Maroi KOUKA is a Paris-based PhD candidate in international law affiliated to the Centre des Recherches juridiques– Université Paris 8 and a research fellow at the Centre Marc Bloch – Humboldt Universität. Her research pertains to the application of international law to interstate cyber-operations, proposing a data-centered approach. More precisely, she studies the place and role of data in cyber-operations in the context of international security and stability. Prior to her doctoral studies, she worked for international, regional and local organisations on human-rights-related projects. She holds a Master’s degree in International Humanitarian and Human Rights Laws from Paris Saclay University, a Master’s degree in International and European Laws and a degree in Corporate Law, both from Paris-Sud University.
Rethinking the underlying gray zones in the international law applicable to cyber-operations: a data-driven approach
The evolving security threat posed by new technologies played a role in shaping state negotiations and policies, in addition to shedding the light on harmful cyber-operations whose unlawfulness under current rules of international law cannot be unambiguously and unequivocally determined.
Applying current rules of international law to the recent large scale damaging cyber insecurity incidents proved to be challenging as these state-conducted cyber operations fall through the cracks of international law. In this context, a limited yet growing number of states have adopted different approaches as to how international law applies to cyber-operations and cyberspace. However, these nascent positions lack clarity as to the scope and the interpretation of the selected criteria in the assessment of the violation of international law leaving room to gray zones, legal uncertainties and unsettled questions.
That said, it is established that many of the problems regarding how international law apply to cyber-operations are rather related to conceptual problems regarding the architecture of cyberspace and its inherent characteristics. Thus, we aim at focusing on the data component and examining its role in the international security context.
In this paper, we focus on the interplay between data and cybersecurity in the context of international security and stability. While it is common to discuss cybersecurity and cyber-operations through the lens of public international law, data has received less attention in this realm. Yet, through the study of recent cyber-incidents, one may argue that, in almost every cyber-operation, data is either breached, collected, retained or manipulated, or a thereof combination.
With this paper, we do not purport to solve the how-international-law-applies-to-cyber-operations enigma, but merely to propose a new approach – that is data-based – to address the aforementioned challenges, and to determine whether a strict regulation of data increases security and stability in cyberspace.