A Primer on State - Sponsored Cyber Espionage and the Need for International Norms
Of late, the terms “spy” and “espionage” have been frequently heard in discussions and debates. This could be due to the allegations that have been leveled against Kulbhushan Jadhav which have brought to light the ambiguous position accorded to spies in the international arena.1
However, modern day espionage isn’t only restricted to “real”/human spies (as romanticised by James Bond and other mystery thrillers) infiltrating borders and stealthily stealing a nation’s secrets. Developments in technology have made it all too easy for governments to monitor, collect, and utilise personal data of citizens within and outside their country’s borders.2
This blog endeavors to highlight the failure of the body of international law in restricting and regulating a rising global concern- cyber espionage. An attempt will also be made to explore the reasons behind this gaping lacuna, and guidelines will be suggested for the role that international law can play in this regard.
Lack of Political Will
Governments across the world carry out spying activities. It is seen as vital to understanding the capabilities and intentions of other nations, as well as securing the safety of their own. At the same time, it can often involve violation of a nation’s sovereignty and territorial integrity. Yet, most nations hold that the benefits of espionage (like intelligence collection) outweigh the costs. Thus, there is no international political will to establish rules to monitor or supervise this activity. This is one of the reasons why there is no customary, substantive, or even procedural law regulating the same. Another point is that even in the existence of such rules, it would be difficult to detect breach of the rules by any nation as espionage, by definition, is a conducted clandestinely. Any rule which doesn’t suit a nation’s interests could (and would) be broken without any repercussion.
The Era of Mass Cyber Surveillance
However, the disturbing shift from targeted spying to mass cyber surveillance has a wide impact on the rights of private, innocent civilians. Governments, sometimes through media and network corporations, are capable of violating the citizens’ right to privacy with impunity.3 Cross border surveillance has also become a commonplace occurrence with the increasing availability of high-end technology at relatively low cost. The data that is collected can be stored at cheap rates for an undefined period of time, and utilised for tracing movements and tracking personal information, en masse.4
In the past, there has been wide public outrage when evidence of such State-sponsored mass surveillance has come out into the open. For example, the NSA files that were revealed in the Edward Snowden expose came as a shock to the population in the USA, and worldwide. It threw light on the extent of information that a popularly elected government was capable of collecting surreptitiously.5
Existing International Framework
In the body of international law, there is no law that specifically addresses the issue of spies and espionage. It is only in Article 17 of the International Covenant on Civil and Political Rights (ICCPR) that a mention to a person’s right to privacy is made. This Article prohibits arbitrary or unlawful interference with one’s privacy, family, home or correspondence.6 One of the major violations that nations commit when they indulge in mass surveillance is that it is “arbitrary”. It is not on anybody in particular, and it is to no specific, justifiable end. It is such spying/surveillance that affects persons on an intimate level and threatens the sanctity of private spheres.
Citizens within the domestic territory of a country would have the most power to force their governments to enact cyber security and privacy laws. Governments would be unwilling to ignore public outrage in this regard. However, such laws would operate only within the domestic territory and would not solve the problem of cross-border mass surveillance. It would necessitate an international regulatory framework.
The Way Forward
Getting various foreign governments on the same page regarding the provisions of such a law would be a herculean task. A beginning could be made in encouraging nations in blocs with similar interests and alliances to enter into treaties. For example, the Five Eyes alliance consisting of Australia, Canada, New Zealand, United Kingdom, and United States could enter into treaties putting limits on spying and intelligence sharing amongst them. These treaties could find their basis in the domestic laws promulgated in these nations. Once the blocs have their specific treaties in place, an international law amalgamating the provisions of the treaties could be drafted.
Towards this end, the international convention, as like any law, should have some hall marks such as accountability, unambiguousness, and an effective redressal system. Calling for a complete ban on cross-border surveillance would not serve the purpose as nations would find ways and means to subvert the ban. Instead, the norms should focus on controlling the extent and mode of the espionage. In the interests of people’s right to privacy, States would have to impose certain limits on their own spying activities.
In order to ensure that States are not flouting these rules, an independent, unbiased international body should be constituted. It would function under the aegis of the United Nations and could enjoy similar wide-ranging powers like the International Atomic Energy Agency (IAEA). The body could inspect data collection methods and limit the storage of such data to a reasonable, limited period of time. Governments would have to submit their data sharing arrangement with telecom and network corporations to such a body for periodic scrutiny.
As mentioned previously, these norms would not attempt to completely ban espionage activities. They would simply make it quite difficult for States to indulge in cross border mass surveillance. Violations of the international convention could result in severe repercussions, with countries even imposing sanctions.
As time passes, the understanding of privacy and cyber security will grow. This will get reflected in the evolving body of international law, and the rights of citizens against their own governments will be safeguarded.
By Riddhi Joshi, Symbiosis Law School, Pune