in numerous declarations adopted by international organizations and conferences including resolutions of the General Assembly from the mid-1960s to 1980s, during which there was disagreement between states over the scope of the principle. The Final Act of the Conference on Security and Co-operation in Europe (the Helsinki Final Act, 1 August 1975) includes a detailed statement of the principle (Principle VI). The non-intervention principle has been frequently promoted in documents by non-Western states, including the Bandung Principles (agreed between 29 countries from Asia and Africa in 1955 at the Bandung Conference), and China’s Five Principles of Peaceful Co-Existence.
135 Certain Activities Carried Out By Nicaragua In The Border Area (Costa Rica V. Nicaragua), para 202.
136 Lowe, V. (2007), International Law, Oxford University Press, p. 104.
137 Nicaragua, para 205.
138 Ibid.
139 Jamnejad and Wood (2009), ‘The Principle of Non-intervention’, p. 367.
140 Some commentators have also noted that the debates on the non-intervention principle that led up to the approval of the Helsinki Final Act suggest that Russia considered non-intervention to be interchangeable with ‘non-interference’. The word used in the Russian-language version of the Final Act – ‘невмешательство’ – conveys a broader meaning, encompassing both non-intervention and non-interference. By contrast, Western states considered that non-intervention was prohibited but activity below that threshold – mere ‘interference’ was not. The Helsinki Act represented a compromise between these different concepts of intervention. See Raynova, D. (2017), ‘Towards a Common Understanding of the Non-Intervention Principle’, European Leadership Network, Post Workshop Report, https://www.europeanleadershipnetwork.org/wp-content/uploads/2017/10/170929-ELN-Workshop-Report-Non-Intervention.pdf (accessed 24 Oct. 2019).
141 This reflects the definition of intervention in Oppenheim’s International Law (Vol. 1: Peace): ‘the interference must be forcible or dictatorial, or otherwise coercive, in effect depriving the state intervened against of control over the matter in question. Interference pure and simple is not intervention’, p. 432.
142 The Friendly Relations Declaration provides that, ‘No State may use or encourage the use of economic, political or any other type of measures to coerce another State in order to obtain from it the subordination of the exercise of its sovereign rights’ (emphasis added).
143 Nicaragua, para 205 (emphasis added).
144 Jamnejad and Wood note that the requirement of coercion ‘removes minor international friction’ and ‘is a crucial limit in the principle of non-intervention. Without it, any act which had an effect on another state could fall within the prohibition’; Jamnejad and Wood (2009), ‘The Principle of Non-intervention’, p. 381. Higgins argues that, ‘The purpose of the international law doctrine of intervention is… to provide an acceptable balance between the sovereign equality and independence of states on the one hand and the reality of an interdependent world and the international law commitment to human dignity on the other’; Higgins (2009), ‘Intervention and International Law’, p. 273.
145 For a survey of coercion as it arises in different contexts in international law, and the problems of defining it, see Tzanakopoulos, A. (2015), ‘The Right to be Free from Economic Coercion’, Cambridge Journal of International and Comparative Law, 4(3): pp. 618–623.
146 Some commentators have suggested that the pressure needs to be extensive. Ziolkowski for example states that ‘scholars assert that illegal coercion implies “massive influence”’ but this will depend on the circumstances in each case, Ziolkowski, K. (2013), ‘General Principles of International Law as Applicable in Cyberspace’, in Ziolkowski, K. (ed) (2013), Peacetime Regime for State Activities in Cyberspace: International Law, International Relations and Diplomacy, Tallinn, Estonia: NATO CCD COE Publication, p. 165.
147 Jamnejad and Wood (2009), ‘The Principle of Non-intervention’, p. 348. Dickinson argues that coercion is present if it ‘cannot be terminated at the pleasure of the state that is subject to the intervention’: Dickinson, E. D. (1920), The Equality of States in International Law, Harvard University Press, p. 260.
148 Jamnejad and Wood (2009), ‘The Principle of Non-intervention’, p. 348.
149 Statement of Sir Ian Sinclair on behalf of the UK government (1966), Official Records of the General Assembly, 25th session, UN Doc A/AC.125/SR.114, Supplement No. 18 (A/8018), 155.
150 Oppenheim (1996), Oppenheim’s International Law, Vol. 1. p. 432. See also Jamnejad and Wood, who argue that ‘only those that are intended to force a policy change in the target state will contravene the principle’, Jamnejad and Wood (2009), ‘The Principle of Non-intervention’, p. 348.
151 See, for example, Wertheimer, A. (1987), Coercion, Princeton University Press, who advocates that coercion should be understood as a situation in which the coercer’s proposal creates a choice situation for the target, such that the target has ‘no reasonable alternative but to do X’; p. 172; and Nozick argues that coercion involves a threat by one actor to another that if the target does not do a certain action, then negative consequences will follow, Nozick, R. (1969),‘Coercion’, in Morgenbesser, W. (ed)(1969), Philosophy, Science and Method: Essays in Honor of Ernest Nagel, St Martin’s Press, pp. 440–472.
152 Damrosch, L. F. (1989), ‘Politics Across Borders: Non-intervention and Non-forcible Influence over Domestic Affairs’, The American Journal of International Law, 83(1): p. 5.
153 Tsagourias argues that there are multiple ways in which ‘coercion’ can be exerted for the purposes of the non-intervention principle, Tsagourias, N. (forthcoming 2020), ‘Cyber intervention and international law’ in Broeders, D. and Van den Berg, B. (2020), Governing Cyberspace: Behaviour, Power and Diplomacy, Rowman & Littlefield, p. 10.
154 Friendly Relations Declaration.
155 Ibid., p. 5. This formula is reiterated in similar form in a number of UN General Assembly resolutions and in the Charter of the Organization of American States (Article 20).
156 Oppenheim, L. (1920–21), Oppenheim’s International Law, Vol. 1: Peace, 3rd edn, Roxburgh, R. F. (ed.), London: Longmans, p. 221; Buchan (2018), Cyber Espionage and International Law, similarly argues that coercion ‘subordinates the will of the state in order for the entity exercising coercion to realise certain objectives’ (emphasis added), p. 63.
157 Ibid., p. 207.
158 Kunig argues that intervention ‘aims to impose certain conduct of consequence on a sovereign state’, Kunig, P. (2008), ‘Intervention, Prohibition of’, Max Planck Encyclopedia of Public International Law, p. 5.
159 Nicaragua, para 205.
160 Kilovaty, I. (2019), ‘The Elephant in the Room: Coercion’, AJIL Unbound, 113: pp. 89–90. Ziolkowski argues that, ‘coercion occurs only in drastic cases of overwhelming (direct or indirect) force being put upon a State’s free and sovereign decision-making process’, Ziolkowski, K. (2013), ‘General Principles of International Law as Applicable in Cyberspace’.
161 Ibid., p. 87; Kilovaty argues that cyber operations are distinct in their effects from their physical counterparts and require a more nuanced definition of non-intervention that departs from the ‘narrow coercion standard’, Kilovaty, I. (2018), ‘Doxfare: Politically motivated leaks and the future of the norm of non-intervention in the era of weaponized information’, Harvard National Security Journal, 9: p. 168 ff.
162 Schmitt and Vihul argue that ‘the prohibition on intervention and the use of force… contain thresholds that are seldom reached. Thus the vast majority of hostile cyber operations attributable to states implicate only the prohibition of violation of sovereignty’: Schmitt and Vihul (2017), ‘Sovereignty in Cyberspace: Lex Lata Vel Non?’, p. 214.
163 Watts, S. (2015), ‘Low-Intensity Cyber Operations and the Principle of Non-Intervention,’ in Ohlin, J. D., Govern, K. and Finkelstein, C. (2015), Cyber War: Law and Ethics for Virtual Conflicts, Oxford University Press, p. 256, emphasis added.
164 Gill, T. (2013), ‘Non-Intervention in the Cyber Context’ in Ziolkowski, K. (ed) (2013), Peacetime Regime for State Activities in Cyberspace: International Law, International Relations and Diplomacy, Tallinn, Estonia: NATO CCD COE Publication, p. 222.
165 Para 2 of commentary to Rule 66 of the Tallinn Manual 2.0.
166 Ibid., para 18 of commentary to Rule 66 (emphasis added). The examples given of coercion in the Tallinn Manual 2.0 are based on forcing a change in policy (e.g. the use by one state of a distributed denial of service operation to coerce a government into reversing a decision about the official language after a referendum) – para 9 of commentary to Rule 66. But a minority of the international group of experts involved in the Tallinn Manual 2.0 considered that the coercion requirement is satisfied when ‘an act has the effect of depriving the State of control over the matter in question’, para 19 of commentary to Rule 66.
167 The Tallinn Manual 2.0 states that ‘coercion must be distinguished from persuasion, criticism, public diplomacy, propaganda… retribution, mere maliciousness, and the like in the sense that, unlike coercion, such activities merely involve either influencing (as distinct from factually compelling) the voluntary actions of the target State; para 21 of the commentary to Rule 66.
168 2019 International Law Supplement to Australia’s International Cyber Engagement Strategy, p. 2, emphasis added.
169 Nicaragua, para 241.
170 Watts (2015), ‘Low-Intensity Cyber Operations and the Principle of Non-Intervention’, p. 268. See also the Armed Activities (DRC v Uganda) case, in which the ICJ held that Ugandan training and military support for rebels operating in the territory of the DRC constituted a violation of the principle of non-intervention but made no determination on Uganda’s motive for supporting the rebels, Judgment, ICJ Reports 2005, p. 168, para 163.
171 Intent, motive and purpose do not generally play a part in the international rules on state responsibility, although it will depend on the content of the primary obligation in question. See para 3 of the Commentary to Article 2 of the ILC’s Articles on State Responsibility, and para 10: ‘In the absence of any specific requirement of a mental element in terms of the primary obligation, it is only the act of the State that matters, independently of any intention’.
172 The international group of experts involved in the Tallinn Manual 2.0 considered that in order for there to be a violation of sovereignty, consequences must manifest (para 24 of the commentary to Rule 4).
173 The international group of experts involved in the Tallinn Manual 2.0 considered that the fact that a coercive cyber operation fails to produce the desired outcome has no bearing on whether the non-intervention principle has been breached (para 29 of the commentary to Rule 66).
174 The international group of experts involved in the Tallinn Manual 2.0 appear to take this view; ibid.
175 See, for example, Watts (2015), ‘Low-intensity cyber operations and the principle of non-intervention’, p. 256.
176 The majority of the international group of experts involved in the Tallinn Manual 2.0 considered that knowledge of coercion was not required on the part of the target state: para 25 of the commentary to Rule 66.
177 Nicaragua, para 205.
178 Tallinn Manual 2.0, para 22 of the commentary to Rule 4. See also Schmitt (2017), ‘Grey Zones in the International Law of Cyberspace’, p. 7; Watts (2015), ‘Low intensity cyber operations’, pp. 263–5.
179 Nationality Decrees Issued in Tunis and Morocco (French Zone) on November 8th, 1921 (Great Britain v France) Advisory Opinion, (1923) PCIJ Series B no 4, 7th February 1923, in which the PCIJ held that the scope of domaine réservé depends on the state of international relations, and whether or not a certain matter is or is not solely within the jurisdiction of a state is essentially a relative question (para 24).
180 Tallinn Manual 2.0, para 22 of commentary to Rule 4. No further explanation is given.
181 Ziegler, K. S. (2013), ‘Domaine Réservé’, Max Planck Encyclopedia of Public International Law, Section C: ‘The Reduction of the Domaine Réservé’.
182 Crawford, J. (2012), ‘Sovereignty as a legal value’, in Crawford, J. and Koskenniemi, M. (eds) (2012), The Cambridge Companion to International Law, Cambridge University Press, p. 122, doi:10.1017/CCO9781139035651.009. The PCIJ, in its 1923 Wimbledon decision, stated that rather than being an abandonment of sovereignty, ‘the right of entering into international agreements is an attribute of State sovereignty’: The Wimbledon (Government of his Britannic Majesty v German Empire) PCIJ Series A No 1 at para 25; see also Lotus at para 18. On the relationship between sovereignty and human rights, see also Besson, S. (2011), ‘Sovereignty’, Max Planck Encyclopedia of Public International Law, paras 130–140.
183 The international group of experts involved in the Tallinn Manual 2.0 elsewhere appear to agree that there is only one standard. See para 8 of the commentary to the rule on intervention (Rule 66), which notes that they ‘thought that the range of protection offered by Rule 66 on non-intervention is broadly coextensive with the range of issues reserved to states by the international law principle of sovereignty’.
184 Paras 44 above.
185 Nicaragua, para 205.
186 There is also an analogy with the international rules on state immunity; see para 45 above.
187 National Cyber Security Centre (2018), ‘Reckless Campaign of Cyber Attacks by Russian Military Intelligence Exposed’, 3 October 2018, https://www.ncsc.gov.uk/news/reckless-campaign-cyber-attacks-russian-military-intelligence-service-exposed (accessed 24 Oct. 2019). The attribution was made by the UK, US, Australia, Canada, New Zealand, the Netherlands and Germany, and supported by Czech Republic, Denmark, Estonia, Finland, France, Latvia, Japan, Norway, Poland, Romania, Slovakia, Sweden, Ukraine, the EU and NATO.
188 The attribution was made by the UK, US, Australia, Canada and Denmark, and supported by New Zealand, Estonia, Finland, Latvia, Lithuania, Netherlands, Norway and Sweden.
189 Statement of Foreign Office Minister, Lord Ahmad (2018), ‘Foreign Office Minister condemns Russia for NotPetya attacks’, https://www.gov.uk/government/news/foreign-office-minister-condemns-russia-for-notpetya-attacks (accessed 5 Oct. 2019).
190 ‘Spear phishing’ is a targeted attempt to steal sensitive information.
191 Statement of Foreign Office Minister, Lord Ahmad (2018), ‘Foreign Office Minister condemns criminal actors based in Iran for cyber-attacks against UK universities’, https://www.gov.uk/government/news/foreign-office-minister-condemns-criminal-actors-based-in-iran-for-cyber-attacks-against-uk-
universities (accessed 5 Oct. 2019). The US issued indictments of the alleged perpetrators, United States Department of Justice (2018), ‘Nine Iranians Charged With Conducting Massive Cyber Theft Campaign On Behalf Of The Islamic Revolutionary Guard Corps’, https://www.justice.gov/usao-sdny/pr/nine-iranians-charged-conducting-massive-cyber-theft-campaign-behalf-islamic (accessed 5 Oct. 2019). Both governments treated the cyber intrusion as criminal activity under their domestic law.
192 Statement of Foreign Office Minister, Lord Ahmad (2017), ‘Foreign Office Minister condemns North Korean actor for WannaCry attacks’, https://www.gov.uk/government/news/foreign-office-minister-condemns-north-korean-actor-for-wannacry-attacks (accessed 5 Oct. 2019). New Zealand, Denmark and Japan supported this attribution.
193 Council Decision (CFSP) 2019/7299/19 concerning restrictive measures against cyber-attacks threatening the Union or its Member States, Article 4.
194 Watts (2015), ‘Low-Intensity Cyber Operations and the Principle of Non-Intervention’, p. 257, quoting McDougal, M. S., and Feliciano, F. P. (1958), ‘International Coercion and World Public Order: The General Principles of the Law of War’, The Yale Law Journal, 67(5): p. 771. McDougal and Feliciano argued that coercion determinations should account for ‘consequentiality’, and proposed three dimensions of consequentiality, including ‘the importance and number of values affected, the extent to which such values are affected, and the number of participants whose values are so affected’, p. 782.
195 Some scholarly initiatives also provide case studies of state-sponsored cyber intrusions into another state, to which international law can be applied: Efrony and Shany (2018), ‘A Rule Book on the Shelf?’; NATO cyber toolkit, NATO CCDCOE (n.d.), ‘Cyber Law Toolkit’.