Jack is a DPhil candidate in public international law at the University of Oxford and a Post-Doctoral Research Fellow at the Hebrew University of Jerusalem. His doctoral thesis on the application of international law to cyber operations is supervised by Professor Catherine Redgwell and Dr. Efthymios Papastavridis and supported by UKRI funding. He holds an LL.B degree in Law with European Study and an LL.M degree in International and European Law. Prior to commencing his doctorate, he held the post of Research Assistant with teaching responsibilities at the Institute for Public International Law, University of Bonn. Jack has several years of research experience including positions at Chatham House, the British Institute of International and Comparative Law, and the Amsterdam Centre for International Law. Jack has worked on cases involving issues of international and EU law. His current research interests include the relationship between customary international law and treaty law, state responsibility, use of force, and the applicability of these frameworks to new and emerging areas governed by international law such as cyber operations.
State cyber operations, hackbacks and the right of hot pursuit in international law
There is currently widespread agreement that, in principle, existing international law applies to state cyber operations. However, there remains considerable uncertainty about how international law applies, in particular with respect the application of international law to cyber operations which fall below the threshold of a use of force or an armed attack, effectively resulting in “grey zones” where the application of rules is unsettled. As a new area of operations that possesses unique attributes and poses significant challenges for how specific rules of international law apply, there has been some confusion about the status of cyber operations and the ‘means of normative evolution’ of existing rules as applicable to cyber operations.
This paper utilises the right of hot pursuit in international law as a lens through which to examine state practice, and the legal status of, active cyber defence and “hackbacks” in state cyber operations where victim states respond by conducting counter cyber operations to prevent or disrupt attacks at their source of origin. State practice of the right of hot pursuit achieved general acceptance as customary international law governing the seas at the end of the nineteenth century, prior to its subsequent codification in treaties, when the rights inherent in sovereignty were being developed by states to apply to the seas. Its codification in treaties played a role in states finding a balance between the interests of protecting the sovereignty of coastal states and preserving the freedom of navigation of maritime states on the high seas. This paper identifies parallels of the doctrine in relation to the practice of states in the cyber domain to argue that the process of developing the rights inherent in sovereignty to apply to cyber operations requires balancing similar interests to reach a compromise between “absolute sovereignty” and “absolute freedom”, and discusses the merits and possibility of whether states may recognise the development of an equivalent exception of a right of hot pursuit in the cyber context.